Merge remote-tracking branch 'public/mbedtls-2.28' into merge-2.28

* public/mbedtls-2.28: (88 commits)
  tests/ssl_helpers: Check that message queue is popped
  Upgrade python dependencies in requirements file
  Fix some typo for include folder
  Adjust TLS protocol cases for 2.28
  Fix copypasta
  Declare the new generated files
  Add generated config tests
  Remove some settings that don't exist in 2.28
  Adjust generate_config_tests.py for 2.28
  Terminology: use "dependencies" for a list of settings
  Terminology: consistently use "setting", not "option"
  Explain why we require TLS client and server simultaneously
  Fix missing negation
  Pacify mypy
  Detect sub-options
  Generate config test cases for single options
  Anchor relative paths
  New test suite to report configuration options
  Recognize that a double-inclusion guard is not a config setting
  Add and update some .gitignore files
  ...

.gitignore

@@ -2,6 +2,9 @@
 seedfile
 # MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework
 00000000ffffff52.psa_its
+# Log files created by all.sh to reduce the logs in case a component runs
+# successfully
+quiet-make.*
 
 # CMake build artifacts:
 CMakeCache.txt

ChangeLog.d/build_without_check_config.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix the build in some configurations when check_config.h is not included.
+     Fix #9152.

ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt

@@ -0,0 +1,5 @@
+Bugfix
+   * Fix issue of redefinition warning messages for _GNU_SOURCE in
+     entropy_poll.c and sha_256.c. There was a build warning during
+     building for linux platform.
+     Resolves #9026

ChangeLog.d/fix-secure-element-key-creation.txt

@@ -0,0 +1,5 @@
+Bugfix
+   * Fix error handling when creating a key in a dynamic secure element
+     (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
+     the creation could return PSA_SUCCESS but using or destroying the key
+     would not work. Fixes #8537.

docs/requirements.txt

@@ -1,47 +1,50 @@
 #
-# This file is autogenerated by pip-compile with Python 3.9
+# This file is autogenerated by pip-compile with Python 3.8
 # by the following command:
 #
 #    pip-compile requirements.in
 #
 alabaster==0.7.13
     # via sphinx
-babel==2.12.1
+babel==2.15.0
     # via sphinx
 breathe==4.35.0
     # via -r requirements.in
-certifi==2022.12.7
+certifi==2024.7.4
     # via requests
-charset-normalizer==3.1.0
+charset-normalizer==3.3.2
     # via requests
-docutils==0.17.1
+docutils==0.20.1
     # via
     #   breathe
     #   sphinx
     #   sphinx-rtd-theme
-idna==3.4
+idna==3.7
     # via requests
 imagesize==1.4.1
     # via sphinx
-importlib-metadata==6.0.0
+importlib-metadata==8.0.0
     # via sphinx
-jinja2==3.1.2
+jinja2==3.1.4
     # via sphinx
-markupsafe==2.1.2
+markupsafe==2.1.5
     # via jinja2
-packaging==23.0
+packaging==24.1
     # via sphinx
-pygments==2.14.0
+pygments==2.18.0
     # via sphinx
-requests==2.28.2
+pytz==2024.1
+    # via babel
+requests==2.32.3
     # via sphinx
 snowballstemmer==2.2.0
     # via sphinx
-sphinx==4.5.0
+sphinx==7.1.2
     # via
     #   breathe
     #   sphinx-rtd-theme
-sphinx-rtd-theme==1.2.0
+    #   sphinxcontrib-jquery
+sphinx-rtd-theme==2.0.0
     # via -r requirements.in
 sphinxcontrib-applehelp==1.0.4
     # via sphinx
@@ -49,7 +52,7 @@ sphinxcontrib-devhelp==1.0.2
     # via sphinx
 sphinxcontrib-htmlhelp==2.0.1
     # via sphinx
-sphinxcontrib-jquery==2.0.0
+sphinxcontrib-jquery==4.1
     # via sphinx-rtd-theme
 sphinxcontrib-jsmath==1.0.1
     # via sphinx
@@ -57,10 +60,7 @@ sphinxcontrib-qthelp==1.0.3
     # via sphinx
 sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
-urllib3==1.26.15
+urllib3==2.2.2
     # via requests
-zipp==3.15.0
+zipp==3.19.2
     # via importlib-metadata
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools

include/mbedtls/ecdh.h

@@ -299,7 +299,7 @@ int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
  * \brief           This function sets up an ECDH context from an EC key.
  *
  *                  It is used by clients and servers in place of the
- *                  ServerKeyEchange for static ECDH, and imports ECDH
+ *                  ServerKeyExchange for static ECDH, and imports ECDH
  *                  parameters from the EC key information of a certificate.
  *
  * \see             ecp.h

include/mbedtls/ecp.h

@@ -259,7 +259,7 @@ mbedtls_ecp_point;
  * range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
  * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
  * in size, so that it may be efficiently brought in the 0..P-1 range by a few
- * additions or subtractions. Therefore, it is only an approximative modular
+ * additions or subtractions. Therefore, it is only an approximate modular
  * reduction. It must return 0 on success and non-zero on failure.
  *
  * \note        Alternative implementations must keep the group IDs distinct. If

include/psa/crypto.h

@@ -866,7 +866,7 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
  *                          such that #PSA_ALG_IS_HASH(\p alg) is true).
  * \param[in] input         Buffer containing the message to hash.
  * \param input_length      Size of the \p input buffer in bytes.
- * \param[out] hash         Buffer containing the expected hash value.
+ * \param[in] hash          Buffer containing the expected hash value.
  * \param hash_length       Size of the \p hash buffer in bytes.
  *
  * \retval #PSA_SUCCESS
@@ -1225,7 +1225,7 @@ psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
  *                          such that #PSA_ALG_IS_MAC(\p alg) is true).
  * \param[in] input         Buffer containing the input message.
  * \param input_length      Size of the \p input buffer in bytes.
- * \param[out] mac          Buffer containing the expected MAC value.
+ * \param[in] mac           Buffer containing the expected MAC value.
  * \param mac_length        Size of the \p mac buffer in bytes.
  *
  * \retval #PSA_SUCCESS
@@ -2928,7 +2928,7 @@ psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
  *                              \p key.
  * \param[in]  input            The message whose signature is to be verified.
  * \param[in]  input_length     Size of the \p input buffer in bytes.
- * \param[out] signature        Buffer containing the signature to verify.
+ * \param[in] signature         Buffer containing the signature to verify.
  * \param[in]  signature_length Size of the \p signature buffer in bytes.
  *
  * \retval #PSA_SUCCESS \emptydescription

library/CMakeLists.txt

@@ -129,11 +129,13 @@ if(WIN32)
     set(libs ${libs} ws2_32)
 endif(WIN32)
 
-if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-    SET(CMAKE_C_ARCHIVE_CREATE   "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
-    SET(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
-    SET(CMAKE_C_ARCHIVE_FINISH   "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
-    SET(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+if(CMAKE_C_COMPILER_ID MATCHES "AppleClang")
+    set(CMAKE_C_ARCHIVE_CREATE   "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+    set(CMAKE_C_ARCHIVE_FINISH   "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+endif()
+if(CMAKE_CXX_COMPILER_ID MATCHES "AppleClang")
+    set(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+    set(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
 endif()
 
 if(HAIKU)

library/entropy_poll.c

@@ -5,10 +5,12 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
+#if defined(__linux__) || defined(__midipix__)
 /* Ensure that syscall() is available even when compiling with -std=c99 */
+#if !defined(_GNU_SOURCE)
 #define _GNU_SOURCE
 #endif
+#endif
 
 #include "common.h"
 

library/oid.c

@@ -15,6 +15,7 @@
 #include "mbedtls/rsa.h"
 #include "mbedtls/error.h"
 
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
 

library/psa_crypto.c

@@ -1831,6 +1831,9 @@ static psa_status_t psa_start_key_creation(
 
         status = psa_copy_key_material_into_slot(
             slot, (uint8_t *) (&slot_number), sizeof(slot_number));
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
     }
 
     if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) {
@@ -2259,6 +2262,50 @@ exit:
 /* Message digests */
 /****************************************************************/
 
+static int is_hash_supported(psa_algorithm_t alg)
+{
+    switch (alg) {
+#if defined(PSA_WANT_ALG_MD2)
+        case PSA_ALG_MD2:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_MD4)
+        case PSA_ALG_MD4:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_MD5)
+        case PSA_ALG_MD5:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_RIPEMD160)
+        case PSA_ALG_RIPEMD160:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_1)
+        case PSA_ALG_SHA_1:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_224)
+        case PSA_ALG_SHA_224:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_256)
+        case PSA_ALG_SHA_256:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_384)
+        case PSA_ALG_SHA_384:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_512)
+        case PSA_ALG_SHA_512:
+            return 1;
+#endif
+        default:
+            return 0;
+    }
+}
+
 psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
 {
     /* Aborting a non-active operation is allowed */
@@ -2913,16 +2960,44 @@ static psa_status_t psa_sign_verify_check_alg(int input_is_message,
         if (!PSA_ALG_IS_SIGN_MESSAGE(alg)) {
             return PSA_ERROR_INVALID_ARGUMENT;
         }
+    }
 
-        if (PSA_ALG_IS_SIGN_HASH(alg)) {
-            if (!PSA_ALG_IS_HASH(PSA_ALG_SIGN_GET_HASH(alg))) {
-                return PSA_ERROR_INVALID_ARGUMENT;
-            }
-        }
-    } else {
-        if (!PSA_ALG_IS_SIGN_HASH(alg)) {
-            return PSA_ERROR_INVALID_ARGUMENT;
-        }
+    psa_algorithm_t hash_alg = 0;
+    if (PSA_ALG_IS_SIGN_HASH(alg)) {
+        hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
+    }
+
+    /* Now hash_alg==0 if alg by itself doesn't need a hash.
+     * This is good enough for sign-hash, but a guaranteed failure for
+     * sign-message which needs to hash first for all algorithms
+     * supported at the moment. */
+
+    if (hash_alg == 0 && input_is_message) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
+    if (hash_alg == PSA_ALG_ANY_HASH) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
+    /* Give up immediately if the hash is not supported. This has
+     * several advantages:
+     * - For mechanisms that don't use the hash at all (e.g.
+     *   ECDSA verification, randomized ECDSA signature), without
+     *   this check, the operation would succeed even though it has
+     *   been given an invalid argument. This would not be insecure
+     *   since the hash was not necessary, but it would be weird.
+     * - For mechanisms that do use the hash, we avoid an error
+     *   deep inside the execution. In principle this doesn't matter,
+     *   but there is a little more risk of a bug in error handling
+     *   deep inside than in this preliminary check.
+     * - When calling a driver, the driver might be capable of using
+     *   a hash that the core doesn't support. This could potentially
+     *   result in a buffer overflow if the hash is larger than the
+     *   maximum hash size assumed by the core.
+     * - Returning a consistent error makes it possible to test
+     *   not-supported hashes in a consistent way.
+     */
+    if (hash_alg != 0 && !is_hash_supported(hash_alg)) {
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
     return PSA_SUCCESS;

library/psa_crypto_cipher.c

@@ -26,7 +26,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
     mbedtls_cipher_id_t *cipher_id)
 {
     mbedtls_cipher_mode_t mode;
-    mbedtls_cipher_id_t cipher_id_tmp;
+    mbedtls_cipher_id_t cipher_id_tmp = MBEDTLS_CIPHER_ID_NONE;
 
     if (PSA_ALG_IS_AEAD(alg)) {
         alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);

library/psa_crypto_rsa.c

@@ -16,6 +16,7 @@
 #include "psa_crypto_rsa.h"
 #include "psa_crypto_hash.h"
 
+#include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 #include "mbedtls/platform.h"

library/ssl_msg.c

@@ -29,6 +29,7 @@
 #include "constant_time_internal.h"
 #include "mbedtls/constant_time.h"
 
+#include <limits.h>
 #include <string.h>
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)

library/ssl_tls.c

@@ -4452,6 +4452,7 @@ static void ssl_remove_psk(mbedtls_ssl_context *ssl)
                                  ssl->handshake->psk_len);
         mbedtls_free(ssl->handshake->psk);
         ssl->handshake->psk_len = 0;
+        ssl->handshake->psk = NULL;
     }
 }
 

library/x509_crt.c

@@ -26,6 +26,7 @@
 #include "mbedtls/oid.h"
 #include "mbedtls/platform_util.h"
 
+#include <limits.h>
 #include <string.h>
 
 #if defined(MBEDTLS_PEM_PARSE_C)

pkgconfig/.gitignore

@@ -0,0 +1,2 @@
+Makefile
+*.pc

programs/ssl/ssl_mail_client.c

@@ -723,7 +723,11 @@ usage:
     mbedtls_printf("  > Write MAIL FROM to server:");
     fflush(stdout);
 
-    len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from);
+    len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from);
+    if (len < 0 || (size_t) len >= sizeof(buf)) {
+        mbedtls_printf(" failed\n  ! mbedtls_snprintf encountered error or truncated output\n\n");
+        goto exit;
+    }
     ret = write_ssl_and_get_response(&ssl, buf, len);
     if (ret < 200 || ret > 299) {
         mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
@@ -735,7 +739,11 @@ usage:
     mbedtls_printf("  > Write RCPT TO to server:");
     fflush(stdout);
 
-    len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to);
+    len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to);
+    if (len < 0 || (size_t) len >= sizeof(buf)) {
+        mbedtls_printf(" failed\n  ! mbedtls_snprintf encountered error or truncated output\n\n");
+        goto exit;
+    }
     ret = write_ssl_and_get_response(&ssl, buf, len);
     if (ret < 200 || ret > 299) {
         mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
@@ -759,11 +767,16 @@ usage:
     mbedtls_printf("  > Write content to server:");
     fflush(stdout);
 
-    len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
-                                "This is a simple test mail from the "
-                                "Mbed TLS mail client example.\r\n"
-                                "\r\n"
-                                "Enjoy!", opt.mail_from);
+    len = mbedtls_snprintf((char *) buf, sizeof(buf),
+                           "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
+                           "This is a simple test mail from the "
+                           "Mbed TLS mail client example.\r\n"
+                           "\r\n"
+                           "Enjoy!", opt.mail_from);
+    if (len < 0 || (size_t) len >= sizeof(buf)) {
+        mbedtls_printf(" failed\n  ! mbedtls_snprintf encountered error or truncated output\n\n");
+        goto exit;
+    }
     ret = write_ssl_data(&ssl, buf, len);
 
     len = sprintf((char *) buf, "\r\n.\r\n");

programs/test/metatest.c

@@ -385,7 +385,7 @@ typedef struct {
     void (*entry_point)(const char *name);
 } metatest_t;
 
-/* The list of availble meta-tests. Remember to register new functions here!
+/* The list of available meta-tests. Remember to register new functions here!
  *
  * Note that we always compile all the functions, so that `metatest --list`
  * will always list all the available meta-tests.

