mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 14:50:49 +02:00
41fad5f307
Make every --enable-tinytls13 spelling build and pass locally, and grow the CI matrix to cover them. These are fixes found while testing the configs the CI workflow had not actually exercised. - internal.h, internal.c, ssl_load.c: include ML-DSA and Falcon in the pkCurveOID member and producer guards so the PSK plus ML-DSA build compiles. - tls13.c: gate the DoTls13CertificateVerify definition on NO_CERTS to match its call site. - settings.h: let the AES-256 adder survive the floor, default the user_settings path to the SHA-256 floor, make WOLFSSL_NO_MALLOC opt-in so the test suite still runs, and keep ML-DSA ASN.1 for the cert profile. - configure.ac: drive ENABLED_ASM and emit WOLFSSL_NO_ASM for the small C floor, restrict SP math to P-256, strip ML-DSA ASN.1 only on the PSK floor, and print a notice for the reduced security cert verify. - examples: guard the cert loading paths for NO_CERTS and treat NO_CERTS as PSK mode in echoserver and echoclient. - Add examples/configs/tinytls13_smoke.c, an in memory TLS 1.3 handshake test that drives PSK, ECDSA, ML-DSA-65 and RSA-PSS chain verify, plus forced cipher suites, for builds with no example or unit test harness. - certs: add ECDSA leaves signed by the ML-DSA-65 and RSA-PSS CAs so the cert profiles drive a real PQC and PSS chain verify in CI. - .github/workflows/tinytls13.yml: cover every profile and adder, run the smoke handshake on the build verified configs, and least privilege the workflow token.