From fb4723a40b4b1336db32bb49078ce63f03de8a6e Mon Sep 17 00:00:00 2001
From: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
Date: Thu, 29 Sep 2022 10:00:32 -0300
Subject: [PATCH 001/112] Print RFC 4108 hwSerialNum in hex format

Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
---
 library/x509_crt.c                         | 14 ++-----
 tests/suites/test_suite_x509parse.data     |  8 ++--
 tests/suites/test_suite_x509parse.function | 46 ++++++++++------------
 3 files changed, 28 insertions(+), 40 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 42f1fc22c5..755ca6071b 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1785,6 +1785,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
                                        const char *prefix )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    size_t i;
     size_t n = *size;
     char *p = *buf;
     const mbedtls_x509_sequence *cur = subject_alt_name;
@@ -1837,18 +1838,11 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
                     ret = mbedtls_snprintf( p, n, "\n%s            hardware serial number : ", prefix );
                     MBEDTLS_X509_SAFE_SNPRINTF;
 
-                    if( other_name->value.hardware_module_name.val.len >= n )
+                    for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
                     {
-                        *p = '\0';
-                        return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+                        ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
+                        MBEDTLS_X509_SAFE_SNPRINTF;
                     }
-
-                    memcpy( p, other_name->value.hardware_module_name.val.p,
-                            other_name->value.hardware_module_name.val.len );
-                    p += other_name->value.hardware_module_name.val.len;
-
-                    n -= other_name->value.hardware_module_name.val.len;
-
                 }/* MBEDTLS_OID_ON_HW_MODULE_NAME */
             }
             break;
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 066d6e49f5..f703944d9b 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -96,7 +96,7 @@ x509_cert_info:"data_files/server5-sha512.crt":"cert. version     \: 3\nserial n
 
 X509 CRT information EC, SHA256 Digest, hardware module name SAN
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5-othername.crt":"cert. version     \: 3\nserial number     \: 4D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued  on        \: 2019-03-24 09\:06\:02\nexpires on        \: 2029-03-21 09\:06\:02\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nsubject alt name  \:\n    otherName \:\n        hardware module name \:\n            hardware type          \: 1.3.6.1.4.1.17.3\n            hardware serial number \: 123456\n"
+x509_cert_info:"data_files/server5-othername.crt":"cert. version     \: 3\nserial number     \: 4D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued  on        \: 2019-03-24 09\:06\:02\nexpires on        \: 2029-03-21 09\:06\:02\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nsubject alt name  \:\n    otherName \:\n        hardware module name \:\n            hardware type          \: 1.3.6.1.4.1.17.3\n            hardware serial number \: 313233343536\n"
 
 X509 CRT information EC, SHA256 Digest, Wisun Fan device
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
@@ -120,7 +120,7 @@ x509_cert_info:"data_files/cert_example_multi.crt":"cert. version     \: 3\nseri
 
 X509 CRT information, Multiple different Subject Alt Name
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/multiple_san.crt":"cert. version     \: 3\nserial number     \: 04\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued  on        \: 2019-04-22 16\:10\:48\nexpires on        \: 2029-04-19 16\:10\:48\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nsubject alt name  \:\n    dNSName \: example.com\n    otherName \:\n        hardware module name \:\n            hardware type          \: 1.3.6.1.4.1.17.3\n            hardware serial number \: 123456\n    dNSName \: example.net\n    dNSName \: *.example.org\n"
+x509_cert_info:"data_files/multiple_san.crt":"cert. version     \: 3\nserial number     \: 04\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued  on        \: 2019-04-22 16\:10\:48\nexpires on        \: 2029-04-19 16\:10\:48\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nsubject alt name  \:\n    dNSName \: example.com\n    otherName \:\n        hardware module name \:\n            hardware type          \: 1.3.6.1.4.1.17.3\n            hardware serial number \: 313233343536\n    dNSName \: example.net\n    dNSName \: *.example.org\n"
 
 X509 CRT information, Subject Alt Name + Key Usage
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
@@ -184,7 +184,7 @@ x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version     \: 1\nserial
 
 X509 SAN parsing otherName
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
+x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
 
 X509 SAN parsing dNSName
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
@@ -192,7 +192,7 @@ x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: exampl
 
 X509 SAN parsing  Multiple different types
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
 
 X509 SAN parsing, no subject alt name
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 77f3d2338f..11316c6863 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -243,36 +243,30 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
 
     switch( san->type )
     {
-       case( MBEDTLS_X509_SAN_OTHER_NAME ):
-           ret = mbedtls_snprintf( p, n, "\notherName :");
-           MBEDTLS_X509_SAFE_SNPRINTF;
+        case( MBEDTLS_X509_SAN_OTHER_NAME ):
+            ret = mbedtls_snprintf( p, n, "\notherName :");
+            MBEDTLS_X509_SAFE_SNPRINTF;
 
-           if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
-                    &san->san.other_name.value.hardware_module_name.oid ) != 0 )
-           {
-               ret = mbedtls_snprintf( p, n, " hardware module name :" );
-               MBEDTLS_X509_SAFE_SNPRINTF;
-               ret = mbedtls_snprintf( p, n, " hardware type : " );
-               MBEDTLS_X509_SAFE_SNPRINTF;
+            if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
+                        &san->san.other_name.value.hardware_module_name.oid ) != 0 )
+            {
+                ret = mbedtls_snprintf( p, n, " hardware module name :" );
+                MBEDTLS_X509_SAFE_SNPRINTF;
+                ret = mbedtls_snprintf( p, n, " hardware type : " );
+                MBEDTLS_X509_SAFE_SNPRINTF;
 
-               ret = mbedtls_oid_get_numeric_string( p, n,
-                          &san->san.other_name.value.hardware_module_name.oid );
-               MBEDTLS_X509_SAFE_SNPRINTF;
+                ret = mbedtls_oid_get_numeric_string( p, n,
+                            &san->san.other_name.value.hardware_module_name.oid );
+                MBEDTLS_X509_SAFE_SNPRINTF;
 
-               ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
-               MBEDTLS_X509_SAFE_SNPRINTF;
+                ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
+                MBEDTLS_X509_SAFE_SNPRINTF;
 
-               if( san->san.other_name.value.hardware_module_name.val.len >= n )
-               {
-                   *p = '\0';
-                   return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
-               }
-
-               for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
-               {
-                   *p++ = san->san.other_name.value.hardware_module_name.val.p[i];
-               }
-               n -= san->san.other_name.value.hardware_module_name.val.len;
+                for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
+                {
+                    ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
+                    MBEDTLS_X509_SAFE_SNPRINTF;
+                }
             }
         break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
         case(  MBEDTLS_X509_SAN_DNS_NAME ):

From 7e5426d69665813b80a2681a84ca21fc84ba7529 Mon Sep 17 00:00:00 2001
From: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
Date: Thu, 29 Sep 2022 10:03:16 -0300
Subject: [PATCH 002/112] Add a new test with a binary hwSerialNum

Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
---
 tests/data_files/Makefile                           |  3 +++
 tests/data_files/server5-nonprintable_othername.crt | 12 ++++++++++++
 tests/data_files/test-ca.opensslconf                |  7 +++++++
 tests/suites/test_suite_x509parse.data              |  8 ++++++++
 4 files changed, 30 insertions(+)
 create mode 100644 tests/data_files/server5-nonprintable_othername.crt

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 49db4cab27..94995ba1d8 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -276,6 +276,9 @@ all_final += server5-ss-forgeca.crt
 server5-othername.crt: server5.key
 	$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
 
+server5-nonprintable_othername.crt: server5.key
+	$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
+
 server5-unsupported_othername.crt: server5.key
 	$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
 
diff --git a/tests/data_files/server5-nonprintable_othername.crt b/tests/data_files/server5-nonprintable_othername.crt
new file mode 100644
index 0000000000..9470bbe9cc
--- /dev/null
+++ b/tests/data_files/server5-nonprintable_othername.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg
+b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x
+CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU
+TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
+6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF
+BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC
+IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT
+3vnWdvcHRIAdXA0kh+mcBMaXk9B0
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 64347de830..3bb237903c 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -15,6 +15,9 @@ basicConstraints = CA:true
 [othername_san]
 subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
 
+[nonprintable_othername_san]
+subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
+
 [unsupoported_othername_san]
 subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
 
@@ -34,6 +37,10 @@ subjectAltName=@alt_names
 hwtype = OID:1.3.6.1.4.1.17.3
 hwserial = OCT:123456
 
+[nonprintable_hw_module_name]
+hwtype = OID:1.3.6.1.4.1.17.3
+hwserial = FORMAT:HEX, OCT:3132338081008180333231
+
 [v3_any_policy_ca]
 basicConstraints = CA:true
 certificatePolicies = 2.5.29.32.0
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index f703944d9b..01ae683949 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -98,6 +98,10 @@ X509 CRT information EC, SHA256 Digest, hardware module name SAN
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
 x509_cert_info:"data_files/server5-othername.crt":"cert. version     \: 3\nserial number     \: 4D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued  on        \: 2019-03-24 09\:06\:02\nexpires on        \: 2029-03-21 09\:06\:02\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nsubject alt name  \:\n    otherName \:\n        hardware module name \:\n            hardware type          \: 1.3.6.1.4.1.17.3\n            hardware serial number \: 313233343536\n"
 
+X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version     \: 3\nserial number     \: 4D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued  on        \: 2022-09-06 15\:56\:47\nexpires on        \: 2032-09-03 15\:56\:47\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nsubject alt name  \:\n    otherName \:\n        hardware module name \:\n            hardware type          \: 1.3.6.1.4.1.17.3\n            hardware serial number \: 3132338081008180333231\n"
+
 X509 CRT information EC, SHA256 Digest, Wisun Fan device
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
 x509_cert_info:"data_files/server5-fan.crt":"cert. version     \: 3\nserial number     \: 4D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued  on        \: 2019-03-25 09\:03\:46\nexpires on        \: 2029-03-22 09\:03\:46\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\next key usage     \: Wi-SUN Alliance Field Area Network (FAN)\n"
@@ -186,6 +190,10 @@ X509 SAN parsing otherName
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
 x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
 
+X509 SAN parsing binary otherName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
+
 X509 SAN parsing dNSName
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
 x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"

From 78d343ec5cf51220264cc07da6440d65e44680cf Mon Sep 17 00:00:00 2001
From: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
Date: Thu, 29 Sep 2022 10:04:44 -0300
Subject: [PATCH 003/112] Add Changelog entry

Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
---
 ChangeLog.d/fix_x509_info_hwmodulename.txt | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 ChangeLog.d/fix_x509_info_hwmodulename.txt

diff --git a/ChangeLog.d/fix_x509_info_hwmodulename.txt b/ChangeLog.d/fix_x509_info_hwmodulename.txt
new file mode 100644
index 0000000000..8b227cec34
--- /dev/null
+++ b/ChangeLog.d/fix_x509_info_hwmodulename.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
+     bytes when parsing certificates containing a binary RFC 4108
+     HardwareModuleName as a Subject Alternative Name extension. Hardware
+     serial numbers are now rendered in hex format. Fixes #6262.

From 8ffd8a672fc576281487c21b634ba81a688d4f98 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 27 Sep 2022 07:54:16 -0400
Subject: [PATCH 004/112] Fix missing cipher mode dependencies

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/aes.c                        | 3 ++-
 tests/suites/test_suite_aes.function | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index 555d32ea11..daa8b75ec4 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1763,7 +1763,8 @@ int mbedtls_aes_self_test( int verbose )
     unsigned char key[32];
     unsigned char buf[64];
     const unsigned char *aes_tests;
-#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
+#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
+    defined(MBEDTLS_CIPHER_MODE_OFB)
     unsigned char iv[16];
 #endif
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 5a64099fb4..57b8b92de5 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -559,10 +559,14 @@ void aes_misc_params( )
     defined(MBEDTLS_CIPHER_MODE_XTS) || \
     defined(MBEDTLS_CIPHER_MODE_CFB) || \
     defined(MBEDTLS_CIPHER_MODE_OFB)
-    mbedtls_aes_context aes_ctx;
     const unsigned char in[16] = { 0 };
     unsigned char out[16];
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_CBC) || \
+    defined(MBEDTLS_CIPHER_MODE_CFB) || \
+    defined(MBEDTLS_CIPHER_MODE_OFB)
+mbedtls_aes_context aes_ctx;
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
     mbedtls_aes_xts_context xts_ctx;
 #endif

From e8955e1e532612bda4904bc14a74154987c26afa Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 06:11:21 -0400
Subject: [PATCH 005/112] Fix missing padding dependencies

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_cipher.aria.data     |   2 +-
 tests/suites/test_suite_cipher.camellia.data |  90 +++++++-------
 tests/suites/test_suite_cipher.des.data      | 120 +++++++++----------
 tests/suites/test_suite_pkcs5.data           |   4 +-
 4 files changed, 108 insertions(+), 108 deletions(-)

diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data
index 2c50a21fc7..79c0bf6bd3 100644
--- a/tests/suites/test_suite_cipher.aria.data
+++ b/tests/suites/test_suite_cipher.aria.data
@@ -1,3 +1,3 @@
 Aria CBC Decrypt empty buffer
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
 dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_CBC:0:0
diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data
index 3e7bffa45b..d7401a1d52 100644
--- a/tests/suites/test_suite_cipher.camellia.data
+++ b/tests/suites/test_suite_cipher.camellia.data
@@ -67,183 +67,183 @@ depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:-1
 
 CAMELLIA Encrypt and decrypt 0 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 1 byte with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 2 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 7 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 8 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 9 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 15 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 16 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 17 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 31 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 32 bytes with one and zeros padding [#1]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 32 bytes with one and zeros padding [#2]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 47 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 48 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 49 bytes with one and zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 CAMELLIA Encrypt and decrypt 0 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 1 byte with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 2 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 7 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 8 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 9 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 15 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 16 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 17 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 31 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 32 bytes with zeros and len padding [#1]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 32 bytes with zeros and len padding [#2]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 47 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 48 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 49 bytes with zeros and len padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 CAMELLIA Encrypt and decrypt 0 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 1 byte with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 2 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 7 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 8 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 9 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 15 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 16 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 17 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 31 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 32 bytes with zeros padding [#1]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 32 bytes with zeros padding [#2]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 47 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 48 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 49 bytes with zeros padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:MBEDTLS_PADDING_ZEROS
 
 CAMELLIA Encrypt and decrypt 0 bytes with no padding
diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data
index 9410262e68..77f7515b94 100644
--- a/tests/suites/test_suite_cipher.des.data
+++ b/tests/suites/test_suite_cipher.des.data
@@ -71,243 +71,243 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:-1
 
 DES Encrypt and decrypt 0 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 1 byte with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 2 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 7 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 8 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 9 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 15 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 16 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 17 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 31 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 32 bytes with one and zeros padding [#1]
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 32 bytes with one and zeros padding [#2]
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 47 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 48 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 49 bytes with one and zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 DES Encrypt and decrypt 0 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 1 byte with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 2 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 7 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 8 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 9 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 15 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 16 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 17 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 31 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 32 bytes with zeros and len padding [#1]
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 32 bytes with zeros and len padding [#2]
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 47 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 48 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 49 bytes with zeros and len padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 DES Encrypt and decrypt 0 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 1 byte with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 2 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 7 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 8 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 9 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 15 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 16 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 17 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 31 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 32 bytes with zeros padding [#1]
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 32 bytes with zeros padding [#2]
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 47 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 48 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 49 bytes with zeros padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:MBEDTLS_PADDING_ZEROS
 
 DES Encrypt and decrypt 0 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_NONE
 
 DES Encrypt and decrypt 8 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_NONE
 
 DES Encrypt and decrypt 16 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_NONE
 
 DES Encrypt and decrypt 32 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_NONE
 
 DES Encrypt and decrypt 48 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_NONE
 
 DES Try encrypting 1 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:1:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Try encrypting 2 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:2:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Try encrypting 7 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:7:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Try encrypting 9 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:9:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Try encrypting 15 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:15:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Try encrypting 17 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:17:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Try encrypting 31 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:31:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Try encrypting 33 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:33:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Try encrypting 47 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:47:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Try encrypting 49 bytes with no padding
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:49:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 DES Encrypt and decrypt 0 bytes in multiple parts
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index e51a7d2681..bd251f79f4 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -203,11 +203,11 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
 
 PBES2 Decrypt (bad password)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
 
 PBES2 Decrypt (bad iter value)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
 
 PKCS#5 Selftest

From f5ea1978d491c7e0c99885db25f12655fa6077a4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 08:50:20 +0100
Subject: [PATCH 006/112] New script to exercise compilation options

Unify curves.pl, key-exchanges.pl, depends-pkalgs.pl and
depends-hashes.pl into a single, newly-written script.

For curves, key exchanges and hashes, in addition to testing
all-but-one settings in the group like the old scripts, also run the
tests with a single option in the group.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 346 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 346 insertions(+)
 create mode 100755 tests/scripts/depends.py

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
new file mode 100755
index 0000000000..521bbc5641
--- /dev/null
+++ b/tests/scripts/depends.py
@@ -0,0 +1,346 @@
+#!/usr/bin/env python3
+
+# Copyright (c) 2018, Arm Limited, All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+"""Test Mbed TLS with a subset of algorithms.
+"""
+
+import argparse
+import os
+import re
+import shutil
+import subprocess
+import sys
+import traceback
+
+def log_line(text, prefix='depends.py'):
+    """Print a status message."""
+    sys.stderr.write(prefix + ' ' + text + '\n')
+
+def backup_config(options):
+    """Back up the library configuration file (config.h)."""
+    shutil.copy(options.config, options.config_backup)
+
+def restore_config(options, done=False):
+    """Restore the library configuration file (config.h).
+If done is true, remove the backup file."""
+    if done:
+        shutil.move(options.config_backup, options.config)
+    else:
+        shutil.copy(options.config_backup, options.config)
+
+class Job:
+    """A job builds the library in a specific configuration and runs some tests."""
+    def __init__(self, name, config_settings, commands):
+        """Build a job object.
+The job uses the configuration described by config_settings. This is a
+dictionary where the keys are preprocessor symbols and the values are
+booleans or strings. A boolean indicates whether or not to #define the
+symbol. With a string, the symbol is #define'd to that value.
+After setting the configuration, the job runs the programs specified by
+commands. This is a list of lists of strings; each list of string is a
+command name and its arguments and is passed to subprocess.call with
+shell=False."""
+        self.name = name
+        self.config_settings = config_settings
+        self.commands = commands
+
+    def announce(self, what):
+        '''Announce the start or completion of a job.
+If what is None, announce the start of the job.
+If what is True, announce that the job has passed.
+If what is False, announce that the job has failed.'''
+        if what is True:
+            log_line(self.name + ' PASSED')
+        elif what is False:
+            log_line(self.name + ' FAILED')
+        else:
+            log_line('starting ' + self.name)
+
+    def trace_command(self, cmd):
+        '''Print a trace of the specified command.
+cmd is a list of strings: a command name and its arguments.'''
+        log_line(' '.join(cmd), prefix='+')
+
+    def configure(self, config_file_name):
+        '''Set library configuration options as required for the job.
+config_file_name indicates which file to modify.'''
+        for key, value in sorted(self.config_settings.items()):
+            if value is True:
+                args = ['set', key]
+            elif value is False:
+                args = ['unset', key]
+            else:
+                args = ['set', key, value]
+            cmd = ['scripts/config.pl']
+            if config_file_name != 'include/mbedtls/config.h':
+                cmd += ['--file', config_file_name]
+            cmd += args
+            self.trace_command(cmd)
+            subprocess.check_call(cmd)
+
+    def test(self, options):
+        '''Run the job's build and test commands.
+Return True if all the commands succeed and False otherwise.
+If options.keep_going is false, stop as soon as one command fails. Otherwise
+run all the commands, except that if the first command fails, none of the
+other commands are run (typically, the first command is a build command
+and subsequent commands are tests that cannot run if the build failed).'''
+        built = False
+        success = True
+        for command in self.commands:
+            self.trace_command(command)
+            ret = subprocess.call(command)
+            if ret != 0:
+                if command[0] not in ['make', options.make_command]:
+                    log_line('*** [{}] Error {}'.format(' '.join(command), ret))
+                if not options.keep_going or not built:
+                    return False
+                success = False
+            built = True
+        return success
+
+# SSL/TLS versions up to 1.1 and corresponding options. These require
+# both MD5 and SHA-1.
+ssl_pre_1_2_dependencies = ['MBEDTLS_SSL_CBC_RECORD_SPLITTING',
+                            'MBEDTLS_SSL_PROTO_SSL3',
+                            'MBEDTLS_SSL_PROTO_TLS1',
+                            'MBEDTLS_SSL_PROTO_TLS1_1']
+
+# If the configuration option A requires B, make sure that
+# B in reverse_dependencies[A].
+reverse_dependencies = {
+    'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
+    'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C',
+                      'MBEDTLS_ECDH_C',
+                      'MBEDTLS_ECJPAKE_C',
+                      'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+                      'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
+                      'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
+                      'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+                      'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
+    'MBEDTLS_MD5_C': ssl_pre_1_2_dependencies,
+    'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
+    'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
+                          'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+                          'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
+                          'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
+    'MBEDTLS_RSA_C': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT',
+                      'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
+                      'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+                      'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
+                      'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
+    'MBEDTLS_SHA1_C': ssl_pre_1_2_dependencies,
+    'MBEDTLS_X509_RSASSA_PSS_SUPPORT': [],
+}
+
+def turn_off_dependencies(config_settings):
+    """For every option turned off config_settings, also turn off what depends on it.
+An option O is turned off if config_settings[O] is False."""
+    for key, value in sorted(config_settings.items()):
+        if value is not False:
+            continue
+        for dep in reverse_dependencies.get(key, []):
+            config_settings[dep] = False
+
+class Domain:
+    """A domain is a set of jobs that all relate to a particular configuration aspect."""
+    pass
+
+class ExclusiveDomain(Domain):
+    """A domain consisting of a set of conceptually-equivalent settings.
+Establish a list of configuration symbols. For each symbol, run a test job
+with this symbol set and the others unset, and a test job with this symbol
+unset and the others set."""
+    def __init__(self, symbols, commands):
+        self.jobs = []
+        for invert in [False, True]:
+            base_config_settings = {}
+            for symbol in symbols:
+                base_config_settings[symbol] = invert
+            for symbol in symbols:
+                description = '!' + symbol if invert else symbol
+                config_settings = base_config_settings.copy()
+                config_settings[symbol] = not invert
+                turn_off_dependencies(config_settings)
+                job = Job(description, config_settings, commands)
+                self.jobs.append(job)
+
+class ComplementaryDomain:
+    """A domain consisting of a set of loosely-related settings.
+Establish a list of configuration symbols. For each symbol, run a test job
+with this symbol unset."""
+    def __init__(self, symbols, commands):
+        self.jobs = []
+        for symbol in symbols:
+            description = '!' + symbol
+            config_settings = {symbol: False}
+            turn_off_dependencies(config_settings)
+            job = Job(description, config_settings, commands)
+            self.jobs.append(job)
+
+class DomainData:
+    """Collect data about the library."""
+    def collect_config_symbols(self, options):
+        """Read the list of settings from config.h.
+Return them in a generator."""
+        with open(options.config) as config_file:
+            rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])')
+            for line in config_file:
+                m = re.match(rx, line)
+                if m:
+                    yield m.group(1)
+
+    def config_symbols_matching(self, regexp):
+        """List the config.h settings matching regexp."""
+        return [symbol for symbol in self.all_config_symbols
+                if re.match(regexp, symbol)]
+
+    def __init__(self, options):
+        """Gather data about the library and establish a list of domains to test."""
+        build_command = [options.make_command, 'CFLAGS=-Werror']
+        build_and_test = [build_command, [options.make_command, 'test']]
+        self.all_config_symbols = set(self.collect_config_symbols(options))
+        # Find hash modules by name.
+        hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z')
+        # Find elliptic curve enabling macros by name.
+        curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z')
+        # Find key exchange enabling macros by name.
+        key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
+        self.domains = {
+            # Elliptic curves. Run the test suites.
+            'curves': ExclusiveDomain(curve_symbols, build_and_test),
+            # Hash algorithms. Exclude configurations with only one
+            # hash which is obsolete. Run the test suites.
+            'hashes': ExclusiveDomain(hash_symbols, build_and_test),
+            # Key exchange types. Just check the build.
+            'kex': ExclusiveDomain(key_exchange_symbols, [build_command]),
+            # Public-key algorithms. Run the test suites.
+            'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C',
+                                           'MBEDTLS_ECP_C',
+                                           'MBEDTLS_PKCS1_V21',
+                                           'MBEDTLS_PKCS1_V15',
+                                           'MBEDTLS_RSA_C',
+                                           'MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
+                                          build_and_test),
+        }
+        self.jobs = {}
+        for domain in self.domains.values():
+            for job in domain.jobs:
+                self.jobs[job.name] = job
+
+    def get_jobs(self, name):
+        """Return the list of jobs identified by the given name.
+A name can either be the name of a domain or the name of one specific job."""
+        if name in self.domains:
+            return sorted(self.domains[name].jobs, key=lambda job: job.name)
+        else:
+            return [self.jobs[name]]
+
+def run(options, job):
+    """Run the specified job (a Job instance)."""
+    subprocess.check_call([options.make_command, 'clean'])
+    job.announce(None)
+    job.configure(options.config)
+    success = job.test(options)
+    job.announce(success)
+    return success
+
+def main(options, domain_data):
+    """Run the desired jobs.
+domain_data should be a DomainData instance that describes the available
+domains and jobs.
+Run the jobs listed in options.domains."""
+    if not hasattr(options, 'config_backup'):
+        options.config_backup = options.config + '.bak'
+    jobs = []
+    failures = []
+    successes = []
+    for name in options.domains:
+        jobs += domain_data.get_jobs(name)
+    backup_config(options)
+    try:
+        for job in jobs:
+            success = run(options, job)
+            if not success:
+                if options.keep_going:
+                    failures.append(job.name)
+                else:
+                    return False
+            else:
+                successes.append(job.name)
+            restore_config(options)
+    finally:
+        if options.keep_going:
+            restore_config(options, True)
+    if failures:
+        if successes:
+            log_line('{} passed; {} FAILED'.format(' '.join(successes),
+                                                   ' '.join(failures)))
+        else:
+            log_line('{} FAILED'.format(' '.join(failures)))
+        return False
+    else:
+        log_line('{} passed'.format(' '.join(successes)))
+        return True
+
+
+if __name__ == '__main__':
+    try:
+        parser = argparse.ArgumentParser(description=__doc__)
+        parser.add_argument('-c', '--config', metavar='FILE',
+                            help='Configuration file to modify',
+                            default='include/mbedtls/config.h')
+        parser.add_argument('-C', '--directory', metavar='DIR',
+                            help='Change to this directory before anything else',
+                            default='.')
+        parser.add_argument('-k', '--keep-going',
+                            help='Try all configurations even if some fail (default)',
+                            action='store_true', dest='keep_going', default=True)
+        parser.add_argument('-e', '--no-keep-going',
+                            help='Stop as soon as a configuration fails',
+                            action='store_false', dest='keep_going')
+        parser.add_argument('--list-jobs',
+                            help='List supported jobs and exit',
+                            action='append_const', dest='list', const='jobs')
+        parser.add_argument('--list-domains',
+                            help='List supported domains and exit',
+                            action='append_const', dest='list', const='domains')
+        parser.add_argument('--make-command', metavar='CMD',
+                            help='Command to run instead of make (e.g. gmake)',
+                            action='store', default='make')
+        parser.add_argument('domains', metavar='DOMAIN', nargs='*',
+                            help='The domain(s) to test (default: all)',
+                            default=True)
+        options = parser.parse_args()
+        os.chdir(options.directory)
+        domain_data = DomainData(options)
+        if options.domains == True:
+            options.domains = sorted(domain_data.domains.keys())
+        if options.list:
+            for what in options.list:
+                for key in sorted(getattr(domain_data, what).keys()):
+                    print(key)
+            exit(0)
+        else:
+            sys.exit(0 if main(options, domain_data) else 1)
+    except SystemExit:
+        raise
+    except:
+        traceback.print_exc()
+        exit(3)

From e6a60db285d9865a39e78c9134dcd6b5bf157d46 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 18:42:55 +0100
Subject: [PATCH 007/112] Flush log output after each line

Otherwise the output can be out of order when redirected.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 521bbc5641..f18b94be42 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -31,6 +31,7 @@ import traceback
 def log_line(text, prefix='depends.py'):
     """Print a status message."""
     sys.stderr.write(prefix + ' ' + text + '\n')
+    sys.stderr.flush()
 
 def backup_config(options):
     """Back up the library configuration file (config.h)."""