programs/test/udp_proxy.c

@@ -35,6 +35,8 @@
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
+#include <limits.h>
+
 #if !defined(MBEDTLS_NET_C)
 int main(void)
 {

scripts/config.py

@@ -389,6 +389,7 @@ class ConfigFile(Config):
                                 self.default_path)
         super().__init__()
         self.filename = filename
+        self.inclusion_guard = None
         self.current_section = 'header'
         with open(filename, 'r', encoding='utf-8') as file:
             self.templates = [self._parse_line(line) for line in file]
@@ -406,9 +407,11 @@ class ConfigFile(Config):
                            r'(?P<arguments>(?:\((?:\w|\s|,)*\))?)' +
                            r'(?P<separator>\s*)' +
                            r'(?P<value>.*)')
+    _ifndef_line_regexp = r'#ifndef (?P<inclusion_guard>\w+)'
     _section_line_regexp = (r'\s*/?\*+\s*[\\@]name\s+SECTION:\s*' +
                             r'(?P<section>.*)[ */]*')
     _config_line_regexp = re.compile(r'|'.join([_define_line_regexp,
+                                                _ifndef_line_regexp,
                                                 _section_line_regexp]))
     def _parse_line(self, line):
         """Parse a line in config.h and return the corresponding template."""
@@ -419,10 +422,16 @@ class ConfigFile(Config):
         elif m.group('section'):
             self.current_section = m.group('section')
             return line
+        elif m.group('inclusion_guard') and self.inclusion_guard is None:
+            self.inclusion_guard = m.group('inclusion_guard')
+            return line
         else:
             active = not m.group('commented_out')
             name = m.group('name')
             value = m.group('value')
+            if name == self.inclusion_guard and value == '':
+                # The file double-inclusion guard is not an option.
+                return line
             template = (name,
                         m.group('indentation'),
                         m.group('define') + name +

scripts/mbedtls_dev/psa_information.py

@@ -6,9 +6,10 @@
 
 
 import re
-from typing import Dict, FrozenSet, List, Optional
+from typing import Dict, FrozenSet, Iterator, List, Optional, Set
 
 from . import macro_collector
+from . import test_case
 
 
 def psa_want_symbol(name: str) -> str:
@@ -53,26 +54,6 @@ def automatic_dependencies(*expressions: str) -> List[str]:
     used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
     return sorted(psa_want_symbol(name) for name in used)
 
-# A temporary hack: at the time of writing, not all dependency symbols
-# are implemented yet. Skip test cases for which the dependency symbols are
-# not available. Once all dependency symbols are available, this hack must
-# be removed so that a bug in the dependency symbols properly leads to a test
-# failure.
-def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
-    return frozenset(symbol
-                     for line in open(filename)
-                     for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
-_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
-
-def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
-    global _implemented_dependencies #pylint: disable=global-statement,invalid-name
-    if _implemented_dependencies is None:
-        _implemented_dependencies = \
-            read_implemented_dependencies('include/psa/crypto_config.h')
-    if not all((dep.lstrip('!') in _implemented_dependencies or
-                not dep.lstrip('!').startswith('PSA_WANT'))
-               for dep in dependencies):
-        dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
 
 class Information:
     """Gather information about PSA constructors."""
@@ -84,8 +65,13 @@ class Information:
     def remove_unwanted_macros(
             constructors: macro_collector.PSAMacroEnumerator
     ) -> None:
-        # Mbed TLS doesn't support finite-field DH yet and will not support
-        # finite-field DSA. Don't attempt to generate any related test case.
+        """Remove macros from consideration during value enumeration."""
+        # Remove some mechanisms that are declared but not implemented.
+        # The corresponding test cases would be commented out anyway
+        # thanks to the detect_not_implemented_dependencies mechanism,
+        # but for those particular key types, we don't even have enough
+        # support in the test scripts to construct test keys. So
+        # we arrange to not even attempt to generate test cases.
         constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
         constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
         constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
@@ -104,3 +90,101 @@ class Information:
         self.remove_unwanted_macros(constructors)
         constructors.gather_arguments()
         return constructors
+
+
+class TestCase(test_case.TestCase):
+    """A PSA test case with automatically inferred dependencies.
+
+    For mechanisms like ECC curves where the support status includes
+    the key bit-size, this class assumes that only one bit-size is
+    involved in a given test case.
+    """
+
+    # Use a class variable to cache the set of implemented dependencies.
+    # Call read_implemented_dependencies() to fill the cache.
+    _implemented_dependencies = None #type: Optional[FrozenSet[str]]
+
+    DEPENDENCY_SYMBOL_RE = re.compile(r'\bPSA_WANT_\w+\b')
+    @classmethod
+    def _yield_implemented_dependencies(cls) -> Iterator[str]:
+        for filename in ['include/psa/crypto_config.h',
+                         'include/mbedtls/config_psa.h']:
+            with open(filename) as inp:
+                content = inp.read()
+            yield from cls.DEPENDENCY_SYMBOL_RE.findall(content)
+
+    @classmethod
+    def read_implemented_dependencies(cls) -> FrozenSet[str]:
+        if cls._implemented_dependencies is None:
+            cls._implemented_dependencies = \
+                frozenset(cls._yield_implemented_dependencies())
+            # Redundant return to reassure pylint (mypy is fine without it).
+            # Known issue: https://github.com/pylint-dev/pylint/issues/3045
+            return cls._implemented_dependencies
+        return cls._implemented_dependencies
+
+    # We skip test cases for which the dependency symbols are not defined.
+    # We assume that this means that a required mechanism is not implemented.
+    # Note that if we erroneously skip generating test cases for
+    # mechanisms that are not implemented, this should be caught
+    # by the NOT_SUPPORTED test cases generated by generate_psa_tests.py
+    # in test_suite_psa_crypto_not_supported and test_suite_psa_crypto_op_fail:
+    # those emit negative tests, which will not be skipped here.
+    def detect_not_implemented_dependencies(self) -> None:
+        """Detect dependencies that are not implemented."""
+        all_implemented_dependencies = self.read_implemented_dependencies()
+        not_implemented = [dep
+                           for dep in self.dependencies
+                           if (dep.startswith('PSA_WANT') and
+                               dep not in all_implemented_dependencies)]
+        if not_implemented:
+            self.skip_because('not implemented: ' +
+                              ' '.join(not_implemented))
+
+    def __init__(self) -> None:
+        super().__init__()
+        self.key_bits = None #type: Optional[int]
+        self.negated_dependencies = set() #type: Set[str]
+
+    def assumes_not_supported(self, name: str) -> None:
+        """Negate the given mechanism for automatic dependency generation.
+
+        Call this function before set_arguments() for a test case that should
+        run if the given mechanism is not supported.
+
+        A mechanism is either a PSA_XXX symbol (e.g. PSA_KEY_TYPE_AES,
+        PSA_ALG_HMAC, etc.) or a PSA_WANT_XXX symbol.
+        """
+        symbol = name
+        if not symbol.startswith('PSA_WANT_'):
+            symbol = psa_want_symbol(name)
+        self.negated_dependencies.add(symbol)
+
+    def set_key_bits(self, key_bits: Optional[int]) -> None:
+        """Use the given key size for automatic dependency generation.
+
+        Call this function before set_arguments() if relevant.
+
+        This is only relevant for ECC and DH keys. For other key types,
+        this information is ignored.
+        """
+        self.key_bits = key_bits
+
+    def set_arguments(self, arguments: List[str]) -> None:
+        """Set test case arguments and automatically infer dependencies."""
+        super().set_arguments(arguments)
+        dependencies = automatic_dependencies(*arguments)
+        # In test cases for not-supported features, the dependencies for
+        # the not-supported feature(s) must be negated. We make sure that
+        # all negated dependencies are present in the result, even in edge
+        # cases where they would not be detected automatically (for example,
+        # to restrict ECDSA-not-supported test cases to configurations
+        # where neither deterministic ECDSA nor randomized ECDSA are supported,
+        # to avoid the edge case that both ECDSA verifications are the same).
+        dependencies = ([dep for dep in dependencies
+                         if dep not in self.negated_dependencies] +
+                        ['!' + dep for dep in self.negated_dependencies])
+        if self.key_bits is not None:
+            dependencies = finish_family_dependencies(dependencies, self.key_bits)
+        self.dependencies += sorted(dependencies)
+        self.detect_not_implemented_dependencies()

scripts/mbedtls_dev/test_case.py

@@ -31,6 +31,7 @@ class TestCase:
         self.dependencies = [] #type: List[str]
         self.function = None #type: Optional[str]
         self.arguments = [] #type: List[str]
+        self.skip_reason = ''
 
     def add_comment(self, *lines: str) -> None:
         self.comments += lines
@@ -47,6 +48,23 @@ class TestCase:
     def set_arguments(self, arguments: List[str]) -> None:
         self.arguments = arguments
 
+    def skip_because(self, reason: str) -> None:
+        """Skip this test case.
+
+        It will be included in the output, but commented out.
+
+        This is intended for test cases that are obtained from a
+        systematic enumeration, but that have dependencies that cannot
+        be fulfilled. Since we don't want to have test cases that are
+        never executed, we arrange not to have actual test cases. But
+        we do include comments to make it easier to understand the output
+        of test case generation.
+
+        reason must be a non-empty string explaining to humans why this
+        test case is skipped.
+        """
+        self.skip_reason = reason
+
     def check_completeness(self) -> None:
         if self.description is None:
             raise MissingDescription
@@ -67,10 +85,16 @@ class TestCase:
         out.write('\n')
         for line in self.comments:
             out.write('# ' + line + '\n')
-        out.write(self.description + '\n')
+        prefix = ''
+        if self.skip_reason:
+            prefix = '## '
+            out.write('## # skipped because: ' + self.skip_reason + '\n')
+        out.write(prefix + self.description + '\n')
         if self.dependencies:
-            out.write('depends_on:' + ':'.join(self.dependencies) + '\n')
-        out.write(self.function + ':' + ':'.join(self.arguments) + '\n')
+            out.write(prefix + 'depends_on:' +
+                      ':'.join(self.dependencies) + '\n')
+        out.write(prefix + self.function + ':' +
+                  ':'.join(self.arguments) + '\n')
 
 def write_data_file(filename: str,
                     test_cases: Iterable[TestCase],

tests/.gitignore

@@ -3,13 +3,13 @@
 
 *.log
 /test_suite*
-data_files/mpi_write
-data_files/hmac_drbg_seed
-data_files/ctr_drbg_seed
-data_files/entropy_seed
+/data_files/mpi_write
+/data_files/hmac_drbg_seed
+/data_files/ctr_drbg_seed
+/data_files/entropy_seed
 
-include/test/instrument_record_status.h
+/include/test/instrument_record_status.h
 
-src/libmbed*
+/src/libmbed*
 
-libtestdriver1/*
+/libtestdriver1/*

tests/compat.sh

@@ -98,6 +98,7 @@ FILTER=""
 EXCLUDE='NULL\|DES\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305'
 VERBOSE=""
 MEMCHECK=0
+MIN_TESTS=1
 PRESERVE_LOGS=0
 PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
 
@@ -118,6 +119,7 @@ print_usage() {
     printf "  -M|--memcheck\tCheck memory leaks and errors.\n"
     printf "  -v|--verbose\tSet verbose output.\n"
     printf "     --list-test-cases\tList all potential test cases (No Execution)\n"
+    printf "     --min      \tMinimum number of non-skipped tests (default 1)\n"
     printf "     --outcome-file\tFile where test outcomes are written\n"
     printf "                   \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
     printf "     --preserve-logs\tPreserve logs of successful tests as well\n"
@@ -133,6 +135,14 @@ print_test_case() {
 
 # list_test_case lists all potential test cases in compat.sh without execution
 list_test_cases() {
+    # We want to call filter_ciphersuites to apply standard-defined exclusions
+    # (like "no RC4 with DTLS") but without user-defined exludes/filters.
+    EXCLUDE='^$'
+    FILTER=""
+
+    # ssl3 is excluded by default, but it's still available
+    MODES="ssl3 $MODES"
+
     for MODE in $MODES; do
         for TYPE in $TYPES; do
             # PSK cipher suites do not allow client certificate verification.
@@ -142,16 +152,31 @@ list_test_cases() {
             fi
             for VERIFY in $SUB_VERIFIES; do
                 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
-                reset_ciphersuites
-                add_common_ciphersuites
-                add_openssl_ciphersuites
-                add_gnutls_ciphersuites
-                add_mbedtls_ciphersuites
-                print_test_case m O "$O_CIPHERS"
-                print_test_case O m "$O_CIPHERS"
-                print_test_case m G "$G_CIPHERS"
-                print_test_case G m "$G_CIPHERS"
-                print_test_case m m "$M_CIPHERS"
+                for PEER in $PEERS; do
+                    reset_ciphersuites
+                    add_common_ciphersuites
+                    case "$PEER" in
+                        [Oo]pen*)
+                            add_openssl_ciphersuites
+                            filter_ciphersuites
+                            print_test_case m O "$M_CIPHERS"
+                            print_test_case O m "$O_CIPHERS"
+                            ;;
+                        [Gg]nu*)
+                            add_gnutls_ciphersuites
+                            filter_ciphersuites
+                            print_test_case m G "$M_CIPHERS"
+                            print_test_case G m "$G_CIPHERS"
+                            ;;
+                        mbed*)
+                            add_openssl_ciphersuites
+                            add_gnutls_ciphersuites
+                            add_mbedtls_ciphersuites
+                            filter_ciphersuites
+                            print_test_case m m "$M_CIPHERS"
+                            ;;
+                    esac
+                done
             done
         done
     done
@@ -190,6 +215,9 @@ get_options() {
                 list_test_cases
                 exit $?
                 ;;
+            --min)
+                shift; MIN_TESTS=$1
+                ;;
             --outcome-file)
                 shift; MBEDTLS_TEST_OUTCOME_FILE=$1
                 ;;
@@ -272,17 +300,9 @@ filter()
 
 filter_ciphersuites()
 {
-    if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
-    then
-        # Ciphersuite for Mbed TLS
-        M_CIPHERS=$( filter "$M_CIPHERS" )
-
-        # Ciphersuite for OpenSSL
-        O_CIPHERS=$( filter "$O_CIPHERS" )
-
-        # Ciphersuite for GnuTLS
-        G_CIPHERS=$( filter "$G_CIPHERS" )
-    fi
+    M_CIPHERS=$( filter "$M_CIPHERS" )
+    O_CIPHERS=$( filter "$O_CIPHERS" )
+    G_CIPHERS=$( filter "$G_CIPHERS" )
 }
 
 reset_ciphersuites()
@@ -640,14 +660,18 @@ add_gnutls_ciphersuites()
             ;;
 
