removed additional references to USE_PSA in tests and comments

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-08-08 17:42:09 +03:00 · 2025-07-15 13:34:55 +01:00
parent cdc191b500
commit 39a68bf347
2 changed files with 30 additions and 43 deletions
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -16,7 +16,7 @@ component_test_psa_crypto_key_id_encodes_owner () {
    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
    make

-    msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
+    msg "test: full config - PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
    make test
 }

@@ -188,16 +188,16 @@ component_test_no_ctr_drbg_use_psa () {
    CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
    make

-    msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
+    msg "test: Full minus CTR_DRBG- main suites"
    make test

    # In this configuration, the TLS test programs use HMAC_DRBG.
    # The SSL tests are slow, so run a small subset, just enough to get
    # confidence that the SSL code copes with HMAC_DRBG.
-    msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
+    msg "test: Full minus CTR_DRBG - ssl-opt.sh (subset)"
    tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'

-    msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
+    msg "test: Full minus CTR_DRBG - compat.sh (subset)"
    tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
 }

@@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () {
    CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
    make

-    msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
+    msg "test: Full minus HMAC_DRBG - main suites"
    make test

    # Normally our ECDSA implementation uses deterministic ECDSA. But since
@@ -218,12 +218,12 @@ component_test_no_hmac_drbg_use_psa () {
    # instead.
    # Test SSL with non-deterministic ECDSA. Only test features that
    # might be affected by how ECDSA signature is performed.
-    msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
+    msg "test: Full minus HMAC_DRBG - ssl-opt.sh (subset)"
    tests/ssl-opt.sh -f 'Default\|SSL async private: sign'

    # To save time, only test one protocol version, since this part of
    # the protocol is identical in (D)TLS up to 1.2.
-    msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
+    msg "test: Full minus HMAC_DRBG - compat.sh (ECDSA)"
    tests/compat.sh -m tls12 -t 'ECDSA'
 }

@@ -247,16 +247,16 @@ component_test_psa_external_rng_no_drbg_use_psa () {
 }

 component_test_psa_external_rng_use_psa_crypto () {
-    msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
+    msg "build: full + PSA_CRYPTO_EXTERNAL_RNG  minus CTR_DRBG"
    scripts/config.py full
    scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
    scripts/config.py unset MBEDTLS_CTR_DRBG_C
    make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"

-    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
+    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG  minus CTR_DRBG"
    make test

-    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
+    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG"
    tests/ssl-opt.sh -f 'Default\|opaque'
 }

@@ -342,7 +342,6 @@ component_test_full_no_ccm () {
    msg "build: full no PSA_WANT_ALG_CCM"

    # Full config enables:
-    # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
    # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
    scripts/config.py full

--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9443,15 +9443,10 @@ run_test    "EC restart: TLS, max_ops=65535" \
            -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
            -C "mbedtls_pk_sign.*\(4b00\|-248\)"

-# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294,
-# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test
-# cases.
-
-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
+run_test    "EC restart: TLS, max_ops=1000" \
            "$P_SRV groups=secp256r1 auth_mode=required" \
            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
             key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9462,11 +9457,9 @@ run_test    "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
            -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
            -c "mbedtls_pk_sign.*\(4b00\|-248\)"

-# With USE_PSA enabled we expect only partial restartable behaviour:
-# everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: TLS, max_ops=1000 (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: TLS, max_ops=1000" \
            "$P_SRV groups=secp256r1 auth_mode=required" \
            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
             key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9477,8 +9470,7 @@ run_test    "EC restart: TLS, max_ops=1000 (USE_PSA)" \
            -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
            -c "mbedtls_pk_sign.*\(4b00\|-248\)"

-# This works the same with & without USE_PSA as we never get to ECDH:
-# we abort as soon as we determined the cert is bad.
+# We abort as soon as we determined the cert is bad.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 run_test    "EC restart: TLS, max_ops=1000, badsign" \
@@ -9497,11 +9489,10 @@ run_test    "EC restart: TLS, max_ops=1000, badsign" \
            -c "! mbedtls_ssl_handshake returned" \
            -c "X509 - Certificate verification failed"

-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
            "$P_SRV groups=secp256r1 auth_mode=required \
             crt_file=$DATA_FILES_PATH/server5-badsign.crt \
             key_file=$DATA_FILES_PATH/server5.key" \
@@ -9517,11 +9508,11 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P
            -C "! mbedtls_ssl_handshake returned" \
            -C "X509 - Certificate verification failed"

-# With USE_PSA enabled we expect only partial restartable behaviour:
+# We expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
            "$P_SRV groups=secp256r1 auth_mode=required \
             crt_file=$DATA_FILES_PATH/server5-badsign.crt \
             key_file=$DATA_FILES_PATH/server5.key" \
@@ -9537,11 +9528,10 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)
            -C "! mbedtls_ssl_handshake returned" \
            -C "X509 - Certificate verification failed"

-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
            "$P_SRV groups=secp256r1 auth_mode=required \
             crt_file=$DATA_FILES_PATH/server5-badsign.crt \
             key_file=$DATA_FILES_PATH/server5.key" \
@@ -9557,11 +9547,11 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)"
            -C "! mbedtls_ssl_handshake returned" \
            -C "X509 - Certificate verification failed"

-# With USE_PSA enabled we expect only partial restartable behaviour:
+# We expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
            "$P_SRV groups=secp256r1 auth_mode=required \
             crt_file=$DATA_FILES_PATH/server5-badsign.crt \
             key_file=$DATA_FILES_PATH/server5.key" \
@@ -9577,11 +9567,10 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
            -C "! mbedtls_ssl_handshake returned" \
            -C "X509 - Certificate verification failed"

-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
+run_test    "EC restart: DTLS, max_ops=1000" \
            "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
             key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9592,11 +9581,11 @@ run_test    "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
            -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
            -c "mbedtls_pk_sign.*\(4b00\|-248\)"

-# With USE_PSA enabled we expect only partial restartable behaviour:
+# We expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: DTLS, max_ops=1000" \
            "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
             key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9607,11 +9596,10 @@ run_test    "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
            -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
            -c "mbedtls_pk_sign.*\(4b00\|-248\)"

-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
+run_test    "EC restart: TLS, max_ops=1000 no client auth" \
            "$P_SRV groups=secp256r1" \
            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
             debug_level=1 ec_max_ops=1000" \
@@ -9622,11 +9610,11 @@ run_test    "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
            -C "mbedtls_pk_sign.*\(4b00\|-248\)"


-# With USE_PSA enabled we expect only partial restartable behaviour:
+# We expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: TLS, max_ops=1000 no client auth" \
            "$P_SRV groups=secp256r1" \
            "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
             debug_level=1 ec_max_ops=1000" \