From d43ce2b4c1e1d76eeed1cb653d8b5004434b7157 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 18:46:34 +0100
Subject: [PATCH 008/112] Factor running config.pl into its own function

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index f18b94be42..6c55676c7f 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -33,6 +33,11 @@ def log_line(text, prefix='depends.py'):
     sys.stderr.write(prefix + ' ' + text + '\n')
     sys.stderr.flush()
 
+def log_command(cmd):
+    """Print a trace of the specified command.
+cmd is a list of strings: a command name and its arguments."""
+    log_line(' '.join(cmd), prefix='+')
+
 def backup_config(options):
     """Back up the library configuration file (config.h)."""
     shutil.copy(options.config, options.config_backup)
@@ -44,6 +49,14 @@ If done is true, remove the backup file."""
         shutil.move(options.config_backup, options.config)
     else:
         shutil.copy(options.config_backup, options.config)
+def run_config_pl(options, args):
+    """Run scripts/config.pl with the specified arguments."""
+    cmd = ['scripts/config.pl']
+    if options.config != 'include/mbedtls/config.h':
+        cmd += ['--file', options.config]
+    cmd += args
+    log_command(cmd)
+    subprocess.check_call(cmd)
 
 class Job:
     """A job builds the library in a specific configuration and runs some tests."""
@@ -73,12 +86,8 @@ If what is False, announce that the job has failed.'''
         else:
             log_line('starting ' + self.name)
 
-    def trace_command(self, cmd):
-        '''Print a trace of the specified command.
-cmd is a list of strings: a command name and its arguments.'''
-        log_line(' '.join(cmd), prefix='+')
 
-    def configure(self, config_file_name):
+    def configure(self, options):
         '''Set library configuration options as required for the job.
 config_file_name indicates which file to modify.'''
         for key, value in sorted(self.config_settings.items()):
@@ -88,12 +97,7 @@ config_file_name indicates which file to modify.'''
                 args = ['unset', key]
             else:
                 args = ['set', key, value]
-            cmd = ['scripts/config.pl']
-            if config_file_name != 'include/mbedtls/config.h':
-                cmd += ['--file', config_file_name]
-            cmd += args
-            self.trace_command(cmd)
-            subprocess.check_call(cmd)
+            run_config_pl(options, args)
 
     def test(self, options):
         '''Run the job's build and test commands.
@@ -105,7 +109,7 @@ and subsequent commands are tests that cannot run if the build failed).'''
         built = False
         success = True
         for command in self.commands:
-            self.trace_command(command)
+            log_command(command)
             ret = subprocess.call(command)
             if ret != 0:
                 if command[0] not in ['make', options.make_command]:
@@ -257,7 +261,7 @@ def run(options, job):
     """Run the specified job (a Job instance)."""
     subprocess.check_call([options.make_command, 'clean'])
     job.announce(None)
-    job.configure(options.config)
+    job.configure(options)
     success = job.test(options)
     job.announce(success)
     return success

From fd1d69c77cd4c91211e5627b030fb6a4b465dfd5 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 18:48:48 +0100
Subject: [PATCH 009/112] Add basic support for colored output

Show "pass" lines in green and "fail" lines in red.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 51 +++++++++++++++++++++++++++++++++-------
 1 file changed, 42 insertions(+), 9 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 6c55676c7f..433f352757 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -28,9 +28,38 @@ import subprocess
 import sys
 import traceback
 
-def log_line(text, prefix='depends.py'):
+class Colors:
+    """Minimalistic support for colored output.
+Each field of an object of this class is either None if colored output
+is not possible or not desired, or a pair of strings (start, stop) such
+that outputting start switches the text color to the desired color and
+stop switches the text color back to the default."""
+    red = None
+    green = None
+    bold_red = None
+    bold_green = None
+    def __init__(self, options=None):
+        if not options or options.color in ['no', 'never']:
+            want_color = False
+        elif options.color in ['yes', 'always']:
+            want_color = True
+        else:
+            want_color = sys.stderr.isatty()
+        if want_color:
+            # Assume ANSI compatible terminal
+            normal = '\033[0m'
+            self.red = ('\033[31m', normal)
+            self.green = ('\033[32m', normal)
+            self.bold_red = ('\033[1;31m', normal)
+            self.bold_green = ('\033[1;32m', normal)
+NO_COLORS = Colors(None)
+
+def log_line(text, prefix='depends.py:', suffix='', color=None):
     """Print a status message."""
-    sys.stderr.write(prefix + ' ' + text + '\n')
+    if color != None:
+        prefix = color[0] + prefix
+        suffix = suffix + color[1]
+    sys.stderr.write(prefix + ' ' + text + suffix + '\n')
     sys.stderr.flush()
 
 def log_command(cmd):
@@ -74,15 +103,15 @@ shell=False."""
         self.config_settings = config_settings
         self.commands = commands
 
-    def announce(self, what):
+    def announce(self, colors, what):
         '''Announce the start or completion of a job.
 If what is None, announce the start of the job.
 If what is True, announce that the job has passed.
 If what is False, announce that the job has failed.'''
         if what is True:
-            log_line(self.name + ' PASSED')
+            log_line(self.name + ' PASSED', color=colors.green)
         elif what is False:
-            log_line(self.name + ' FAILED')
+            log_line(self.name + ' FAILED', color=colors.red)
         else:
             log_line('starting ' + self.name)
 
@@ -257,13 +286,13 @@ A name can either be the name of a domain or the name of one specific job."""
         else:
             return [self.jobs[name]]
 
-def run(options, job):
+def run(options, job, colors=NO_COLORS):
     """Run the specified job (a Job instance)."""
     subprocess.check_call([options.make_command, 'clean'])
-    job.announce(None)
+    job.announce(colors, None)
     job.configure(options)
     success = job.test(options)
-    job.announce(success)
+    job.announce(colors, success)
     return success
 
 def main(options, domain_data):
@@ -273,6 +302,7 @@ domains and jobs.
 Run the jobs listed in options.domains."""
     if not hasattr(options, 'config_backup'):
         options.config_backup = options.config + '.bak'
+    colors = Colors(options)
     jobs = []
     failures = []
     successes = []
@@ -281,7 +311,7 @@ Run the jobs listed in options.domains."""
     backup_config(options)
     try:
         for job in jobs:
-            success = run(options, job)
+            success = run(options, job, colors=colors)
             if not success:
                 if options.keep_going:
                     failures.append(job.name)
@@ -308,6 +338,9 @@ Run the jobs listed in options.domains."""
 if __name__ == '__main__':
     try:
         parser = argparse.ArgumentParser(description=__doc__)
+        parser.add_argument('--color', metavar='WHEN',
+                            help='Colorize the output (always/auto/never)',
+                            choices=['always', 'auto', 'never'], default='auto')
         parser.add_argument('-c', '--config', metavar='FILE',
                             help='Configuration file to modify',
                             default='include/mbedtls/config.h')

From dc68f618cc6105e8e7db0173fa23ab6266372d62 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 18:50:03 +0100
Subject: [PATCH 010/112] Simplify final passed/failed reporting

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 433f352757..5c4cb502b2 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -323,15 +323,12 @@ Run the jobs listed in options.domains."""
     finally:
         if options.keep_going:
             restore_config(options, True)
+    if successes:
+        log_line('{} passed'.format(' '.join(successes)), color=colors.bold_green)
     if failures:
-        if successes:
-            log_line('{} passed; {} FAILED'.format(' '.join(successes),
-                                                   ' '.join(failures)))
-        else:
-            log_line('{} FAILED'.format(' '.join(failures)))
+        log_line('{} FAILED'.format(' '.join(failures)), color=colors.bold_red)
         return False
     else:
-        log_line('{} passed'.format(' '.join(successes)))
         return True
 
 

From 88e8dd6f5d367846e6c9c2ff6c787ecccc44f024 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 18:52:16 +0100
Subject: [PATCH 011/112] Use the full config as the baseline for all jobs

Start each job from the full config minus some memory management
settings and the job-specific settings.

The original content of config.h no longer influences the
configurations used for the jobs (but it still influences what jobs
may run, in that the set of jobs is partly built by parsing #define
and //#define lines in config.h).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 38 ++++++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 5c4cb502b2..daae6b057a 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -68,16 +68,23 @@ cmd is a list of strings: a command name and its arguments."""
     log_line(' '.join(cmd), prefix='+')
 
 def backup_config(options):
-    """Back up the library configuration file (config.h)."""
-    shutil.copy(options.config, options.config_backup)
+    """Back up the library configuration file (config.h).
+If the backup file already exists, it is presumed to be the desired backup,
+so don't make another backup."""
+    if os.path.exists(options.config_backup):
+        options.own_backup = False
+    else:
+        options.own_backup = True
+        shutil.copy(options.config, options.config_backup)
 
-def restore_config(options, done=False):
+def restore_config(options):
     """Restore the library configuration file (config.h).
-If done is true, remove the backup file."""
-    if done:
+Remove the backup file if it was saved earlier."""
+    if options.own_backup:
         shutil.move(options.config_backup, options.config)
     else:
         shutil.copy(options.config_backup, options.config)
+
 def run_config_pl(options, args):
     """Run scripts/config.pl with the specified arguments."""
     cmd = ['scripts/config.pl']
@@ -115,10 +122,21 @@ If what is False, announce that the job has failed.'''
         else:
             log_line('starting ' + self.name)
 
+    def set_reference_config(self, options):
+        """Change the library configuration file (config.h) to the reference state.
+    The reference state is the one from which the tested configurations are
+    derived."""
+        # Turn off memory management options that are not relevant to
+        # the tests and slow them down.
+        run_config_pl(options, ['full'])
+        run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BACKTRACE'])
+        run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C'])
+        run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_DEBUG'])
 
     def configure(self, options):
         '''Set library configuration options as required for the job.
 config_file_name indicates which file to modify.'''
+        self.set_reference_config(options)
         for key, value in sorted(self.config_settings.items()):
             if value is True:
                 args = ['set', key]
@@ -319,10 +337,14 @@ Run the jobs listed in options.domains."""
                     return False
             else:
                 successes.append(job.name)
-            restore_config(options)
-    finally:
+        restore_config(options)
+    except:
+        # Restore the configuration, except in stop-on-error mode if there
+        # was an error, where we leave the failing configuration up for
+        # developer convenience.
         if options.keep_going:
-            restore_config(options, True)
+            restore_config(options)
+        raise
     if successes:
         log_line('{} passed'.format(' '.join(successes)), color=colors.bold_green)
     if failures:

From 3dd0dab7fb4600ca03132bd27cb22a157862554d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 18:56:03 +0100
Subject: [PATCH 012/112] Don't test builds with only deprecated hashes

Don't try to build with only SHA-1 or with only RIPEMD160 or with only
MD{2,4,5}.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index daae6b057a..f0f09f198e 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -219,7 +219,14 @@ class ExclusiveDomain(Domain):
 Establish a list of configuration symbols. For each symbol, run a test job
 with this symbol set and the others unset, and a test job with this symbol
 unset and the others set."""
-    def __init__(self, symbols, commands):
+    def __init__(self, symbols, commands, exclude=None):
+        """Build a domain for the specified list of configuration symbols.
+The domain contains two sets of jobs: jobs that enable one of the elements
+of symbols and disable the others, and jobs that disable one of the elements
+of symbols and enable the others.
+Each job runs the specified commands.
+If exclude is a regular expression, skip generated jobs whose description
+would match this regular expression."""
         self.jobs = []
         for invert in [False, True]:
             base_config_settings = {}
@@ -227,6 +234,8 @@ unset and the others set."""
                 base_config_settings[symbol] = invert
             for symbol in symbols:
                 description = '!' + symbol if invert else symbol
+                if exclude and re.match(exclude, description):
+                    continue
                 config_settings = base_config_settings.copy()
                 config_settings[symbol] = not invert
                 turn_off_dependencies(config_settings)
@@ -238,6 +247,9 @@ class ComplementaryDomain:
 Establish a list of configuration symbols. For each symbol, run a test job
 with this symbol unset."""
     def __init__(self, symbols, commands):
+        """Build a domain for the specified list of configuration symbols.
+Each job in the domain disables one of the specified symbols.
+Each job runs the specified commands."""
         self.jobs = []
         for symbol in symbols:
             description = '!' + symbol
@@ -279,7 +291,8 @@ Return them in a generator."""
             'curves': ExclusiveDomain(curve_symbols, build_and_test),
             # Hash algorithms. Exclude configurations with only one
             # hash which is obsolete. Run the test suites.
-            'hashes': ExclusiveDomain(hash_symbols, build_and_test),
+            'hashes': ExclusiveDomain(hash_symbols, build_and_test,
+                                      exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)'),
             # Key exchange types. Just check the build.
             'kex': ExclusiveDomain(key_exchange_symbols, [build_command]),
             # Public-key algorithms. Run the test suites.

From b81f4067424bde4e233fc31916d596601146e84d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 19:30:40 +0100
Subject: [PATCH 013/112] Declare more reverse dependencies

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index f0f09f198e..27c2ae48b3 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -176,16 +176,22 @@ ssl_pre_1_2_dependencies = ['MBEDTLS_SSL_CBC_RECORD_SPLITTING',
 
 # If the configuration option A requires B, make sure that
 # B in reverse_dependencies[A].
+# All the information here should be contained in check_config.h. This
+# file includes a copy because it changes rarely and it would be a pain
+# to extract automatically.
 reverse_dependencies = {
     'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
     'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C',
                       'MBEDTLS_ECDH_C',
                       'MBEDTLS_ECJPAKE_C',
+                      'MBEDTLS_ECP_RESTARTABLE',
+                      'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
+    'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
     'MBEDTLS_MD5_C': ssl_pre_1_2_dependencies,
     'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
     'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
@@ -198,6 +204,8 @@ reverse_dependencies = {
                       'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
     'MBEDTLS_SHA1_C': ssl_pre_1_2_dependencies,
+    'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
+                         'MBEDTLS_ENTROPY_FORCE_SHA256'],
     'MBEDTLS_X509_RSASSA_PSS_SUPPORT': [],
 }
 

From 7088a73296c231c870eeefa9600e93a511228ff9 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 19:33:05 +0100
Subject: [PATCH 014/112] When exercising key exchanges, don't build the test
 suites

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 27c2ae48b3..3ef3f20ed8 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -301,9 +301,11 @@ Return them in a generator."""
             # hash which is obsolete. Run the test suites.
             'hashes': ExclusiveDomain(hash_symbols, build_and_test,
                                       exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)'),
-            # Key exchange types. Just check the build.
-            'kex': ExclusiveDomain(key_exchange_symbols, [build_command]),
-            # Public-key algorithms. Run the test suites.
+            # Key exchange types. Only build the library and the sample
+            # programs.
+            'kex': ExclusiveDomain(key_exchange_symbols,
+                                   [build_command + ['lib'],
+                                    build_command + ['-C', 'programs']]),
             'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C',
                                            'MBEDTLS_ECP_C',
                                            'MBEDTLS_PKCS1_V21',

From 3ce0e32d4bc3c3855ae495fad48821b96fd969be Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 Jan 2019 23:12:28 +0100
Subject: [PATCH 015/112] Add domains for symmetric ciphers

Add a domain for cipher base algorithms (block permutations and stream
ciphers), a domain for block cipher chaining modes and a domain for
block cipher padding modes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 3ef3f20ed8..11af322fd6 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -180,6 +180,12 @@ ssl_pre_1_2_dependencies = ['MBEDTLS_SSL_CBC_RECORD_SPLITTING',
 # file includes a copy because it changes rarely and it would be a pain
 # to extract automatically.
 reverse_dependencies = {
+    'MBEDTLS_AES_C': ['MBEDTLS_CTR_DRBG_C',
+                      'MBEDTLS_NIST_KW_C',
+                      'MBEDTLS_PSA_CRYPTO_STORAGE_C',
+                      'MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C',
+                      'MBEDTLS_PSA_CRYPTO_C'],
+    'MBEDTLS_CHACHA20_C': ['MBEDTLS_CHACHAPOLY_C'],
     'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
     'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C',
                       'MBEDTLS_ECDH_C',
@@ -266,6 +272,16 @@ Each job runs the specified commands."""
             job = Job(description, config_settings, commands)
             self.jobs.append(job)
 
+class CipherInfo:
+    """Collect data about cipher.h."""
+    def __init__(self, options):
+        self.base_symbols = set()
+        with open('include/mbedtls/cipher.h') as fh:
+            for line in fh:
+                m = re.match(r' *MBEDTLS_CIPHER_ID_(\w+),', line)
+                if m and m.group(1) not in ['NONE', 'NULL', '3DES']:
+                    self.base_symbols.add('MBEDTLS_' + m.group(1) + '_C')
+
 class DomainData:
     """Collect data about the library."""
     def collect_config_symbols(self, options):
@@ -294,7 +310,21 @@ Return them in a generator."""
         curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z')
         # Find key exchange enabling macros by name.
         key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
+        # Find cipher IDs (block permutations and stream ciphers --- chaining
+        # and padding modes are exercised separately) information by parsing
+        # cipher.h, as the information is not readily available in config.h.
+        cipher_info = CipherInfo(options)
+        # Find block cipher chaining and padding mode enabling macros by name.
+        cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z')
+        cipher_padding_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_PADDING_\w+\Z')
         self.domains = {
+            # Cipher IDs, chaining modes and padding modes. Run the test suites.
+            'cipher_id': ExclusiveDomain(cipher_info.base_symbols,
+                                         build_and_test),
+            'cipher_chaining': ExclusiveDomain(cipher_chaining_symbols,
+                                               build_and_test),
+            'cipher_padding': ExclusiveDomain(cipher_padding_symbols,
+                                              build_and_test),
             # Elliptic curves. Run the test suites.
             'curves': ExclusiveDomain(curve_symbols, build_and_test),
             # Hash algorithms. Exclude configurations with only one

From 773a461a1728705bba9983480591ddbb976d38e8 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 07:05:55 -0400
Subject: [PATCH 016/112] Fix missing AES dependencies

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_cmac.data     | 13 ++++++++++++-
 tests/suites/test_suite_cmac.function |  4 ++--
 tests/suites/test_suite_gcm.function  |  2 +-
 tests/suites/test_suite_pem.data      |  1 +
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data
index 5956a69811..3ca5e542d0 100644
--- a/tests/suites/test_suite_cmac.data
+++ b/tests/suites/test_suite_cmac.data
@@ -2,6 +2,7 @@ CMAC self test
 mbedtls_cmac_self_test:
 
 CMAC null arguments
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_null_args:
 
 CMAC init #1 AES-128: OK
@@ -16,7 +17,7 @@ CMAC init #3 AES-256: OK
 depends_on:MBEDTLS_AES_C
 mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_256_ECB:256:0
 
-CMAC init #4 3DES : OK
+CMAC init #4 3DES: OK
 depends_on:MBEDTLS_DES_C
 mbedtls_cmac_setkey:MBEDTLS_CIPHER_DES_EDE3_ECB:192:0
 
@@ -33,32 +34,42 @@ depends_on:MBEDTLS_CAMELLIA_C
 mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
 
 CMAC Single Blocks #1 - Empty block, no updates
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":-1:"":-1:"":-1:"":-1:"bb1d6929e95937287fa37d129b756746"
 
 CMAC Single Blocks #2 - Single 16 byte block
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"":-1:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c"
 
 CMAC Single Blocks #3 - Single 64 byte block
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"":-1:"51f0bebf7e3b9d92fc49741779363cfe"
 
 CMAC Multiple Blocks #1 - Multiple 8 byte blocks
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172a":8:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c"
 
 CMAC Multiple Blocks #2 - Multiple 16 byte blocks
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"ae2d8a571e03ac9c9eb76fac45af8e51":16:"30c81c46a35ce411e5fbc1191a0a52ef":16:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe"
 
 CMAC Multiple Blocks #3 - Multiple variable sized blocks
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172aae2d8a571e03ac9c":16:"9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52ef":24:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe"
 
 CMAC Multiple Blocks #4 - Multiple 8 byte blocks with gaps
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":0:"6bc1bee22e409f96":8:"":0:"e93d7e117393172a":8:"070a16b46b4d4144f79bdd9dd04a287c"
 
 CMAC Multiple Operations, same key #1 - Empty, empty
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367"
 
 CMAC Multiple Operations, same key #2 - Empty, 64 byte block
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"a1d5df0eed790f794d77589659f39a11"
 
 CMAC Multiple Operations, same key #3 - variable byte blocks
+depends_on:MBEDTLS_AES_C
 mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11"
 
diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function
index cabf1070c1..c3d7da43d8 100644
--- a/tests/suites/test_suite_cmac.function
+++ b/tests/suites/test_suite_cmac.function
@@ -77,7 +77,7 @@ void mbedtls_cmac_null_args(  )
                                       test_data, 16,
                                       NULL ) ==
                                             MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
+#if defined(MBEDTLS_AES_C)
     TEST_ASSERT( mbedtls_aes_cmac_prf_128( NULL, 16,
                                            test_data, 16,
                                            test_output ) ==
@@ -92,7 +92,7 @@ void mbedtls_cmac_null_args(  )
                                            test_data, 16,
                                            NULL ) ==
                                               MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
+#endif
 exit:
     mbedtls_cipher_free( &ctx );
 }
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 9b7b0ee14c..afe862d6e3 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -276,7 +276,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
+/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
 void gcm_selftest(  )
 {
     TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 );
diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data
index 77546c586b..37484d8ee3 100644
--- a/tests/suites/test_suite_pem.data
+++ b/tests/suites/test_suite_pem.data
@@ -23,6 +23,7 @@ PEM read (DES-CBC + invalid iv)
 mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV
 
 PEM read (unknown encryption algorithm)
+depends_on:MBEDTLS_AES_C
 mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
 
 PEM read (malformed PEM DES-CBC)

From f9412f77aced7260bb727f13c0ab32b47e124536 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 07:30:19 -0400
Subject: [PATCH 017/112] Add tls prf handling when there's no SHA256 or SHA384

Return a null prf function pointer and check for it when populating transform.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/ssl_tls.c | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7a4d437914..2b7f44729a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6504,6 +6504,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
  * Helper to get TLS 1.2 PRF from ciphersuite
  * (Duplicates bits of logic from ssl_set_handshake_prfs().)
  */
+#if defined(MBEDTLS_SHA256_C) || \
+    (defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384))
 typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
                            const char *label,
                            const unsigned char *random, size_t rlen,
@@ -6516,12 +6518,24 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
 
     if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
         return( tls_prf_sha384 );
-#else
-    (void) ciphersuite_id;
+    else
 #endif
-    return( tls_prf_sha256 );
+#if defined(MBEDTLS_SHA256_C)
+    {
+        if( ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
+            return( tls_prf_sha256 );
+    }
+#endif
+#if !defined(MBEDTLS_SHA256_C) && \
+    (!defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA512_NO_SHA384))
+    (void) ciphersuite_info;
+#endif
+    return( NULL );
 }
 
+#endif /* MBEDTLS_SHA256_C ||
+          (MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384) */
+
 /*
  * Deserialize context, see mbedtls_ssl_context_save() for format.
  *
@@ -6537,6 +6551,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
     const unsigned char * const end = buf + len;
     size_t session_len;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    tls_prf_fn prf_func = NULL;
 
     /*
      * The context should have been freshly setup or reset.
@@ -6624,6 +6639,10 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
     ssl->transform_out = ssl->transform;
     ssl->transform_negotiate = NULL;
 
+    prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
+    if( prf_func == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
     /* Read random bytes and populate structure */
     if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -6642,7 +6661,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_ZLIB_SUPPORT)
                   ssl->session->compression,
 #endif
-                  ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
+                  prf_func,
                   p, /* currently pointing to randbytes */
                   MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
                   ssl->conf->endpoint,

From e8ed2a111543d31a9b0078962cefaea2ad7da8d1 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 27 Sep 2022 14:19:50 -0400
Subject: [PATCH 018/112] Compile constant time masking and hmac if there are
 suites using MAC

This is used in TLS 1.2 authentication with NULL cipher,
when there are no TLS_CBC suites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/constant_time_internal.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index 6725ac1c7b..ff2d0ff92c 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -45,7 +45,7 @@
  */
 unsigned mbedtls_ct_uint_mask( unsigned value );
 
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
 
 /** Turn a value into a mask:
  * - if \p value == 0, return the all-bits 0 mask, aka 0
@@ -60,7 +60,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value );
  */
 size_t mbedtls_ct_size_mask( size_t value );
 
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
 
 #if defined(MBEDTLS_BIGNUM_C)
 

From 0d2982be13f6920b965ffa7a77c01557ee4cf332 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 07:55:46 -0400
Subject: [PATCH 019/112] Refactor ssl test suite to use pointers more

This way it's easier to track structures that are partially set up.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_ssl.function | 102 ++++++++++++++++++---------
 1 file changed, 69 insertions(+), 33 deletions(-)

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index a1e660f28b..606072af39 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -734,9 +734,9 @@ int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
  */
 typedef struct mbedtls_endpoint_certificate
 {
-    mbedtls_x509_crt ca_cert;
-    mbedtls_x509_crt cert;
-    mbedtls_pk_context pkey;
+    mbedtls_x509_crt* ca_cert;
+    mbedtls_x509_crt* cert;
+    mbedtls_pk_context* pkey;
 } mbedtls_endpoint_certificate;
 
 /*
@@ -753,6 +753,42 @@ typedef struct mbedtls_endpoint
     mbedtls_endpoint_certificate cert;
 } mbedtls_endpoint;
 
+/*
+ * Deinitializes certificates from endpoint represented by \p ep.
+ */
+void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
+{
+    mbedtls_endpoint_certificate *cert = &( ep->cert );
+    if( cert != NULL )
+    {
+        if( cert->ca_cert != NULL )
+        {
+            mbedtls_x509_crt_free( cert->ca_cert );
+            mbedtls_free( cert->ca_cert );
+            cert->ca_cert = NULL;
+        }
+        if( cert->cert != NULL )
+        {
+            mbedtls_x509_crt_free( cert->cert );
+            mbedtls_free( cert->cert );
+            cert->cert = NULL;
+        }
+        if( cert->pkey != NULL )
+        {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+            if( mbedtls_pk_get_type( cert->pkey ) == MBEDTLS_PK_OPAQUE )
+            {
+                mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
+                psa_destroy_key( *key_slot );
+            }
+#endif
+            mbedtls_pk_free( cert->pkey );
+            mbedtls_free( cert->pkey );
+            cert->pkey = NULL;
+        }
+    }
+}
+
 /*
  * Initializes \p ep_cert structure and assigns it to endpoint
  * represented by \p ep.
@@ -763,7 +799,7 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
 {
     int i = 0;
     int ret = -1;
-    mbedtls_endpoint_certificate *cert;
+    mbedtls_endpoint_certificate *cert = NULL;
 
     if( ep == NULL )
     {
@@ -771,15 +807,19 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
     }
 
     cert = &( ep->cert );
-    mbedtls_x509_crt_init( &( cert->ca_cert ) );
-    mbedtls_x509_crt_init( &( cert->cert ) );
-    mbedtls_pk_init( &( cert->pkey ) );
+    cert->ca_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
+    cert->cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
+    cert->pkey = mbedtls_calloc( 1, sizeof(mbedtls_pk_context) );
+
+    mbedtls_x509_crt_init( cert->ca_cert );
+    mbedtls_x509_crt_init( cert->cert );
+    mbedtls_pk_init( cert->pkey );
 
     /* Load the trusted CA */
 
     for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
     {
-        ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
+        ret = mbedtls_x509_crt_parse_der( cert->ca_cert,
                         (const unsigned char *) mbedtls_test_cas_der[i],
                         mbedtls_test_cas_der_len[i] );
         TEST_ASSERT( ret == 0 );
@@ -791,24 +831,24 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
     {
         if( pk_alg == MBEDTLS_PK_RSA )
         {
-            ret = mbedtls_x509_crt_parse( &( cert->cert ),
+            ret = mbedtls_x509_crt_parse( cert->cert,
                     (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
                     mbedtls_test_srv_crt_rsa_sha256_der_len );
             TEST_ASSERT( ret == 0 );
 
-            ret = mbedtls_pk_parse_key( &( cert->pkey ),
+            ret = mbedtls_pk_parse_key( cert->pkey,
                             (const unsigned char*) mbedtls_test_srv_key_rsa_der,
                             mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
             TEST_ASSERT( ret == 0 );
         }
         else
         {
-            ret = mbedtls_x509_crt_parse( &( cert->cert ),
+            ret = mbedtls_x509_crt_parse( cert->cert,
                             (const unsigned char*) mbedtls_test_srv_crt_ec_der,
                             mbedtls_test_srv_crt_ec_der_len );
             TEST_ASSERT( ret == 0 );
 