         "RSA")
-            # Not actually supported with all GnuTLS versions. See
-            # GNUTLS_HAS_TLS1_RSA_NULL_SHA256= below.
-            M_CIPHERS="$M_CIPHERS                               \
-                    TLS-RSA-WITH-NULL-SHA256                    \
-                    "
-            G_CIPHERS="$G_CIPHERS                               \
-                    +RSA:+NULL:+SHA256                          \
-                    "
+            if [ `minor_ver "$MODE"` -ge 1 ]
+            then
+                # Not actually supported with all GnuTLS versions. See
+                # GNUTLS_HAS_TLS1_RSA_NULL_SHA256= below.
+                M_CIPHERS="$M_CIPHERS                               \
+                        TLS-RSA-WITH-NULL-SHA256                    \
+                        "
+                G_CIPHERS="$G_CIPHERS                               \
+                        +RSA:+NULL:+SHA256                          \
+                        "
+            fi
+
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
                 M_CIPHERS="$M_CIPHERS                           \
@@ -912,7 +936,26 @@ add_mbedtls_ciphersuites()
 # o_check_ciphersuite CIPHER_SUITE_NAME
 o_check_ciphersuite()
 {
-    if [ "${O_SUPPORT_ECDH}" = "NO" ]; then
+    # skip DTLS when lack of support was declared
+    if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
+        SKIP_NEXT_="YES"
+    fi
+
+    # skip DTLS 1.2 is support was not detected
+    if [ "$O_SUPPORT_DTLS12" = "NO" -a "$MODE" = "dtls12" ]; then
+        SKIP_NEXT="YES"
+    fi
+
+    # skip single-DES ciphersuite if no longer supported
+    if [ "$O_SUPPORT_SINGLE_DES" = "NO" ]; then
+        case "$1" in
+            # note: 3DES is DES-CBC3 for OpenSSL, 3DES for Mbed TLS
+            *-DES-CBC-*|DES-CBC-*) SKIP_NEXT="YES"
+        esac
+    fi
+
+    # skip static ECDH when OpenSSL doesn't support it
+    if [ "${O_SUPPORT_STATIC_ECDH}" = "NO" ]; then
         case "$1" in
             *ECDH-*) SKIP_NEXT="YES"
         esac
@@ -980,7 +1023,7 @@ setup_arguments()
     M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
     O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE"
     G_SERVER_ARGS="-p $PORT --http $G_MODE"
-    G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+    G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+3DES-CBC:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
 
     # The default prime for `openssl s_server` depends on the version:
     # * OpenSSL <= 1.0.2a: 512-bit
@@ -1021,10 +1064,25 @@ setup_arguments()
     esac
 
     case $($OPENSSL ciphers ALL) in
-        *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";;
-        *) O_SUPPORT_ECDH="NO";;
+        *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_STATIC_ECDH="YES";;
+        *) O_SUPPORT_STATIC_ECDH="NO";;
     esac
 
+    case $($OPENSSL ciphers ALL) in
+        *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";;
+        *) O_SUPPORT_SINGLE_DES="NO";;
+    esac
+
+    # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
+    # supports -dtls1_2 from the s_server help. (The s_client
+    # help isn't accurate as of 1.0.2g: it supports DTLS 1.2
+    # but doesn't list it. But the s_server help seems to be
+    # accurate.)
+    O_SUPPORT_DTLS12="NO"
+    if $OPENSSL s_server -help 2>&1 | grep -q "^ *-dtls1_2 "; then
+        O_SUPPORT_DTLS12="YES"
+    fi
+
     if [ "X$VERIFY" = "XYES" ];
     then
         M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
@@ -1474,19 +1532,6 @@ for MODE in $MODES; do
 
                 [Oo]pen*)
 
-                    if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
-                        continue;
-                    fi
-
-                    # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
-                    # supports $O_MODE from the s_server help. (The s_client
-                    # help isn't accurate as of 1.0.2g: it supports DTLS 1.2
-                    # but doesn't list it. But the s_server help seems to be
-                    # accurate.)
-                    if ! $OPENSSL s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
-                        continue;
-                    fi
-
                     reset_ciphersuites
                     add_common_ciphersuites
                     add_openssl_ciphersuites
@@ -1587,6 +1632,16 @@ fi
 PASSED=$(( $TESTS - $FAILED ))
 echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))"
 
+if [ $((TESTS - SKIPPED)) -lt $MIN_TESTS ]; then
+    cat <<EOF
+Error: Expected to run at least $MIN_TESTS, but only ran $((TESTS - SKIPPED)).
+Maybe a bad filter ('$FILTER' excluding '$EXCLUDE') or a bad configuration?
+EOF
+    if [ $FAILED -eq 0 ]; then
+        FAILED=1
+    fi
+fi
+
 FAILED=$(( $FAILED + $SRVMEM ))
 if [ $FAILED -gt 255 ]; then
     # Clamp at 255 as caller gets exit code & 0xFF

tests/include/test/drivers/key_management.h

@@ -30,6 +30,10 @@ typedef struct {
     /* Count the amount of times one of the key management driver functions
      * is called. */
     unsigned long hits;
+    /* Subset of hits which only counts public key export operations */
+    unsigned long hits_export_public_key;
+    /* Subset of hits which only counts key generation operations */
+    unsigned long hits_generate_key;
     /* Location of the last key management driver called to import a key. */
     psa_key_location_t location;
 } mbedtls_test_driver_key_management_hooks_t;
@@ -38,7 +42,7 @@ typedef struct {
  * sense that no PSA specification will assign a meaning to this location
  * (stated first in version 1.0.1 of the specification) and that it is not
  * used as a location of an opaque test drivers. */
-#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 }
+#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0, 0x800000 }
 static inline mbedtls_test_driver_key_management_hooks_t
 mbedtls_test_driver_key_management_hooks_init(void)
 {

tests/scripts/all.sh

@@ -304,8 +304,9 @@ cleanup()
            \( -iname cmake_install.cmake -o \
               -iname CTestTestfile.cmake -o \
               -iname CMakeCache.txt \) -exec rm {} \+
-    # Recover files overwritten by in-tree CMake builds
-    rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
+    # Remove Makefiles generated by in-tree CMake builds
+    rm -f 3rdparty/Makefile 3rdparty/*/Makefile pkgconfig/Makefile
+    rm -f include/Makefile programs/!(fuzz)/Makefile
 
     # Remove any artifacts from the component_test_cmake_as_subdirectory test.
     rm -rf programs/test/cmake_subproject/build
@@ -886,6 +887,13 @@ component_test_default_out_of_box () {
     tests/scripts/run_demos.py
 }
 
+component_build_without_check_config () {
+    msg "build: full without check_config.h"
+    scripts/config.py full
+    sed -i '/#include.*check_config\.h/ s!^!//!' "$CONFIG_H"
+    make
+}
+
 component_test_default_cmake_gcc_asan () {
     msg "build: cmake, gcc, ASan" # ~ 1 min 50s
     CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@@ -928,8 +936,18 @@ component_test_full_cmake_gcc_asan () {
     msg "test: ssl-opt.sh (full config, ASan build)"
     tests/ssl-opt.sh
 
-    msg "test: compat.sh (full config, ASan build)"
-    tests/compat.sh
+    msg "test: compat.sh all except legacy/next (full config, ASan build)"
+    tests/compat.sh -e '^DES-CBC-\|-DES-CBC-\|ARIA\|CHACHA' \
+        -m 'ssl3 tls1 tls1_1 tls12 dtls1 dtls12'
+
+    msg "test: compat.sh single-DES (full config, ASan build)"
+    env OPENSSL="$OPENSSL_LEGACY" tests/compat.sh -e '^$' -f '^DES-CBC\|-DES-CBC-' \
+        -m 'ssl3 tls1 tls1_1 tls12 dtls1 dtls12'
+
+    # ARIA and ChachaPoly are both (D)TLS 1.2 only
+    msg "test: compat.sh ARIA + ChachaPoly (full config, ASan build)"
+    env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' \
+        -m 'tls12 dtls12'
 
     msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
     tests/context-info.sh
@@ -1628,15 +1646,6 @@ component_test_full_cmake_clang () {
 
     msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
     tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
-
-    msg "test: compat.sh RC4, 3DES & NULL (full config)" # ~ 2min
-    tests/compat.sh -e '^$' -f 'NULL\|3DES\|DES-CBC3\|RC4\|ARCFOUR'
-
-    msg "test: compat.sh single-DES (full config)" # ~ 30s
-    env OPENSSL="$OPENSSL_LEGACY" tests/compat.sh -e '3DES\|DES-CBC3' -f 'DES'
-
-    msg "test: compat.sh ARIA + ChachaPoly"
-    env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
 }
 
 skip_suites_without_constant_flow () {
@@ -1925,17 +1934,18 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
     msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)"
     tests/ssl-opt.sh
 
-    msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
-    tests/compat.sh
-
-    msg "test: compat.sh RC4, 3DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
-    tests/compat.sh -e '^$' -f 'NULL\|3DES\|DES-CBC3\|RC4\|ARCFOUR'
+    msg "test: compat.sh all except legacy/next (full minus MBEDTLS_USE_PSA_CRYPTO)"
+    tests/compat.sh -e '^DES-CBC-\|-DES-CBC-\|ARIA\|CHACHA' \
+        -m 'ssl3 tls1 tls1_1 tls12 dtls1 dtls12'
 
     msg "test: compat.sh single-DES (full minus MBEDTLS_USE_PSA_CRYPTO)"
-    env OPENSSL="$OPENSSL_LEGACY" tests/compat.sh -e '3DES\|DES-CBC3' -f 'DES'
+    env OPENSSL="$OPENSSL_LEGACY" tests/compat.sh -e '^$' -f '^DES-CBC\|-DES-CBC-' \
+        -m 'ssl3 tls1 tls1_1 tls12 dtls1 dtls12'
 
+    # ARIA and ChachaPoly are both (D)TLS 1.2 only
     msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
-    env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+    env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' \
+        -m 'tls12 dtls12'
 }
 
 component_test_psa_crypto_config_accel_ecdsa () {

tests/scripts/analyze_outcomes.py

@@ -113,6 +113,18 @@ TASKS = {
                 'test_suite_psa_crypto_metadata;Asymmetric signature: pure EdDSA',
                 # Algorithm not supported yet
                 'test_suite_psa_crypto_metadata;Cipher: XTS',
+                # compat.sh tests with OpenSSL, DTLS 1.2 and singled-DES:
+                # we have no version of OpenSSL on the CI that supports both
+                # DTLS 1.2 and single-DES (1.0.2g is too recent for single-DES
+                # and 1.0.1j is too old for DTLS 1.2).
+                'compat;O->m dtls12,no DES-CBC-SHA',
+                'compat;O->m dtls12,no EDH-RSA-DES-CBC-SHA',
+                'compat;O->m dtls12,yes DES-CBC-SHA',
+                'compat;O->m dtls12,yes EDH-RSA-DES-CBC-SHA',
+                'compat;m->O dtls12,no TLS-DHE-RSA-WITH-DES-CBC-SHA',
+                'compat;m->O dtls12,no TLS-RSA-WITH-DES-CBC-SHA',
+                'compat;m->O dtls12,yes TLS-DHE-RSA-WITH-DES-CBC-SHA',
+                'compat;m->O dtls12,yes TLS-RSA-WITH-DES-CBC-SHA',
             ],
             'full_coverage': False,
         }

tests/scripts/basic-build-test.sh

@@ -104,17 +104,20 @@ echo
 # Step 2c - Compatibility tests (keep going even if some tests fail)
 echo '################ compat.sh ################'
 {
-    echo '#### compat.sh: Default ciphers'
-    sh compat.sh -m 'ssl3 tls1 tls1_1 tls12 dtls1 dtls12'
+    echo '#### compat.sh: all except legacy/next'
+    sh compat.sh -e '^DES-CBC-\|-DES-CBC-\|ARIA\|CHACHA' \
+        -m 'ssl3 tls1 tls1_1 tls12 dtls1 dtls12'
     echo
 
-    echo '#### compat.sh: legacy (null, DES, RC4)'
-    OPENSSL="$OPENSSL_LEGACY" \
-    sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
+    echo '#### compat.sh: legacy (single-DES)'
+    OPENSSL="$OPENSSL_LEGACY" sh compat.sh -e '^$' -f '^DES-CBC\|-DES-CBC-' \
+        -m 'ssl3 tls1 tls1_1 tls12 dtls1 dtls12'
     echo
 
+    # ARIA and ChachaPoly are both (D)TLS 1.2 only
     echo '#### compat.sh: next (ARIA, ChaCha)'
-    OPENSSL="$OPENSSL_NEXT" sh compat.sh -e '^$' -f 'ARIA\|CHACHA'
+    OPENSSL="$OPENSSL_NEXT" sh compat.sh -e '^$' -f 'ARIA\|CHACHA' \
+        -m 'tls12 dtls12'
     echo
 } | tee compat-test-$TEST_OUTPUT
 echo '^^^^^^^^^^^^^^^^ compat.sh ^^^^^^^^^^^^^^^^'

tests/scripts/check-generated-files.sh

@@ -102,4 +102,5 @@ check scripts/generate_visualc_files.pl visualc/VS2010
 check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
 check tests/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
 check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list)
+check tests/scripts/generate_config_tests.py $(tests/scripts/generate_config_tests.py --list)
 check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list)

