diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 9f1cd5e44f..1961701f58 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -117,14 +117,14 @@ jobs: # variants of mod_exp__nb / RSA / DH wrappers. '--enable-curve25519=nonblock --enable-ecc=nonblock --enable-rsa=nonblock --enable-dh=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK -DRSA_LOW_MEM -DSP_WORD_SIZE=32"', '--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"', - # Minimal DTLS 1.3 client-only build. The SHA-224/384/512/3 - # disables are deliberately omitted: --disable-sha384 alone - # trips a pre-existing wolfSSL bug in - # test_tls13_duplicate_extension (reproducible on clean master). + # Minimal DTLS 1.3 client-only build with the SHA-224/384/512/3 + # hash families disabled, leaving only SHA-256 (the hash used by + # TLS_AES_128_GCM_SHA256). '--enable-dtls13 --disable-tlsv12 --disable-oldtls --disable-rsa --disable-dh --disable-aescbc --disable-aesecb --disable-md5 --disable-chacha --disable-poly1305 --disable-errorstrings --disable-asn-print --disable-eccshamir --disable-base64encode --disable-coding --disable-sni + --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha3 --enable-aesgcm=small --enable-sp-math --enable-sp=smallec256 --disable-sp-asm CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_TLS12 -DNO_SESSION_CACHE -DWOLFSSL_AES_NO_UNROLL -DUSE_SLOW_SHA256 -DWOLFSSL_NO_ASYNC_IO diff --git a/tests/api.c b/tests/api.c index 1c3ced8e86..7e1e1f722a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33475,7 +33475,8 @@ static int test_extra_alerts_wrong_cs(void) #endif #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \ - defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_AES_256) + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_AES_256) && \ + defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) #define TEST_CS_DOWNGRADE_CLIENT "ECDHE-RSA-AES256-GCM-SHA384"