-            ret = mbedtls_pk_parse_key( &( cert->pkey ),
+            ret = mbedtls_pk_parse_key( cert->pkey,
                             (const unsigned char*) mbedtls_test_srv_key_ec_der,
                             mbedtls_test_srv_key_ec_der_len, NULL, 0 );
             TEST_ASSERT( ret == 0 );
@@ -818,42 +858,40 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
     {
         if( pk_alg == MBEDTLS_PK_RSA )
         {
-            ret = mbedtls_x509_crt_parse( &( cert->cert ),
+            ret = mbedtls_x509_crt_parse( cert->cert,
                           (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
                           mbedtls_test_cli_crt_rsa_der_len );
             TEST_ASSERT( ret == 0 );
 
-            ret = mbedtls_pk_parse_key( &( cert->pkey ),
+            ret = mbedtls_pk_parse_key( cert->pkey,
                           (const unsigned char *) mbedtls_test_cli_key_rsa_der,
                           mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
             TEST_ASSERT( ret == 0 );
         }
         else
         {
-            ret = mbedtls_x509_crt_parse( &( cert->cert ),
+            ret = mbedtls_x509_crt_parse( cert->cert,
                           (const unsigned char *) mbedtls_test_cli_crt_ec_der,
                           mbedtls_test_cli_crt_ec_len );
             TEST_ASSERT( ret == 0 );
 
-            ret = mbedtls_pk_parse_key( &( cert->pkey ),
+            ret = mbedtls_pk_parse_key( cert->pkey,
                           (const unsigned char *) mbedtls_test_cli_key_ec_der,
                           mbedtls_test_cli_key_ec_der_len, NULL, 0 );
             TEST_ASSERT( ret == 0 );
         }
     }
 
-    mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
+    mbedtls_ssl_conf_ca_chain( &( ep->conf ), cert->ca_cert, NULL );
 
-    ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
-                                     &( cert->pkey ) );
+    ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), cert->cert,
+                                     cert->pkey );
     TEST_ASSERT( ret == 0 );
 
 exit:
     if( ret != 0 )
     {
-        mbedtls_x509_crt_free( &( cert->ca_cert ) );
-        mbedtls_x509_crt_free( &( cert->cert ) );
-        mbedtls_pk_free( &( cert->pkey ) );
+        mbedtls_endpoint_certificate_free( ep );
     }
 
     return ret;
@@ -959,17 +997,6 @@ exit:
     return ret;
 }
 
-/*
- * Deinitializes certificates from endpoint represented by \p ep.
- */
-void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
-{
-    mbedtls_endpoint_certificate *cert = &( ep->cert );
-    mbedtls_x509_crt_free( &( cert->ca_cert ) );
-    mbedtls_x509_crt_free( &( cert->cert ) );
-    mbedtls_pk_free( &( cert->pkey ) );
-}
-
 /*
  * Deinitializes endpoint represented by \p ep.
  */
@@ -1709,6 +1736,10 @@ void perform_handshake( handshake_test_options* options )
 #endif
     int expected_handshake_result = 0;
 
+    USE_PSA_INIT( );
+    mbedtls_platform_zeroize( &client, sizeof(client) );
+    mbedtls_platform_zeroize( &server, sizeof(server) );
+
     mbedtls_test_message_queue server_queue, client_queue;
     mbedtls_test_message_socket_context server_context, client_context;
     mbedtls_message_socket_init( &server_context );
@@ -4185,6 +4216,9 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass)
     mbedtls_endpoint base_ep, second_ep;
     int ret = -1;
 
+    mbedtls_platform_zeroize( &base_ep, sizeof(base_ep) );
+    mbedtls_platform_zeroize( &second_ep, sizeof(second_ep) );
+
     ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
                                  NULL, NULL, NULL, NULL );
     TEST_ASSERT( ret == 0 );
@@ -4571,6 +4605,8 @@ void raw_key_agreement_fail( int bad_server_ecdhe_key )
     mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
                                           MBEDTLS_ECP_DP_NONE };
     USE_PSA_INIT( );
+    mbedtls_platform_zeroize( &client, sizeof(client) );
+    mbedtls_platform_zeroize( &server, sizeof(server) );
 
     /* Client side, force SECP256R1 to make one key bitflip fail
      * the raw key agreement. Flipping the first byte makes the

From b3b0ec9bed608ac93518db1d7ccf5b2baf534de5 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 08:21:07 -0400
Subject: [PATCH 020/112] Add missing dependencies

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/ssl_tls.c         | 2 +-
 programs/test/benchmark.c | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2b7f44729a..39daaf75d6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6512,10 +6512,10 @@ typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
                            unsigned char *dstbuf, size_t dlen );
 static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
 {
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
     const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
          mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
 
+    #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
     if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
         return( tls_prf_sha384 );
     else
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 8b46c614e2..44e9a5851e 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -737,7 +737,8 @@ int main( int argc, char *argv[] )
     }
 #endif
 
-#if defined(MBEDTLS_HMAC_DRBG_C)
+#if defined(MBEDTLS_HMAC_DRBG_C) && \
+    ( defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C) )
     if( todo.hmac_drbg )
     {
         mbedtls_hmac_drbg_context hmac_drbg;
@@ -780,7 +781,7 @@ int main( int argc, char *argv[] )
 #endif
         mbedtls_hmac_drbg_free( &hmac_drbg );
     }
-#endif
+#endif /* MBEDTLS_HMAC_DRBG_C && ( MBEDTLS_SHA1_C || MBEDTLS_SHA256_C ) */
 
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
     if( todo.rsa )

From 4ed670f0cdd65e43401c6a97e356838e78f23f43 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 08:30:50 -0400
Subject: [PATCH 021/112] Add missing key exchange dependencies

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 programs/ssl/ssl_client2.c       | 26 ++++++++++++++++----------
 programs/ssl/ssl_server2.c       |  3 ++-
 tests/suites/test_suite_ssl.data | 20 ++++++++++----------
 3 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 4f076602a8..416f5a51b1 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -527,7 +527,7 @@ struct options
 
 #include "ssl_test_common_source.c"
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 static unsigned char peer_crt_info[1024];
 
 /*
@@ -559,7 +559,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt,
 
     return( 0 );
 }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 int report_cid_usage( mbedtls_ssl_context *ssl,
@@ -689,7 +689,7 @@ int main( int argc, char *argv[] )
     psa_status_t status;
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
 #endif
     rng_context_t rng;
@@ -702,7 +702,9 @@ int main( int argc, char *argv[] )
     mbedtls_timing_delay_context timer;
 #endif
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     uint32_t flags;
+#endif
     mbedtls_x509_crt cacert;
     mbedtls_x509_crt clicert;
     mbedtls_pk_context pkey;
@@ -2022,7 +2024,8 @@ int main( int argc, char *argv[] )
     }
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     if( opt.context_crt_cb == 1 )
         mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -2325,7 +2328,8 @@ int main( int argc, char *argv[] )
         }
     }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /*
      * 5. Verify the server certificate
      */
@@ -2347,7 +2351,7 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "  . Peer certificate information    ...\n" );
     mbedtls_printf( "%s\n", peer_crt_info );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     ret = report_cid_usage( &ssl, "initial handshake" );
@@ -2675,9 +2679,10 @@ send_request:
         mbedtls_printf( "  . Restarting connection from same port..." );
         fflush( stdout );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
         if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
         {
@@ -2911,9 +2916,10 @@ reconnect:
 
         mbedtls_printf( "  . Reconnecting with saved session..." );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
         if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
         {
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 48f50c568b..4fbf036ff2 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1301,7 +1301,8 @@ int main( int argc, char *argv[] )
     mbedtls_ssl_cookie_ctx cookie_ctx;
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
 #endif
     rng_context_t rng;
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 0e97e6fed9..811d84a495 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -220,23 +220,23 @@ depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_
 handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0
 
 Handshake, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0
 
 Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
 
 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
 
 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
 
 Handshake, PSK-WITH-AES-128-CBC-SHA
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
 
 DTLS Handshake, tls1_1
@@ -252,23 +252,23 @@ depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_
 handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1
 
 DTLS Handshake, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1
 
 DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
 
 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
 
 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
 
 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SHA1_C:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
 
 DTLS Handshake with serialization, tls1_2

From 4d95934a61f70943348777db6ce9591ae73bbb16 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 08:47:23 -0400
Subject: [PATCH 022/112] Add missing ECP and ECDH dependencies in ssl test
 suites

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_ssl.data | 52 ++++++++++++++++++++++++++------
 1 file changed, 43 insertions(+), 9 deletions(-)

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 811d84a495..23143b5dc3 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -98,48 +98,63 @@ Test moving clients handshake to state: CLIENT_HELLO
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1
 
 Test moving clients handshake to state: SERVER_HELLO
+depends_on:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1
 
 Test moving clients handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1
 
 Test moving clients handshake to state: SERVER_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
 
 Test moving clients handshake to state: CERTIFICATE_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
 
 Test moving clients handshake to state: SERVER_HELLO_DONE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1
 
 Test moving clients handshake to state: CLIENT_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
 
 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
 
 Test moving clients handshake to state: CERTIFICATE_VERIFY
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
 
 Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
 
 Test moving clients handshake to state: CLIENT_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1
 
 Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
 
 Test moving clients handshake to state: SERVER_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1
 
 Test moving clients handshake to state: FLUSH_BUFFERS
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1
 
 Test moving clients handshake to state: HANDSHAKE_WRAPUP
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
 
 Test moving clients handshake to state: HANDSHAKE_OVER
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1
 
 Test moving servers handshake to state: HELLO_REQUEST
@@ -149,48 +164,63 @@ Test moving servers handshake to state: CLIENT_HELLO
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1
 
 Test moving servers handshake to state: SERVER_HELLO
+depends_on:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1
 
 Test moving servers handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1
 
 Test moving servers handshake to state: SERVER_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
 
 Test moving servers handshake to state: CERTIFICATE_REQUEST
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
 
 Test moving servers handshake to state: SERVER_HELLO_DONE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1
 
 Test moving servers handshake to state: CLIENT_CERTIFICATE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
 
 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
 
 Test moving servers handshake to state: CERTIFICATE_VERIFY
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
 
 Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
 
 Test moving servers handshake to state: CLIENT_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1
 
 Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
 
 Test moving servers handshake to state: SERVER_FINISHED
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1
 
 Test moving servers handshake to state: FLUSH_BUFFERS
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1
 
 Test moving servers handshake to state: HANDSHAKE_WRAPUP
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
 
 Test moving servers handshake to state: HANDSHAKE_OVER
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1
 
 Negative test moving clients ssl to state: VERIFY_REQUEST_SENT
@@ -282,7 +312,7 @@ DTLS Handshake fragmentation, MFL=1024
 handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
 
 Handshake min/max version check, all -> 1.2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CIPHER_MODE_CBC
 handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_3
 
 Handshake min/max version check, cli max 1.1 -> 1.1
@@ -314,41 +344,43 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_TL
 handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_2:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE
 
 Sending app data via TLS, MFL=512 without fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
 
 Sending app data via TLS, MFL=512 with fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3
 
 Sending app data via TLS, MFL=1024 without fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
 
 Sending app data via TLS, MFL=1024 with fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5
 
 Sending app data via TLS, MFL=2048 without fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
 
 Sending app data via TLS, MFL=2048 with fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4
 
 Sending app data via TLS, MFL=4096 without fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
 
 Sending app data via TLS, MFL=4096 with fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3
 
 Sending app data via TLS without MFL and without fragmentation
+depends_on:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
 
 Sending app data via TLS without MFL and with fragmentation
+depends_on:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7
 
 Sending app data via DTLS, MFL=512 without fragmentation
@@ -10407,11 +10439,13 @@ ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680c
 SSL TLS 1.3 Key schedule: Secret evolution #2
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Early secret to Handshake Secret
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECP_C
 ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a"
 
 SSL TLS 1.3 Key schedule: Secret evolution #3
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Handshake secret to Master Secret
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECP_C
 ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #1

From 9068625a57afc5acea499b778e695f71b4d95591 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 28 Sep 2022 03:17:56 -0400
Subject: [PATCH 023/112] Update depends.py

Remove old and add new dependencies.
Introduce a way to handle non-trivial problems
stemming from exclusive group testing.
Exclude SHA256 and SHA512, as these are tested
in SHA224 and SHA384 jobs, respectively.
Change config.h to mbedtls_config.h).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 91 ++++++++++++++++++++++++++++++----------
 1 file changed, 69 insertions(+), 22 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 11af322fd6..b2a2f27b2a 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -68,7 +68,7 @@ cmd is a list of strings: a command name and its arguments."""
     log_line(' '.join(cmd), prefix='+')
 
 def backup_config(options):
-    """Back up the library configuration file (config.h).
+    """Back up the library configuration file (mbedtls_config.h).
 If the backup file already exists, it is presumed to be the desired backup,
 so don't make another backup."""
     if os.path.exists(options.config_backup):
@@ -78,7 +78,7 @@ so don't make another backup."""
         shutil.copy(options.config, options.config_backup)
 
 def restore_config(options):
-    """Restore the library configuration file (config.h).
+    """Restore the library configuration file (mbedtls_config.h).
 Remove the backup file if it was saved earlier."""
     if options.own_backup:
         shutil.move(options.config_backup, options.config)
@@ -88,7 +88,7 @@ Remove the backup file if it was saved earlier."""
 def run_config_pl(options, args):
     """Run scripts/config.pl with the specified arguments."""
     cmd = ['scripts/config.pl']
-    if options.config != 'include/mbedtls/config.h':
+    if options.config != 'include/mbedtls/mbedtls_config.h':
         cmd += ['--file', options.config]
     cmd += args
     log_command(cmd)
@@ -123,7 +123,7 @@ If what is False, announce that the job has failed.'''
             log_line('starting ' + self.name)
 
     def set_reference_config(self, options):
-        """Change the library configuration file (config.h) to the reference state.
+        """Change the library configuration file (mbedtls_config.h) to the reference state.
     The reference state is the one from which the tested configurations are
     derived."""
         # Turn off memory management options that are not relevant to
@@ -181,22 +181,19 @@ ssl_pre_1_2_dependencies = ['MBEDTLS_SSL_CBC_RECORD_SPLITTING',
 # to extract automatically.
 reverse_dependencies = {
     'MBEDTLS_AES_C': ['MBEDTLS_CTR_DRBG_C',
-                      'MBEDTLS_NIST_KW_C',
-                      'MBEDTLS_PSA_CRYPTO_STORAGE_C',
-                      'MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C',
-                      'MBEDTLS_PSA_CRYPTO_C'],
+                      'MBEDTLS_NIST_KW_C'],
     'MBEDTLS_CHACHA20_C': ['MBEDTLS_CHACHAPOLY_C'],
-    'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
+    'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
+                        'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED'],
     'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C',
                       'MBEDTLS_ECDH_C',
                       'MBEDTLS_ECJPAKE_C',
-                      'MBEDTLS_ECP_RESTARTABLE',
-                      'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
-                      'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
+                      'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
+                      'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
     'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
     'MBEDTLS_MD5_C': ssl_pre_1_2_dependencies,
     'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
@@ -208,13 +205,59 @@ reverse_dependencies = {
                       'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
-                      'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
+                      'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
+                      'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
     'MBEDTLS_SHA1_C': ssl_pre_1_2_dependencies,
     'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
-                         'MBEDTLS_ENTROPY_FORCE_SHA256'],
-    'MBEDTLS_X509_RSASSA_PSS_SUPPORT': [],
+                         'MBEDTLS_ENTROPY_FORCE_SHA256',
+                         'MBEDTLS_SHA224_C',
+                         'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
+                         'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
+                         'MBEDTLS_SSL_PROTO_TLS1_3'],
+    'MBEDTLS_SHA512_C': ['MBEDTLS_SHA384_C',
+                         'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
+                         'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'],
+    'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
+                         'MBEDTLS_ENTROPY_FORCE_SHA256',
+                         'MBEDTLS_SHA256_C',
+                         'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
+                         'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
+    'MBEDTLS_SHA384_C': ['MBEDTLS_SSL_PROTO_TLS1_3'],
+    'MBEDTLS_X509_RSASSA_PSS_SUPPORT': []
 }
 
+# If an option is tested in an exclusive test, alter the following defines.
+# These are not neccesarily dependencies, but just minimal required changes
+# if a given define is the only one enabled from an exclusive group.
+exclusive_groups = {
+    'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C'],
+    'MBEDTLS_SHA384_C': ['MBEDTLS_SHA512_C'],
+    'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['!MBEDTLS_ECDSA_C',
+                                '!MBEDTLS_ECDSA_DETERMINISTIC',
+                                '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
+                                '!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+                                '!MBEDTLS_ECJPAKE_C',
+                                '!MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
+    'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['!MBEDTLS_ECDSA_C',
+                                '!MBEDTLS_ECDSA_DETERMINISTIC',
+                                '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
+                                '!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+                                '!MBEDTLS_ECJPAKE_C',
+                                '!MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
+    'MBEDTLS_ARIA_C': ['!MBEDTLS_CMAC_C'],
+    'MBEDTLS_CAMELLIA_C': ['!MBEDTLS_CMAC_C'],
+    'MBEDTLS_CHACHA20_C': ['!MBEDTLS_CMAC_C', '!MBEDTLS_CCM_C', '!MBEDTLS_GCM_C'],
+    'MBEDTLS_DES_C': ['!MBEDTLS_CCM_C', '!MBEDTLS_GCM_C'],
+}
+def handle_exclusive_groups(config_settings, symbol):
+    """For every symbol tested in an exclusive group check if there are other
+defines to be altered. """
+    for dep in exclusive_groups.get(symbol, []):
+        unset = dep.startswith('!')
+        if unset:
+            dep=dep[1:]
+        config_settings[dep] = not unset
+
 def turn_off_dependencies(config_settings):
     """For every option turned off config_settings, also turn off what depends on it.
 An option O is turned off if config_settings[O] is False."""
@@ -252,6 +295,8 @@ would match this regular expression."""
                     continue
                 config_settings = base_config_settings.copy()
                 config_settings[symbol] = not invert
+                if not invert:
+                    handle_exclusive_groups(config_settings, symbol)
                 turn_off_dependencies(config_settings)
                 job = Job(description, config_settings, commands)
                 self.jobs.append(job)
@@ -285,7 +330,7 @@ class CipherInfo:
 class DomainData:
     """Collect data about the library."""
     def collect_config_symbols(self, options):
-        """Read the list of settings from config.h.
+        """Read the list of settings from mbedtls_config.h.
 Return them in a generator."""
         with open(options.config) as config_file:
             rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])')
@@ -295,7 +340,7 @@ Return them in a generator."""
                     yield m.group(1)
 
     def config_symbols_matching(self, regexp):
-        """List the config.h settings matching regexp."""
+        """List the mbedtls_config.h settings matching regexp."""
         return [symbol for symbol in self.all_config_symbols
                 if re.match(regexp, symbol)]
 
@@ -312,7 +357,8 @@ Return them in a generator."""
         key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
         # Find cipher IDs (block permutations and stream ciphers --- chaining
         # and padding modes are exercised separately) information by parsing
-        # cipher.h, as the information is not readily available in config.h.
+        # cipher.h, as the information is not readily available in mbedtls_config.h.
+
         cipher_info = CipherInfo(options)
         # Find block cipher chaining and padding mode enabling macros by name.
         cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z')
@@ -328,9 +374,10 @@ Return them in a generator."""
             # Elliptic curves. Run the test suites.
             'curves': ExclusiveDomain(curve_symbols, build_and_test),
             # Hash algorithms. Exclude configurations with only one
-            # hash which is obsolete. Run the test suites.
+            # hash which is obsolete. Run the test suites. Exclude
+            # SHA512 and SHA256, as these are tested with SHA384 and SHA224.
             'hashes': ExclusiveDomain(hash_symbols, build_and_test,
-                                      exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)'),
+                                      exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_|SHA256_|SHA512_)|!MBEDTLS_(SHA256_|SHA512_)'),
             # Key exchange types. Only build the library and the sample
             # programs.
             'kex': ExclusiveDomain(key_exchange_symbols,
@@ -415,7 +462,7 @@ if __name__ == '__main__':
                             choices=['always', 'auto', 'never'], default='auto')
         parser.add_argument('-c', '--config', metavar='FILE',
                             help='Configuration file to modify',
-                            default='include/mbedtls/config.h')
+                            default='include/mbedtls/mbedtls_config.h')
         parser.add_argument('-C', '--directory', metavar='DIR',
                             help='Change to this directory before anything else',
                             default='.')
@@ -435,7 +482,7 @@ if __name__ == '__main__':
                             help='Command to run instead of make (e.g. gmake)',
                             action='store', default='make')
         parser.add_argument('domains', metavar='DOMAIN', nargs='*',
-                            help='The domain(s) to test (default: all)',
+                            help='The domain(s) to test (default: all). This can be also a list of jobs to run.',
                             default=True)
         options = parser.parse_args()
         os.chdir(options.directory)

From 3cdd08cf84937f202e2a6faf990f26d403754995 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 4 Oct 2022 10:38:28 -0400
Subject: [PATCH 024/112] Add an all.sh component running depends.pl

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/all.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index c0bad4da59..517a9fabaf 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1726,6 +1726,11 @@ component_build_key_exchanges () {
     tests/scripts/key-exchanges.pl
 }
 
+component_test_depends () {
+    msg "test/build: depends.py (gcc)" # ~ 15 min
+    tests/scripts/depends.py
+}
+
 component_test_make_cxx () {
     msg "build: Unix make, full, gcc + g++"
     scripts/config.py full

From 798f5c28c93ae42bed25ec68729677a4cdd79f5e Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 4 Oct 2022 11:14:59 -0400
Subject: [PATCH 025/112] Fix python formatting and indentation

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index b2a2f27b2a..79a43dd6c9 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -233,17 +233,17 @@ exclusive_groups = {
     'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C'],
     'MBEDTLS_SHA384_C': ['MBEDTLS_SHA512_C'],
     'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['!MBEDTLS_ECDSA_C',
-                                '!MBEDTLS_ECDSA_DETERMINISTIC',
-                                '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
-                                '!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
-                                '!MBEDTLS_ECJPAKE_C',
-                                '!MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
+                                        '!MBEDTLS_ECDSA_DETERMINISTIC',
+                                        '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
+                                        '!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+                                        '!MBEDTLS_ECJPAKE_C',
+                                        '!MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
     'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['!MBEDTLS_ECDSA_C',
-                                '!MBEDTLS_ECDSA_DETERMINISTIC',
-                                '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
-                                '!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
-                                '!MBEDTLS_ECJPAKE_C',
-                                '!MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
+                                          '!MBEDTLS_ECDSA_DETERMINISTIC',
+                                          '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
+                                          '!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+                                          '!MBEDTLS_ECJPAKE_C',
+                                          '!MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
     'MBEDTLS_ARIA_C': ['!MBEDTLS_CMAC_C'],
     'MBEDTLS_CAMELLIA_C': ['!MBEDTLS_CMAC_C'],
     'MBEDTLS_CHACHA20_C': ['!MBEDTLS_CMAC_C', '!MBEDTLS_CCM_C', '!MBEDTLS_GCM_C'],
@@ -255,7 +255,7 @@ defines to be altered. """
     for dep in exclusive_groups.get(symbol, []):
         unset = dep.startswith('!')
         if unset:
-            dep=dep[1:]
+            dep = dep[1:]
         config_settings[dep] = not unset
 
 def turn_off_dependencies(config_settings):

From b95ba9a2dbe0e80d0075b1c8537f71e26a52760e Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 4 Oct 2022 15:02:41 -0400
Subject: [PATCH 026/112] Improve depends.py structrue

Apply most improvements suggested by pylint.
Use config.py instead of config.pl.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 105 +++++++++++++++++++--------------------
 1 file changed, 52 insertions(+), 53 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 79a43dd6c9..4c47778b09 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -28,7 +28,7 @@ import subprocess
 import sys
 import traceback
 
-class Colors:
+class Colors: # pylint: disable=too-few-public-methods
     """Minimalistic support for colored output.
 Each field of an object of this class is either None if colored output
 is not possible or not desired, or a pair of strings (start, stop) such
@@ -39,6 +39,7 @@ stop switches the text color back to the default."""
     bold_red = None
     bold_green = None
     def __init__(self, options=None):
+        """Initialize color profile according to passed options."""
         if not options or options.color in ['no', 'never']:
             want_color = False
         elif options.color in ['yes', 'always']:
@@ -56,7 +57,7 @@ NO_COLORS = Colors(None)
 
 def log_line(text, prefix='depends.py:', suffix='', color=None):
     """Print a status message."""
-    if color != None:
+    if color is not None:
         prefix = color[0] + prefix
         suffix = suffix + color[1]
     sys.stderr.write(prefix + ' ' + text + suffix + '\n')
@@ -86,14 +87,35 @@ Remove the backup file if it was saved earlier."""
         shutil.copy(options.config_backup, options.config)
 
 def run_config_pl(options, args):
-    """Run scripts/config.pl with the specified arguments."""
-    cmd = ['scripts/config.pl']
+    """Run scripts/config.py with the specified arguments."""
+    cmd = ['scripts/config.py']
     if options.config != 'include/mbedtls/mbedtls_config.h':
         cmd += ['--file', options.config]
     cmd += args
     log_command(cmd)
     subprocess.check_call(cmd)
 
+def set_reference_config(options):
+    """Change the library configuration file (mbedtls_config.h) to the reference state.
+The reference state is the one from which the tested configurations are
+derived."""
+    # Turn off memory management options that are not relevant to
+    # the tests and slow them down.
+    run_config_pl(options, ['full'])
+    run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BACKTRACE'])
+    run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C'])
+    run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_DEBUG'])
+
+def collect_config_symbols(options):
+    """Read the list of settings from mbedtls_config.h.
+Return them in a generator."""
+    with open(options.config, encoding="utf-8") as config_file:
+        rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])')
+        for line in config_file:
+            m = re.match(rx, line)
+            if m:
+                yield m.group(1)
+
 class Job:
     """A job builds the library in a specific configuration and runs some tests."""
     def __init__(self, name, config_settings, commands):
@@ -122,21 +144,10 @@ If what is False, announce that the job has failed.'''
         else:
             log_line('starting ' + self.name)
 
-    def set_reference_config(self, options):
-        """Change the library configuration file (mbedtls_config.h) to the reference state.
-    The reference state is the one from which the tested configurations are
-    derived."""
-        # Turn off memory management options that are not relevant to
-        # the tests and slow them down.
-        run_config_pl(options, ['full'])
-        run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BACKTRACE'])
-        run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C'])
-        run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_DEBUG'])
-
     def configure(self, options):
         '''Set library configuration options as required for the job.
 config_file_name indicates which file to modify.'''
-        self.set_reference_config(options)
+        set_reference_config(options)
         for key, value in sorted(self.config_settings.items()):
             if value is True:
                 args = ['set', key]
@@ -267,11 +278,7 @@ An option O is turned off if config_settings[O] is False."""
         for dep in reverse_dependencies.get(key, []):
             config_settings[dep] = False
 
-class Domain:
-    """A domain is a set of jobs that all relate to a particular configuration aspect."""
-    pass
-
-class ExclusiveDomain(Domain):
+class ExclusiveDomain: # pylint: disable=too-few-public-methods
     """A domain consisting of a set of conceptually-equivalent settings.
 Establish a list of configuration symbols. For each symbol, run a test job
 with this symbol set and the others unset, and a test job with this symbol
@@ -301,7 +308,7 @@ would match this regular expression."""
                 job = Job(description, config_settings, commands)
                 self.jobs.append(job)
 
-class ComplementaryDomain:
+class ComplementaryDomain: # pylint: disable=too-few-public-methods
     """A domain consisting of a set of loosely-related settings.
 Establish a list of configuration symbols. For each symbol, run a test job
 with this symbol unset."""
@@ -317,28 +324,18 @@ Each job runs the specified commands."""
             job = Job(description, config_settings, commands)
             self.jobs.append(job)
 
-class CipherInfo:
+class CipherInfo: # pylint: disable=too-few-public-methods
     """Collect data about cipher.h."""
-    def __init__(self, options):
+    def __init__(self):
         self.base_symbols = set()
-        with open('include/mbedtls/cipher.h') as fh:
+        with open('include/mbedtls/cipher.h', encoding="utf-8") as fh:
             for line in fh:
                 m = re.match(r' *MBEDTLS_CIPHER_ID_(\w+),', line)
                 if m and m.group(1) not in ['NONE', 'NULL', '3DES']:
                     self.base_symbols.add('MBEDTLS_' + m.group(1) + '_C')
 
 class DomainData:
-    """Collect data about the library."""
-    def collect_config_symbols(self, options):
-        """Read the list of settings from mbedtls_config.h.
-Return them in a generator."""
-        with open(options.config) as config_file:
-            rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])')
-            for line in config_file:
-                m = re.match(rx, line)
-                if m:
-                    yield m.group(1)
-
+    """A container for domains and jobs, used to structurize testing."""
     def config_symbols_matching(self, regexp):
         """List the mbedtls_config.h settings matching regexp."""
         return [symbol for symbol in self.all_config_symbols
@@ -348,7 +345,7 @@ Return them in a generator."""
         """Gather data about the library and establish a list of domains to test."""
         build_command = [options.make_command, 'CFLAGS=-Werror']
         build_and_test = [build_command, [options.make_command, 'test']]
-        self.all_config_symbols = set(self.collect_config_symbols(options))
+        self.all_config_symbols = set(collect_config_symbols(options))
         # Find hash modules by name.
         hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z')
         # Find elliptic curve enabling macros by name.
@@ -359,7 +356,7 @@ Return them in a generator."""
         # and padding modes are exercised separately) information by parsing
         # cipher.h, as the information is not readily available in mbedtls_config.h.
 