tests/scripts/generate_config_tests.py

@@ -0,0 +1,164 @@
+#!/usr/bin/env python3
+"""Generate test data for configuration reporting.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+import re
+import sys
+from typing import Iterable, Iterator, List, Optional, Tuple
+
+import scripts_path # pylint: disable=unused-import
+import config
+from mbedtls_dev import test_case
+from mbedtls_dev import test_data_generation
+
+
+def single_setting_case(setting: config.Setting, when_on: bool,
+                        dependencies: List[str],
+                        note: Optional[str]) -> test_case.TestCase:
+    """Construct a test case for a boolean setting.
+
+    This test case passes if the setting and its dependencies are enabled,
+    and is skipped otherwise.
+
+    * setting: the setting to be tested.
+    * when_on: True to test with the setting enabled, or False to test
+      with the setting disabled.
+    * dependencies: extra dependencies for the test case.
+    * note: a note to add after the setting name in the test description.
+      This is generally a summary of dependencies, and is generally empty
+      if the given setting is only tested once.
+    """
+    base = setting.name if when_on else '!' + setting.name
+    tc = test_case.TestCase()
+    tc.set_function('pass')
+    description_suffix = ' (' + note + ')' if note else ''
+    tc.set_description('Config: ' + base + description_suffix)
+    tc.set_dependencies([base] + dependencies)
+    return tc
+
+
+# If foo is a setting that is only meaningful when bar is enabled, set
+# SIMPLE_DEPENDENCIES[foo]=bar. More generally, bar can be a colon-separated
+# list of settings, meaning that all the settings must be enabled. Each setting
+# in bar can be prefixed with '!' to negate it. This is the same syntax as a
+# depends_on directive in test data.
+# See also `dependencies_of_settting`.
+SIMPLE_DEPENDENCIES = {
+    'MBEDTLS_AESNI_C': 'MBEDTLS_AES_C',
+    'MBEDTLS_ERROR_STRERROR_DUMMY': '!MBEDTLS_ERROR_C',
+    'MBEDTLS_GENPRIME': 'MBEDTLS_RSA_C',
+    'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES': 'MBEDTLS_ENTROPY_C',
+    'MBEDTLS_NO_PLATFORM_ENTROPY': 'MBEDTLS_ENTROPY_C',
+    'MBEDTLS_PKCS1_V15': 'MBEDTLS_RSA_C',
+    'MBEDTLS_PKCS1_V21': 'MBEDTLS_RSA_C',
+    'MBEDTLS_PSA_CRYPTO_CLIENT': '!MBEDTLS_PSA_CRYPTO_C',
+    'MBEDTLS_PSA_INJECT_ENTROPY': 'MBEDTLS_PSA_CRYPTO_C',
+    'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS': 'MBEDTLS_PSA_CRYPTO_C',
+    'MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL': 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C',
+}
+
+def dependencies_of_setting(cfg: config.Config,
+                            setting: config.Setting) -> Optional[str]:
+    """Return dependencies without which a setting is not meaningful.
+
+    The dependencies of a setting express when a setting can be enabled and
+    is relevant. For example, if ``check_config.h`` errors out when
+    ``defined(FOO) && !defined(BAR)``, then ``BAR`` is a dependency of ``FOO``.
+    If ``FOO`` has no effect when ``CORGE`` is disabled, then ``CORGE``
+    is a dependency of ``FOO``.
+
+    The return value can be a colon-separated list of settings, if the setting
+    is only meaningful when all of these settings are enabled. Each setting can
+    be negated by prefixing them with '!'. This is the same syntax as a
+    depends_on directive in test data.
+    """
+    #pylint: disable=too-many-return-statements
+    name = setting.name
+    if name in SIMPLE_DEPENDENCIES:
+        return SIMPLE_DEPENDENCIES[name]
+    if name.startswith('MBEDTLS_') and not name.endswith('_C'):
+        if name.startswith('MBEDTLS_CIPHER_PADDING_'):
+            return 'MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC'
+        if name.startswith('MBEDTLS_PK_PARSE_EC_'):
+            return 'MBEDTLS_PK_C:MBEDTLS_PK_HAVE_ECC_KEYS'
+        # For TLS settings, insist on having them once off and once on in
+        # a configuration where both client support and server support are
+        # enabled. The settings are also meaningful when only one side is
+        # enabled, but there isn't much point in having separate records
+        # for client-side and server-side, so we keep things simple.
+        # Requiring both sides to be enabled also means we know we'll run
+        # tests that only run Mbed TLS against itself, which only run in
+        # configurations with both sides enabled.
+        if name.startswith('MBEDTLS_SSL_TLS1_3_'):
+            return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL'
+        if name.startswith('MBEDTLS_SSL_DTLS_'):
+            return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_DTLS'
+        if name.startswith('MBEDTLS_SSL_'):
+            return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C'
+        for pos in re.finditer(r'_', name):
+            super_name = name[:pos.start()] + '_C'
+            if cfg.known(super_name):
+                return super_name
+    return None
+
+def conditions_for_setting(cfg: config.Config,
+                           setting: config.Setting
+                           ) -> Iterator[Tuple[List[str], str]]:
+    """Enumerate the conditions under which to test the given setting.
+
+    * cfg: all configuration settings.
+    * setting: the setting to be tested.
+
+    Generate a stream of conditions, i.e. extra dependencies to test with
+    together with a human-readable explanation of each dependency. Some
+    typical cases:
+
+    * By default, generate a one-element stream with no extra dependencies.
+    * If the setting is ignored unless some other setting is enabled, generate
+      a one-element stream with that other setting as an extra dependency.
+    * If the setting is known to interact with some other setting, generate
+      a stream with one element where this setting is on and one where it's off.
+    * To skip the setting altogether, generate an empty stream.
+    """
+    name = setting.name
+    if name.endswith('_ALT') and not config.is_seamless_alt(name):
+        # We don't test alt implementations, except (most) platform alts
+        return
+    dependencies = dependencies_of_setting(cfg, setting)
+    if dependencies:
+        yield [dependencies], ''
+        return
+    yield [], ''
+
+
+def enumerate_boolean_setting_cases(cfg: config.Config
+                                   ) -> Iterable[test_case.TestCase]:
+    """Emit test cases for all boolean settings."""
+    for name in sorted(cfg.settings.keys()):
+        setting = cfg.settings[name]
+        if not name.startswith('PSA_WANT_') and setting.value:
+            continue # non-boolean setting
+        for when_on in True, False:
+            for deps, note in conditions_for_setting(cfg, setting):
+                yield single_setting_case(setting, when_on, deps, note)
+
+
+
+class ConfigTestGenerator(test_data_generation.TestGenerator):
+    """Generate test cases for configuration reporting."""
+
+    def __init__(self, settings):
+        self.mbedtls_config = config.ConfigFile()
+        self.targets['test_suite_config.mbedtls_boolean'] = \
+            lambda: enumerate_boolean_setting_cases(self.mbedtls_config)
+        self.psa_config = config.ConfigFile('include/psa/crypto_config.h')
+        self.targets['test_suite_config.psa_boolean'] = \
+            lambda: enumerate_boolean_setting_cases(self.psa_config)
+        super().__init__(settings)
+
+
+if __name__ == '__main__':
+    test_data_generation.main(sys.argv[1:], __doc__, ConfigTestGenerator)

tests/scripts/generate_psa_tests.py

@@ -25,23 +25,21 @@ from mbedtls_dev import test_data_generation
 
 def test_case_for_key_type_not_supported(
         verb: str, key_type: str, bits: int,
-        dependencies: List[str],
+        not_supported_mechanism: str,
         *args: str,
         param_descr: str = ''
 ) -> test_case.TestCase:
     """Return one test case exercising a key creation method
     for an unsupported key type or size.
     """
-    psa_information.hack_dependencies_not_implemented(dependencies)
-    tc = test_case.TestCase()
+    tc = psa_information.TestCase()
     short_key_type = crypto_knowledge.short_expression(key_type)
-    adverb = 'not' if dependencies else 'never'
-    if param_descr:
-        adverb = param_descr + ' ' + adverb
-    tc.set_description('PSA {} {} {}-bit {} supported'
-                       .format(verb, short_key_type, bits, adverb))
-    tc.set_dependencies(dependencies)
+    tc.set_description('PSA {} {} {}-bit{} not supported'
+                       .format(verb, short_key_type, bits,
+                               ' ' + param_descr if param_descr else ''))
     tc.set_function(verb + '_not_supported')
+    tc.set_key_bits(bits)
+    tc.assumes_not_supported(not_supported_mechanism)
     tc.set_arguments([key_type] + list(args))
     return tc
 
@@ -71,34 +69,27 @@ class KeyTypeNotSupported:
             # Don't generate test cases for key types that are always supported.
             # They would be skipped in all configurations, which is noise.
             return
-        import_dependencies = [('!' if param is None else '') +
-                               psa_information.psa_want_symbol(kt.name)]
-        if kt.params is not None:
-            import_dependencies += [('!' if param == i else '') +
-                                    psa_information.psa_want_symbol(sym)
-                                    for i, sym in enumerate(kt.params)]
-        if kt.name.endswith('_PUBLIC_KEY'):
-            generate_dependencies = []
+        if param is None:
+            not_supported_mechanism = kt.name
         else:
-            generate_dependencies = import_dependencies
+            assert kt.params is not None
+            not_supported_mechanism = kt.params[param]
         for bits in kt.sizes_to_test():
             yield test_case_for_key_type_not_supported(
                 'import', kt.expression, bits,
-                psa_information.finish_family_dependencies(import_dependencies, bits),
+                not_supported_mechanism,
                 test_case.hex_string(kt.key_material(bits)),
                 param_descr=param_descr,
             )
-            if not generate_dependencies and param is not None:
-                # If generation is impossible for this key type, rather than
-                # supported or not depending on implementation capabilities,
-                # only generate the test case once.
-                continue
-                # For public key we expect that key generation fails with
-                # INVALID_ARGUMENT. It is handled by KeyGenerate class.
+            # Don't generate not-supported test cases for key generation of
+            # public keys. Our implementation always returns
+            # PSA_ERROR_INVALID_ARGUMENT when attempting to generate a
+            # public key, so we cover this together with the positive cases
+            # in the KeyGenerate class.
             if not kt.is_public():
                 yield test_case_for_key_type_not_supported(
                     'generate', kt.expression, bits,
-                    psa_information.finish_family_dependencies(generate_dependencies, bits),
+                    not_supported_mechanism,
                     str(bits),
                     param_descr=param_descr,
                 )
@@ -124,21 +115,18 @@ class KeyTypeNotSupported:
 
 def test_case_for_key_generation(
         key_type: str, bits: int,
-        dependencies: List[str],
         *args: str,
         result: str = ''
 ) -> test_case.TestCase:
     """Return one test case exercising a key generation.
     """
-    psa_information.hack_dependencies_not_implemented(dependencies)
-    tc = test_case.TestCase()
+    tc = psa_information.TestCase()
     short_key_type = crypto_knowledge.short_expression(key_type)
     tc.set_description('PSA {} {}-bit'
                        .format(short_key_type, bits))
-    tc.set_dependencies(dependencies)
     tc.set_function('generate_key')
+    tc.set_key_bits(bits)
     tc.set_arguments([key_type] + list(args) + [result])
-
     return tc
 
 class KeyGenerate:
@@ -160,28 +148,25 @@ class KeyGenerate:
         PSA_ERROR_INVALID_ARGUMENT status is expected.
         """
         result = 'PSA_SUCCESS'
-
-        import_dependencies = [psa_information.psa_want_symbol(kt.name)]
-        if kt.params is not None:
-            import_dependencies += [psa_information.psa_want_symbol(sym)
-                                    for i, sym in enumerate(kt.params)]
         if kt.name.endswith('_PUBLIC_KEY'):
-            # The library checks whether the key type is a public key generically,
-            # before it reaches a point where it needs support for the specific key
-            # type, so it returns INVALID_ARGUMENT for unsupported public key types.
-            generate_dependencies = []
             result = 'PSA_ERROR_INVALID_ARGUMENT'
-        else:
-            generate_dependencies = import_dependencies
-            if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
-                generate_dependencies.append("MBEDTLS_GENPRIME")
         for bits in kt.sizes_to_test():
-            yield test_case_for_key_generation(
+            tc = test_case_for_key_generation(
                 kt.expression, bits,
-                psa_information.finish_family_dependencies(generate_dependencies, bits),
                 str(bits),
                 result
             )
+            if result == 'PSA_ERROR_INVALID_ARGUMENT':
+                # The library checks whether the key type is a public key generically,
+                # before it reaches a point where it needs support for the specific key
+                # type, so it returns INVALID_ARGUMENT for unsupported public key types.
+                tc.set_dependencies([])
+            elif kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
+                # A necessary deviation because PSA_WANT symbols don't
+                # distinguish between key generation and usage, but for
+                # RSA key generation has an extra requirement.
+                tc.dependencies.insert(0, 'MBEDTLS_GENPRIME')
+            yield tc
 
     def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]:
         """Generate test cases that exercise the generation of keys."""
@@ -223,7 +208,7 @@ class OpFail:
     ) -> test_case.TestCase:
         """Construct a failure test case for a one-key or keyless operation."""
         #pylint: disable=too-many-arguments,too-many-locals
-        tc = test_case.TestCase()
+        tc = psa_information.TestCase()
         pretty_alg = alg.short_expression()
         if reason == self.Reason.NOT_SUPPORTED:
             short_deps = [re.sub(r'PSA_WANT_ALG_', r'', dep)
@@ -242,22 +227,22 @@ class OpFail:
                                    pretty_alg,
                                    pretty_reason,
                                    ' with ' + pretty_type if pretty_type else ''))
-        dependencies = psa_information.automatic_dependencies(alg.base_expression, key_type)
-        for i, dep in enumerate(dependencies):
-            if dep in not_deps:
-                dependencies[i] = '!' + dep
-        tc.set_dependencies(dependencies)
         tc.set_function(category.name.lower() + '_fail')
         arguments = [] # type: List[str]
         if kt:
-            key_material = kt.key_material(kt.sizes_to_test()[0])
+            bits = kt.sizes_to_test()[0]
+            key_material = kt.key_material(bits)
             arguments += [key_type, test_case.hex_string(key_material)]
+            tc.set_key_bits(bits)
         arguments.append(alg.expression)
         if category.is_asymmetric():
-            arguments.append('1' if reason == self.Reason.PUBLIC else '0')
+            private_only = (reason == self.Reason.PUBLIC)
+            arguments.append('1' if private_only else '0')
         error = ('NOT_SUPPORTED' if reason == self.Reason.NOT_SUPPORTED else
                  'INVALID_ARGUMENT')
         arguments.append('PSA_ERROR_' + error)
+        for dep in not_deps:
+            tc.assumes_not_supported(dep)
         tc.set_arguments(arguments)
         return tc
 
@@ -288,9 +273,25 @@ class OpFail:
             if key_is_compatible and alg.can_do(category):
                 # Compatible key and operation, unsupported algorithm
                 for dep in psa_information.automatic_dependencies(alg.base_expression):
+                    deps = [dep]
+                    # Special case: if one of deterministic/randomized
+                    # ECDSA is supported but not the other, then the one
+                    # that is not supported in the signature direction is
+                    # still supported in the verification direction,
+                    # because the two verification algorithms are
+                    # identical. This property is how Mbed TLS chooses to
+                    # behave, the specification would also allow it to
+                    # reject the algorithm. In the generated test cases,
+                    # we avoid this difficulty by not running the
+                    # not-supported test case when exactly one of the
+                    # two variants is supported.
+                    if dep == 'PSA_WANT_ALG_DETERMINISTIC_ECDSA':
+                        deps.append('PSA_WANT_ALG_ECDSA')
+                    elif dep == 'PSA_WANT_ALG_ECDSA':
+                        deps.append('PSA_WANT_ALG_DETERMINISTIC_ECDSA')
                     yield self.make_test_case(alg, category,
                                               self.Reason.NOT_SUPPORTED,
-                                              kt=kt, not_deps=frozenset([dep]))
+                                              kt=kt, not_deps=frozenset(deps))
                 # Public key for a private-key operation
                 if category.is_asymmetric() and kt.is_public():
                     yield self.make_test_case(alg, category,
@@ -461,14 +462,9 @@ class StorageFormat:
         correctly.
         """
         verb = 'save' if self.forward else 'read'
-        tc = test_case.TestCase()
+        tc = psa_information.TestCase()
         tc.set_description(verb + ' ' + key.description)
-        dependencies = psa_information.automatic_dependencies(
-            key.lifetime.string, key.type.string,
-            key.alg.string, key.alg2.string,
-        )
-        dependencies = psa_information.finish_family_dependencies(dependencies, key.bits)
-        tc.set_dependencies(dependencies)
+        tc.set_key_bits(key.bits)
         tc.set_function('key_storage_' + verb)
         if self.forward:
             extra_arguments = []

tests/scripts/test-ref-configs.pl

@@ -27,7 +27,8 @@ my %configs = (
         'test_again_with_use_psa' => 1
     },
     'config-mini-tls1_1.h' => {
-        'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #',
+         # Include DES; exclude (EC)DH; only pure-RSA key exchanges
+        'compat' => '-m tls1_1 -e \'NULL\|RC4\|ARCFOUR\|ARIA\|CAMELLIA\|DH\|PSK\' -t RSA',
         ## Skip ssl-opt testing for now because ssl-opt.sh is missing a lot
         ## of requires_xxx so it would try to run tests that don't apply.
         # 'opt' => ' ',

tests/src/drivers/test_driver_key_management.c

@@ -93,6 +93,7 @@ psa_status_t mbedtls_test_transparent_generate_key(
     uint8_t *key, size_t key_size, size_t *key_length)
 {
     ++mbedtls_test_driver_key_management_hooks.hits;
+    ++mbedtls_test_driver_key_management_hooks.hits_generate_key;
 
     if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
         return mbedtls_test_driver_key_management_hooks.forced_status;
@@ -291,6 +292,7 @@ psa_status_t mbedtls_test_transparent_export_public_key(
     uint8_t *data, size_t data_size, size_t *data_length)
 {
     ++mbedtls_test_driver_key_management_hooks.hits;
+    ++mbedtls_test_driver_key_management_hooks.hits_export_public_key;
 
     if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
         return mbedtls_test_driver_key_management_hooks.forced_status;

tests/src/test_helpers/ssl_helpers.c

@@ -10,6 +10,8 @@
 
 #include <test/ssl_helpers.h>
 
+#include <limits.h>
+
 #if defined(MBEDTLS_SSL_TLS_C)
 
 void mbedtls_test_ssl_log_analyzer(void *ctx, int level,
@@ -501,7 +503,10 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx,
              * happen in test environment, unless forced manually. */
         }
     }
-    mbedtls_test_ssl_message_queue_pop_info(queue, buf_len);
+    ret = mbedtls_test_ssl_message_queue_pop_info(queue, buf_len);
+    if (ret < 0) {
+        return ret;
+    }
 
     return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len;
 }

tests/ssl-opt.sh

@@ -69,6 +69,32 @@ TCP_CLIENT="$PERL scripts/tcp_client.pl"
 
 # alternative versions of OpenSSL and GnuTLS (no default path)
 
+# If $OPENSSL is at least 1.1.1, use it as OPENSSL_NEXT as well.
+if [ -z "${OPENSSL_NEXT:-}" ]; then
+    case $($OPENSSL version) in
+        OpenSSL\ 1.1.[1-9]*) OPENSSL_NEXT=$OPENSSL;;
+        OpenSSL\ [3-9]*) OPENSSL_NEXT=$OPENSSL;;
+    esac
+fi
+
+# If $GNUTLS_CLI is at least 3.7, use it as GNUTLS_NEXT_CLI as well.
+if [ -z "${GNUTLS_NEXT_CLI:-}" ]; then
+    case $($GNUTLS_CLI --version) in
+        gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
+        gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
+        gnutls-cli\ [4-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
+    esac
+fi
+
+# If $GNUTLS_SERV is at least 3.7, use it as GNUTLS_NEXT_SERV as well.
+if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then
+    case $($GNUTLS_SERV --version) in
+        gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
+        gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
+        gnutls-cli\ [4-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
+    esac
+fi
+
 if [ -n "${OPENSSL_NEXT:-}" ]; then
     O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
     O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
@@ -103,6 +129,7 @@ SHOW_TEST_NUMBER=0
 LIST_TESTS=0
 RUN_TEST_NUMBER=''
 
+MIN_TESTS=1
 PRESERVE_LOGS=0
 
 # Pick a "unique" server port in the range 10000-19999, and a proxy
@@ -121,6 +148,7 @@ print_usage() {
     printf "  -s|--show-numbers\tShow test numbers in front of test names\n"
     printf "  -p|--preserve-logs\tPreserve logs of successful tests as well\n"
     printf "     --list-test-cases\tList all potential test cases (No Execution)\n"
+    printf "     --min      \tMinimum number of non-skipped tests (default 1)\n"
     printf "     --outcome-file\tFile where test outcomes are written\n"
     printf "                \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
     printf "     --port     \tTCP/UDP port (default: randomish 1xxxx)\n"
@@ -152,6 +180,9 @@ get_options() {
             -p|--preserve-logs)
                 PRESERVE_LOGS=1
                 ;;
+            --min)
+                shift; MIN_TESTS=$1
+                ;;
             --outcome-file)
                 shift; MBEDTLS_TEST_OUTCOME_FILE=$1
                 ;;
@@ -352,9 +383,10 @@ requires_certificate_authentication () {
 
 adapt_cmd_for_psk () {
     case "$2" in
-        *openssl*) s='-psk abc123 -nocert';;
-        *gnutls-*) s='--pskkey=abc123';;
-        *) s='psk=abc123';;
+        *openssl*s_server*) s='-psk 73776f726466697368 -nocert';;
+        *openssl*) s='-psk 73776f726466697368';;
+        *gnutls-*) s='--pskusername=Client_identity --pskkey=73776f726466697368';;
+        *) s='psk=73776f726466697368';;
     esac
     eval $1='"$2 $s"'
     unset s
@@ -1154,7 +1186,7 @@ do_run_test_once() {
 
     if [ -n "$PXY_CMD" ]; then
         kill $PXY_PID >/dev/null 2>&1
-        wait $PXY_PID
+        wait $PXY_PID >> $PXY_OUT 2>&1
     fi
 }
 
@@ -1319,7 +1351,7 @@ run_test_psa_force_curve() {
 # a maximum fragment length.
 #  first argument ($1) is MFL for SSL client
 #  second argument ($2) is memory usage for SSL client with default MFL (16k)
-run_test_memory_after_hanshake_with_mfl()
+run_test_memory_after_handshake_with_mfl()
 {
     # The test passes if the difference is around 2*(16k-MFL)
     MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))"
@@ -1339,7 +1371,7 @@ run_test_memory_after_hanshake_with_mfl()
 
 # Test that the server's memory usage after a handshake is reduced when a client specifies
 # different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes
-run_tests_memory_after_hanshake()
+run_tests_memory_after_handshake()
 {
     # all tests in this sequence requires the same configuration (see requires_config_enabled())
     SKIP_THIS_TESTS="$SKIP_NEXT"
@@ -1355,16 +1387,16 @@ run_tests_memory_after_hanshake()
                 -F "handshake_memory_get MEMORY_USAGE_MFL_16K"
 
     SKIP_NEXT="$SKIP_THIS_TESTS"
-    run_test_memory_after_hanshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K"
+    run_test_memory_after_handshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K"
 
     SKIP_NEXT="$SKIP_THIS_TESTS"
-    run_test_memory_after_hanshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K"
+    run_test_memory_after_handshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K"
 
     SKIP_NEXT="$SKIP_THIS_TESTS"
-    run_test_memory_after_hanshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K"
+    run_test_memory_after_handshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K"
 
     SKIP_NEXT="$SKIP_THIS_TESTS"
-    run_test_memory_after_hanshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K"
+    run_test_memory_after_handshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K"
 }
 
 cleanup() {
@@ -1723,8 +1755,8 @@ run_test    "Opaque key: server: ECDH-RSA not supported" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "Opaque psk: client: ECDHE-PSK not supported" \
-            "$P_SRV debug_level=1 psk=abc123 psk_identity=foo" \
-            "$P_CLI debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 \
+            "$P_SRV debug_level=1 psk=73776f726466697368 psk_identity=foo" \
+            "$P_CLI debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 \
             force_version=tls12 \
             force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
             1 \
@@ -1734,8 +1766,8 @@ run_test    "Opaque psk: client: ECDHE-PSK not supported" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "Opaque psk: client: DHE-PSK not supported" \
-            "$P_SRV debug_level=1 psk=abc123 psk_identity=foo" \
-            "$P_CLI debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 \
+            "$P_SRV debug_level=1 psk=73776f726466697368 psk_identity=foo" \
+            "$P_CLI debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 \
             force_version=tls12 \
             force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \
             1 \
@@ -1745,8 +1777,8 @@ run_test    "Opaque psk: client: DHE-PSK not supported" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "Opaque psk: client: RSA-PSK not supported" \
-            "$P_SRV debug_level=1 psk=abc123 psk_identity=foo" \
-            "$P_CLI debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 \
+            "$P_SRV debug_level=1 psk=73776f726466697368 psk_identity=foo" \
+            "$P_CLI debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 \
             force_version=tls12 \
             force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
             1 \
@@ -1756,10 +1788,10 @@ run_test    "Opaque psk: client: RSA-PSK not supported" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "Opaque psk: server: ECDHE-PSK not supported" \
-            "$P_SRV debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 \
+            "$P_SRV debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 \
             force_version=tls12 \
             force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI debug_level=1 psk=abc123 psk_identity=foo" \
+            "$P_CLI debug_level=1 psk=73776f726466697368 psk_identity=foo" \
             1 \
             -s "opaque PSK not supported with ECDHE-PSK" \
             -s "error" \
@@ -1767,10 +1799,10 @@ run_test    "Opaque psk: server: ECDHE-PSK not supported" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "Opaque psk: server: DHE-PSK not supported" \
-            "$P_SRV debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 \
+            "$P_SRV debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 \
             force_version=tls12 \
             force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI debug_level=1 psk=abc123 psk_identity=foo" \
+            "$P_CLI debug_level=1 psk=73776f726466697368 psk_identity=foo" \
             1 \
             -s "opaque PSK not supported with DHE-PSK" \
             -s "error" \
@@ -1778,10 +1810,10 @@ run_test    "Opaque psk: server: DHE-PSK not supported" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "Opaque psk: server: RSA-PSK not supported" \
-            "$P_SRV debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 \
+            "$P_SRV debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 \
             force_version=tls12 \
             force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
-            "$P_CLI debug_level=1 psk=abc123 psk_identity=foo" \
+            "$P_CLI debug_level=1 psk=73776f726466697368 psk_identity=foo" \
             1 \
             -s "opaque PSK not supported with RSA-PSK" \
             -s "error" \
@@ -1935,12 +1967,14 @@ run_test    "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
 
 # Tests for SHA-1 support
 
+requires_config_enabled MBEDTLS_SHA1_C
 run_test    "SHA-1 forbidden by default in server certificate" \
             "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
             "$P_CLI debug_level=2 allow_sha1=0" \
             1 \
             -c "The certificate is signed with an unacceptable hash"
 
+requires_config_enabled MBEDTLS_SHA1_C
 run_test    "SHA-1 explicitly allowed in server certificate" \
             "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
             "$P_CLI allow_sha1=1" \
@@ -1951,17 +1985,23 @@ run_test    "SHA-256 allowed by default in server certificate" \
             "$P_CLI allow_sha1=0" \
             0
 
+requires_config_enabled MBEDTLS_SHA1_C
+requires_config_enabled MBEDTLS_RSA_C
 run_test    "SHA-1 forbidden by default in client certificate" \
             "$P_SRV auth_mode=required allow_sha1=0" \
             "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
             1 \
             -s "The certificate is signed with an unacceptable hash"
 
+requires_config_enabled MBEDTLS_SHA1_C
+requires_config_enabled MBEDTLS_RSA_C
 run_test    "SHA-1 explicitly allowed in client certificate" \
             "$P_SRV auth_mode=required allow_sha1=1" \
             "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
             0
 
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SHA256_C
 run_test    "SHA-256 allowed by default in client certificate" \
             "$P_SRV auth_mode=required allow_sha1=0" \
             "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
@@ -4332,7 +4372,7 @@ run_test    "Renegotiation: openssl server, client-initiated" \
             -c "client hello, adding renegotiation extension" \
             -c "found renegotiation extension" \
             -c "=> renegotiate" \
-            -C "ssl_hanshake() returned" \
+            -C "ssl_handshake() returned" \
             -C "error" \
             -c "HTTP/1.0 200 [Oo][Kk]"
 
@@ -4345,7 +4385,7 @@ run_test    "Renegotiation: gnutls server strict, client-initiated" \
             -c "client hello, adding renegotiation extension" \
             -c "found renegotiation extension" \
             -c "=> renegotiate" \
-            -C "ssl_hanshake() returned" \
+            -C "ssl_handshake() returned" \
             -C "error" \
             -c "HTTP/1.0 200 [Oo][Kk]"
 
@@ -4386,7 +4426,7 @@ run_test    "Renegotiation: gnutls server unsafe, client-inititated legacy" \
             -c "client hello, adding renegotiation extension" \
             -C "found renegotiation extension" \
             -c "=> renegotiate" \
-            -C "ssl_hanshake() returned" \
+            -C "ssl_handshake() returned" \
             -C "error" \
             -c "HTTP/1.0 200 [Oo][Kk]"
 
@@ -4449,6 +4489,7 @@ run_test    "Renegotiation: DTLS, gnutls server, client-initiated" \
 # Test for the "secure renegotiation" extension only (no actual renegotiation)
 
 requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "Renego ext: gnutls server strict, client default" \
             "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
             "$P_CLI debug_level=3" \
@@ -4458,6 +4499,7 @@ run_test    "Renego ext: gnutls server strict, client default" \
             -c "HTTP/1.0 200 [Oo][Kk]"
 
 requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "Renego ext: gnutls server unsafe, client default" \
             "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
             "$P_CLI debug_level=3" \
@@ -4467,6 +4509,7 @@ run_test    "Renego ext: gnutls server unsafe, client default" \
             -c "HTTP/1.0 200 [Oo][Kk]"
 
 requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "Renego ext: gnutls server unsafe, client break legacy" \
             "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
             "$P_CLI debug_level=3 allow_legacy=-1" \
@@ -4476,6 +4519,7 @@ run_test    "Renego ext: gnutls server unsafe, client break legacy" \
             -C "HTTP/1.0 200 [Oo][Kk]"
 
 requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "Renego ext: gnutls client strict, server default" \
             "$P_SRV debug_level=3" \
             "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
@@ -4484,6 +4528,7 @@ run_test    "Renego ext: gnutls client strict, server default" \
             -s "server hello, secure renegotiation extension"
 
 requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "Renego ext: gnutls client unsafe, server default" \
             "$P_SRV debug_level=3" \
             "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
@@ -4492,6 +4537,7 @@ run_test    "Renego ext: gnutls client unsafe, server default" \
             -S "server hello, secure renegotiation extension"
 
 requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "Renego ext: gnutls client unsafe, server break legacy" \
             "$P_SRV debug_level=3 allow_legacy=-1" \
             "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
@@ -6197,9 +6243,9 @@ run_test    "DHM size: server default, client 2049, rejected" \
 # Tests for PSK callback
 