-        cipher_info = CipherInfo(options)
+        cipher_info = CipherInfo()
         # Find block cipher chaining and padding mode enabling macros by name.
         cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z')
         cipher_padding_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_PADDING_\w+\Z')
@@ -377,7 +374,8 @@ Return them in a generator."""
             # hash which is obsolete. Run the test suites. Exclude
             # SHA512 and SHA256, as these are tested with SHA384 and SHA224.
             'hashes': ExclusiveDomain(hash_symbols, build_and_test,
-                                      exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_|SHA256_|SHA512_)|!MBEDTLS_(SHA256_|SHA512_)'),
+                                      exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_|SHA256_|SHA512_)\
+                                                |!MBEDTLS_(SHA256_|SHA512_)'),
             # Key exchange types. Only build the library and the sample
             # programs.
             'kex': ExclusiveDomain(key_exchange_symbols,
@@ -413,7 +411,7 @@ def run(options, job, colors=NO_COLORS):
     job.announce(colors, success)
     return success
 
-def main(options, domain_data):
+def run_tests(options, domain_data):
     """Run the desired jobs.
 domain_data should be a DomainData instance that describes the available
 domains and jobs.
@@ -453,8 +451,7 @@ Run the jobs listed in options.domains."""
     else:
         return True
 
-
-if __name__ == '__main__':
+def main():
     try:
         parser = argparse.ArgumentParser(description=__doc__)
         parser.add_argument('--color', metavar='WHEN',
@@ -482,22 +479,24 @@ if __name__ == '__main__':
                             help='Command to run instead of make (e.g. gmake)',
                             action='store', default='make')
         parser.add_argument('domains', metavar='DOMAIN', nargs='*',
-                            help='The domain(s) to test (default: all). This can be also a list of jobs to run.',
+                            help='The domain(s) to test (default: all). This can \
+                                  be also a list of jobs to run.',
                             default=True)
         options = parser.parse_args()
         os.chdir(options.directory)
         domain_data = DomainData(options)
-        if options.domains == True:
+        if options.domains is True:
             options.domains = sorted(domain_data.domains.keys())
         if options.list:
-            for what in options.list:
-                for key in sorted(getattr(domain_data, what).keys()):
-                    print(key)
-            exit(0)
+            for arg in options.list:
+                for domain_name in sorted(getattr(domain_data, arg).keys()):
+                    print(domain_name)
+            sys.exit(0)
         else:
-            sys.exit(0 if main(options, domain_data) else 1)
-    except SystemExit:
-        raise
-    except:
+            sys.exit(0 if run_tests(options, domain_data) else 1)
+    except Exception: # pylint: disable=broad-except
         traceback.print_exc()
-        exit(3)
+        sys.exit(3)
+
+if __name__ == '__main__':
+    main()

From fb3e27e1780b6d74a2a306e3608f95bf12b56e1f Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 4 Oct 2022 16:22:22 -0400
Subject: [PATCH 027/112] Use upper case for constants in depends.py

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 4c47778b09..feb88f2434 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -180,17 +180,17 @@ and subsequent commands are tests that cannot run if the build failed).'''
 
 # SSL/TLS versions up to 1.1 and corresponding options. These require
 # both MD5 and SHA-1.
-ssl_pre_1_2_dependencies = ['MBEDTLS_SSL_CBC_RECORD_SPLITTING',
+SSL_PRE_1_2_DEPENDENCIES = ['MBEDTLS_SSL_CBC_RECORD_SPLITTING',
                             'MBEDTLS_SSL_PROTO_SSL3',
                             'MBEDTLS_SSL_PROTO_TLS1',
                             'MBEDTLS_SSL_PROTO_TLS1_1']
 
 # If the configuration option A requires B, make sure that
-# B in reverse_dependencies[A].
+# B in REVERSE_DEPENDENCIES[A].
 # All the information here should be contained in check_config.h. This
 # file includes a copy because it changes rarely and it would be a pain
 # to extract automatically.
-reverse_dependencies = {
+REVERSE_DEPENDENCIES = {
     'MBEDTLS_AES_C': ['MBEDTLS_CTR_DRBG_C',
                       'MBEDTLS_NIST_KW_C'],
     'MBEDTLS_CHACHA20_C': ['MBEDTLS_CHACHAPOLY_C'],
@@ -206,7 +206,7 @@ reverse_dependencies = {
                       'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
     'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
-    'MBEDTLS_MD5_C': ssl_pre_1_2_dependencies,
+    'MBEDTLS_MD5_C': SSL_PRE_1_2_DEPENDENCIES,
     'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
     'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
                           'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
@@ -218,7 +218,7 @@ reverse_dependencies = {
                       'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
                       'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
-    'MBEDTLS_SHA1_C': ssl_pre_1_2_dependencies,
+    'MBEDTLS_SHA1_C': SSL_PRE_1_2_DEPENDENCIES,
     'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
                          'MBEDTLS_ENTROPY_FORCE_SHA256',
                          'MBEDTLS_SHA224_C',
@@ -240,7 +240,7 @@ reverse_dependencies = {
 # If an option is tested in an exclusive test, alter the following defines.
 # These are not neccesarily dependencies, but just minimal required changes
 # if a given define is the only one enabled from an exclusive group.
-exclusive_groups = {
+EXCLUSIVE_GROUPS = {
     'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C'],
     'MBEDTLS_SHA384_C': ['MBEDTLS_SHA512_C'],
     'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['!MBEDTLS_ECDSA_C',
@@ -263,7 +263,7 @@ exclusive_groups = {
 def handle_exclusive_groups(config_settings, symbol):
     """For every symbol tested in an exclusive group check if there are other
 defines to be altered. """
-    for dep in exclusive_groups.get(symbol, []):
+    for dep in EXCLUSIVE_GROUPS.get(symbol, []):
         unset = dep.startswith('!')
         if unset:
             dep = dep[1:]
@@ -275,7 +275,7 @@ An option O is turned off if config_settings[O] is False."""
     for key, value in sorted(config_settings.items()):
         if value is not False:
             continue
-        for dep in reverse_dependencies.get(key, []):
+        for dep in REVERSE_DEPENDENCIES.get(key, []):
             config_settings[dep] = False
 
 class ExclusiveDomain: # pylint: disable=too-few-public-methods

From 85d69309e8c37bd5975a46e28700d9f84a1ee219 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 5 Oct 2022 09:14:07 -0400
Subject: [PATCH 028/112] Split depends.py all.sh job into seven

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/all.sh | 36 +++++++++++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 517a9fabaf..6e166b9562 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1726,9 +1726,39 @@ component_build_key_exchanges () {
     tests/scripts/key-exchanges.pl
 }
 
-component_test_depends () {
-    msg "test/build: depends.py (gcc)" # ~ 15 min
-    tests/scripts/depends.py
+component_test_depends_py_cipher_id () {
+    msg "test/build: depends.py cipher_id (gcc)"
+    tests/scripts/depends.py cipher_id
+}
+
+component_test_depends_py_cipher_chaining () {
+    msg "test/build: depends.py cipher_chaining (gcc)"
+    tests/scripts/depends.py cipher_chaining
+}
+
+component_test_depends_py_cipher_padding () {
+    msg "test/build: depends.py cipher_padding (gcc)"
+    tests/scripts/depends.py cipher_padding
+}
+
+component_test_depends_py_curves () {
+    msg "test/build: depends.py curves (gcc)"
+    tests/scripts/depends.py curves
+}
+
+component_test_depends_py_hashes () {
+    msg "test/build: depends.py hashes (gcc)"
+    tests/scripts/depends.py hashes
+}
+
+component_test_depends_py_kex () {
+    msg "test/build: depends.py kex (gcc)"
+    tests/scripts/depends.py kex
+}
+
+component_test_depends_py_pkalgs () {
+    msg "test/build: depends.py pkalgs (gcc)"
+    tests/scripts/depends.py pkalgs
 }
 
 component_test_make_cxx () {

From 2e105b53f9b43c6115705cdb467b89fcfff14f7a Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 6 Oct 2022 16:57:38 -0400
Subject: [PATCH 029/112] depends.py: disable part of the test jobs

Disable exclusive jobs that run with a single
config disabled. A lot more bugs should be found by running jobs with only one config
of a family enabled.
This will also lessen the burden on the CI.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 36 ++++++++++++++++--------------------
 1 file changed, 16 insertions(+), 20 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index feb88f2434..859cad14a8 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -281,32 +281,28 @@ An option O is turned off if config_settings[O] is False."""
 class ExclusiveDomain: # pylint: disable=too-few-public-methods
     """A domain consisting of a set of conceptually-equivalent settings.
 Establish a list of configuration symbols. For each symbol, run a test job
-with this symbol set and the others unset, and a test job with this symbol
-unset and the others set."""
+with this symbol set and the others unset."""
     def __init__(self, symbols, commands, exclude=None):
         """Build a domain for the specified list of configuration symbols.
-The domain contains two sets of jobs: jobs that enable one of the elements
-of symbols and disable the others, and jobs that disable one of the elements
-of symbols and enable the others.
+The domain contains a set of jobs that enable one of the elements
+of symbols and disable the others.
 Each job runs the specified commands.
 If exclude is a regular expression, skip generated jobs whose description
 would match this regular expression."""
         self.jobs = []
-        for invert in [False, True]:
-            base_config_settings = {}
-            for symbol in symbols:
-                base_config_settings[symbol] = invert
-            for symbol in symbols:
-                description = '!' + symbol if invert else symbol
-                if exclude and re.match(exclude, description):
-                    continue
-                config_settings = base_config_settings.copy()
-                config_settings[symbol] = not invert
-                if not invert:
-                    handle_exclusive_groups(config_settings, symbol)
-                turn_off_dependencies(config_settings)
-                job = Job(description, config_settings, commands)
-                self.jobs.append(job)
+        base_config_settings = {}
+        for symbol in symbols:
+            base_config_settings[symbol] = False
+        for symbol in symbols:
+            description = symbol
+            if exclude and re.match(exclude, description):
+                continue
+            config_settings = base_config_settings.copy()
+            config_settings[symbol] = True
+            handle_exclusive_groups(config_settings, symbol)
+            turn_off_dependencies(config_settings)
+            job = Job(description, config_settings, commands)
+            self.jobs.append(job)
 
 class ComplementaryDomain: # pylint: disable=too-few-public-methods
     """A domain consisting of a set of loosely-related settings.

From 068a73f46d43d8728058c819c95e51b1cb19226d Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 6 Oct 2022 18:52:44 -0400
Subject: [PATCH 030/112] Rework depends.py to run more tests with hashes

The test coverage reduction introduced in
dc25cee lowered the coverage of hash tests
due to intertwining dependencies.
This commit introduces a new class for building
a domain using both the complementary
and exclusive classes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 859cad14a8..2d7750f77e 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -278,7 +278,13 @@ An option O is turned off if config_settings[O] is False."""
         for dep in REVERSE_DEPENDENCIES.get(key, []):
             config_settings[dep] = False
 
-class ExclusiveDomain: # pylint: disable=too-few-public-methods
+class BaseDomain: # pylint: disable=too-few-public-methods, unused-argument
+    """A base class for all domains."""
+    def __init__(self, symbols, commands, exclude):
+        """Initialize the jobs container"""
+        self.jobs = []
+
+class ExclusiveDomain(BaseDomain): # pylint: disable=too-few-public-methods
     """A domain consisting of a set of conceptually-equivalent settings.
 Establish a list of configuration symbols. For each symbol, run a test job
 with this symbol set and the others unset."""
@@ -289,7 +295,7 @@ of symbols and disable the others.
 Each job runs the specified commands.
 If exclude is a regular expression, skip generated jobs whose description
 would match this regular expression."""
-        self.jobs = []
+        super().__init__(symbols, commands, exclude)
         base_config_settings = {}
         for symbol in symbols:
             base_config_settings[symbol] = False
@@ -304,22 +310,29 @@ would match this regular expression."""
             job = Job(description, config_settings, commands)
             self.jobs.append(job)
 
-class ComplementaryDomain: # pylint: disable=too-few-public-methods
+class ComplementaryDomain(BaseDomain): # pylint: disable=too-few-public-methods
     """A domain consisting of a set of loosely-related settings.
 Establish a list of configuration symbols. For each symbol, run a test job
 with this symbol unset."""
-    def __init__(self, symbols, commands):
+    def __init__(self, symbols, commands, exclude=None):
         """Build a domain for the specified list of configuration symbols.
 Each job in the domain disables one of the specified symbols.
 Each job runs the specified commands."""
-        self.jobs = []
+        super().__init__(symbols, commands, exclude)
         for symbol in symbols:
             description = '!' + symbol
+            if exclude and re.match(exclude, description):
+                continue
             config_settings = {symbol: False}
             turn_off_dependencies(config_settings)
             job = Job(description, config_settings, commands)
             self.jobs.append(job)
 
+class DualDomain(ExclusiveDomain, ComplementaryDomain): # pylint: disable=too-few-public-methods
+    """A domain that contains both the ExclusiveDomain and BaseDomain tests"""
+    def __init__(self, symbols, commands, exclude=None):
+        super().__init__(symbols=symbols, commands=commands, exclude=exclude)
+
 class CipherInfo: # pylint: disable=too-few-public-methods
     """Collect data about cipher.h."""
     def __init__(self):
@@ -369,9 +382,9 @@ class DomainData:
             # Hash algorithms. Exclude configurations with only one
             # hash which is obsolete. Run the test suites. Exclude
             # SHA512 and SHA256, as these are tested with SHA384 and SHA224.
-            'hashes': ExclusiveDomain(hash_symbols, build_and_test,
-                                      exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_|SHA256_|SHA512_)\
-                                                |!MBEDTLS_(SHA256_|SHA512_)'),
+            'hashes': DualDomain(hash_symbols, build_and_test,
+                                 exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_|SHA256_|SHA512_)' \
+                                          '|!MBEDTLS_(SHA256_|SHA512_)'),
             # Key exchange types. Only build the library and the sample
             # programs.
             'kex': ExclusiveDomain(key_exchange_symbols,

From 5b327555d5ab51881a14c11c118656028ce9306c Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Fri, 7 Oct 2022 16:07:58 -0400
Subject: [PATCH 031/112] Disable MBEDTLS_TEST_HOOKS in depends.py

This option was increasing testing duration
by about 40%.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 2d7750f77e..a037ddba18 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -105,6 +105,7 @@ derived."""
     run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BACKTRACE'])
     run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C'])
     run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_DEBUG'])
+    run_config_pl(options, ['unset', 'MBEDTLS_TEST_HOOKS'])
 
 def collect_config_symbols(options):
     """Read the list of settings from mbedtls_config.h.

From 110fc48070552a3e67785f68cfbd185df01e358d Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Sun, 9 Oct 2022 05:29:44 -0400
Subject: [PATCH 032/112] depends.py: Add script documentation

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 57 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 54 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index a037ddba18..1caa9f42d4 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -17,9 +17,53 @@
 #
 # This file is part of Mbed TLS (https://tls.mbed.org)
 
-"""Test Mbed TLS with a subset of algorithms.
 """
+Test Mbed TLS with a subset of algorithms.
 
+This script can be divided into several steps:
+
+First, include/mbedtls/mbedtls_config.h or a different config file passed
+in the arguments is parsed to extract any configuration options (collect_config_symbols).
+
+Then, test domains (groups of jobs, tests) are built based on predefined data
+collected in the DomainData class. Here, each domain has five major traits:
+- domain name, can be used to run only specific tests via commandline;
+- configuration building method, described in detail below;
+- list of symbols passed to the configuration building method;
+- commands to be run on each job (only build, build and test, or any other custom);
+- optional list of symbols to be excluded from testing.
+
+The configuration building method can be one of the three following:
+
+- ComplementaryDomain - build a job for each passed symbol by disabling a single
+  symbol and its reverse dependencies (defined in REVERSE_DEPENDENCIES);
+
+- ExclusiveDomain - build a job where, for each passed symbol, only this particular
+  one is defined and other symbols from the list are unset. For each job look for
+  any non-standard symbols to set/unset in EXCLUSIVE_GROUPS. These are usually not
+  direct dependencies, but rather non-trivial results of other configs missing. Then
+  look for any unset symbols and handle their reverse dependencies.
+  Examples of EXCLUSIVE_GROUPS usage:
+  - MBEDTLS_SHA224 job turns off all hashes except SHA224, however, when investigating
+    reverse dependencies, SHA256 is found to depend on SHA224, so it is disabled,
+    and then SHA224 is found to depend on SHA256, so it is also disabled. To handle
+    this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA224 test SHA256
+    should also be enabled before processing reverse dependencies:
+    'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C']
+  - MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C
+    requires either SHA256 or SHA384 to work, so it also has to be disabled.
+    This is not a dependency on SHA512_C, but a result of an exclusive domain
+    config building method. Relevant field:
+    'MBEDTLS_SHA512_C': ['!MBEDTLS_SSL_COOKIE_C'],
+
+- DualDomain - combination of the two above - both complementary and exclusive domain
+  job generation code will be run. Currently only used for hashes.
+
+Lastly, the collected jobs are executed and (optionally) tested, with
+error reporting and coloring as configured in options. Each test starts with
+a full config without a couple of slowing down or unnecessary options
+(see set_reference_config), then the specific job config is derived.
+"""
 import argparse
 import os
 import re
@@ -239,7 +283,7 @@ REVERSE_DEPENDENCIES = {
 }
 
 # If an option is tested in an exclusive test, alter the following defines.
-# These are not neccesarily dependencies, but just minimal required changes
+# These are not necessarily dependencies, but just minimal required changes
 # if a given define is the only one enabled from an exclusive group.
 EXCLUSIVE_GROUPS = {
     'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C'],
@@ -463,7 +507,14 @@ Run the jobs listed in options.domains."""
 
 def main():
     try:
-        parser = argparse.ArgumentParser(description=__doc__)
+        parser = argparse.ArgumentParser(
+            formatter_class=argparse.RawDescriptionHelpFormatter,
+            description=
+            "Test Mbed TLS with a subset of algorithms.\n\n"
+            "Example usage:\n"
+            r"./tests/scripts/depends.py \!MBEDTLS_SHA1_C MBEDTLS_SHA224_C""\n"
+            "./tests/scripts/depends.py MBEDTLS_AES_C hashes\n"
+            "./tests/scripts/depends.py cipher_id cipher_chaining\n")
         parser.add_argument('--color', metavar='WHEN',
                             help='Colorize the output (always/auto/never)',
                             choices=['always', 'auto', 'never'], default='auto')

From 7ddb53c18dc4cdbf3c3dd73e324e2b33a11bce4b Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 12 Oct 2022 09:27:44 -0400
Subject: [PATCH 033/112] Fix unchecked allocation in test_suite_ssl

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_ssl.function | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 606072af39..73f62c39a8 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -807,9 +807,9 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
     }
 
     cert = &( ep->cert );
-    cert->ca_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
-    cert->cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
-    cert->pkey = mbedtls_calloc( 1, sizeof(mbedtls_pk_context) );
+    ASSERT_ALLOC( cert->ca_cert, sizeof(mbedtls_x509_crt) );
+    ASSERT_ALLOC( cert->cert, sizeof(mbedtls_x509_crt) );
+    ASSERT_ALLOC( cert->pkey, sizeof(mbedtls_pk_context) );
 
     mbedtls_x509_crt_init( cert->ca_cert );
     mbedtls_x509_crt_init( cert->cert );

From 7829d8fd8b6eb70b0090d3b729bf2eeebba23724 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 09:19:07 -0400
Subject: [PATCH 034/112] Replace x509_CRT_PARSE_C with
 KEY_EXCHANGE_WITH_CERT_ENABLED

SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 programs/ssl/ssl_client2.c | 62 +++++++++++++++++---------------------
 programs/ssl/ssl_server2.c | 42 +++++++++++---------------
 2 files changed, 45 insertions(+), 59 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 416f5a51b1..18e4dfb167 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -116,7 +116,7 @@ int main( void )
 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
 #define GET_REQUEST_END "\r\n\r\n"
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 #define USAGE_CONTEXT_CRT_CB \
     "    context_crt_cb=%%d   This determines whether the CRT verification callback is bound\n" \
     "                        to the SSL configuration of the SSL context.\n" \
@@ -125,8 +125,8 @@ int main( void )
     "                        - 1: Use CRT callback bound to SSL context\n"
 #else
 #define USAGE_CONTEXT_CRT_CB ""
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 #if defined(MBEDTLS_FS_IO)
 #define USAGE_IO \
     "    ca_file=%%s          The single file containing the top-level CA(s) you fully trust\n" \
@@ -144,10 +144,10 @@ int main( void )
 #define USAGE_IO \
     "    No file operations available (MBEDTLS_FS_IO not defined)\n"
 #endif /* MBEDTLS_FS_IO */
-#else /* MBEDTLS_X509_CRT_PARSE_C */
+#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #define USAGE_IO ""
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 #define USAGE_KEY_OPAQUE \
     "    key_opaque=%%d       Handle your private key as if it were opaque\n" \
     "                        default: 0 (disabled)\n"
@@ -689,9 +689,6 @@ int main( int argc, char *argv[] )
     psa_status_t status;
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
-#endif
     rng_context_t rng;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
@@ -701,17 +698,16 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_TIMING_C)
     mbedtls_timing_delay_context timer;
 #endif
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     uint32_t flags;
-#endif
     mbedtls_x509_crt cacert;
     mbedtls_x509_crt clicert;
     mbedtls_pk_context pkey;
+    mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_id_t key_slot = 0; /* invalid key slot */
 #endif
-#endif  /* MBEDTLS_X509_CRT_PARSE_C */
+#endif  /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
     char *p, *q;
     const int *list;
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -754,7 +750,7 @@ int main( int argc, char *argv[] )
     mbedtls_ssl_config_init( &conf );
     memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
     rng_init( &rng );
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     mbedtls_x509_crt_init( &cacert );
     mbedtls_x509_crt_init( &clicert );
     mbedtls_pk_init( &pkey );
@@ -948,7 +944,7 @@ int main( int argc, char *argv[] )
             opt.key_file = q;
         else if( strcmp( p, "key_pwd" ) == 0 )
             opt.key_pwd = q;
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         else if( strcmp( p, "key_opaque" ) == 0 )
             opt.key_opaque = atoi( q );
 #endif
@@ -1544,7 +1540,7 @@ int main( int argc, char *argv[] )
         goto exit;
     mbedtls_printf( " ok\n" );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /*
      * 1.1. Load the trusted CA
      */
@@ -1673,7 +1669,7 @@ int main( int argc, char *argv[] )
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
     /*
      * 2. Start the connection
@@ -1725,7 +1721,7 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /* The default algorithms profile disables SHA-1, but our tests still
        rely on it heavily. */
     if( opt.allow_sha1 > 0 )
@@ -1739,7 +1735,7 @@ int main( int argc, char *argv[] )
         mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
 
     memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
@@ -1910,7 +1906,7 @@ int main( int argc, char *argv[] )
     mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     if( strcmp( opt.ca_path, "none" ) != 0 &&
         strcmp( opt.ca_file, "none" ) != 0 )
     {
@@ -1931,7 +1927,7 @@ int main( int argc, char *argv[] )
             goto exit;
         }
     }
-#endif  /* MBEDTLS_X509_CRT_PARSE_C */
+#endif  /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_ECP_C)
     if( opt.curves != NULL &&
@@ -2001,7 +1997,7 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
     {
         mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n",
@@ -2024,11 +2020,10 @@ int main( int argc, char *argv[] )
     }
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     if( opt.context_crt_cb == 1 )
         mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
     io_ctx.ssl = &ssl;
     io_ctx.net = &server_fd;
@@ -2328,8 +2323,7 @@ int main( int argc, char *argv[] )
         }
     }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /*
      * 5. Verify the server certificate
      */
@@ -2351,7 +2345,7 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "  . Peer certificate information    ...\n" );
     mbedtls_printf( "%s\n", peer_crt_info );
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     ret = report_cid_usage( &ssl, "initial handshake" );
@@ -2679,10 +2673,9 @@ send_request:
         mbedtls_printf( "  . Restarting connection from same port..." );
         fflush( stdout );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
         if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
         {
@@ -2916,10 +2909,9 @@ reconnect:
 
         mbedtls_printf( "  . Reconnecting with saved session..." );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
         if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
         {
@@ -3013,14 +3005,14 @@ exit:
     mbedtls_free( context_buf );
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     mbedtls_x509_crt_free( &clicert );
     mbedtls_x509_crt_free( &cacert );
     mbedtls_pk_free( &pkey );
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_destroy_key( key_slot );
 #endif
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
     defined(MBEDTLS_USE_PSA_CRYPTO)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4fbf036ff2..9a3d1066b6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -168,7 +168,7 @@ int main( void )
  */
 #define DFL_IO_BUF_LEN      200
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 #if defined(MBEDTLS_FS_IO)
 #define USAGE_IO \
     "    ca_file=%%s          The single file containing the top-level CA(s) you fully trust\n" \
@@ -199,8 +199,8 @@ int main( void )
 #endif /* MBEDTLS_FS_IO */
 #else
 #define USAGE_IO ""
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 #define USAGE_KEY_OPAQUE \
     "    key_opaque=%%d       Handle your private keys as if they were opaque\n" \
     "                        default: 0 (disabled)\n"
@@ -1300,11 +1300,6 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_SSL_COOKIE_C)
     mbedtls_ssl_cookie_ctx cookie_ctx;
 #endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
-#endif
     rng_context_t rng;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
@@ -1314,13 +1309,14 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     unsigned char renego_period[8] = { 0 };
 #endif
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     uint32_t flags;
     mbedtls_x509_crt cacert;
     mbedtls_x509_crt srvcert;
     mbedtls_pk_context pkey;
     mbedtls_x509_crt srvcert2;
     mbedtls_pk_context pkey2;
+    mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_id_t key_slot = 0; /* invalid key slot */
     psa_key_id_t key_slot2 = 0; /* invalid key slot */
@@ -1329,7 +1325,7 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     ssl_async_key_context_t ssl_async_keys;
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
     mbedtls_dhm_context dhm;
 #endif
@@ -1408,7 +1404,7 @@ int main( int argc, char *argv[] )
     mbedtls_ssl_init( &ssl );
     mbedtls_ssl_config_init( &conf );
     rng_init( &rng );
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     mbedtls_x509_crt_init( &cacert );
     mbedtls_x509_crt_init( &srvcert );
     mbedtls_pk_init( &pkey );
@@ -1627,7 +1623,7 @@ int main( int argc, char *argv[] )
             opt.key_file = q;
         else if( strcmp( p, "key_pwd" ) == 0 )
             opt.key_pwd = q;
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         else if( strcmp( p, "key_opaque" ) == 0 )
             opt.key_opaque = atoi( q );
 #endif
@@ -2347,7 +2343,7 @@ int main( int argc, char *argv[] )
         goto exit;
     mbedtls_printf( " ok\n" );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /*
      * 1.1. Load the trusted CA
      */
@@ -2543,7 +2539,7 @@ int main( int argc, char *argv[] )
 #endif /* MBEDTLS_CERTS_C */
 
     mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
     if( opt.dhm_file != NULL )
@@ -2612,7 +2608,7 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /* The default algorithms profile disables SHA-1, but our tests still
        rely on it heavily. Hence we allow it here. A real-world server
        should use the default profile unless there is a good reason not to. */
@@ -2622,7 +2618,7 @@ int main( int argc, char *argv[] )
         mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
         mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
     }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
     if( opt.auth_mode != DFL_AUTH_MODE )
         mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
@@ -2876,7 +2872,7 @@ int main( int argc, char *argv[] )
     }
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     if( strcmp( opt.ca_path, "none" ) != 0 &&
         strcmp( opt.ca_file, "none" ) != 0 )
     {
@@ -2965,7 +2961,7 @@ int main( int argc, char *argv[] )
                                            &ssl_async_keys );
     }
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(SNI_OPTION)
     if( opt.sni != NULL )
@@ -3215,8 +3211,6 @@ reset:
     }
 #endif
 