 run_test    "PSK callback: psk, no callback" \
-            "$P_SRV psk=abc123 psk_identity=foo" \
+            "$P_SRV psk=73776f726466697368 psk_identity=foo" \
             "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123" \
+            psk_identity=foo psk=73776f726466697368" \
             0 \
             -S "SSL - None of the common ciphersuites is usable" \
             -S "SSL - Unknown identity received" \
@@ -6207,9 +6253,9 @@ run_test    "PSK callback: psk, no callback" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: opaque psk on client, no callback" \
-            "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+            "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
             "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123 psk_opaque=1" \
+            psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
             0 \
             -c "skip PMS generation for opaque PSK"\
             -S "skip PMS generation for opaque PSK"\
@@ -6221,9 +6267,9 @@ run_test    "PSK callback: opaque psk on client, no callback" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: opaque psk on client, no callback, SHA-384" \
-            "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+            "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
             "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=foo psk=abc123 psk_opaque=1" \
+            psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
             0 \
             -c "skip PMS generation for opaque PSK"\
             -S "skip PMS generation for opaque PSK"\
@@ -6235,9 +6281,9 @@ run_test    "PSK callback: opaque psk on client, no callback, SHA-384" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: opaque psk on client, no callback, EMS" \
-            "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+            "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
             "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123 psk_opaque=1" \
+            psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
             0 \
             -c "skip PMS generation for opaque PSK"\
             -S "skip PMS generation for opaque PSK"\
@@ -6249,9 +6295,9 @@ run_test    "PSK callback: opaque psk on client, no callback, EMS" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
-            "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+            "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
             "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=foo psk=abc123 psk_opaque=1" \
+            psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
             0 \
             -c "skip PMS generation for opaque PSK"\
             -S "skip PMS generation for opaque PSK"\
@@ -6263,9 +6309,9 @@ run_test    "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: raw psk on client, static opaque on server, no callback" \
-            "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+            "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
             "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123" \
+            psk_identity=foo psk=73776f726466697368" \
             0 \
             -C "skip PMS generation for opaque PSK"\
             -s "skip PMS generation for opaque PSK"\
@@ -6277,9 +6323,9 @@ run_test    "PSK callback: raw psk on client, static opaque on server, no callba
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
-            "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
+            "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
             "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=foo psk=abc123" \
+            psk_identity=foo psk=73776f726466697368" \
             0 \
             -C "skip PMS generation for opaque PSK"\
             -s "skip PMS generation for opaque PSK"\
@@ -6291,10 +6337,10 @@ run_test    "PSK callback: raw psk on client, static opaque on server, no callba
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
-            "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+            "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
             force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
             "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123 extended_ms=1" \
+            psk_identity=foo psk=73776f726466697368 extended_ms=1" \
             0 \
             -c "session hash for extended master secret"\
             -s "session hash for extended master secret"\
@@ -6306,10 +6352,10 @@ run_test    "PSK callback: raw psk on client, static opaque on server, no callba
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
-            "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+            "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
             force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
             "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
-            psk_identity=foo psk=abc123 extended_ms=1" \
+            psk_identity=foo psk=73776f726466697368 extended_ms=1" \
             0 \
             -c "session hash for extended master secret"\
             -s "session hash for extended master secret"\
@@ -6379,7 +6425,7 @@ run_test    "PSK callback: raw psk on client, no static PSK on server, opaque PS
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
-            "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+            "$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
             "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
             psk_identity=def psk=beef" \
             0 \
@@ -6393,7 +6439,7 @@ run_test    "PSK callback: raw psk on client, mismatching static raw PSK on serv
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
-            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
             "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
             psk_identity=def psk=beef" \
             0 \
@@ -6407,7 +6453,7 @@ run_test    "PSK callback: raw psk on client, mismatching static opaque PSK on s
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
-            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
             "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
             psk_identity=def psk=beef" \
             0 \
@@ -6420,7 +6466,7 @@ run_test    "PSK callback: raw psk on client, mismatching static opaque PSK on s
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
-            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
             "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
             psk_identity=def psk=beef" \
             0 \
@@ -6433,7 +6479,7 @@ run_test    "PSK callback: raw psk on client, id-matching but wrong raw PSK on s
 
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
-            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+            "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,73776f726466697368 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
             "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
             psk_identity=def psk=beef" \
             1 \
@@ -6442,16 +6488,16 @@ run_test    "PSK callback: raw psk on client, matching opaque PSK on server, wro
 run_test    "PSK callback: no psk, no callback" \
             "$P_SRV" \
             "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123" \
+            psk_identity=foo psk=73776f726466697368" \
             1 \
             -s "SSL - None of the common ciphersuites is usable" \
             -S "SSL - Unknown identity received" \
             -S "SSL - Verification of the message MAC failed"
 
 run_test    "PSK callback: callback overrides other settings" \
-            "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
+            "$P_SRV psk=73776f726466697368 psk_identity=foo psk_list=abc,dead,def,beef" \
             "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
-            psk_identity=foo psk=abc123" \
+            psk_identity=foo psk=73776f726466697368" \
             1 \
             -S "SSL - None of the common ciphersuites is usable" \
             -s "SSL - Unknown identity received" \
@@ -6624,11 +6670,25 @@ run_test    "Per-version suites: TLS 1.2" \
 
 # Test for ClientHello without extensions
 
+# Without extensions, ECC is impossible (no curve negotiation).
+requires_config_enabled MBEDTLS_RSA_C
 requires_gnutls
-run_test    "ClientHello without extensions" \
+run_test    "ClientHello without extensions: RSA" \
             "$P_SRV debug_level=3" \
             "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
             0 \
+            -s "Ciphersuite is .*-RSA-WITH-.*" \
+            -S "Ciphersuite is .*-EC.*" \
+            -s "dumping 'client hello extensions' (0 bytes)"
+
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+requires_gnutls
+run_test    "ClientHello without extensions: PSK" \
+            "$P_SRV debug_level=3 psk=73776f726466697368" \
+            "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
+            0 \
+            -s "Ciphersuite is .*-PSK-.*" \
+            -S "Ciphersuite is .*-EC.*" \
             -s "dumping 'client hello extensions' (0 bytes)"
 
 # Tests for mbedtls_ssl_get_bytes_avail()
@@ -7964,9 +8024,9 @@ run_test    "SSL async private: decrypt, delay=1" \
 
 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
 run_test    "SSL async private: decrypt RSA-PSK, delay=0" \
-            "$P_SRV psk=abc123 \
+            "$P_SRV psk=73776f726466697368 \
              async_operations=d async_private_delay1=0 async_private_delay2=0" \
-            "$P_CLI psk=abc123 \
+            "$P_CLI psk=73776f726466697368 \
              force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
             0 \
             -s "Async decrypt callback: using key slot " \
@@ -7974,9 +8034,9 @@ run_test    "SSL async private: decrypt RSA-PSK, delay=0" \
 
 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
 run_test    "SSL async private: decrypt RSA-PSK, delay=1" \
-            "$P_SRV psk=abc123 \
+            "$P_SRV psk=73776f726466697368 \
              async_operations=d async_private_delay1=1 async_private_delay2=1" \
-            "$P_CLI psk=abc123 \
+            "$P_CLI psk=73776f726466697368 \
              force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
             0 \
             -s "Async decrypt callback: using key slot " \
@@ -8414,8 +8474,8 @@ run_test    "DTLS client auth: none, client has no cert" \
             -s "! Certificate verification was skipped"
 
 run_test    "DTLS wrong PSK: badmac alert" \
-            "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
-            "$P_CLI dtls=1 psk=abc124" \
+            "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
+            "$P_CLI dtls=1 psk=73776f726466697374" \
             1 \
             -s "SSL - Verification of the message MAC failed" \
             -c "SSL - A fatal alert message was received from our peer"
@@ -10292,8 +10352,8 @@ requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190
 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230
 run_test    "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
             -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
-            "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
+            "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=73776f726466697368 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
             0 \
             -s "Buffer record from epoch 1" \
             -s "Found buffered record from current epoch - load" \
@@ -10307,8 +10367,8 @@ client_needs_more_time 2
 run_test    "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+             psk=73776f726466697368" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
             -s "Extra-header:" \
@@ -10375,8 +10435,8 @@ requires_config_enabled MBEDTLS_SSL_CACHE_C
 run_test    "DTLS proxy: 3d, min handshake, resumption" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 debug_level=3" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+             psk=73776f726466697368 debug_level=3" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
              debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -10390,8 +10450,8 @@ requires_config_enabled MBEDTLS_SSL_CACHE_C
 run_test    "DTLS proxy: 3d, min handshake, resumption, nbio" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 debug_level=3 nbio=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+             psk=73776f726466697368 debug_level=3 nbio=2" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
              debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
             0 \
@@ -10405,8 +10465,8 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "DTLS proxy: 3d, min handshake, client-initiated renego" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 renegotiation=1 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+             psk=73776f726466697368 renegotiation=1 debug_level=2" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
              renegotiate=1 debug_level=2 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -10420,8 +10480,8 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 renegotiation=1 debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+             psk=73776f726466697368 renegotiation=1 debug_level=2" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
              renegotiate=1 debug_level=2 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -10435,9 +10495,9 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "DTLS proxy: 3d, min handshake, server-initiated renego" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
+             psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \
              debug_level=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
              renegotiation=1 exchanges=4 debug_level=2 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -10451,9 +10511,9 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
-             psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
+             psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \
              debug_level=2 nbio=2" \
-            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
              renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -10548,7 +10608,7 @@ requires_config_enabled MBEDTLS_MEMORY_DEBUG
 requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 requires_max_content_len 16384
-run_tests_memory_after_hanshake
+run_tests_memory_after_handshake
 
 if [ "$LIST_TESTS" -eq 0 ]; then
     # Final report
@@ -10562,6 +10622,16 @@ if [ "$LIST_TESTS" -eq 0 ]; then
     fi
     PASSES=$(( $TESTS - $FAILS ))
     echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
+
+    if [ $((TESTS - SKIPS)) -lt $MIN_TESTS ]; then
+        cat <<EOF
+Error: Expected to run at least $MIN_TESTS, but only ran $((TESTS - SKIPS)).
+Maybe a bad filter ('$FILTER') or a bad configuration?
+EOF
+        if [ $FAILS -eq 0 ]; then
+            FAILS=1
+        fi
+    fi
 fi
 
 if [ $FAILS -gt 255 ]; then

tests/suites/test_suite_config.crypto_combinations.data

@@ -0,0 +1,9 @@
+# Interesting combinations of low-level crypto options
+
+Config: ECC: Weierstrass curves only
+depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:!MBEDTLS_ECP_MONTGOMERY_ENABLED
+pass:
+
+Config: ECC: Montgomery curves only
+depends_on:!MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:MBEDTLS_ECP_MONTGOMERY_ENABLED
+pass:

tests/suites/test_suite_config.function

@@ -0,0 +1,14 @@
+/* BEGIN_HEADER */
+
+/* END_HEADER */
+
+/* BEGIN_CASE */
+/* This test case always passes. It is intended solely for configuration
+ * reporting in the outcome file. Write test cases using this function
+ * with dependencies to record in which configurations the dependencies
+ * are met. */
+void pass()
+{
+    goto exit;
+}
+/* END_CASE */

tests/suites/test_suite_config.psa_boolean.data

@@ -0,0 +1,475 @@
+# Automatically generated by generate_config_tests.py. Do not edit!
+
+Config: PSA_WANT_ALG_CBC_MAC
+depends_on:PSA_WANT_ALG_CBC_MAC
+pass:
+
+Config: !PSA_WANT_ALG_CBC_MAC
+depends_on:!PSA_WANT_ALG_CBC_MAC
+pass:
+
+Config: PSA_WANT_ALG_CBC_NO_PADDING
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING
+pass:
+
+Config: !PSA_WANT_ALG_CBC_NO_PADDING
+depends_on:!PSA_WANT_ALG_CBC_NO_PADDING
+pass:
+
+Config: PSA_WANT_ALG_CBC_PKCS7
+depends_on:PSA_WANT_ALG_CBC_PKCS7
+pass:
+
+Config: !PSA_WANT_ALG_CBC_PKCS7
+depends_on:!PSA_WANT_ALG_CBC_PKCS7
+pass:
+
+Config: PSA_WANT_ALG_CCM
+depends_on:PSA_WANT_ALG_CCM
+pass:
+
+Config: !PSA_WANT_ALG_CCM
+depends_on:!PSA_WANT_ALG_CCM
+pass:
+
+Config: PSA_WANT_ALG_CFB
+depends_on:PSA_WANT_ALG_CFB
+pass:
+
+Config: !PSA_WANT_ALG_CFB
+depends_on:!PSA_WANT_ALG_CFB
+pass:
+
+Config: PSA_WANT_ALG_CHACHA20_POLY1305
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305
+pass:
+
+Config: !PSA_WANT_ALG_CHACHA20_POLY1305
+depends_on:!PSA_WANT_ALG_CHACHA20_POLY1305
+pass:
+
+Config: PSA_WANT_ALG_CMAC
+depends_on:PSA_WANT_ALG_CMAC
+pass:
+
+Config: !PSA_WANT_ALG_CMAC
+depends_on:!PSA_WANT_ALG_CMAC
+pass:
+
+Config: PSA_WANT_ALG_CTR
+depends_on:PSA_WANT_ALG_CTR
+pass:
+
+Config: !PSA_WANT_ALG_CTR
+depends_on:!PSA_WANT_ALG_CTR
+pass:
+
+Config: PSA_WANT_ALG_DETERMINISTIC_ECDSA
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA
+pass:
+
+Config: !PSA_WANT_ALG_DETERMINISTIC_ECDSA
+depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA
+pass:
+
+Config: PSA_WANT_ALG_ECB_NO_PADDING
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING
+pass:
+
+Config: !PSA_WANT_ALG_ECB_NO_PADDING
+depends_on:!PSA_WANT_ALG_ECB_NO_PADDING
+pass:
+
+Config: PSA_WANT_ALG_ECDH
+depends_on:PSA_WANT_ALG_ECDH
+pass:
+
+Config: !PSA_WANT_ALG_ECDH
+depends_on:!PSA_WANT_ALG_ECDH
+pass:
+
+Config: PSA_WANT_ALG_ECDSA
+depends_on:PSA_WANT_ALG_ECDSA
+pass:
+
+Config: !PSA_WANT_ALG_ECDSA
+depends_on:!PSA_WANT_ALG_ECDSA
+pass:
+
+Config: PSA_WANT_ALG_GCM
+depends_on:PSA_WANT_ALG_GCM
+pass:
+
+Config: !PSA_WANT_ALG_GCM
+depends_on:!PSA_WANT_ALG_GCM
+pass:
+
+Config: PSA_WANT_ALG_HKDF
+depends_on:PSA_WANT_ALG_HKDF
+pass:
+
+Config: !PSA_WANT_ALG_HKDF
+depends_on:!PSA_WANT_ALG_HKDF
+pass:
+
+Config: PSA_WANT_ALG_HMAC
+depends_on:PSA_WANT_ALG_HMAC
+pass:
+
+Config: !PSA_WANT_ALG_HMAC
+depends_on:!PSA_WANT_ALG_HMAC
+pass:
+
+Config: PSA_WANT_ALG_MD2
+depends_on:PSA_WANT_ALG_MD2
+pass:
+
+Config: !PSA_WANT_ALG_MD2
+depends_on:!PSA_WANT_ALG_MD2
+pass:
+
+Config: PSA_WANT_ALG_MD4
+depends_on:PSA_WANT_ALG_MD4
+pass:
+
+Config: !PSA_WANT_ALG_MD4
+depends_on:!PSA_WANT_ALG_MD4
+pass:
+
+Config: PSA_WANT_ALG_MD5
+depends_on:PSA_WANT_ALG_MD5
+pass:
+
+Config: !PSA_WANT_ALG_MD5
+depends_on:!PSA_WANT_ALG_MD5
+pass:
+
+Config: PSA_WANT_ALG_OFB
+depends_on:PSA_WANT_ALG_OFB
+pass:
+
+Config: !PSA_WANT_ALG_OFB
+depends_on:!PSA_WANT_ALG_OFB
+pass:
+
+Config: PSA_WANT_ALG_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
+pass:
+
+Config: !PSA_WANT_ALG_RIPEMD160
+depends_on:!PSA_WANT_ALG_RIPEMD160
+pass:
+
+Config: PSA_WANT_ALG_RSA_OAEP
+depends_on:PSA_WANT_ALG_RSA_OAEP
+pass:
+
+Config: !PSA_WANT_ALG_RSA_OAEP
+depends_on:!PSA_WANT_ALG_RSA_OAEP
+pass:
+
+Config: PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
+pass:
+
+Config: !PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
+depends_on:!PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
+pass:
+
+Config: PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pass:
+
+Config: !PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+depends_on:!PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pass:
+
+Config: PSA_WANT_ALG_RSA_PSS
+depends_on:PSA_WANT_ALG_RSA_PSS
+pass:
+
+Config: !PSA_WANT_ALG_RSA_PSS
+depends_on:!PSA_WANT_ALG_RSA_PSS
+pass:
+
+Config: PSA_WANT_ALG_SHA_1
+depends_on:PSA_WANT_ALG_SHA_1
+pass:
+
+Config: !PSA_WANT_ALG_SHA_1
+depends_on:!PSA_WANT_ALG_SHA_1
+pass:
+
+Config: PSA_WANT_ALG_SHA_224
+depends_on:PSA_WANT_ALG_SHA_224
+pass:
+
+Config: !PSA_WANT_ALG_SHA_224
+depends_on:!PSA_WANT_ALG_SHA_224
+pass:
+
+Config: PSA_WANT_ALG_SHA_256
+depends_on:PSA_WANT_ALG_SHA_256
+pass:
+
+Config: !PSA_WANT_ALG_SHA_256
+depends_on:!PSA_WANT_ALG_SHA_256
+pass:
+
+Config: PSA_WANT_ALG_SHA_384
+depends_on:PSA_WANT_ALG_SHA_384
+pass:
+
+Config: !PSA_WANT_ALG_SHA_384
+depends_on:!PSA_WANT_ALG_SHA_384
+pass:
+
+Config: PSA_WANT_ALG_SHA_512
+depends_on:PSA_WANT_ALG_SHA_512
+pass:
+
+Config: !PSA_WANT_ALG_SHA_512
+depends_on:!PSA_WANT_ALG_SHA_512
+pass:
+
+Config: PSA_WANT_ALG_STREAM_CIPHER
+depends_on:PSA_WANT_ALG_STREAM_CIPHER
+pass:
+
+Config: !PSA_WANT_ALG_STREAM_CIPHER
+depends_on:!PSA_WANT_ALG_STREAM_CIPHER
+pass:
+
+Config: PSA_WANT_ALG_TLS12_PRF
+depends_on:PSA_WANT_ALG_TLS12_PRF
+pass:
+
+Config: !PSA_WANT_ALG_TLS12_PRF
+depends_on:!PSA_WANT_ALG_TLS12_PRF
+pass:
+
+Config: PSA_WANT_ALG_TLS12_PSK_TO_MS
+depends_on:PSA_WANT_ALG_TLS12_PSK_TO_MS
+pass:
+
+Config: !PSA_WANT_ALG_TLS12_PSK_TO_MS
+depends_on:!PSA_WANT_ALG_TLS12_PSK_TO_MS
+pass:
+
+Config: PSA_WANT_ALG_XTS
+depends_on:PSA_WANT_ALG_XTS
+pass:
+
+Config: !PSA_WANT_ALG_XTS
+depends_on:!PSA_WANT_ALG_XTS
+pass:
+
+Config: PSA_WANT_ECC_BRAINPOOL_P_R1_256
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
+pass:
+
+Config: !PSA_WANT_ECC_BRAINPOOL_P_R1_256
+depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_256
+pass:
+
+Config: PSA_WANT_ECC_BRAINPOOL_P_R1_384
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
+pass:
+
+Config: !PSA_WANT_ECC_BRAINPOOL_P_R1_384
+depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_384
+pass:
+
+Config: PSA_WANT_ECC_BRAINPOOL_P_R1_512
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
+pass:
+
+Config: !PSA_WANT_ECC_BRAINPOOL_P_R1_512
+depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_512
+pass:
+
+Config: PSA_WANT_ECC_MONTGOMERY_255
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
+pass:
+
+Config: !PSA_WANT_ECC_MONTGOMERY_255
+depends_on:!PSA_WANT_ECC_MONTGOMERY_255
+pass:
+
+Config: PSA_WANT_ECC_MONTGOMERY_448
+depends_on:PSA_WANT_ECC_MONTGOMERY_448
+pass:
+
+Config: !PSA_WANT_ECC_MONTGOMERY_448
+depends_on:!PSA_WANT_ECC_MONTGOMERY_448
+pass:
+
+Config: PSA_WANT_ECC_SECP_K1_192
+depends_on:PSA_WANT_ECC_SECP_K1_192
+pass:
+
+Config: !PSA_WANT_ECC_SECP_K1_192
+depends_on:!PSA_WANT_ECC_SECP_K1_192
+pass:
+
+Config: PSA_WANT_ECC_SECP_K1_224
+depends_on:PSA_WANT_ECC_SECP_K1_224
+pass:
+
+Config: !PSA_WANT_ECC_SECP_K1_224
+depends_on:!PSA_WANT_ECC_SECP_K1_224
+pass:
+
+Config: PSA_WANT_ECC_SECP_K1_256
+depends_on:PSA_WANT_ECC_SECP_K1_256
+pass:
+
+Config: !PSA_WANT_ECC_SECP_K1_256
+depends_on:!PSA_WANT_ECC_SECP_K1_256
+pass:
+
+Config: PSA_WANT_ECC_SECP_R1_192
+depends_on:PSA_WANT_ECC_SECP_R1_192
+pass:
+
+Config: !PSA_WANT_ECC_SECP_R1_192
+depends_on:!PSA_WANT_ECC_SECP_R1_192
+pass:
+
+Config: PSA_WANT_ECC_SECP_R1_224
+depends_on:PSA_WANT_ECC_SECP_R1_224
+pass:
+
+Config: !PSA_WANT_ECC_SECP_R1_224
+depends_on:!PSA_WANT_ECC_SECP_R1_224
+pass:
+
+Config: PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256
+pass:
+
+Config: !PSA_WANT_ECC_SECP_R1_256
+depends_on:!PSA_WANT_ECC_SECP_R1_256
+pass:
+
+Config: PSA_WANT_ECC_SECP_R1_384
+depends_on:PSA_WANT_ECC_SECP_R1_384
+pass:
+
+Config: !PSA_WANT_ECC_SECP_R1_384
+depends_on:!PSA_WANT_ECC_SECP_R1_384
+pass:
+
+Config: PSA_WANT_ECC_SECP_R1_521
+depends_on:PSA_WANT_ECC_SECP_R1_521
+pass:
+
+Config: !PSA_WANT_ECC_SECP_R1_521
+depends_on:!PSA_WANT_ECC_SECP_R1_521
+pass:
+
+Config: PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_KEY_TYPE_AES
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_AES
+depends_on:!PSA_WANT_KEY_TYPE_AES
+pass:
+
+Config: PSA_WANT_KEY_TYPE_ARC4
+depends_on:PSA_WANT_KEY_TYPE_ARC4
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_ARC4
+depends_on:!PSA_WANT_KEY_TYPE_ARC4
+pass:
+
+Config: PSA_WANT_KEY_TYPE_ARIA
+depends_on:PSA_WANT_KEY_TYPE_ARIA
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_ARIA
+depends_on:!PSA_WANT_KEY_TYPE_ARIA
+pass:
+
+Config: PSA_WANT_KEY_TYPE_CAMELLIA
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_CAMELLIA
+depends_on:!PSA_WANT_KEY_TYPE_CAMELLIA
+pass:
+
+Config: PSA_WANT_KEY_TYPE_CHACHA20
+depends_on:PSA_WANT_KEY_TYPE_CHACHA20
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_CHACHA20
+depends_on:!PSA_WANT_KEY_TYPE_CHACHA20
+pass:
+
+Config: PSA_WANT_KEY_TYPE_DERIVE
+depends_on:PSA_WANT_KEY_TYPE_DERIVE
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_DERIVE
+depends_on:!PSA_WANT_KEY_TYPE_DERIVE
+pass:
+
+Config: PSA_WANT_KEY_TYPE_DES
+depends_on:PSA_WANT_KEY_TYPE_DES
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_DES
+depends_on:!PSA_WANT_KEY_TYPE_DES
+pass:
+
+Config: PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+pass:
+
+Config: PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+pass:
+
+Config: PSA_WANT_KEY_TYPE_HMAC
+depends_on:PSA_WANT_KEY_TYPE_HMAC
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_HMAC
+depends_on:!PSA_WANT_KEY_TYPE_HMAC
+pass:
+
+Config: PSA_WANT_KEY_TYPE_RAW_DATA
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_RAW_DATA
+depends_on:!PSA_WANT_KEY_TYPE_RAW_DATA
+pass:
+
+Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+depends_on:!PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+pass:
+
+Config: PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+pass:
+
+Config: !PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+depends_on:!PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+pass:
+
+# End of automatically generated file.

tests/suites/test_suite_config.psa_combinations.data

@@ -0,0 +1,9 @@
+# Interesting combinations of PSA options
+
+Config: PSA_WANT_ALG_ECDSA without PSA_WANT_ALG_DETERMINISTIC_ECDSA
+depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA
+pass:
+
+Config: PSA_WANT_ALG_DETERMINSTIC_ECDSA without PSA_WANT_ALG_ECDSA
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA
+pass:

tests/suites/test_suite_config.tls_combinations.data

@@ -0,0 +1,13 @@
+# Interesting combinations of TLS options
+
+Config: TLS 1.0 only
+depends_on:!MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1:!MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+pass:
+
+Config: TLS 1.1 only
+depends_on:!MBEDTLS_SSL_PROTO_SSL3:!MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SSL_PROTO_TLS1_1:!MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+pass:
+
+Config: TLS 1.2 only
+depends_on:!MBEDTLS_SSL_PROTO_SSL3:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+pass:

tests/suites/test_suite_pkparse.data

@@ -939,19 +939,19 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Parse RSA Key #100.1 (512-bit)
-depends_on:MBEDTLS_PEM_C
+depends_on:MBEDTLS_PEM_PARSE_C
 pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0
 
 Parse RSA Key #100.1 (521-bit)
-depends_on:MBEDTLS_PEM_C
+depends_on:MBEDTLS_PEM_PARSE_C
 pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0
 
 Parse RSA Key #100.1 (522-bit)
-depends_on:MBEDTLS_PEM_C
+depends_on:MBEDTLS_PEM_PARSE_C
 pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0
 
 Parse RSA Key #100.1 (528-bit)
-depends_on:MBEDTLS_PEM_C
+depends_on:MBEDTLS_PEM_PARSE_C
 pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0
 
 Parse Public RSA Key #1 (PKCS#8 wrapped)

tests/suites/test_suite_psa_crypto.data

@@ -789,8 +789,8 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY
 agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: agreement + KDF, wrong agreement algorithm
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: agreement + KDF, wrong KDF algorithm
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
@@ -809,8 +809,8 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:P
 raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: raw agreement, wrong algorithm
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH:PSA_ERROR_NOT_PERMITTED
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED
 
 PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw
 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECDH_C
@@ -2752,6 +2752,29 @@ PSA verify hash with keypair: ECDSA SECP256R1, good
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
 verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
 
+# The next 4 test cases check what happens if only one of the two ECDSA
+# variants is supported. The ECDSA variants (deterministic and randomized)
+# are different signature algorithms that can be enabled independently,
+# but they have the same verification. Mbed TLS accepts either variant
+# as the algorithm requested for verification even if that variant is not
+# supported. Test that this works. It would also be acceptable if the
+# library returned NOT_SUPPORTED in this case.
+PSA verify hash: ECDSA SECP256R1, only deterministic supported
+depends_on:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA verify hash with keypair: ECDSA SECP256R1, only deterministic supported
+depends_on:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA verify hash: deterministic ECDSA SECP256R1, only randomized supported
+depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA verify hash with keypair: determinitic ECDSA SECP256R1, only randomized supported
+depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
 PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
@@ -2817,14 +2840,14 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS
 sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA sign message: RSA PKCS#1 v1.5 SHA-256, invalid key type
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_MD_C
 sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":128:PSA_ERROR_INVALID_ARGUMENT
 
-PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash (wildcard)
+PSA sign message: ECDSA SECP256R1, invalid hash (wildcard)
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"616263":64:PSA_ERROR_INVALID_ARGUMENT
 
-PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash algorithm (0)
+PSA sign message: ECDSA SECP256R1, invalid hash algorithm (0)
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(0):"616263":64:PSA_ERROR_INVALID_ARGUMENT
 

tests/suites/test_suite_psa_crypto_driver_wrappers.data

@@ -238,10 +238,11 @@ generate_key through transparent driver: fake
 generate_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS
 
 generate_key through transparent driver: in-driver
+depends_on:MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_SUCCESS:"":PSA_SUCCESS
 
 generate_key through transparent driver: fallback
-depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
 generate_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS
 
 generate_key through transparent driver: fallback not available

tests/suites/test_suite_psa_crypto_driver_wrappers.function

@@ -300,13 +300,14 @@ void generate_key(int force_status_arg,
                 fake_output->len;
     }
 
-    mbedtls_test_driver_key_management_hooks.hits = 0;
-    mbedtls_test_driver_key_management_hooks.forced_status = force_status;
-
     PSA_ASSERT(psa_crypto_init());
 
+    mbedtls_test_driver_key_management_hooks.hits = 0;
+    mbedtls_test_driver_key_management_hooks.hits_generate_key = 0;
+    mbedtls_test_driver_key_management_hooks.forced_status = force_status;
+
     actual_status = psa_generate_key(&attributes, &key);
-    TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1);
+    TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_generate_key, 1);
     TEST_EQUAL(actual_status, expected_status);
 
     if (actual_status == PSA_SUCCESS) {
@@ -425,6 +426,7 @@ void export_key(int force_status_arg,
 
     mbedtls_test_driver_key_management_hooks.hits = 0;
     mbedtls_test_driver_key_management_hooks.forced_status = force_status;
+    mbedtls_test_driver_key_management_hooks.hits_export_public_key = 0;
 
     if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) {
         actual_status = psa_export_public_key(handle,
@@ -441,7 +443,7 @@ void export_key(int force_status_arg,
 
     if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) &&
         !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) {
-        TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1);
+        TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_export_public_key, 1);
     }
 
     if (actual_status == PSA_SUCCESS) {

tests/suites/test_suite_psa_crypto_generate_key.generated.data

@@ -109,11 +109,11 @@ depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
 generate_key:PSA_KEY_TYPE_RAW_DATA:128:PSA_SUCCESS:
 