-    mbedtls_printf( " ok\n" );
-
     /*
      * 4. Handshake
      */
@@ -3261,7 +3255,7 @@ handshake:
     {
         mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
         {
             char vrfy_buf[512];
@@ -3307,7 +3301,7 @@ handshake:
     }
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /*
      * 5. Verify the client certificate
      */
@@ -3335,7 +3329,7 @@ handshake:
                        mbedtls_ssl_get_peer_cert( &ssl ) );
         mbedtls_printf( "%s\n", crt_buf );
     }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
     if( opt.eap_tls != 0 )
@@ -4031,7 +4025,7 @@ exit:
         mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     mbedtls_x509_crt_free( &cacert );
     mbedtls_x509_crt_free( &srvcert );
     mbedtls_pk_free( &pkey );

From dc4a25249f764619565003668ba29510875681c3 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 09:28:40 -0400
Subject: [PATCH 035/112] Fix tls 1.3 test dependencies

Remove the dependency of tls1_3 key Remove the dependency of secret evolution tests on curve25519
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/ssl_tls13_keys.c         |  8 ++++++--
 tests/suites/test_suite_ssl.data | 30 +++++++++++++++++++++++++++---
 2 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 3de6f03fb8..cc68773d3a 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -24,6 +24,7 @@
 #include "mbedtls/hkdf.h"
 #include "mbedtls/ssl_internal.h"
 #include "ssl_tls13_keys.h"
+#include "psa/crypto_sizes.h"
 
 #include <stdint.h>
 #include <string.h>
@@ -31,6 +32,9 @@
 #define MBEDTLS_SSL_TLS1_3_LABEL( name, string )       \
     .name = string,
 
+#define TLS1_3_EVOLVE_INPUT_SIZE ( PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ) ? \
+                                     PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
+
 struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
 {
     /* This seems to work in C, despite the string literal being one
@@ -292,8 +296,8 @@ int mbedtls_ssl_tls1_3_evolve_secret(
 {
     int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     size_t hlen, ilen;
-    unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 };
-    unsigned char tmp_input [ MBEDTLS_MD_MAX_SIZE ] = { 0 };
+    unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
+    unsigned char tmp_input [ TLS1_3_EVOLVE_INPUT_SIZE ] = { 0 };
 
     const mbedtls_md_info_t *md;
     md = mbedtls_md_info_from_type( hash_alg );
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 23143b5dc3..c0be16f62f 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -10433,85 +10433,97 @@ ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255
 SSL TLS 1.3 Key schedule: Secret evolution #1
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Initial secret to Early Secret
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_SHA256_C
 ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a"
 
 SSL TLS 1.3 Key schedule: Secret evolution #2
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Early secret to Handshake Secret
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECP_C
 ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a"
 
 SSL TLS 1.3 Key schedule: Secret evolution #3
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Handshake secret to Master Secret
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECP_C
 ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #1
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Server handshake traffic secret -> Server traffic key
 # HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #2
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Server handshake traffic secret -> Server traffic IV
 # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_iv:"":12:"4c042ddc120a38d1417fc815"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #3
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Client handshake traffic secret -> Client traffic key
 # HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #4
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Client handshake traffic secret -> Client traffic IV
 # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_iv:"":12:"71abc2cae4c699d47c600268"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448)
 # Vector from RFC 8448
 # Server handshake traffic secret -> Server traffic IV
 # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_iv:"":12:"5d313eb2671276ee13000b30"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448)
 # Vector from RFC 8448
 # Server handshake traffic secret -> Server traffic Key
 # HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448)
 # Vector from RFC 8448
 # Client handshake traffic secret -> Client traffic IV
 # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448)
 # Vector from RFC 8448
 # Client handshake traffic secret -> Client traffic Key
 # HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448)
 # Calculation of finished_key
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls1_3_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448)
 # Calculation of resumption key
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls1_3_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3"
 
 SSL TLS 1.3 Key schedule: Traffic key generation #1
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
 
 SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448)
 # Vector RFC 8448
 # Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "")
@@ -10519,44 +10531,54 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "")
 # Derive-Secret( Early-Secret, "derived", "")
 # Tests the case where context isn't yet hashed (empty string here,
 # but still needs to be hashed)
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Derive-Secret( MasterSecret, "s ap traffic", hash)
 # Tests the case where context is already hashed
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash)
 # Vector from RFC 8448
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash)
 # Vector from RFC 8448
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash)
 # Vector from RFC 8448
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash)
 # Vector from RFC 8448
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash)
 # Vector from RFC 8448
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2
 # Vector from RFC 8448
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash)
 # Vector from RFC 8448
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash)
 # Vector from RFC 8448
+depends_on:MBEDTLS_SHA256_C
 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
 
 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
@@ -10719,9 +10741,11 @@ Constant-flow memcpy from offset: large
 ssl_cf_memcpy_offset:100:339:48
 
 Raw key agreement: nominal
+depends_on:MBEDTLS_SHA256_C
 raw_key_agreement_fail:0
 
 Raw key agreement: bad server key
+depends_on:MBEDTLS_SHA256_C
 raw_key_agreement_fail:1
 
 Cookie parsing: nominal run

From 0b56ce00bd26ee35bdced30c64403618bb45d924 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 13 Oct 2022 08:22:08 -0400
Subject: [PATCH 036/112] Fix the memory allocation in test_suite_ssl

ASSERT_ALLOC calculates the size itself, and the parameter indicates number of elements.
```
mbedtls_calloc( sizeof( *( pointer ) ),  ( length ) );
```
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_ssl.function | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 73f62c39a8..20f84e73cc 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -807,9 +807,9 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
     }
 
     cert = &( ep->cert );
-    ASSERT_ALLOC( cert->ca_cert, sizeof(mbedtls_x509_crt) );
-    ASSERT_ALLOC( cert->cert, sizeof(mbedtls_x509_crt) );
-    ASSERT_ALLOC( cert->pkey, sizeof(mbedtls_pk_context) );
+    ASSERT_ALLOC( cert->ca_cert, 1 );
+    ASSERT_ALLOC( cert->cert, 1 );
+    ASSERT_ALLOC( cert->pkey, 1 );
 
     mbedtls_x509_crt_init( cert->ca_cert );
     mbedtls_x509_crt_init( cert->cert );

From cddae3b3fa7a8af4e794018407724d72e5e0812a Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 13 Oct 2022 09:07:47 -0400
Subject: [PATCH 037/112] Add MBEDTLS_DES_C exclusive group dependencies

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 1caa9f42d4..5a3ebfd010 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -303,7 +303,8 @@ EXCLUSIVE_GROUPS = {
     'MBEDTLS_ARIA_C': ['!MBEDTLS_CMAC_C'],
     'MBEDTLS_CAMELLIA_C': ['!MBEDTLS_CMAC_C'],
     'MBEDTLS_CHACHA20_C': ['!MBEDTLS_CMAC_C', '!MBEDTLS_CCM_C', '!MBEDTLS_GCM_C'],
-    'MBEDTLS_DES_C': ['!MBEDTLS_CCM_C', '!MBEDTLS_GCM_C'],
+    'MBEDTLS_DES_C': ['!MBEDTLS_CCM_C', '!MBEDTLS_GCM_C', '!MBEDTLS_SSL_TICKET_C',
+                      '!MBEDTLS_SSL_CONTEXT_SERIALIZATION'],
 }
 def handle_exclusive_groups(config_settings, symbol):
     """For every symbol tested in an exclusive group check if there are other

From 9155e7f8e344273d1b839ee8fb6f316e3fe225be Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 09:36:19 -0400
Subject: [PATCH 038/112] Switch from x509_CRT_PARSE to
 KEY_EXCHANGE_WITH_CERT_ENABLED

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 programs/ssl/ssl_server2.c           | 24 +++++++------
 tests/suites/test_suite_ssl.function | 50 ++++++++++++++--------------
 2 files changed, 39 insertions(+), 35 deletions(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 9a3d1066b6..a703534151 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1029,14 +1029,6 @@ typedef enum
     ASYNC_OP_SIGN,
     ASYNC_OP_DECRYPT,
 } ssl_async_operation_type_t;
-/* Note that the enum above and the array below need to be kept in sync!
- * `ssl_async_operation_names[op]` is the name of op for each value `op`
- * of type `ssl_async_operation_type_t`. */
-static const char *const ssl_async_operation_names[] =
-{
-    "sign",
-    "decrypt",
-};
 
 typedef struct
 {
@@ -1048,6 +1040,17 @@ typedef struct
     unsigned remaining_delay;
 } ssl_async_operation_context_t;
 
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
+/* Note that ssl_async_operation_type_t and the array below need to be kept in sync!
+ * `ssl_async_operation_names[op]` is the name of op for each value `op`
+ * of type `ssl_async_operation_type_t`. */
+static const char *const ssl_async_operation_names[] =
+{
+    "sign",
+    "decrypt",
+};
+
 static int ssl_async_start( mbedtls_ssl_context *ssl,
                             mbedtls_x509_crt *cert,
                             ssl_async_operation_type_t op_type,
@@ -1199,6 +1202,7 @@ static void ssl_async_cancel( mbedtls_ssl_context *ssl )
     mbedtls_printf( "Async cancel callback.\n" );
     mbedtls_free( ctx );
 }
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1322,10 +1326,10 @@ int main( int argc, char *argv[] )
     psa_key_id_t key_slot2 = 0; /* invalid key slot */
 #endif
     int key_cert_init = 0, key_cert_init2 = 0;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     ssl_async_key_context_t ssl_async_keys;
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
     mbedtls_dhm_context dhm;
 #endif
@@ -1410,10 +1414,10 @@ int main( int argc, char *argv[] )
     mbedtls_pk_init( &pkey );
     mbedtls_x509_crt_init( &srvcert2 );
     mbedtls_pk_init( &pkey2 );
+#endif
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     memset( &ssl_async_keys, 0, sizeof( ssl_async_keys ) );
 #endif
-#endif
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
     mbedtls_dhm_init( &dhm );
 #endif
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 20f84e73cc..cab27c0bcf 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -725,7 +725,7 @@ int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
     return msg_len;
 }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
     defined(MBEDTLS_ENTROPY_C) && \
     defined(MBEDTLS_CTR_DRBG_C)
 
@@ -1068,7 +1068,7 @@ int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
     return ( max_steps >= 0 ) ? ret : -1;
 }
 
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
 
 /*
  * Write application data. Increase write counter if necessary.
@@ -1489,7 +1489,7 @@ static int ssl_populate_session( mbedtls_ssl_session *session,
     memset( session->id, 66, session->id_len );
     memset( session->master, 17, sizeof( session->master ) );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
     if( strlen( crt_file ) != 0 )
     {
         mbedtls_x509_crt tmp_crt;
@@ -1527,9 +1527,9 @@ static int ssl_populate_session( mbedtls_ssl_session *session,
 
         mbedtls_x509_crt_free( &tmp_crt );
     }
-#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
+#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
     (void) crt_file;
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
     session->verify_result = 0xdeadbeef;
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -1712,7 +1712,7 @@ int exchange_data( mbedtls_ssl_context *ssl_1,
                                   ssl_2, 256, 1 );
 }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
     defined(MBEDTLS_ENTROPY_C) && \
     defined(MBEDTLS_CTR_DRBG_C)
 void perform_handshake( handshake_test_options* options )
@@ -2092,7 +2092,7 @@ exit:
         mbedtls_free( context_buf );
 #endif
 }
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
 
 /* END_HEADER */
 
@@ -3197,7 +3197,7 @@ void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
 {
     mbedtls_ssl_context ssl;
@@ -3935,7 +3935,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
     TEST_ASSERT( memcmp( original.master,
                          restored.master, sizeof( original.master ) ) == 0 );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     TEST_ASSERT( ( original.peer_cert == NULL ) ==
                  ( restored.peer_cert == NULL ) );
@@ -3961,7 +3961,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
                              original.peer_cert_digest_len ) == 0 );
     }
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
     TEST_ASSERT( original.verify_result == restored.verify_result );
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -4186,7 +4186,7 @@ void ssl_session_serialize_version_check( int corrupt_major,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void mbedtls_endpoint_sanity( int endpoint_type )
 {
     enum { BUFFSIZE = 1024 };
@@ -4209,7 +4209,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void move_handshake_to_state(int endpoint_type, int state, int need_pass)
 {
     enum { BUFFSIZE = 1024 };
@@ -4254,7 +4254,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void handshake_version( int dtls, int client_min_version, int client_max_version,
                         int server_min_version, int server_max_version,
                         int expected_negotiated_version )
@@ -4285,7 +4285,7 @@ void handshake_version( int dtls, int client_min_version, int client_max_version
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
 {
     handshake_test_options options;
@@ -4303,7 +4303,7 @@ void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void handshake_cipher( char* cipher, int pk_alg, int dtls )
 {
     test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
@@ -4313,7 +4313,7 @@ void handshake_cipher( char* cipher, int pk_alg, int dtls )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void app_data( int mfl, int cli_msg_len, int srv_msg_len,
                int expected_cli_fragments,
                int expected_srv_fragments, int dtls )
@@ -4334,7 +4334,7 @@ void app_data( int mfl, int cli_msg_len, int srv_msg_len,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
                    int expected_cli_fragments,
                    int expected_srv_fragments )
@@ -4346,7 +4346,7 @@ void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
                     int expected_cli_fragments,
                     int expected_srv_fragments )
@@ -4358,7 +4358,7 @@ void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void handshake_serialization( )
 {
     handshake_test_options options;
@@ -4372,7 +4372,7 @@ void handshake_serialization( )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
 {
     handshake_test_options options;
@@ -4408,7 +4408,7 @@ void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int ex
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void renegotiation( int legacy_renegotiation )
 {
     handshake_test_options options;
@@ -4424,7 +4424,7 @@ void renegotiation( int legacy_renegotiation )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
                      int serialize, int dtls, char *cipher )
 {
@@ -4445,7 +4445,7 @@ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void resize_buffers_serialize_mfl( int mfl )
 {
     test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -4456,7 +4456,7 @@ void resize_buffers_serialize_mfl( int mfl )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
 void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
                                      char *cipher )
 {
@@ -4594,7 +4594,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
 void raw_key_agreement_fail( int bad_server_ecdhe_key )
 {
     enum { BUFFSIZE = 17000 };

From 8b7a157fbe08fa8ddf08080abf0a85489160df04 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Fri, 14 Oct 2022 07:06:43 -0400
Subject: [PATCH 039/112] Improve depends.py readability

Switch from SHA224 & SHA384 testing to SHA256 and SHA512.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 5a3ebfd010..e72c811a55 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -143,8 +143,7 @@ def set_reference_config(options):
     """Change the library configuration file (mbedtls_config.h) to the reference state.
 The reference state is the one from which the tested configurations are
 derived."""
-    # Turn off memory management options that are not relevant to
-    # the tests and slow them down.
+    # Turn off options that are not relevant to the tests and slow them down.
     run_config_pl(options, ['full'])
     run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BACKTRACE'])
     run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C'])
@@ -190,8 +189,7 @@ If what is False, announce that the job has failed.'''
             log_line('starting ' + self.name)
 
     def configure(self, options):
-        '''Set library configuration options as required for the job.
-config_file_name indicates which file to modify.'''
+        '''Set library configuration options as required for the job.'''
         set_reference_config(options)
         for key, value in sorted(self.config_settings.items()):
             if value is True:
@@ -286,7 +284,7 @@ REVERSE_DEPENDENCIES = {
 # These are not necessarily dependencies, but just minimal required changes
 # if a given define is the only one enabled from an exclusive group.
 EXCLUSIVE_GROUPS = {
-    'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C'],
+    'MBEDTLS_SHA256_C': ['MBEDTLS_SHA224_C'],
     'MBEDTLS_SHA384_C': ['MBEDTLS_SHA512_C'],
     'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['!MBEDTLS_ECDSA_C',
                                         '!MBEDTLS_ECDSA_DETERMINISTIC',
@@ -359,7 +357,9 @@ would match this regular expression."""
 class ComplementaryDomain(BaseDomain): # pylint: disable=too-few-public-methods
     """A domain consisting of a set of loosely-related settings.
 Establish a list of configuration symbols. For each symbol, run a test job
-with this symbol unset."""
+with this symbol unset.
+If exclude is a regular expression, skip generated jobs whose description
+would match this regular expression."""
     def __init__(self, symbols, commands, exclude=None):
         """Build a domain for the specified list of configuration symbols.
 Each job in the domain disables one of the specified symbols.
@@ -375,9 +375,12 @@ Each job runs the specified commands."""
             self.jobs.append(job)
 
 class DualDomain(ExclusiveDomain, ComplementaryDomain): # pylint: disable=too-few-public-methods
-    """A domain that contains both the ExclusiveDomain and BaseDomain tests"""
+    """A domain that contains both the ExclusiveDomain and BaseDomain tests.
+Both parent class __init__ calls are performed in any order and 
+each call adds respective jobs. The job array initialization is done once in
+BaseDomain, before the parent __init__ calls."""
     def __init__(self, symbols, commands, exclude=None):
-        super().__init__(symbols=symbols, commands=commands, exclude=exclude)
+        super().__init__(symbols, commands, exclude)
 
 class CipherInfo: # pylint: disable=too-few-public-methods
     """Collect data about cipher.h."""
@@ -410,7 +413,6 @@ class DomainData:
         # Find cipher IDs (block permutations and stream ciphers --- chaining
         # and padding modes are exercised separately) information by parsing
         # cipher.h, as the information is not readily available in mbedtls_config.h.
-
         cipher_info = CipherInfo()
         # Find block cipher chaining and padding mode enabling macros by name.
         cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z')
@@ -425,12 +427,15 @@ class DomainData:
                                               build_and_test),
             # Elliptic curves. Run the test suites.
             'curves': ExclusiveDomain(curve_symbols, build_and_test),
-            # Hash algorithms. Exclude configurations with only one
-            # hash which is obsolete. Run the test suites. Exclude
-            # SHA512 and SHA256, as these are tested with SHA384 and SHA224.
+            # Hash algorithms. Exclude three groups:
+            # - Exclusive domain of MD, RIPEMD, SHA1 (obsolete);
+            # - Exclusive domain of SHA224 (tested with and depends on SHA256);
+            # - Complementary domain of SHA224 and SHA384 - tested with and depend
+            #       on SHA256 and SHA512, respectively.
             'hashes': DualDomain(hash_symbols, build_and_test,
-                                 exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_|SHA256_|SHA512_)' \
-                                          '|!MBEDTLS_(SHA256_|SHA512_)'),
+                                 exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \
+                                          '|MBEDTLS_SHA224_'\
+                                          '|!MBEDTLS_(SHA224_|SHA384_)'),
             # Key exchange types. Only build the library and the sample
             # programs.
             'kex': ExclusiveDomain(key_exchange_symbols,

From 0325ced8cc32e2b1ce6d9dd569c39454dd255e3c Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 18 Oct 2022 09:37:59 -0400
Subject: [PATCH 040/112] depends.py: fix TLS 1.3 requirements

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index e72c811a55..4e7cd03641 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -266,8 +266,7 @@ REVERSE_DEPENDENCIES = {
                          'MBEDTLS_ENTROPY_FORCE_SHA256',
                          'MBEDTLS_SHA224_C',
                          'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
-                         'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
-                         'MBEDTLS_SSL_PROTO_TLS1_3'],
+                         'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
     'MBEDTLS_SHA512_C': ['MBEDTLS_SHA384_C',
                          'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
                          'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'],
@@ -276,7 +275,6 @@ REVERSE_DEPENDENCIES = {
                          'MBEDTLS_SHA256_C',
                          'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
                          'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
-    'MBEDTLS_SHA384_C': ['MBEDTLS_SSL_PROTO_TLS1_3'],
     'MBEDTLS_X509_RSASSA_PSS_SUPPORT': []
 }
 
@@ -286,6 +284,7 @@ REVERSE_DEPENDENCIES = {
 EXCLUSIVE_GROUPS = {
     'MBEDTLS_SHA256_C': ['MBEDTLS_SHA224_C'],
     'MBEDTLS_SHA384_C': ['MBEDTLS_SHA512_C'],
+    'MBEDTLS_SHA512_C': ['!MBEDTLS_SSL_COOKIE_C', '!MBEDTLS_SSL_PROTO_TLS1_3'],
     'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['!MBEDTLS_ECDSA_C',
                                         '!MBEDTLS_ECDSA_DETERMINISTIC',
                                         '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
@@ -376,11 +375,9 @@ Each job runs the specified commands."""
 
 class DualDomain(ExclusiveDomain, ComplementaryDomain): # pylint: disable=too-few-public-methods
     """A domain that contains both the ExclusiveDomain and BaseDomain tests.
-Both parent class __init__ calls are performed in any order and 
+Both parent class __init__ calls are performed in any order and
 each call adds respective jobs. The job array initialization is done once in
 BaseDomain, before the parent __init__ calls."""
-    def __init__(self, symbols, commands, exclude=None):
-        super().__init__(symbols, commands, exclude)
 
 class CipherInfo: # pylint: disable=too-few-public-methods
     """Collect data about cipher.h."""

From 9cbdf102d653ad5ccbf9fdea9a624629fdf26c07 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Fri, 14 Oct 2022 08:09:16 -0400
Subject: [PATCH 041/112] Change the way exclusive groups are defined in
 depends.py

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 48 +++++++++++++++++++++-------------------
 1 file changed, 25 insertions(+), 23 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 4e7cd03641..b23532d4b3 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -282,34 +282,36 @@ REVERSE_DEPENDENCIES = {
 # These are not necessarily dependencies, but just minimal required changes
 # if a given define is the only one enabled from an exclusive group.
 EXCLUSIVE_GROUPS = {
-    'MBEDTLS_SHA256_C': ['MBEDTLS_SHA224_C'],
-    'MBEDTLS_SHA384_C': ['MBEDTLS_SHA512_C'],
-    'MBEDTLS_SHA512_C': ['!MBEDTLS_SSL_COOKIE_C', '!MBEDTLS_SSL_PROTO_TLS1_3'],
-    'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['!MBEDTLS_ECDSA_C',
-                                        '!MBEDTLS_ECDSA_DETERMINISTIC',
-                                        '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
-                                        '!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
-                                        '!MBEDTLS_ECJPAKE_C',
-                                        '!MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
-    'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['!MBEDTLS_ECDSA_C',
-                                          '!MBEDTLS_ECDSA_DETERMINISTIC',
-                                          '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
-                                          '!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
-                                          '!MBEDTLS_ECJPAKE_C',
-                                          '!MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
-    'MBEDTLS_ARIA_C': ['!MBEDTLS_CMAC_C'],
-    'MBEDTLS_CAMELLIA_C': ['!MBEDTLS_CMAC_C'],
-    'MBEDTLS_CHACHA20_C': ['!MBEDTLS_CMAC_C', '!MBEDTLS_CCM_C', '!MBEDTLS_GCM_C'],
-    'MBEDTLS_DES_C': ['!MBEDTLS_CCM_C', '!MBEDTLS_GCM_C', '!MBEDTLS_SSL_TICKET_C',
-                      '!MBEDTLS_SSL_CONTEXT_SERIALIZATION'],
+    'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C'],
+    'MBEDTLS_SHA384_C': ['+MBEDTLS_SHA512_C'],
+    'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
+                         '-MBEDTLS_SSL_PROTO_TLS1_3'],
+    'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
+                                        '-MBEDTLS_ECDSA_DETERMINISTIC',
+                                        '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
+                                        '-MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+                                        '-MBEDTLS_ECJPAKE_C',
+                                        '-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
+    'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C',
+                                          '-MBEDTLS_ECDSA_DETERMINISTIC',
+                                          '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
+                                          '-MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+                                          '-MBEDTLS_ECJPAKE_C',
+                                          '-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
+    'MBEDTLS_ARIA_C': ['-MBEDTLS_CMAC_C'],
+    'MBEDTLS_CAMELLIA_C': ['-MBEDTLS_CMAC_C'],
+    'MBEDTLS_CHACHA20_C': ['-MBEDTLS_CMAC_C', '-MBEDTLS_CCM_C', '-MBEDTLS_GCM_C'],
+    'MBEDTLS_DES_C': ['-MBEDTLS_CCM_C',
+                      '-MBEDTLS_GCM_C',
+                      '-MBEDTLS_SSL_TICKET_C',
+                      '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'],
 }
 def handle_exclusive_groups(config_settings, symbol):
     """For every symbol tested in an exclusive group check if there are other
 defines to be altered. """
     for dep in EXCLUSIVE_GROUPS.get(symbol, []):
-        unset = dep.startswith('!')
-        if unset:
-            dep = dep[1:]
+        unset = dep.startswith('-')
+        dep = dep[1:]
         config_settings[dep] = not unset
 
 def turn_off_dependencies(config_settings):

From bec35a18c10afa44f142d821a5f1faf7899a3500 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Sun, 16 Oct 2022 12:52:20 -0400
Subject: [PATCH 042/112] depends.py: rename config_pl usage to config_py

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index b23532d4b3..9f25a676aa 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -130,7 +130,7 @@ Remove the backup file if it was saved earlier."""
     else:
         shutil.copy(options.config_backup, options.config)
 
-def run_config_pl(options, args):
+def run_config_py(options, args):
     """Run scripts/config.py with the specified arguments."""
     cmd = ['scripts/config.py']
     if options.config != 'include/mbedtls/mbedtls_config.h':
@@ -144,11 +144,11 @@ def set_reference_config(options):
 The reference state is the one from which the tested configurations are
 derived."""
     # Turn off options that are not relevant to the tests and slow them down.
-    run_config_pl(options, ['full'])
-    run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BACKTRACE'])
-    run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C'])
-    run_config_pl(options, ['unset', 'MBEDTLS_MEMORY_DEBUG'])
-    run_config_pl(options, ['unset', 'MBEDTLS_TEST_HOOKS'])
+    run_config_py(options, ['full'])
+    run_config_py(options, ['unset', 'MBEDTLS_MEMORY_BACKTRACE'])
+    run_config_py(options, ['unset', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C'])
+    run_config_py(options, ['unset', 'MBEDTLS_MEMORY_DEBUG'])
+    run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS'])
 
 def collect_config_symbols(options):
     """Read the list of settings from mbedtls_config.h.
@@ -198,7 +198,7 @@ If what is False, announce that the job has failed.'''
                 args = ['unset', key]
             else:
                 args = ['set', key, value]
-            run_config_pl(options, args)
+            run_config_py(options, args)
 
     def test(self, options):
         '''Run the job's build and test commands.

From 3146bb4f61d473b8eae7bf8a6ae862bb9847f447 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Mon, 17 Oct 2022 06:51:10 -0400
Subject: [PATCH 043/112] depends.py: remove config options that are unset
 anyway

Over the lifespan of this script these options have been removed
from the "full" configuration.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 9f25a676aa..4da74b679b 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -145,9 +145,6 @@ The reference state is the one from which the tested configurations are
 derived."""
     # Turn off options that are not relevant to the tests and slow them down.
     run_config_py(options, ['full'])
-    run_config_py(options, ['unset', 'MBEDTLS_MEMORY_BACKTRACE'])
-    run_config_py(options, ['unset', 'MBEDTLS_MEMORY_BUFFER_ALLOC_C'])
-    run_config_py(options, ['unset', 'MBEDTLS_MEMORY_DEBUG'])
     run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS'])
 
 def collect_config_symbols(options):

From 96298f960f1b3106274e17e21d94560e47a53180 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <Andrzej.Kurek@arm.com>
Date: Tue, 4 Oct 2022 08:06:59 -0400
Subject: [PATCH 044/112] Add a temporary solution to create a seedfile

This caused problems if a config with SHA512 was
compiled after a config without it and the seedfile
did not contain enough data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/Makefile b/library/Makefile
index 54b0651dc4..3b91e2556f 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -187,6 +187,7 @@ all: shared static
 endif
 
 static: libmbedcrypto.a libmbedx509.a libmbedtls.a
+	cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile
 
 shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT)
 

From ffbc8f5d4af0a9d9e6c5385ecdff43518666e95d Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Mon, 17 Oct 2022 08:34:40 -0400
Subject: [PATCH 045/112] depends.py documentation fixes

Now that the format of exclusive groups has been changed,
update the documentation using it too.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 4da74b679b..bcd8ca1b61 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 
-# Copyright (c) 2018, Arm Limited, All Rights Reserved.
+# Copyright (c) 2022, Arm Limited, All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -27,7 +27,7 @@ in the arguments is parsed to extract any configuration options (collect_config_
 
 Then, test domains (groups of jobs, tests) are built based on predefined data
 collected in the DomainData class. Here, each domain has five major traits:
-- domain name, can be used to run only specific tests via commandline;
+- domain name, can be used to run only specific tests via command-line;
 - configuration building method, described in detail below;
 - list of symbols passed to the configuration building method;
 - commands to be run on each job (only build, build and test, or any other custom);
@@ -44,17 +44,17 @@ The configuration building method can be one of the three following:
   direct dependencies, but rather non-trivial results of other configs missing. Then
   look for any unset symbols and handle their reverse dependencies.
   Examples of EXCLUSIVE_GROUPS usage:
-  - MBEDTLS_SHA224 job turns off all hashes except SHA224, however, when investigating
-    reverse dependencies, SHA256 is found to depend on SHA224, so it is disabled,
-    and then SHA224 is found to depend on SHA256, so it is also disabled. To handle
-    this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA224 test SHA256
+  - MBEDTLS_SHA256 job turns off all hashes except SHA256, however, when investigating
+    reverse dependencies, SHA224 is found to depend on SHA256, so it is disabled,
+    and then SHA256 is found to depend on SHA224, so it is also disabled. To handle
+    this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA256 test SHA224
     should also be enabled before processing reverse dependencies:
-    'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C']
+    'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C']
   - MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C
     requires either SHA256 or SHA384 to work, so it also has to be disabled.
     This is not a dependency on SHA512_C, but a result of an exclusive domain
     config building method. Relevant field:
-    'MBEDTLS_SHA512_C': ['!MBEDTLS_SSL_COOKIE_C'],
+    'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C'],
 
 - DualDomain - combination of the two above - both complementary and exclusive domain
   job generation code will be run. Currently only used for hashes.
@@ -514,7 +514,7 @@ def main():
             description=
             "Test Mbed TLS with a subset of algorithms.\n\n"
             "Example usage:\n"
-            r"./tests/scripts/depends.py \!MBEDTLS_SHA1_C MBEDTLS_SHA224_C""\n"
+            r"./tests/scripts/depends.py \!MBEDTLS_SHA1_C MBEDTLS_SHA256_C""\n"
             "./tests/scripts/depends.py MBEDTLS_AES_C hashes\n"
             "./tests/scripts/depends.py cipher_id cipher_chaining\n")
         parser.add_argument('--color', metavar='WHEN',

From 113952de01a4f97eca477f2dabd453701eab1784 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Mon, 17 Oct 2022 08:39:09 -0400
Subject: [PATCH 046/112] depends.py: rename domains argument to tasks

Tasks can consist of domains and/or jobs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index bcd8ca1b61..c6e03969fd 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -471,14 +471,14 @@ def run_tests(options, domain_data):
     """Run the desired jobs.
 domain_data should be a DomainData instance that describes the available
 domains and jobs.
-Run the jobs listed in options.domains."""
+Run the jobs listed in options.tasks."""
     if not hasattr(options, 'config_backup'):
         options.config_backup = options.config + '.bak'
     colors = Colors(options)
     jobs = []
     failures = []
     successes = []
-    for name in options.domains:
+    for name in options.tasks:
         jobs += domain_data.get_jobs(name)
     backup_config(options)
     try:
@@ -541,15 +541,14 @@ def main():
         parser.add_argument('--make-command', metavar='CMD',
                             help='Command to run instead of make (e.g. gmake)',
                             action='store', default='make')
-        parser.add_argument('domains', metavar='DOMAIN', nargs='*',
-                            help='The domain(s) to test (default: all). This can \
-                                  be also a list of jobs to run.',
+        parser.add_argument('tasks', metavar='TASKS', nargs='*',
+                            help='The domain(s) or job(s) to test (default: all).',
                             default=True)
         options = parser.parse_args()
         os.chdir(options.directory)
         domain_data = DomainData(options)
-        if options.domains is True:
-            options.domains = sorted(domain_data.domains.keys())
+        if options.tasks is True:
+            options.tasks = sorted(domain_data.domains.keys())
         if options.list:
             for arg in options.list:
                 for domain_name in sorted(getattr(domain_data, arg).keys()):

From 15e5dd8d966e1b9fe093c74073e5f2071f3ec890 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 20 Oct 2022 06:10:52 -0400
Subject: [PATCH 047/112] Add missing blowfish possibility to CBC suites

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 include/mbedtls/ssl_internal.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 46ade67b9c..a2b23cb0f6 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -149,7 +149,8 @@
     ( defined(MBEDTLS_AES_C)      ||                                  \
       defined(MBEDTLS_CAMELLIA_C) ||                                  \
       defined(MBEDTLS_ARIA_C)     ||                                  \
-      defined(MBEDTLS_DES_C) )
+      defined(MBEDTLS_DES_C)      ||                                  \
+      defined(MBEDTLS_BLOWFISH_C) )
 #define MBEDTLS_SSL_SOME_SUITES_USE_CBC
 #endif
 

From 467a0f2025e03de6f6e468e0be9b5abe2ba3f88a Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 20 Oct 2022 06:15:06 -0400
Subject: [PATCH 048/112] Adjust depends.py to the 2.28 branch

SHA224 and SHA384 does not exist.
ARC4 and BLOWFISH requirements had to be added.
Changed mbedtls_config.h to config.h
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 64 +++++++++++++++-------------------------
 1 file changed, 23 insertions(+), 41 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index c6e03969fd..ef7dac3713 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -22,7 +22,7 @@ Test Mbed TLS with a subset of algorithms.
 
 This script can be divided into several steps:
 
-First, include/mbedtls/mbedtls_config.h or a different config file passed
+First, include/mbedtls/config.h or a different config file passed
 in the arguments is parsed to extract any configuration options (collect_config_symbols).
 
 Then, test domains (groups of jobs, tests) are built based on predefined data
@@ -43,18 +43,6 @@ The configuration building method can be one of the three following:
   any non-standard symbols to set/unset in EXCLUSIVE_GROUPS. These are usually not
   direct dependencies, but rather non-trivial results of other configs missing. Then
   look for any unset symbols and handle their reverse dependencies.
-  Examples of EXCLUSIVE_GROUPS usage:
-  - MBEDTLS_SHA256 job turns off all hashes except SHA256, however, when investigating
-    reverse dependencies, SHA224 is found to depend on SHA256, so it is disabled,
-    and then SHA256 is found to depend on SHA224, so it is also disabled. To handle
-    this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA256 test SHA224
-    should also be enabled before processing reverse dependencies:
-    'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C']
-  - MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C
-    requires either SHA256 or SHA384 to work, so it also has to be disabled.
-    This is not a dependency on SHA512_C, but a result of an exclusive domain
-    config building method. Relevant field:
-    'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C'],
 
 - DualDomain - combination of the two above - both complementary and exclusive domain
   job generation code will be run. Currently only used for hashes.
@@ -113,7 +101,7 @@ cmd is a list of strings: a command name and its arguments."""
     log_line(' '.join(cmd), prefix='+')
 
 def backup_config(options):
-    """Back up the library configuration file (mbedtls_config.h).
+    """Back up the library configuration file (config.h).
 If the backup file already exists, it is presumed to be the desired backup,
 so don't make another backup."""
     if os.path.exists(options.config_backup):
@@ -123,7 +111,7 @@ so don't make another backup."""
         shutil.copy(options.config, options.config_backup)
 
 def restore_config(options):
-    """Restore the library configuration file (mbedtls_config.h).
+    """Restore the library configuration file (config.h).
 Remove the backup file if it was saved earlier."""
     if options.own_backup:
         shutil.move(options.config_backup, options.config)
@@ -133,14 +121,14 @@ Remove the backup file if it was saved earlier."""
 def run_config_py(options, args):
     """Run scripts/config.py with the specified arguments."""
     cmd = ['scripts/config.py']
-    if options.config != 'include/mbedtls/mbedtls_config.h':
+    if options.config != 'include/mbedtls/config.h':
         cmd += ['--file', options.config]
     cmd += args
     log_command(cmd)
     subprocess.check_call(cmd)
 
 def set_reference_config(options):
-    """Change the library configuration file (mbedtls_config.h) to the reference state.
+    """Change the library configuration file (config.h) to the reference state.
 The reference state is the one from which the tested configurations are
 derived."""
     # Turn off options that are not relevant to the tests and slow them down.
@@ -148,7 +136,7 @@ derived."""
     run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS'])
 
 def collect_config_symbols(options):
-    """Read the list of settings from mbedtls_config.h.
+    """Read the list of settings from config.h.
 Return them in a generator."""
     with open(options.config, encoding="utf-8") as config_file:
         rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])')
@@ -261,17 +249,10 @@ REVERSE_DEPENDENCIES = {
     'MBEDTLS_SHA1_C': SSL_PRE_1_2_DEPENDENCIES,
     'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
                          'MBEDTLS_ENTROPY_FORCE_SHA256',
-                         'MBEDTLS_SHA224_C',
                          'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
                          'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
-    'MBEDTLS_SHA512_C': ['MBEDTLS_SHA384_C',
-                         'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
+    'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
                          'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'],
-    'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
-                         'MBEDTLS_ENTROPY_FORCE_SHA256',
-                         'MBEDTLS_SHA256_C',
-                         'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
-                         'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
     'MBEDTLS_X509_RSASSA_PSS_SUPPORT': []
 }
 
@@ -279,10 +260,7 @@ REVERSE_DEPENDENCIES = {
 # These are not necessarily dependencies, but just minimal required changes
 # if a given define is the only one enabled from an exclusive group.
 EXCLUSIVE_GROUPS = {
-    'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C'],
-    'MBEDTLS_SHA384_C': ['+MBEDTLS_SHA512_C'],
-    'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
-                         '-MBEDTLS_SSL_PROTO_TLS1_3'],
+    'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL'],
     'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
                                         '-MBEDTLS_ECDSA_DETERMINISTIC',
                                         '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
@@ -296,6 +274,16 @@ EXCLUSIVE_GROUPS = {
                                           '-MBEDTLS_ECJPAKE_C',
                                           '-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
     'MBEDTLS_ARIA_C': ['-MBEDTLS_CMAC_C'],
+    'MBEDTLS_ARC4_C': ['-MBEDTLS_CMAC_C',
+                       '-MBEDTLS_CCM_C',
+                       '-MBEDTLS_SSL_TICKET_C',
+                       '-MBEDTLS_SSL_CONTEXT_SERIALIZATION',
+                       '-MBEDTLS_GCM_C'],
+    'MBEDTLS_BLOWFISH_C': ['-MBEDTLS_CMAC_C',
+                           '-MBEDTLS_CCM_C',
+                           '-MBEDTLS_SSL_TICKET_C',
+                           '-MBEDTLS_SSL_CONTEXT_SERIALIZATION',
+                           '-MBEDTLS_GCM_C'],
     'MBEDTLS_CAMELLIA_C': ['-MBEDTLS_CMAC_C'],
     'MBEDTLS_CHACHA20_C': ['-MBEDTLS_CMAC_C', '-MBEDTLS_CCM_C', '-MBEDTLS_GCM_C'],
     'MBEDTLS_DES_C': ['-MBEDTLS_CCM_C',
@@ -391,7 +379,7 @@ class CipherInfo: # pylint: disable=too-few-public-methods
 class DomainData:
     """A container for domains and jobs, used to structurize testing."""
     def config_symbols_matching(self, regexp):
-        """List the mbedtls_config.h settings matching regexp."""
+        """List the config.h settings matching regexp."""
         return [symbol for symbol in self.all_config_symbols
                 if re.match(regexp, symbol)]
 
@@ -408,7 +396,7 @@ class DomainData:
         key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
         # Find cipher IDs (block permutations and stream ciphers --- chaining
         # and padding modes are exercised separately) information by parsing
-        # cipher.h, as the information is not readily available in mbedtls_config.h.
+        # cipher.h, as the information is not readily available in config.h.
         cipher_info = CipherInfo()
         # Find block cipher chaining and padding mode enabling macros by name.
         cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z')
@@ -423,15 +411,9 @@ class DomainData:
                                               build_and_test),
             # Elliptic curves. Run the test suites.
             'curves': ExclusiveDomain(curve_symbols, build_and_test),
-            # Hash algorithms. Exclude three groups:
-            # - Exclusive domain of MD, RIPEMD, SHA1 (obsolete);
-            # - Exclusive domain of SHA224 (tested with and depends on SHA256);
-            # - Complementary domain of SHA224 and SHA384 - tested with and depend
-            #       on SHA256 and SHA512, respectively.
+            # Hash algorithms. Exclude exclusive domain of MD, RIPEMD, SHA1 (obsolete)
             'hashes': DualDomain(hash_symbols, build_and_test,
-                                 exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \
-                                          '|MBEDTLS_SHA224_'\
-                                          '|!MBEDTLS_(SHA224_|SHA384_)'),
+                                 exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)'),
             # Key exchange types. Only build the library and the sample
             # programs.
             'kex': ExclusiveDomain(key_exchange_symbols,
@@ -522,7 +504,7 @@ def main():
                             choices=['always', 'auto', 'never'], default='auto')
         parser.add_argument('-c', '--config', metavar='FILE',
                             help='Configuration file to modify',
-                            default='include/mbedtls/mbedtls_config.h')
+                            default='include/mbedtls/config.h')
         parser.add_argument('-C', '--directory', metavar='DIR',
                             help='Change to this directory before anything else',
                             default='.')

From 3de1c783ea8df29c0bd765b405404a3d4dfca46b Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 19 Oct 2022 05:33:09 -0400
Subject: [PATCH 049/112] Fix blowfish padding dependencies

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_cipher.blowfish.data | 138 +++++++++----------
 1 file changed, 69 insertions(+), 69 deletions(-)

diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data
index a05a4e7b3e..eb3a0c4bbe 100644
--- a/tests/suites/test_suite_cipher.blowfish.data
+++ b/tests/suites/test_suite_cipher.blowfish.data
@@ -3,7 +3,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC
 dec_empty_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:0:0
 
 BLOWFISH Encrypt and decrypt 0 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:-1
 
 BLOWFISH Encrypt and decrypt 1 byte [#1]
@@ -19,7 +19,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:-1
 
 BLOWFISH Encrypt and decrypt 8 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:-1
 
 BLOWFISH Encrypt and decrypt 9 bytes [#1]
@@ -31,7 +31,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:-1
 
 BLOWFISH Encrypt and decrypt 16 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:-1
 
 BLOWFISH Encrypt and decrypt 17 bytes [#1]
@@ -43,7 +43,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:-1
 
 BLOWFISH Encrypt and decrypt 32 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:-1
 
 BLOWFISH Encrypt and decrypt 32 bytes [#2]
@@ -55,7 +55,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:-1
 
 BLOWFISH Encrypt and decrypt 48 bytes [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:-1
 
 BLOWFISH Encrypt and decrypt 49 bytes [#1]
@@ -63,247 +63,247 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:-1
 
 BLOWFISH Encrypt and decrypt 0 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 1 byte with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 2 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 7 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 8 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 9 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 15 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 16 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 17 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 31 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 32 bytes with one and zeros padding [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 32 bytes with one and zeros padding [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 47 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 48 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 49 bytes with one and zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ONE_AND_ZEROS
 
 BLOWFISH Encrypt and decrypt 0 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 1 byte with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 2 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 7 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 8 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 9 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 15 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 16 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 17 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 31 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 32 bytes with zeros and len padding [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 32 bytes with zeros and len padding [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 47 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 48 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 49 bytes with zeros and len padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ZEROS_AND_LEN
 
 BLOWFISH Encrypt and decrypt 0 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 1 byte with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 2 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 7 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 8 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 9 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 15 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 16 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 17 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 31 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 32 bytes with zeros padding [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 32 bytes with zeros padding [#2]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 47 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 48 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 49 bytes with zeros padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ZEROS
 
 BLOWFISH Encrypt and decrypt 0 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_NONE
 
 BLOWFISH Encrypt and decrypt 8 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_NONE
 
 BLOWFISH Encrypt and decrypt 16 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_NONE
 
 BLOWFISH Encrypt and decrypt 32 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_NONE
 
 BLOWFISH Encrypt and decrypt 48 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_NONE
 
 BLOWFISH Try encrypting 1 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:1:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Try encrypting 2 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:2:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Try encrypting 7 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:7:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Try encrypting 9 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:9:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Try encrypting 15 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:15:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Try encrypting 17 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:17:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Try encrypting 31 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:31:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Try encrypting 33 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:33:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Try encrypting 47 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:47:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Try encrypting 49 bytes with no padding
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
 
 BLOWFISH Encrypt and decrypt 0 bytes in multiple parts [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0:-1:0:0:0:0
 
 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 [#1]
@@ -319,15 +319,15 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC
 enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0:-1:16:0:8:8
 
 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16:-1:0:16:0:16
 
 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15:-1:0:16:0:16
 
 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 [#1]
-depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC
 enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1:-1:8:8:8:8
 
 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#1]

From a2089f5a2992a81f86b7ea55e6f137999d3696f4 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 19 Oct 2022 09:13:11 -0400
Subject: [PATCH 050/112] pylint: ignore duplicated imports

It is not uncommon to have the same imports
across different python files. Ignore it when
running pylint.
Starting at pylint 2.14.5 this is the default value.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 .pylintrc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.pylintrc b/.pylintrc
index d217ff69c5..10c93f8791 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -73,3 +73,7 @@ reports=no
 # Allow unused variables if their name starts with an underscore.
 # [unused-argument]
 dummy-variables-rgx=_.*
+
+[SIMILARITIES]
+# Ignore imports when computing similarities.
+ignore-imports=yes

From e470821e6a07d8734284a04dfa711803e02af258 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 20 Oct 2022 06:46:16 -0400
Subject: [PATCH 051/112] Add missing SHA dependencies

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 programs/fuzz/fuzz_dtlsserver.c                          | 9 ++++++---
 .../suites/test_suite_psa_crypto_se_driver_hal.function  | 2 ++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 4cde1fe6c7..48553c0c86 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -10,11 +10,12 @@
 #include "mbedtls/timing.h"
 #include "mbedtls/ssl_cookie.h"
 
-
 #if defined(MBEDTLS_SSL_SRV_C) && \
     defined(MBEDTLS_ENTROPY_C) && \
     defined(MBEDTLS_CTR_DRBG_C) && \
-    defined(MBEDTLS_TIMING_C)
+    defined(MBEDTLS_TIMING_C) && \
+    ( defined(MBEDTLS_SHA256_C) || \
+        ( defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) ) )
 const char *pers = "fuzz_dtlsserver";
 const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
 static int initialized = 0;
@@ -30,7 +31,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     defined(MBEDTLS_SSL_SRV_C) && \
     defined(MBEDTLS_ENTROPY_C) && \
     defined(MBEDTLS_CTR_DRBG_C) && \
-    defined(MBEDTLS_TIMING_C)
+    defined(MBEDTLS_TIMING_C) && \
+    ( defined(MBEDTLS_SHA256_C) || \
+        ( defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) ) )
     int ret;
     size_t len;
     mbedtls_ssl_context ssl;
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index 79d658fd0a..c96b988456 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -664,8 +664,10 @@ static int smoke_test_key( mbedtls_svc_key_id_t key )
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_mac_operation_t mac_operation = PSA_MAC_OPERATION_INIT;
     psa_cipher_operation_t cipher_operation = PSA_CIPHER_OPERATION_INIT;
+#if defined(MBEDTLS_SHA256_C)
     psa_key_derivation_operation_t derivation_operation =
         PSA_KEY_DERIVATION_OPERATION_INIT;
+#endif
     uint8_t buffer[80]; /* large enough for a public key for ECDH */
     size_t length;
     mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;

From 0d3b3a86d250ababbc034afe558d9eb03c44400c Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 20 Oct 2022 14:50:35 -0400
Subject: [PATCH 052/112] Move MBEDTLS_ECP_C requirements to
 test_suite_ssl.function

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_ssl.data     | 74 +++++++++++++---------------
 tests/suites/test_suite_ssl.function |  6 +--
 2 files changed, 37 insertions(+), 43 deletions(-)

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index c0be16f62f..4a81c0e5d0 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -98,63 +98,61 @@ Test moving clients handshake to state: CLIENT_HELLO
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_HELLO:1
 
 Test moving clients handshake to state: SERVER_HELLO
-depends_on:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1
 
 Test moving clients handshake to state: SERVER_CERTIFICATE
-depends_on:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1
 
 Test moving clients handshake to state: SERVER_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
 
 Test moving clients handshake to state: CERTIFICATE_REQUEST
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
 
 Test moving clients handshake to state: SERVER_HELLO_DONE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1
 
 Test moving clients handshake to state: CLIENT_CERTIFICATE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
 
 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
 
 Test moving clients handshake to state: CERTIFICATE_VERIFY
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
 
 Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
 
 Test moving clients handshake to state: CLIENT_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1
 
 Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
 
 Test moving clients handshake to state: SERVER_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1
 
 Test moving clients handshake to state: FLUSH_BUFFERS
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1
 
 Test moving clients handshake to state: HANDSHAKE_WRAPUP
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
 
 Test moving clients handshake to state: HANDSHAKE_OVER
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1
 
 Test moving servers handshake to state: HELLO_REQUEST
@@ -164,63 +162,61 @@ Test moving servers handshake to state: CLIENT_HELLO
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1
 
 Test moving servers handshake to state: SERVER_HELLO
-depends_on:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1
 
 Test moving servers handshake to state: SERVER_CERTIFICATE
-depends_on:MBEDTLS_ECP_C
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1
 
 Test moving servers handshake to state: SERVER_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
 
 Test moving servers handshake to state: CERTIFICATE_REQUEST
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
 
 Test moving servers handshake to state: SERVER_HELLO_DONE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1
 
 Test moving servers handshake to state: CLIENT_CERTIFICATE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
 
 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
 
 Test moving servers handshake to state: CERTIFICATE_VERIFY
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
 
 Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
 
 Test moving servers handshake to state: CLIENT_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1
 
 Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
 
 Test moving servers handshake to state: SERVER_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1
 
 Test moving servers handshake to state: FLUSH_BUFFERS
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1
 
 Test moving servers handshake to state: HANDSHAKE_WRAPUP
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
 
 Test moving servers handshake to state: HANDSHAKE_OVER
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1
 
 Negative test moving clients ssl to state: VERIFY_REQUEST_SENT
@@ -344,43 +340,41 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_TL
 handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_2:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE
 
 Sending app data via TLS, MFL=512 without fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1
 
 Sending app data via TLS, MFL=512 with fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3
 
 Sending app data via TLS, MFL=1024 without fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1
 
 Sending app data via TLS, MFL=1024 with fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5
 
 Sending app data via TLS, MFL=2048 without fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1
 
 Sending app data via TLS, MFL=2048 with fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4
 
 Sending app data via TLS, MFL=4096 without fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1
 
 Sending app data via TLS, MFL=4096 with fragmentation
-depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_ECP_C
+depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3
 
 Sending app data via TLS without MFL and without fragmentation
-depends_on:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1
 
 Sending app data via TLS without MFL and with fragmentation
-depends_on:MBEDTLS_ECP_C
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7
 
 Sending app data via DTLS, MFL=512 without fragmentation
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index cab27c0bcf..90cc4ad0ce 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4209,7 +4209,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C */
 void move_handshake_to_state(int endpoint_type, int state, int need_pass)
 {
     enum { BUFFSIZE = 1024 };
@@ -4254,7 +4254,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C */
 void handshake_version( int dtls, int client_min_version, int client_max_version,
                         int server_min_version, int server_max_version,
                         int expected_negotiated_version )
@@ -4334,7 +4334,7 @@ void app_data( int mfl, int cli_msg_len, int srv_msg_len,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C */
 void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
                    int expected_cli_fragments,
                    int expected_srv_fragments )

From 84fc52c6b302b79608d3ebf1969e44eede08c972 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 25 Oct 2022 04:18:30 -0400
Subject: [PATCH 053/112] Formatting & cosmetic fixes

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/ssl_tls.c                    |  7 +++++--
 tests/suites/test_suite_ssl.function | 26 +++++++++++++-------------
 2 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 39daaf75d6..2e4eedcac0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6515,14 +6515,17 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
     const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
          mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
 
-    #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
+    if( ciphersuite_info == NULL )
+        return( NULL );
+
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
     if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
         return( tls_prf_sha384 );
     else
 #endif
 #if defined(MBEDTLS_SHA256_C)
     {
-        if( ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
+        if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
             return( tls_prf_sha256 );
     }
 #endif
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 90cc4ad0ce..2a7f598a62 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -133,7 +133,7 @@ void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
 int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
 {
     buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
-                                                   sizeof(unsigned char) );
+                                                   sizeof( unsigned char ) );
     if( NULL == buf->buffer )
         return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     buf->capacity = capacity;
@@ -283,7 +283,7 @@ typedef struct mbedtls_test_message_queue
 int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
                                       size_t capacity )
 {
-    queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
+    queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof( size_t ) );
     if( NULL == queue->messages )
         return MBEDTLS_ERR_SSL_ALLOC_FAILED;
 
@@ -457,7 +457,7 @@ int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
     int ret = -1;
 
     peer1->output =
-        (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
+        (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof( mbedtls_test_buffer ) );
     if( peer1->output == NULL )
     {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
@@ -470,7 +470,7 @@ int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
     }
 
     peer2->output =
-        (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
+        (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof( mbedtls_test_buffer) );
     if( peer2->output == NULL )
     {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
@@ -1737,8 +1737,8 @@ void perform_handshake( handshake_test_options* options )
     int expected_handshake_result = 0;
 
     USE_PSA_INIT( );
-    mbedtls_platform_zeroize( &client, sizeof(client) );
-    mbedtls_platform_zeroize( &server, sizeof(server) );
+    mbedtls_platform_zeroize( &client, sizeof( client ) );
+    mbedtls_platform_zeroize( &server, sizeof( server ) );
 
     mbedtls_test_message_queue server_queue, client_queue;
     mbedtls_test_message_socket_context server_context, client_context;
@@ -2109,7 +2109,7 @@ void test_callback_buffer_sanity()
     unsigned char input[MSGLEN];
     unsigned char output[MSGLEN];
 
-    memset( input, 0, sizeof(input) );
+    memset( input, 0, sizeof( input ) );
 
     /* Make sure calling put and get on NULL buffer results in error. */
     TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
@@ -3745,7 +3745,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
     TEST_ASSERT( lbl != NULL );
 
     /* Check sanity of test parameters. */
-    TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
+    TEST_ASSERT( (size_t) desired_length <= sizeof( dst ) );
     TEST_ASSERT( (size_t) desired_length == expected->len );
 
     TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
@@ -3831,7 +3831,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
     TEST_ASSERT( lbl != NULL );
 
     /* Check sanity of test parameters. */
-    TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
+    TEST_ASSERT( (size_t) desired_length <= sizeof( dst ) );
     TEST_ASSERT( (size_t) desired_length == expected->len );
 
     TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret(
@@ -4216,8 +4216,8 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass)
     mbedtls_endpoint base_ep, second_ep;
     int ret = -1;
 
-    mbedtls_platform_zeroize( &base_ep, sizeof(base_ep) );
-    mbedtls_platform_zeroize( &second_ep, sizeof(second_ep) );
+    mbedtls_platform_zeroize( &base_ep, sizeof( base_ep ) );
+    mbedtls_platform_zeroize( &second_ep, sizeof( second_ep ) );
 
     ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
                                  NULL, NULL, NULL, NULL );
@@ -4605,8 +4605,8 @@ void raw_key_agreement_fail( int bad_server_ecdhe_key )
     mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
                                           MBEDTLS_ECP_DP_NONE };
     USE_PSA_INIT( );
-    mbedtls_platform_zeroize( &client, sizeof(client) );
-    mbedtls_platform_zeroize( &server, sizeof(server) );
+    mbedtls_platform_zeroize( &client, sizeof( client ) );
+    mbedtls_platform_zeroize( &server, sizeof( server ) );
 
     /* Client side, force SECP256R1 to make one key bitflip fail
      * the raw key agreement. Flipping the first byte makes the