 PSA RSA_KEY_PAIR 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_GENPRIME:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_SUCCESS:
 
 PSA RSA_KEY_PAIR 1536-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_GENPRIME:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1536:PSA_SUCCESS:
 
 PSA RSA_PUBLIC_KEY 1024-bit
@@ -122,48 +122,56 @@ generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ERROR_INVALID_ARGUMENT:
 PSA RSA_PUBLIC_KEY 1536-bit
 generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_160
+## PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
+## depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_192:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_192
+## PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit
+## depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_224:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_224
+## PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit
+## depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_SUCCESS:
 
 PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_256
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_320:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_320
+## PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit
+## depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_SUCCESS:
 
 PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_384
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_SUCCESS:
 
 PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_512
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_SUCCESS:
 
-PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_160
+## PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_192
+## PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_224
+## PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_ERROR_INVALID_ARGUMENT:
 
 PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit
 generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_320
+## PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_ERROR_INVALID_ARGUMENT:
 
 PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit
 generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_ERROR_INVALID_ARGUMENT:
@@ -172,11 +180,11 @@ PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit
 generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_ERROR_INVALID_ARGUMENT:
 
 PSA ECC_KEY_PAIR(MONTGOMERY) 255-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
+depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_SUCCESS:
 
 PSA ECC_KEY_PAIR(MONTGOMERY) 448-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
+depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_SUCCESS:
 
 PSA ECC_PUBLIC_KEY(MONTGOMERY) 255-bit
@@ -186,44 +194,46 @@ PSA ECC_PUBLIC_KEY(MONTGOMERY) 448-bit
 generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_ERROR_INVALID_ARGUMENT:
 
 PSA ECC_KEY_PAIR(SECP_K1) 192-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_192
+depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECP_K1) 225-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_225:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):225:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECP_K1_225
+## PSA ECC_KEY_PAIR(SECP_K1) 225-bit
+## depends_on:PSA_WANT_ECC_SECP_K1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):225:PSA_SUCCESS:
 
 PSA ECC_KEY_PAIR(SECP_K1) 256-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_256
+depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_SUCCESS:
 
 PSA ECC_PUBLIC_KEY(SECP_K1) 192-bit
 generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECP_K1) 225-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):225:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECP_K1_225
+## PSA ECC_PUBLIC_KEY(SECP_K1) 225-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):225:PSA_ERROR_INVALID_ARGUMENT:
 
 PSA ECC_PUBLIC_KEY(SECP_K1) 256-bit
 generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):256:PSA_ERROR_INVALID_ARGUMENT:
 
 PSA ECC_KEY_PAIR(SECP_R1) 192-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_192
+depends_on:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):192:PSA_SUCCESS:
 
 PSA ECC_KEY_PAIR(SECP_R1) 224-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_224
+depends_on:PSA_WANT_ECC_SECP_R1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):224:PSA_SUCCESS:
 
 PSA ECC_KEY_PAIR(SECP_R1) 256-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_SUCCESS:
 
 PSA ECC_KEY_PAIR(SECP_R1) 384-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384
+depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_SUCCESS:
 
 PSA ECC_KEY_PAIR(SECP_R1) 521-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521
+depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_SUCCESS:
 
 PSA ECC_PUBLIC_KEY(SECP_R1) 192-bit
@@ -241,109 +251,139 @@ generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):384:PSA_ERROR_I
 PSA ECC_PUBLIC_KEY(SECP_R1) 521-bit
 generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):521:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_KEY_PAIR(SECP_R2) 160-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECP_R2_160
+## PSA ECC_KEY_PAIR(SECP_R2) 160-bit
+## depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_SUCCESS:
 
-PSA ECC_PUBLIC_KEY(SECP_R2) 160-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECP_R2_160
+## PSA ECC_PUBLIC_KEY(SECP_R2) 160-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_KEY_PAIR(SECT_K1) 163-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_163
+## PSA ECC_KEY_PAIR(SECT_K1) 163-bit
+## depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECT_K1) 233-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_233:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_233
+## PSA ECC_KEY_PAIR(SECT_K1) 233-bit
+## depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECT_K1) 239-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_239:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_239
+## PSA ECC_KEY_PAIR(SECT_K1) 239-bit
+## depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECT_K1) 283-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_283:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_283
+## PSA ECC_KEY_PAIR(SECT_K1) 283-bit
+## depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECT_K1) 409-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_409:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_409
+## PSA ECC_KEY_PAIR(SECT_K1) 409-bit
+## depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECT_K1) 571-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_571:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_571
+## PSA ECC_KEY_PAIR(SECT_K1) 571-bit
+## depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571:PSA_SUCCESS:
 
-PSA ECC_PUBLIC_KEY(SECT_K1) 163-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_163
+## PSA ECC_PUBLIC_KEY(SECT_K1) 163-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECT_K1) 233-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_233
+## PSA ECC_PUBLIC_KEY(SECT_K1) 233-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECT_K1) 239-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_239
+## PSA ECC_PUBLIC_KEY(SECT_K1) 239-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECT_K1) 283-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_283
+## PSA ECC_PUBLIC_KEY(SECT_K1) 283-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECT_K1) 409-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_409
+## PSA ECC_PUBLIC_KEY(SECT_K1) 409-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECT_K1) 571-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_571
+## PSA ECC_PUBLIC_KEY(SECT_K1) 571-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_KEY_PAIR(SECT_R1) 163-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_163
+## PSA ECC_KEY_PAIR(SECT_R1) 163-bit
+## depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECT_R1) 233-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_233:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_233
+## PSA ECC_KEY_PAIR(SECT_R1) 233-bit
+## depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECT_R1) 283-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_283:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_283
+## PSA ECC_KEY_PAIR(SECT_R1) 283-bit
+## depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECT_R1) 409-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_409:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_409
+## PSA ECC_KEY_PAIR(SECT_R1) 409-bit
+## depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(SECT_R1) 571-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_571:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_571
+## PSA ECC_KEY_PAIR(SECT_R1) 571-bit
+## depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571:PSA_SUCCESS:
 
-PSA ECC_PUBLIC_KEY(SECT_R1) 163-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_163
+## PSA ECC_PUBLIC_KEY(SECT_R1) 163-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECT_R1) 233-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_233
+## PSA ECC_PUBLIC_KEY(SECT_R1) 233-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECT_R1) 283-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_283
+## PSA ECC_PUBLIC_KEY(SECT_R1) 283-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECT_R1) 409-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_409
+## PSA ECC_PUBLIC_KEY(SECT_R1) 409-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(SECT_R1) 571-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_571
+## PSA ECC_PUBLIC_KEY(SECT_R1) 571-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_KEY_PAIR(SECT_R2) 163-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R2_163
+## PSA ECC_KEY_PAIR(SECT_R2) 163-bit
+## depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_SUCCESS:
 
-PSA ECC_PUBLIC_KEY(SECT_R2) 163-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_SECT_R2_163
+## PSA ECC_PUBLIC_KEY(SECT_R2) 163-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_TWISTED_EDWARDS_255
+## PSA ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
+## depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_SUCCESS:
 
-PSA ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET
-generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_SUCCESS:
+## # skipped because: not implemented: PSA_WANT_ECC_TWISTED_EDWARDS_448
+## PSA ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit
+## depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_SUCCESS:
 
-PSA ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_TWISTED_EDWARDS_255
+## PSA ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_ERROR_INVALID_ARGUMENT:
 
-PSA ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit
-generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_ERROR_INVALID_ARGUMENT:
+## # skipped because: not implemented: PSA_WANT_ECC_TWISTED_EDWARDS_448
+## PSA ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit
+## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_ERROR_INVALID_ARGUMENT:
 
 # End of automatically generated file.

tests/suites/test_suite_psa_crypto_not_supported.function

@@ -20,10 +20,28 @@ void import_not_supported(int key_type, data_t *key_material)
 
     PSA_ASSERT(psa_crypto_init());
     psa_set_key_type(&attributes, key_type);
-    TEST_EQUAL(psa_import_key(&attributes,
-                              key_material->x, key_material->len,
-                              &key_id),
-               PSA_ERROR_NOT_SUPPORTED);
+    psa_status_t actual_status =
+        psa_import_key(&attributes, key_material->x, key_material->len, &key_id);
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+    if (actual_status == PSA_ERROR_INVALID_ARGUMENT) {
+        /* Edge case: when importing an ECC public key with an unspecified
+         * bit-size (as we do here), the implementation of psa_import_key()
+         * infers the bit-size from the input. If the key type specifies an
+         * unknown curve, the validation might reject the data as invalid
+         * before it checks that the curve is supported. If so, that's ok.
+         * In practice, at the time of writing, this happens with Ed25519,
+         * for which a valid but unsupported 32-byte input causes
+         * psa_import_key() to fail because it assumes a Weierstrass curve
+         * which must have an odd-length encoding.
+         *
+         * In other cases, we do not expect an INVALID_ARGUMENT error here. */
+        TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(key_type));
+    } else
+#endif /* defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
+    {
+        TEST_EQUAL(actual_status, PSA_ERROR_NOT_SUPPORTED);
+    }
     TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT));
 
 exit:

tests/suites/test_suite_psa_crypto_op_fail.function

@@ -232,8 +232,8 @@ void sign_fail(int key_type_arg, data_t *key_data,
                               input, sizeof(input),
                               output, sizeof(output), &length));
     if (!private_only) {
-        /* Determine a plausible signature size to avoid an INVALID_SIGNATURE
-         * error based on this. */
+        /* Construct a signature candidate of a plausible size to avoid an
+         * INVALID_SIGNATURE error based on an early size verification. */
         PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
         size_t key_bits = psa_get_key_bits(&attributes);
         size_t output_length = sizeof(output);

tests/suites/test_suite_psa_crypto_op_fail.misc.data

@@ -43,3 +43,24 @@ sign_fail:PSA_KEY_TYPE_AES:"48657265006973206b6579a064617461":PSA_ALG_RSA_PSS(PS
 PSA sign RSA_PSS(SHA_256): RSA_PSS not enabled, key pair
 depends_on:!PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_NOT_SUPPORTED
+
+# There is a special case with ECDSA: deterministic and randomized ECDSA are
+# different signature algorithms that can be enabled independently, but
+# the verification algorithms are the same. Mbed TLS supports verification
+# of either variant when either variant is enabled. (It would also be correct
+# to reject the not-supported algorithm, but it would require a few more lines
+# of code.) In the automatically generated test cases, we avoid this difficulty
+# by making the not-supported test cases require neither variant to be
+# enabled. Here, test the signature operation when one variant is supported
+# but not the other. Testing the positive cases for the verification
+# operation is the job of test_suite_psa_crypto.
+#
+# We only test with one curve and one hash, because we know from a gray-box
+# approach that the curve and hash don't matter here.
+PSA sign DETERMINISTIC_ECDSA(SHA_256): !DETERMINISTIC_ECDSA but ECDSA with ECC_KEY_PAIR(SECP_R1)
+depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"d83b57a59c51358d9c8bbb898aff507f44dd14cf16917190":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):1:PSA_ERROR_NOT_SUPPORTED
+
+PSA sign DETERMINISTIC_ECDSA(SHA_256): !ECDSA but DETERMINISTIC_ECDSA with ECC_KEY_PAIR(SECP_R1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"d83b57a59c51358d9c8bbb898aff507f44dd14cf16917190":PSA_ALG_ECDSA(PSA_ALG_SHA_256):1:PSA_ERROR_NOT_SUPPORTED

tests/suites/test_suite_psa_crypto_se_driver_hal.function

@@ -13,6 +13,19 @@
 #include "psa/internal_trusted_storage.h"
 #endif
 
+/* Same in library/psa_crypto.c */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) ||          \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) ||  \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
+#define BUILTIN_ALG_ANY_HKDF 1
+#endif
+#if defined(BUILTIN_ALG_ANY_HKDF) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \
+    defined(PSA_HAVE_SOFT_PBKDF2)
+#define AT_LEAST_ONE_BUILTIN_KDF
+#endif
 
 /****************************************************************/
 /* Test driver helpers */
@@ -656,10 +669,8 @@ static int smoke_test_key(mbedtls_svc_key_id_t key)
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_mac_operation_t mac_operation = PSA_MAC_OPERATION_INIT;
     psa_cipher_operation_t cipher_operation = PSA_CIPHER_OPERATION_INIT;
-#if defined(MBEDTLS_SHA256_C)
     psa_key_derivation_operation_t derivation_operation =
         PSA_KEY_DERIVATION_OPERATION_INIT;
-#endif
     uint8_t buffer[80]; /* large enough for a public key for ECDH */
     size_t length;
     mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
@@ -714,7 +725,7 @@ static int smoke_test_key(mbedtls_svc_key_id_t key)
                                         buffer, sizeof(buffer), NULL, 0,
                                         buffer, sizeof(buffer), &length));
 
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
     /* Try the key in a plain key derivation. */
     PSA_ASSERT(psa_key_derivation_setup(&derivation_operation,
                                         PSA_ALG_HKDF(PSA_ALG_SHA_256)));
@@ -747,7 +758,9 @@ static int smoke_test_key(mbedtls_svc_key_id_t key)
                          alg, key, buffer, length,
                          buffer, sizeof(buffer), &length));
     }
-#endif /* MBEDTLS_SHA256_C */
+#else
+    (void) derivation_operation;
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_PSA_BUILTIN_ALG_HKDF */
 
     ok = 1;
 

tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function

@@ -550,7 +550,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256 */
 void mock_sign(int mock_sign_return_value, int expected_result)
 {
     psa_drv_se_t driver;
@@ -611,7 +611,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256 */
 void mock_verify(int mock_verify_return_value, int expected_result)
 {
     psa_drv_se_t driver;

tests/suites/test_suite_x509parse.data

@@ -327,7 +327,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
 mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha512":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with SHA-512\nRSA key size  \: 2048 bits\n"
 
 X509 CSR Information RSA with SHA-256, containing commas
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTS_X509_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
 mbedtls_x509_csr_info:"data_files/parse_input/server1.req.commas.sha256":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using  \: RSA with SHA-256\nRSA key size  \: 2048 bits\n"
 
 X509 CSR Information EC with SHA1

tests/suites/test_suite_x509parse.function

@@ -800,7 +800,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
 void mbedtls_x509_dn_gets_subject_replace(char *crt_file,
                                           char *new_subject_ou,
                                           char *result_str,