From 2b44a929a45e8f66cc520607d40b02848655bc51 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Mon, 24 Oct 2022 10:41:20 -0400
Subject: [PATCH 054/112] depends.py: add a config option to unset
 MBEDTLS_USE_PSA

This lets us perform any test without MBEDTLS_USE_PSA
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index ef7dac3713..c7eddb8f36 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -134,6 +134,8 @@ derived."""
     # Turn off options that are not relevant to the tests and slow them down.
     run_config_py(options, ['full'])
     run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS'])
+    if options.unset_use_psa:
+        run_config_py(options, ['unset', 'MBEDTLS_USE_PSA_CRYPTO'])
 
 def collect_config_symbols(options):
     """Read the list of settings from config.h.
@@ -523,6 +525,9 @@ def main():
         parser.add_argument('--make-command', metavar='CMD',
                             help='Command to run instead of make (e.g. gmake)',
                             action='store', default='make')
+        parser.add_argument('--unset-use-psa',
+                            help='Unset MBEDTLS_USE_PSA_CRYPTO before any test',
+                            action='store_true', dest='unset_use_psa')
         parser.add_argument('tasks', metavar='TASKS', nargs='*',
                             help='The domain(s) or job(s) to test (default: all).',
                             default=True)

From 20d8a5f6881d3897649b34274c3d96236593caab Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Mon, 24 Oct 2022 10:49:22 -0400
Subject: [PATCH 055/112] Add all.sh components running depends.py without
 MBEDTLS_USE_PSA_CRYPTO

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/all.sh | 49 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 43 insertions(+), 6 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6e166b9562..6d4d424571 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1726,38 +1726,75 @@ component_build_key_exchanges () {
     tests/scripts/key-exchanges.pl
 }
 
+# depends.py family of tests
 component_test_depends_py_cipher_id () {
     msg "test/build: depends.py cipher_id (gcc)"
-    tests/scripts/depends.py cipher_id
+    tests/scripts/depends.py cipher_id --unset-use-psa
 }
 
 component_test_depends_py_cipher_chaining () {
     msg "test/build: depends.py cipher_chaining (gcc)"
-    tests/scripts/depends.py cipher_chaining
+    tests/scripts/depends.py cipher_chaining --unset-use-psa
 }
 
 component_test_depends_py_cipher_padding () {
     msg "test/build: depends.py cipher_padding (gcc)"
-    tests/scripts/depends.py cipher_padding
+    tests/scripts/depends.py cipher_padding --unset-use-psa
 }
 
 component_test_depends_py_curves () {
     msg "test/build: depends.py curves (gcc)"
-    tests/scripts/depends.py curves
+    tests/scripts/depends.py curves --unset-use-psa
 }
 
 component_test_depends_py_hashes () {
     msg "test/build: depends.py hashes (gcc)"
-    tests/scripts/depends.py hashes
+    tests/scripts/depends.py hashes --unset-use-psa
 }
 
 component_test_depends_py_kex () {
     msg "test/build: depends.py kex (gcc)"
-    tests/scripts/depends.py kex
+    tests/scripts/depends.py kex --unset-use-psa
 }
 
 component_test_depends_py_pkalgs () {
     msg "test/build: depends.py pkalgs (gcc)"
+    tests/scripts/depends.py pkalgs --unset-use-psa
+}
+
+# PSA equivalents of the depends.py tests
+component_test_depends_py_cipher_id_psa () {
+    msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+    tests/scripts/depends.py cipher_id
+}
+
+component_test_depends_py_cipher_chaining_psa () {
+    msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+    tests/scripts/depends.py cipher_chaining
+}
+
+component_test_depends_py_cipher_padding_psa () {
+    msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+    tests/scripts/depends.py cipher_padding
+}
+
+component_test_depends_py_curves_psa () {
+    msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+    tests/scripts/depends.py curves
+}
+
+component_test_depends_py_hashes_psa () {
+    msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+    tests/scripts/depends.py hashes
+}
+
+component_test_depends_py_kex_psa () {
+    msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+    tests/scripts/depends.py kex
+}
+
+component_test_depends_py_pkalgs_psa () {
+    msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
     tests/scripts/depends.py pkalgs
 }
 

From c5acdb9e92958908aaba292479433b87b345f499 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 26 Oct 2022 11:15:34 -0400
Subject: [PATCH 056/112] Remove unused perl dependency scripts

curves.pl, depends-hashes.pl, key-exchanges.pl and depends-pkalgs.pl are now superseded by depends.py.
Update all references to them accordingly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 README.md                        |   2 +-
 tests/scripts/all.sh             |  38 ----------
 tests/scripts/basic-in-docker.sh |   4 +-
 tests/scripts/curves.pl          | 125 -------------------------------
 tests/scripts/depends-hashes.pl  | 101 -------------------------
 tests/scripts/depends-pkalgs.pl  | 107 --------------------------
 tests/scripts/key-exchanges.pl   |  76 -------------------
 7 files changed, 3 insertions(+), 450 deletions(-)
 delete mode 100755 tests/scripts/curves.pl
 delete mode 100755 tests/scripts/depends-hashes.pl
 delete mode 100755 tests/scripts/depends-pkalgs.pl
 delete mode 100755 tests/scripts/key-exchanges.pl

diff --git a/README.md b/README.md
index a2903db184..01f465e39d 100644
--- a/README.md
+++ b/README.md
@@ -187,7 +187,7 @@ For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, ad
 -   `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
 -   `tests/compat.sh` tests interoperability of every ciphersuite with other implementations.
 -   `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations.
--   `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled
+-   `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on.
 -   `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `config.h`, etc).
 
 Porting Mbed TLS
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6d4d424571..6047e35340 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1688,44 +1688,6 @@ support_build_baremetal () {
     ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
 }
 
-component_test_depends_curves () {
-    msg "test/build: curves.pl (gcc)" # ~ 4 min
-    tests/scripts/curves.pl
-}
-
-component_test_depends_curves_psa () {
-    msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
-    scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
-    tests/scripts/curves.pl
-}
-
-component_test_depends_hashes () {
-    msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min
-    tests/scripts/depends-hashes.pl
-}
-
-component_test_depends_hashes_psa () {
-    msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
-    scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
-    tests/scripts/depends-hashes.pl
-}
-
-component_test_depends_pkalgs () {
-    msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min
-    tests/scripts/depends-pkalgs.pl
-}
-
-component_test_depends_pkalgs_psa () {
-    msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
-    scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
-    tests/scripts/depends-pkalgs.pl
-}
-
-component_build_key_exchanges () {
-    msg "test/build: key-exchanges (gcc)" # ~ 1 min
-    tests/scripts/key-exchanges.pl
-}
-
 # depends.py family of tests
 component_test_depends_py_cipher_id () {
     msg "test/build: depends.py cipher_id (gcc)"
diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh
index 50bcb05b3a..1f65710c8a 100755
--- a/tests/scripts/basic-in-docker.sh
+++ b/tests/scripts/basic-in-docker.sh
@@ -40,6 +40,6 @@ for compiler in clang gcc; do
     run_in_docker -e OSSL_NO_DTLS=1 tests/compat.sh
     run_in_docker tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
     run_in_docker tests/scripts/test-ref-configs.pl
-    run_in_docker tests/scripts/curves.pl
-    run_in_docker tests/scripts/key-exchanges.pl
+    run_in_docker tests/scripts/depends.py curves
+    run_in_docker tests/scripts/depends.py kex
 done
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
deleted file mode 100755
index 08582dc747..0000000000
--- a/tests/scripts/curves.pl
+++ /dev/null
@@ -1,125 +0,0 @@
-#!/usr/bin/env perl
-
-# curves.pl
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# The purpose of this test script is to validate that the library works
-# when only a single curve is enabled. In particular, this validates that
-# curve-specific code is guarded by the proper preprocessor conditionals,
-# both in the library and in tests.
-#
-# Since this script only tests builds with a single curve, it can't detect
-# bugs that are only triggered when multiple curves are present. We do
-# also test in many configurations where all curves are enabled, as well
-# as a few configurations in configs/*.h with a restricted subset of curves.
-#
-# Here are some known test gaps that could be addressed by testing all
-# 2^n combinations of support for n curves, which is impractical:
-# * There could be product bugs when curves A and B are enabled but not C.
-#   For example, a MAX_SIZE calculation that forgets B, where
-#   size(A) < size(B) < size(C).
-# * For test cases that require three or more curves, validate that they're
-#   not missing dependencies. This is extremely rare. (For test cases that
-#   require curves A and B but are missing a dependency on B, this is
-#   detected in the A-only build.)
-# Usage: tests/scripts/curves.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# Only curves that are enabled in config.h will be tested.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $sed_cmd = 's/^#define \(MBEDTLS_ECP_DP.*_ENABLED\)/\1/p';
-my $config_h = 'include/mbedtls/config.h';
-my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
-
-# Determine which curves support ECDSA by checking the dependencies of
-# ECDSA in check_config.h.
-my %curve_supports_ecdsa = ();
-{
-    local $/ = "";
-    local *CHECK_CONFIG;
-    open(CHECK_CONFIG, '<', 'include/mbedtls/check_config.h')
-        or die "open include/mbedtls/check_config.h: $!";
-    while (my $stanza = <CHECK_CONFIG>) {
-        if ($stanza =~ /\A#if defined\(MBEDTLS_ECDSA_C\)/) {
-            for my $curve ($stanza =~ /(?<=\()MBEDTLS_ECP_DP_\w+_ENABLED(?=\))/g) {
-                $curve_supports_ecdsa{$curve} = 1;
-            }
-            last;
-        }
-    }
-    close(CHECK_CONFIG);
-}
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
-    system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
-    # use an exit code between 1 and 124 for git bisect (die returns 255)
-    warn $_[0];
-    exit 1;
-}
-
-# Disable all the curves. We'll then re-enable them one by one.
-for my $curve (@curves) {
-    system( "scripts/config.pl unset $curve" )
-        and abort "Failed to disable $curve\n";
-}
-# Depends on a specific curve. Also, ignore error if it wasn't enabled.
-system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
-
-# Test with only $curve enabled, for each $curve.
-for my $curve (@curves) {
-    system( "make clean" ) and die;
-
-    print "\n******************************************\n";
-    print "* Testing with only curve: $curve\n";
-    print "******************************************\n";
-    $ENV{MBEDTLS_TEST_CONFIGURATION} = "$curve";
-
-    system( "scripts/config.pl set $curve" )
-        and abort "Failed to enable $curve\n";
-
-    my $ecdsa = $curve_supports_ecdsa{$curve} ? "set" : "unset";
-    for my $dep (qw(MBEDTLS_ECDSA_C
-                    MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-                    MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)) {
-        system( "scripts/config.pl $ecdsa $dep" )
-            and abort "Failed to $ecdsa $dep\n";
-    }
-
-    system( "CFLAGS='-Werror -Wall -Wextra' make" )
-        and abort "Failed to build: only $curve\n";
-    system( "make test" )
-        and abort "Failed test suite: only $curve\n";
-
-    system( "scripts/config.pl unset $curve" )
-        and abort "Failed to disable $curve\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
deleted file mode 100755
index 44d3543034..0000000000
--- a/tests/scripts/depends-hashes.pl
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/usr/bin/env perl
-
-# depends-hashes.pl
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# To test the code dependencies on individual hashes in each test suite. This
-# is a verification step to ensure we don't ship test suites that do not work
-# for some build options.
-#
-# The process is:
-#       for each possible hash
-#           build the library and test suites with the hash disabled
-#           execute the test suites
-#
-# And any test suite with the wrong dependencies will fail.
-#
-# Usage: tests/scripts/depends-hashes.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $config_h = 'include/mbedtls/config.h';
-
-# as many SSL options depend on specific hashes,
-# and SSL is not in the test suites anyways,
-# disable it to avoid dependency issues
-my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
-my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
-
-# for md we want to catch MD5_C but not MD_C, hence the extra dot
-my $mdx_sed_cmd = 's/^#define \(MBEDTLS_MD..*_C\)/\1/p';
-my $sha_sed_cmd = 's/^#define \(MBEDTLS_SHA.*_C\)/\1/p';
-my @hash_modules = split( /\s+/,
-                    `sed -n -e '$mdx_sed_cmd' -e '$sha_sed_cmd' $config_h` );
-
-# there are also negative options for truncated variants, disabled by default
-my $sha_trunc_sed_cmd = 's/^\/\/#define \(MBEDTLS_SHA..._NO_.*\)/\1/p';
-my @hash_negatives = split( /\s+/,
-                    `sed -n -e '$sha_trunc_sed_cmd' $config_h` );
-
-# list hash options with corresponding actions
-my @hashes = ((map { "unset $_" } @hash_modules),
-              (map { "set $_" } @hash_negatives));
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
-    system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
-    # use an exit code between 1 and 124 for git bisect (die returns 255)
-    warn $_[0];
-    exit 1;
-}
-
-for my $hash (@hashes) {
-    system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
-    system( "make clean" ) and die;
-
-    print "\n******************************************\n";
-    print "* Testing hash option: $hash\n";
-    print "******************************************\n";
-    $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$hash";
-
-    system( "scripts/config.py $hash" )
-        and abort "Failed to $hash\n";
-
-    for my $opt (@ssl) {
-        system( "scripts/config.py unset $opt" )
-            and abort "Failed to disable $opt\n";
-    }
-
-    system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
-        and abort "Failed to build lib: $hash\n";
-    system( "cd tests && make" ) and abort "Failed to build tests: $hash\n";
-    system( "make test" ) and abort "Failed test suite: $hash\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
deleted file mode 100755
index 2ad4a7cccb..0000000000
--- a/tests/scripts/depends-pkalgs.pl
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/usr/bin/env perl
-
-# depends-pkalgs.pl
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# To test the code dependencies on individual PK algs (those that can be used
-# from the PK layer, so currently signature and encryption but not key
-# exchange) in each test suite. This is a verification step to ensure we don't
-# ship test suites that do not work for some build options.
-#
-# The process is:
-#       for each possible PK alg
-#           build the library and test suites with that alg disabled
-#           execute the test suites
-#
-# And any test suite with the wrong dependencies will fail.
-#
-# Usage: tests/scripts/depends-pkalgs.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $config_h = 'include/mbedtls/config.h';
-
-# Some algorithms can't be disabled on their own as others depend on them, so
-# we list those reverse-dependencies here to keep check_config.h happy.
-my %algs = (
-    'MBEDTLS_ECDSA_C'   => ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED'],
-    'MBEDTLS_ECP_C'     => ['MBEDTLS_ECDSA_C',
-                            'MBEDTLS_ECDH_C',
-                            'MBEDTLS_ECJPAKE_C',
-                            'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
-    'MBEDTLS_X509_RSASSA_PSS_SUPPORT'   => [],
-    'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
-    'MBEDTLS_PKCS1_V15' => ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
-    'MBEDTLS_RSA_C'     => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT',
-                            'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
-                            'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
-);
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
-    system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
-    # use an exit code between 1 and 124 for git bisect (die returns 255)
-    warn $_[0];
-    exit 1;
-}
-
-while( my ($alg, $extras) = each %algs ) {
-    system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
-    system( "make clean" ) and die;
-
-    print "\n******************************************\n";
-    print "* Testing without alg: $alg\n";
-    print "******************************************\n";
-    $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$alg";
-
-    system( "scripts/config.py unset $alg" )
-        and abort "Failed to disable $alg\n";
-    for my $opt (@$extras) {
-        system( "scripts/config.py unset $opt" )
-            and abort "Failed to disable $opt\n";
-    }
-
-    system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
-        and abort "Failed to build lib: $alg\n";
-    system( "cd tests && make" ) and abort "Failed to build tests: $alg\n";
-    system( "make test" ) and abort "Failed test suite: $alg\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
deleted file mode 100755
index 20f3aa6358..0000000000
--- a/tests/scripts/key-exchanges.pl
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/bin/env perl
-
-# key-exchanges.pl
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# To test the code dependencies on individual key exchanges in the SSL module.
-# is a verification step to ensure we don't ship SSL code that do not work
-# for some build options.
-#
-# The process is:
-#       for each possible key exchange
-#           build the library with all but that key exchange disabled
-#
-# Usage: tests/scripts/key-exchanges.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
-my $config_h = 'include/mbedtls/config.h';
-my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
-    system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
-    # use an exit code between 1 and 124 for git bisect (die returns 255)
-    warn $_[0];
-    exit 1;
-}
-
-for my $kex (@kexes) {
-    system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
-    system( "make clean" ) and die;
-
-    print "\n******************************************\n";
-    print "* Testing with key exchange: $kex\n";
-    print "******************************************\n";
-    $ENV{MBEDTLS_TEST_CONFIGURATION} = $kex;
-
-    # full config with all key exchanges disabled except one
-    system( "scripts/config.py full" ) and abort "Failed config full\n";
-    for my $k (@kexes) {
-        next if $k eq $kex;
-        system( "scripts/config.py unset $k" )
-            and abort "Failed to disable $k\n";
-    }
-
-    system( "make lib CFLAGS='-Os -Werror'" ) and abort "Failed to build lib: $kex\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;

From 9821253847f2577a4261268d93f2a17676df9eba Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 27 Oct 2022 06:55:42 -0400
Subject: [PATCH 057/112] Add missing CBC dependency in test_suite_ssl

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_ssl.data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 4a81c0e5d0..0997ab14b2 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -226,7 +226,7 @@ Negative test moving servers ssl to state: NEW_SESSION_TICKET
 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0
 
 Handshake, SSL3
-depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC
 handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0
 
 Handshake, tls1

From 31788cd8ae3e92ac78ba075cebb96114e7723676 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 27 Oct 2022 07:42:27 -0400
Subject: [PATCH 058/112] Add missing SHA256 dependencies in test_suite_ssl

Most of the tests (including those using endpoint_init functions) parse
certificates that require MBEDTLS_SHA256_C to be present.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/suites/test_suite_ssl.function | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 2a7f598a62..0da0b15a1e 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4186,7 +4186,7 @@ void ssl_session_serialize_version_check( int corrupt_major,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void mbedtls_endpoint_sanity( int endpoint_type )
 {
     enum { BUFFSIZE = 1024 };
@@ -4209,7 +4209,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
 void move_handshake_to_state(int endpoint_type, int state, int need_pass)
 {
     enum { BUFFSIZE = 1024 };
@@ -4254,7 +4254,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
 void handshake_version( int dtls, int client_min_version, int client_max_version,
                         int server_min_version, int server_max_version,
                         int expected_negotiated_version )
@@ -4285,7 +4285,7 @@ void handshake_version( int dtls, int client_min_version, int client_max_version
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
 {
     handshake_test_options options;
@@ -4303,7 +4303,7 @@ void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void handshake_cipher( char* cipher, int pk_alg, int dtls )
 {
     test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
@@ -4313,7 +4313,7 @@ void handshake_cipher( char* cipher, int pk_alg, int dtls )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void app_data( int mfl, int cli_msg_len, int srv_msg_len,
                int expected_cli_fragments,
                int expected_srv_fragments, int dtls )
@@ -4334,7 +4334,7 @@ void app_data( int mfl, int cli_msg_len, int srv_msg_len,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
 void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
                    int expected_cli_fragments,
                    int expected_srv_fragments )
@@ -4346,7 +4346,7 @@ void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
                     int expected_cli_fragments,
                     int expected_srv_fragments )
@@ -4358,7 +4358,7 @@ void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void handshake_serialization( )
 {
     handshake_test_options options;
@@ -4372,7 +4372,7 @@ void handshake_serialization( )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
 {
     handshake_test_options options;
@@ -4408,7 +4408,7 @@ void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int ex
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void renegotiation( int legacy_renegotiation )
 {
     handshake_test_options options;
@@ -4424,7 +4424,7 @@ void renegotiation( int legacy_renegotiation )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
                      int serialize, int dtls, char *cipher )
 {
@@ -4445,7 +4445,7 @@ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void resize_buffers_serialize_mfl( int mfl )
 {
     test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -4456,7 +4456,7 @@ void resize_buffers_serialize_mfl( int mfl )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
 void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
                                      char *cipher )
 {

From 14bae83ca0895dcd7e962c759681dd86cb0c6ada Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Thu, 3 Nov 2022 17:49:29 +0000
Subject: [PATCH 059/112] Change test templating syntax to be valid C

For the benefit of auto-formatting tools, move from the '$placeholder'
templating syntax to a new syntax of the form:

__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER

This change allows the test code template to be almost entirely valid C.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/scripts/generate_test_code.py | 75 ++++++++++++++++++-----------
 tests/suites/main_test.function     | 44 ++++++++---------
 2 files changed, 69 insertions(+), 50 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index f5750aacfa..6d65986c88 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -126,33 +126,33 @@ code that is generated or read from helpers and platform files.
 This script replaces following fields in the template and generates
 the test source file:
 
-$test_common_helpers        <-- All common code from helpers.function
-                                is substituted here.
-$functions_code             <-- Test functions are substituted here
-                                from the input test_suit_xyz.function
-                                file. C preprocessor checks are generated
-                                for the build dependencies specified
-                                in the input file. This script also
-                                generates wrappers for the test
-                                functions with code to expand the
-                                string parameters read from the data
-                                file.
-$expression_code            <-- This script enumerates the
-                                expressions in the .data file and
-                                generates code to handle enumerated
-                                expression Ids and return the values.
-$dep_check_code             <-- This script enumerates all
-                                build dependencies and generate
-                                code to handle enumerated build
-                                dependency Id and return status: if
-                                the dependency is defined or not.
-$dispatch_code              <-- This script enumerates the functions
-                                specified in the input test data file
-                                and generates the initializer for the
-                                function table in the template
-                                file.
-$platform_code              <-- Platform specific setup and test
-                                dispatch code.
+__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS    <-- All common code from helpers.function
+                                                    is substituted here.
+__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE         <-- Test functions are substituted here
+                                                    from the input test_suit_xyz.function
+                                                    file. C preprocessor checks are generated
+                                                    for the build dependencies specified
+                                                    in the input file. This script also
+                                                    generates wrappers for the test
+                                                    functions with code to expand the
+                                                    string parameters read from the data
+                                                    file.
+__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE        <-- This script enumerates the
+                                                    expressions in the .data file and
+                                                    generates code to handle enumerated
+                                                    expression Ids and return the values.
+__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE         <-- This script enumerates all
+                                                    build dependencies and generate
+                                                    code to handle enumerated build
+                                                    dependency Id and return status: if
+                                                    the dependency is defined or not.
+__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE          <-- This script enumerates the functions
+                                                    specified in the input test data file
+                                                    and generates the initializer for the
+                                                    function table in the template
+                                                    file.
+__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE          <-- Platform specific setup and test
+                                                    dispatch code.
 
 """
 
@@ -974,11 +974,30 @@ def write_test_source_file(template_file, c_file, snippets):
     :param snippets: Generated and code snippets
     :return:
     """
+
+    # Create a placeholder pattern with the correct named capture groups
+    # to override the default provided with Template.
+    # Match nothing (no way of escaping placeholders).
+    escaped = "(?P<escaped>(?!))"
+    # Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern.
+    named = "__MBEDTLS_TEST_TEMPLATE__(?P<named>[A-Z][_A-Z0-9]*)"
+    # Match nothing (no braced placeholder syntax).
+    braced = "(?P<braced>(?!))"
+    # If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid.
+    invalid = "(?P<invalid>__MBEDTLS_TEST_TEMPLATE__)"
+    placeholder_pattern = re.compile(escaped \
+            + "|" + named \
+            + "|" + braced \
+            + "|" + invalid)
+
     with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
         for line_no, line in enumerate(template_f.readlines(), 1):
             # Update line number. +1 as #line directive sets next line number
             snippets['line_no'] = line_no + 1
-            code = string.Template(line).substitute(**snippets)
+            template = string.Template(line)
+            template.pattern = placeholder_pattern
+            snippets = {k.upper():v for (k, v) in snippets.items()}
+            code = template.substitute(**snippets)
             c_f.write(code)
 
 
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index ac00f45e57..65c7083ed3 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -3,17 +3,17 @@
  * *** THIS FILE HAS BEEN MACHINE GENERATED ***
  *
  * This file has been machine generated using the script:
- * $generator_script
+ * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
  *
- * Test file      : $test_file
+ * Test file      : __MBEDTLS_TEST_TEMPLATE__TEST_FILE
  *
  * The following files were used to create this file.
  *
- *      Main code file      : $test_main_file
- *      Platform code file  : $test_platform_file
- *      Helper file         : $test_common_helper_file
- *      Test suite file     : $test_case_file
- *      Test suite data     : $test_case_data_file
+ *      Main code file      : __MBEDTLS_TEST_TEMPLATE__TEST_MAIN_FILE
+ *      Platform code file  : __MBEDTLS_TEST_TEMPLATE__TEST_PLATFORM_FILE
+ *      Helper file         : __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPER_FILE
+ *      Test suite file     : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_FILE
+ *      Test suite data     : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_DATA_FILE
  *
  */
 
@@ -49,9 +49,9 @@
 /*----------------------------------------------------------------------------*/
 /* Common helper code */
 
-$test_common_helpers
+__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
 
-#line $line_no "suites/main_test.function"
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
 
 
 /*----------------------------------------------------------------------------*/
@@ -60,9 +60,9 @@ $test_common_helpers
 
 #define TEST_SUITE_ACTIVE
 
-$functions_code
+__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
 
-#line $line_no "suites/main_test.function"
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
 
 
 /*----------------------------------------------------------------------------*/
@@ -74,7 +74,7 @@ $functions_code
  *              For optimizing space for embedded targets each expression/macro
  *              is identified by a unique identifier instead of string literals.
  *              Identifiers and evaluation code is generated by script:
- *              $generator_script
+ *              __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
  *
  * \param exp_id    Expression identifier.
  * \param out_value Pointer to int to hold the integer.
@@ -90,8 +90,8 @@ int get_expression( int32_t exp_id, int32_t * out_value )
 
     switch( exp_id )
     {
-$expression_code
-#line $line_no "suites/main_test.function"
+__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
         default:
            {
                 ret = KEY_VALUE_MAPPING_NOT_FOUND;
@@ -107,7 +107,7 @@ $expression_code
  *              For optimizing space for embedded targets each dependency
  *              is identified by a unique identifier instead of string literals.
  *              Identifiers and check code is generated by script:
- *              $generator_script
+ *              __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
  *
  * \param dep_id    Dependency identifier.
  *
@@ -121,8 +121,8 @@ int dep_check( int dep_id )
 
     switch( dep_id )
     {
-$dep_check_code
-#line $line_no "suites/main_test.function"
+__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
         default:
             break;
     }
@@ -149,13 +149,13 @@ typedef void (*TestWrapper_t)( void **param_array );
 /**
  * \brief       Table of test function wrappers. Used by dispatch_test().
  *              This table is populated by script:
- *              $generator_script
+ *              __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
  *
  */
 TestWrapper_t test_funcs[] =
 {
-$dispatch_code
-#line $line_no "suites/main_test.function"
+__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
 };
 
 /**
@@ -265,9 +265,9 @@ int check_test( size_t func_idx )
 }
 
 
-$platform_code
+__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
 
-#line $line_no "suites/main_test.function"
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
 
 /*----------------------------------------------------------------------------*/
 /* Main Test code */

From 79bb19f7022ee71b7dd1befd98de7faa03bf83e6 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 2 Nov 2022 14:07:46 +0000
Subject: [PATCH 060/112] Remove redundant checks for renegotiation

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_cli.c | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 5df2758da0..4817bd6413 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1089,11 +1089,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
      * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
      * generate and include a Session ID in the TLS ClientHello."
      */
-    renegotiating = 0;
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-        renegotiating = 1;
-#endif
     if( !renegotiating )
     {
         if( ssl->session_negotiate->ticket != NULL &&
@@ -1209,11 +1204,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     /*
      * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
      */
-    renegotiating = 0;
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-        renegotiating = 1;
-#endif
     if( !renegotiating )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );

From dbb6f08c3fe57e84a17c72ac13ad05514dd7c926 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 2 Nov 2022 15:33:31 +0000
Subject: [PATCH 061/112] Eliminate bad_params variable

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_cli.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4817bd6413..41ea83fa15 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2694,17 +2694,14 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
 
-    int bad_params = 0;
 #if defined(MBEDTLS_ECP_C)
     if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
-        bad_params = 1;
+        return( -1 );
 #else
     if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
         ssl->handshake->ecdh_ctx.grp.nbits > 521 )
-        bad_params = 1;
-#endif
-    if( bad_params )
         return( -1 );
+#endif
 
     MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
                             MBEDTLS_DEBUG_ECDH_QP );

From 0448de58d7e2d54167914a31689e9e9bb6eda701 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 2 Nov 2022 18:05:24 +0000
Subject: [PATCH 062/112] Simplify logic in ssl_cli.c

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_cli.c | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 41ea83fa15..6e4ca3b0f5 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3454,20 +3454,18 @@ start_processing:
         if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
                         md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
         {
-            int send_alert_msg = 1;
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS );
-#endif
-            if( send_alert_msg )
-                mbedtls_ssl_send_alert_message(
-                    ssl,
-                    MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                    MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
             if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-                ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
+                return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
+            }
 #endif
+            mbedtls_ssl_send_alert_message(
+                ssl,
+                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
             return( ret );
         }
 

From 0955f82642daee37a6badd4ff9a30da470cca5f8 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Mon, 7 Nov 2022 14:24:21 +0000
Subject: [PATCH 063/112] Tidy up compression logic with auxiliary function

This refactors some logic in ssl_cli.c, removing some previously added
technical debt.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_cli.c | 44 ++++++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 6e4ca3b0f5..9cce2e6bc3 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2055,6 +2055,29 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+static int is_compression_ok( mbedtls_ssl_context *ssl, unsigned char comp )
+{
+    int accept_comp = 1;
+
+    /* Suppress warnings in some configurations */
+    ( void )ssl;
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    /* See comments in ssl_write_client_hello() */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        accept_comp = 0;
+#endif
+
+    if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
+        comp != MBEDTLS_SSL_COMPRESS_DEFLATE )
+        accept_comp = 0;
+#else /* MBEDTLS_ZLIB_SUPPORT */
+    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
+        accept_comp = 0;
+#endif/* MBEDTLS_ZLIB_SUPPORT */
+    return accept_comp;
+}
+
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
 {
@@ -2063,9 +2086,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
     size_t ext_len;
     unsigned char *buf, *ext;
     unsigned char comp;
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    int accept_comp;
-#endif
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     int renegotiation_info_seen = 0;
 #endif
@@ -2234,23 +2254,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
      */
     comp = buf[37 + n];
 
-    int bad_comp = 0;
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    /* See comments in ssl_write_client_hello() */
-    accept_comp = 1;
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        accept_comp = 0;
-#endif
-
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
-        ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
-        bad_comp = 1;
-#else /* MBEDTLS_ZLIB_SUPPORT */
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
-        bad_comp = 1;
-#endif/* MBEDTLS_ZLIB_SUPPORT */
-    if( bad_comp )
+    if( !is_compression_ok(ssl, comp) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1,
             ( "server hello, bad compression: %d", comp ) );

From 9fc2f959b3c21638f5976baf1c34f1a02a729f14 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Mon, 7 Nov 2022 14:28:30 +0000
Subject: [PATCH 064/112] Change 0-checks to NULL-checks in ecp.c

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ecp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ecp.c b/library/ecp.c
index 402d5dedbb..80adc55c8b 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2051,7 +2051,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R
 
         int have_rng = 1;
 #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-        if( f_rng == 0 )
+        if( f_rng == NULL )
             have_rng = 0;
 #endif
         if( have_rng )
@@ -2190,7 +2190,7 @@ final_norm:
      */
     int have_rng = 1;
 #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    if( f_rng == 0 )
+    if( f_rng == NULL )
         have_rng = 0;
 #endif
     if( have_rng )

From bcc18f2becec68270a759924aeca9f83e104f212 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Mon, 7 Nov 2022 14:41:13 +0000
Subject: [PATCH 065/112] Simplify PSA fallback logic in ssl_ticket.c

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_ticket.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index e6abe850da..8a57789f10 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -148,16 +148,22 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
 
     int do_mbedtls_cipher_setup = 1;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    do_mbedtls_cipher_setup = 0;
-
     ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
                                     cipher_info, TICKET_AUTH_TAG_BYTES );
-    if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-        return( ret );
-    /* We don't yet expect to support all ciphers through PSA,
-     * so allow fallback to ordinary mbedtls_cipher_setup(). */
-    if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-        do_mbedtls_cipher_setup = 1;
+
+    switch( ret )
+    {
+        case 0:
+            do_mbedtls_cipher_setup = 0;
+            break;
+        case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
+            /* We don't yet expect to support all ciphers through PSA,
+             * so allow fallback to ordinary mbedtls_cipher_setup(). */
+            do_mbedtls_cipher_setup = 1;
+            break;
+        default:
+            return( ret );
+    }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     if( do_mbedtls_cipher_setup )
         if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) )

From 08a37516ffdbcd27b2748350492c91693f231ce0 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Mon, 7 Nov 2022 15:55:00 +0000
Subject: [PATCH 066/112] Minor style fixes to ssl_cli.c

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_cli.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9cce2e6bc3..4bef15cd4e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2060,7 +2060,7 @@ static int is_compression_ok( mbedtls_ssl_context *ssl, unsigned char comp )
     int accept_comp = 1;
 
     /* Suppress warnings in some configurations */
-    ( void )ssl;
+    (void) ssl;
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     /* See comments in ssl_write_client_hello() */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -2254,7 +2254,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
      */
     comp = buf[37 + n];
 
-    if( !is_compression_ok(ssl, comp) )
+    if( !is_compression_ok( ssl, comp ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1,
             ( "server hello, bad compression: %d", comp ) );

From b410566ba7b4ef9987161976133a9d8abde77c72 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Mon, 7 Nov 2022 16:33:57 +0000
Subject: [PATCH 067/112] Reverse logic for compression in ssl_cli.c

Change is_compression_ok() to is_compression_bad() for more semantics
that are a better match for what's really going on in the case of no
compression support.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_cli.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4bef15cd4e..e3aefc66e1 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2055,9 +2055,9 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-static int is_compression_ok( mbedtls_ssl_context *ssl, unsigned char comp )
+static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp )
 {
-    int accept_comp = 1;
+    int bad_comp = 0;
 
     /* Suppress warnings in some configurations */
     (void) ssl;
@@ -2065,17 +2065,17 @@ static int is_compression_ok( mbedtls_ssl_context *ssl, unsigned char comp )
     /* See comments in ssl_write_client_hello() */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        accept_comp = 0;
+        bad_comp = 1;
 #endif
 
     if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
         comp != MBEDTLS_SSL_COMPRESS_DEFLATE )
-        accept_comp = 0;
+        bad_comp = 1;
 #else /* MBEDTLS_ZLIB_SUPPORT */
     if( comp != MBEDTLS_SSL_COMPRESS_NULL )
-        accept_comp = 0;
+        bad_comp = 1;
 #endif/* MBEDTLS_ZLIB_SUPPORT */
-    return accept_comp;
+    return bad_comp;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
@@ -2254,7 +2254,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
      */
     comp = buf[37 + n];
 
-    if( !is_compression_ok( ssl, comp ) )
+    if( is_compression_bad( ssl, comp ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1,
             ( "server hello, bad compression: %d", comp ) );

From a084c93be9dc75f387ebd280a23a4209b84d6be7 Mon Sep 17 00:00:00 2001
From: Jan Bruckner <jan@janbruckner.de>
Date: Mon, 7 Nov 2022 15:28:49 +0100
Subject: [PATCH 068/112] Fix outdated reference in debug message

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
---
 library/ssl_msg.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 815af7b76b..2af58a4d81 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1884,8 +1884,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
 
     if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
-                            "or mbedtls_ssl_set_bio()" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
@@ -2100,8 +2099,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
 
     if( ssl->f_send == NULL )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
-                            "or mbedtls_ssl_set_bio()" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 

From 1dccfdb904d41509e127d19ce77e259782d725c1 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Tue, 8 Nov 2022 02:25:01 -0500
Subject: [PATCH 069/112] Add comments for some forbidden aliasing in bignum

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
 include/mbedtls/bignum.h | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index f2094908d3..60c1ce2cd6 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -761,11 +761,11 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
  *
  * \param Q        The destination MPI for the quotient.
  *                 This may be \c NULL if the value of the
- *                 quotient is not needed.
+ *                 quotient is not needed. This must not alias A or B.
  * \param R        The destination MPI for the remainder value.
  *                 This may be \c NULL if the value of the
- *                 remainder is not needed.
- * \param A        The dividend. This must point to an initialized MPi.
+ *                 remainder is not needed. This must not alias A or B.
+ * \param A        The dividend. This must point to an initialized MPI.
  * \param B        The divisor. This must point to an initialized MPI.
  *
  * \return         \c 0 if successful.
@@ -782,10 +782,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
  *
  * \param Q        The destination MPI for the quotient.
  *                 This may be \c NULL if the value of the
- *                 quotient is not needed.
+ *                 quotient is not needed.  This must not alias A.
  * \param R        The destination MPI for the remainder value.
  *                 This may be \c NULL if the value of the
- *                 remainder is not needed.
+ *                 remainder is not needed.  This must not alias A.
  * \param A        The dividend. This must point to an initialized MPi.
  * \param b        The divisor.
  *
@@ -840,6 +840,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
  * \brief          Perform a sliding-window exponentiation: X = A^E mod N
  *
  * \param X        The destination MPI. This must point to an initialized MPI.
+ *                 This must not alias E or N.
  * \param A        The base of the exponentiation.
  *                 This must point to an initialized MPI.
  * \param E        The exponent MPI. This must point to an initialized MPI.

From 78dea63de93b90e6676c8dd89b94923651cd958e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 7 Nov 2022 10:05:49 +0100
Subject: [PATCH 070/112] Improve test suite detection in run-test-suites.pl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Looking for executables causes problems with leftover compiled test
suites from other branches when we forget to run make clean before
switching branches. Using the .data files is more robust as most of them
are tracked, so will be removed when switching branches.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/scripts/run-test-suites.pl | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 22eadd1805..8a5bb937dc 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -50,11 +50,13 @@ GetOptions(
            'verbose|v:1' => \$verbose,
           ) or die;
 
-# All test suites = executable files, excluding source files, debug
-# and profiling information, etc. We can't just grep {! /\./} because
-# some of our test cases' base names contain a dot.
-my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*';
-@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites;
+# All test suites = executable files derived from a .data file.
+my @suites = ();
+for my $data_file (glob 'suites/test_suite_*.data') {
+    (my $base = $data_file) =~ s#^suites/(.*)\.data$#$1#;
+    push @suites, $base if -x $base;
+    push @suites, "$base.exe" if -e "$base.exe";
+}
 die "$0: no test suite found\n" unless @suites;
 
 # "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"

From 1d00c3dea6eeb1805b5839222713ffea414c21da Mon Sep 17 00:00:00 2001
From: aditya-deshpande-arm
 <112866256+aditya-deshpande-arm@users.noreply.github.com>
Date: Tue, 8 Nov 2022 16:08:13 +0000
Subject: [PATCH 071/112] Add comments after #endif

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_cli.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index e3aefc66e1..788c190de4 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2687,7 +2687,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
     grp_id = ssl->handshake->ecdh_ctx.grp.id;
 #else
     grp_id = ssl->handshake->ecdh_ctx.grp_id;
-#endif
+#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
 
     curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
     if( curve_info == NULL )
@@ -2705,7 +2705,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
     if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
         ssl->handshake->ecdh_ctx.grp.nbits > 521 )
         return( -1 );
-#endif
+#endif /* MBEDTLS_ECP_C */
 
     MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
                             MBEDTLS_DEBUG_ECDH_QP );
@@ -3453,7 +3453,7 @@ start_processing:
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
         if( ssl->handshake->ecrs_enabled )
             rs_ctx = &ssl->handshake->ecrs_ctx.pk;
-#endif
+#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
 
         if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
                         md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
@@ -3464,7 +3464,7 @@ start_processing:
                 MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
                 return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
             }
-#endif
+#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,

From da2fe26db7dc66fcab316e0e0f39eb89052cdc9f Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 9 Nov 2022 14:35:23 +0000
Subject: [PATCH 072/112] Fix incorrect condition in is_compression_bad()

The transport is allowed to be MBEDTLS_SSL_TRANSPORT_DATAGRAM when the
compression is MBEDTLS_SSL_COMPRESS_NULL.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/ssl_cli.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 788c190de4..3475aa42f4 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2064,7 +2064,8 @@ static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp )
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     /* See comments in ssl_write_client_hello() */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        comp != MBEDTLS_SSL_COMPRESS_NULL )
         bad_comp = 1;
 #endif
 

From 8eff06f1d6bf7d510b883e2663cd231a9cf45d84 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 9 Nov 2022 17:27:33 +0000
Subject: [PATCH 073/112] Minor improvements to test code script

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/scripts/generate_test_code.py | 65 +++++++++++++++--------------
 1 file changed, 34 insertions(+), 31 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 6d65986c88..938f24cf4f 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -126,33 +126,39 @@ code that is generated or read from helpers and platform files.
 This script replaces following fields in the template and generates
 the test source file:
 
-__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS    <-- All common code from helpers.function
-                                                    is substituted here.
-__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE         <-- Test functions are substituted here
-                                                    from the input test_suit_xyz.function
-                                                    file. C preprocessor checks are generated
-                                                    for the build dependencies specified
-                                                    in the input file. This script also
-                                                    generates wrappers for the test
-                                                    functions with code to expand the
-                                                    string parameters read from the data
-                                                    file.
-__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE        <-- This script enumerates the
-                                                    expressions in the .data file and
-                                                    generates code to handle enumerated
-                                                    expression Ids and return the values.
-__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE         <-- This script enumerates all
-                                                    build dependencies and generate
-                                                    code to handle enumerated build
-                                                    dependency Id and return status: if
-                                                    the dependency is defined or not.
-__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE          <-- This script enumerates the functions
-                                                    specified in the input test data file
-                                                    and generates the initializer for the
-                                                    function table in the template
-                                                    file.
-__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE          <-- Platform specific setup and test
-                                                    dispatch code.
+__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
+            All common code from helpers.function
+            is substituted here.
+__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
+            Test functions are substituted here
+            from the input test_suit_xyz.function
+            file. C preprocessor checks are generated
+            for the build dependencies specified
+            in the input file. This script also
+            generates wrappers for the test
+            functions with code to expand the
+            string parameters read from the data
+            file.
+__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
+            This script enumerates the
+            expressions in the .data file and
+            generates code to handle enumerated
+            expression Ids and return the values.
+__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
+            This script enumerates all
+            build dependencies and generate
+            code to handle enumerated build
+            dependency Id and return status: if
+            the dependency is defined or not.
+__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
+            This script enumerates the functions
+            specified in the input test data file
+            and generates the initializer for the
+            function table in the template
+            file.
+__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
+            Platform specific setup and test
+            dispatch code.
 
 """
 
@@ -985,10 +991,7 @@ def write_test_source_file(template_file, c_file, snippets):
     braced = "(?P<braced>(?!))"
     # If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid.
     invalid = "(?P<invalid>__MBEDTLS_TEST_TEMPLATE__)"
-    placeholder_pattern = re.compile(escaped \
-            + "|" + named \
-            + "|" + braced \
-            + "|" + invalid)
+    placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid]))
 
     with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
         for line_no, line in enumerate(template_f.readlines(), 1):

From 5b68608b4014b35d1405c459e06975f3743c705c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 21 Oct 2022 18:54:43 +0200
Subject: [PATCH 074/112] Rename test_suite_bignum for consistency with
 bignum.{h,c}

Align the name of the bignum test suite with the source module (which was
renamed from mpi.c to bignum.c in the PolarSSL 1.x days). This also brings
it into line with the test suites for the low-level bignum interfaces.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/generate_bignum_tests.py                        | 4 ++--
 tests/suites/{test_suite_mpi.data => test_suite_bignum.data}  | 0
 .../{test_suite_mpi.function => test_suite_bignum.function}   | 0
 ...te_mpi.generated.data => test_suite_bignum.generated.data} | 0
 4 files changed, 2 insertions(+), 2 deletions(-)
 rename tests/suites/{test_suite_mpi.data => test_suite_bignum.data} (100%)
 rename tests/suites/{test_suite_mpi.function => test_suite_bignum.function} (100%)
 rename tests/suites/{test_suite_mpi.generated.data => test_suite_bignum.generated.data} (100%)

diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
index 091630decc..5cb7997af0 100755
--- a/tests/scripts/generate_bignum_tests.py
+++ b/tests/scripts/generate_bignum_tests.py
@@ -85,8 +85,8 @@ def combination_pairs(values: List[T]) -> List[Tuple[T, T]]:
 
 class BignumTarget(test_data_generation.BaseTarget, metaclass=ABCMeta):
     #pylint: disable=abstract-method
-    """Target for bignum (mpi) test case generation."""
-    target_basename = 'test_suite_mpi.generated'
+    """Target for bignum (legacy) test case generation."""
+    target_basename = 'test_suite_bignum.generated'
 
 
 class BignumOperation(BignumTarget, metaclass=ABCMeta):
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_bignum.data
similarity index 100%
rename from tests/suites/test_suite_mpi.data
rename to tests/suites/test_suite_bignum.data
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_bignum.function
similarity index 100%
rename from tests/suites/test_suite_mpi.function
rename to tests/suites/test_suite_bignum.function
diff --git a/tests/suites/test_suite_mpi.generated.data b/tests/suites/test_suite_bignum.generated.data
similarity index 100%
rename from tests/suites/test_suite_mpi.generated.data
rename to tests/suites/test_suite_bignum.generated.data

From 618f9899541bf9510efc99a383e9102c011c0750 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 21 Oct 2022 18:56:47 +0200
Subject: [PATCH 075/112] Don't use test_suite_mpi as an example

It just got renamed, and it's also not the most canonical example since it's
a somewhat deprecated interface in the development branch. Make a different
module the example.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/generate-afl-tests.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index 7c9f432ae4..a640b566dd 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -6,7 +6,7 @@
 #
 # Usage: generate-afl-tests.sh <test data file path>
 #  <test data file path> - should be the path to one of the test suite files
-#                          such as 'test_suite_mpi.data'
+#                          such as 'test_suite_rsa.data'
 #
 # Copyright The Mbed TLS Contributors
 # SPDX-License-Identifier: Apache-2.0

From d5c76cfd9f64b0fe3ee8108275ee3efa2edd522a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 21 Oct 2022 19:00:38 +0200
Subject: [PATCH 076/112] Avoid having both test_suite_XXX.data and
 test_suite_XXX.*.data

Although our build scripts support that, it's annoying, because it makes
"test_suite_XXX" ambiguous between "all the data for
test_suite_XXX.function" and "just test_suite_XXX.data".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .../{test_suite_bignum.data => test_suite_bignum.misc.data}       | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename tests/suites/{test_suite_bignum.data => test_suite_bignum.misc.data} (100%)

diff --git a/tests/suites/test_suite_bignum.data b/tests/suites/test_suite_bignum.misc.data
similarity index 100%
rename from tests/suites/test_suite_bignum.data
rename to tests/suites/test_suite_bignum.misc.data

From 4d4b077751da56fe86cb3626b7f6843ddc6d3ccd Mon Sep 17 00:00:00 2001
From: Yanray Wang <yanray.wang@arm.com>
Date: Thu, 10 Nov 2022 14:37:20 +0800
Subject: [PATCH 077/112] Add output of build version in ssl_server2 and
 ssl_client2

Backport the changes in PR 6436 to mbedtls-2.28.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
---
 programs/ssl/ssl_client2.c | 15 +++++++++++++++
 programs/ssl/ssl_server2.c | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 30ecf68d98..5efd147d9b 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -375,6 +375,8 @@ int main( void )
     "                        a second non-empty message before attempting\n" \
     "                        to read a response from the server\n"           \
     "    debug_level=%%d      default: 0 (disabled)\n"             \
+    "    build_version=%%d    default: none (disabled)\n"                     \
+    "                        option: 1 (print build version only and stop)\n" \
     "    nbio=%%d             default: 0 (blocking I/O)\n"         \
     "                        options: 1 (non-blocking), 2 (added delays)\n"   \
     "    event=%%d            default: 0 (loop)\n"                            \
@@ -901,6 +903,16 @@ int main( int argc, char *argv[] )
             if( opt.debug_level < 0 || opt.debug_level > 65535 )
                 goto usage;
         }
+        else if( strcmp( p, "build_version" ) == 0 )
+        {
+            if( strcmp( q, "1" ) == 0 )
+            {
+                mbedtls_printf( "build version: %s (build %d)\n",
+                                MBEDTLS_VERSION_STRING_FULL,
+                                MBEDTLS_VERSION_NUMBER );
+                goto exit;
+            }
+        }
         else if( strcmp( p, "context_crt_cb" ) == 0 )
         {
             opt.context_crt_cb = atoi( q );
@@ -1531,6 +1543,9 @@ int main( int argc, char *argv[] )
     }
 #endif /* MBEDTLS_SSL_ALPN */
 
+    mbedtls_printf( "build version: %s (build %d)\n",
+                    MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
+
     /*
      * 0. Initialize the RNG and the session data
      */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 283216b8b6..1f0ac553c6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -466,6 +466,8 @@ int main( void )
     "    server_addr=%%s      default: (all interfaces)\n"  \
     "    server_port=%%d      default: 4433\n"              \
     "    debug_level=%%d      default: 0 (disabled)\n"      \
+    "    build_version=%%d    default: none (disabled)\n"                     \
+    "                        option: 1 (print build version only and stop)\n" \
     "    buffer_size=%%d      default: 200 \n" \
     "                         (minimum: 1, max: 16385)\n" \
     "    response_size=%%d    default: about 152 (basic response)\n" \
@@ -1588,6 +1590,16 @@ int main( int argc, char *argv[] )
             if( opt.debug_level < 0 || opt.debug_level > 65535 )
                 goto usage;
         }
+        else if( strcmp( p, "build_version" ) == 0 )
+        {
+            if( strcmp( q, "1" ) == 0 )
+            {
+                mbedtls_printf( "build version: %s (build %d)\n",
+                                MBEDTLS_VERSION_STRING_FULL,
+                                MBEDTLS_VERSION_NUMBER );
+                goto exit;
+            }
+        }
         else if( strcmp( p, "nbio" ) == 0 )
         {
             opt.nbio = atoi( q );
@@ -2335,6 +2347,9 @@ int main( int argc, char *argv[] )
     }
 #endif /* MBEDTLS_SSL_ALPN */
 
+    mbedtls_printf( "build version: %s (build %d)\n",
+                    MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
+
     /*
      * 0. Initialize the RNG and the session data
      */

From d818c0856cc04547924fbfcc7b53d96a015094a1 Mon Sep 17 00:00:00 2001
From: Yanray Wang <yanray.wang@arm.com>
Date: Thu, 10 Nov 2022 16:30:57 +0800
Subject: [PATCH 078/112] Fix: include version.h in ssl_test_lib.h

In development, mbedtls/version.h is getting included indirectly
in via mbedtls/build_info.h, but this doesn't happen in 2.28.
This commit add this dependency in ssl_test_lib.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
---
 programs/ssl/ssl_test_lib.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index e58e2daac9..e02cf0a3c9 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -20,6 +20,8 @@
 #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
 #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
 
+#include "mbedtls/version.h"
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else

From 4e47bdc2fa72cd1c9a77f59568646e9bf71926e3 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 9 Nov 2022 21:34:09 +0100
Subject: [PATCH 079/112] Unify mbedtls_mpi_add_mpi and mbedtls_mpi_sub_mpi

mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi() have the same logic, just
with one bit to flip in the sign calculation. Move the shared logic to a new
auxiliary function. This slightly reduces the code size (if the compiler
doesn't inline) and reduces the maintenance burden.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/bignum.c | 47 +++++++++++++++--------------------------------
 1 file changed, 15 insertions(+), 32 deletions(-)

diff --git a/library/bignum.c b/library/bignum.c
index ce72b1fb0e..d96c88f098 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1249,10 +1249,12 @@ cleanup:
     return( ret );
 }
 
-/*
- * Signed addition: X = A + B
+/* Common function for signed addition and subtraction.
+ * Calculate A + B * flip_B where flip_B is 1 or -1.
  */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+static int add_sub_mpi( mbedtls_mpi *X,
+                        const mbedtls_mpi *A, const mbedtls_mpi *B,
+                        int flip_B )
 {
     int ret, s;
     MPI_VALIDATE_RET( X != NULL );
@@ -1260,7 +1262,7 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
     MPI_VALIDATE_RET( B != NULL );
 
     s = A->s;
-    if( A->s * B->s < 0 )
+    if( A->s * B->s * flip_B < 0 )
     {
         if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
         {
@@ -1284,39 +1286,20 @@ cleanup:
     return( ret );
 }
 
+/*
+ * Signed addition: X = A + B
+ */
+int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    return( add_sub_mpi( X, A, B, 1 ) );
+}
+
 /*
  * Signed subtraction: X = A - B
  */
 int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
 {
-    int ret, s;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
-
-    s = A->s;
-    if( A->s * B->s > 0 )
-    {
-        if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
-            X->s =  s;
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
-            X->s = -s;
-        }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
-        X->s = s;
-    }
-
-cleanup:
-
-    return( ret );
+    return( add_sub_mpi( X, A, B, -1 ) );
 }
 
 /*

From cae0c745fcc50a50c63f445252c325360c68f789 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 9 Nov 2022 21:55:33 +0100
Subject: [PATCH 080/112] Document invariants of MPI objects

Note that s must be +1 for zero.

Note that p may be NULL for zero, when n is 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/bignum.h | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 60c1ce2cd6..cede923f74 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -191,9 +191,27 @@ extern "C" {
  */
 typedef struct mbedtls_mpi
 {
-    int s;              /*!<  Sign: -1 if the mpi is negative, 1 otherwise */
-    size_t n;           /*!<  total # of limbs  */
-    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
+    /** Sign: -1 if the mpi is negative, 1 otherwise.
+     *
+     * The number 0 must be represented with `s = +1`. Although many library
+     * functions treat all-limbs-zero as equivalent to a valid representation
+     * of 0 regardless of the sign bit, there are exceptions, so bignum
+     * functions and external callers must always set \c s to +1 for the
+     * number zero.
+     *
+     * Note that this implies that calloc() or `... = {0}` does not create
+     * a valid MPI representation. You must call mbedtls_mpi_init().
+     */
+    int s;
+
+    /** Total number of limbs in \c p.  */
+    size_t n;
+
+    /** Pointer to limbs.
+     *
+     * This may be \c NULL if \c n is 0.
+     */
+    mbedtls_mpi_uint *p;
 }
 mbedtls_mpi;
 

From ee78b6e6423a080cad320252030d0f7f002614f6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 9 Nov 2022 21:57:52 +0100
Subject: [PATCH 081/112] For binary operations, test both x op y and y op x

This exposes a bug in mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi() which
will be fixed in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/generate_bignum_tests.py        |   9 +-
 tests/suites/test_suite_bignum.generated.data | 476 ++++++++++++++----
 2 files changed, 374 insertions(+), 111 deletions(-)

diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
index 5cb7997af0..174398d4d2 100755
--- a/tests/scripts/generate_bignum_tests.py
+++ b/tests/scripts/generate_bignum_tests.py
@@ -54,7 +54,6 @@ of BaseTarget in test_data_generation.py.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import itertools
 import sys
 import typing
 
@@ -75,13 +74,7 @@ def quote_str(val) -> str:
 
 def combination_pairs(values: List[T]) -> List[Tuple[T, T]]:
     """Return all pair combinations from input values."""
-    # The return value is cast, as older versions of mypy are unable to derive
-    # the specific type returned by itertools.combinations_with_replacement.
-    return typing.cast(
-        List[Tuple[T, T]],
-        list(itertools.combinations_with_replacement(values, 2))
-    )
-
+    return [(x, y) for x in values for y in values]
 
 class BignumTarget(test_data_generation.BaseTarget, metaclass=ABCMeta):
     #pylint: disable=abstract-method
diff --git a/tests/suites/test_suite_bignum.generated.data b/tests/suites/test_suite_bignum.generated.data
index 947d06f7fb..6924cb7cb8 100644
--- a/tests/suites/test_suite_bignum.generated.data
+++ b/tests/suites/test_suite_bignum.generated.data
@@ -24,118 +24,220 @@ mbedtls_mpi_add_mpi:"":"1230000000000000000":"1230000000000000000"
 MPI add #8 0 (null) + large negative
 mbedtls_mpi_add_mpi:"":"-1230000000000000000":"-1230000000000000000"
 
-MPI add #9 0 (1 limb) + 0 (1 limb)
+MPI add #9 0 (1 limb) + 0 (null)
+mbedtls_mpi_add_mpi:"0":"":"0"
+
+MPI add #10 0 (1 limb) + 0 (1 limb)
 mbedtls_mpi_add_mpi:"0":"0":"0"
 
-MPI add #10 0 (1 limb) + positive
+MPI add #11 0 (1 limb) + positive
 mbedtls_mpi_add_mpi:"0":"7b":"7b"
 
-MPI add #11 0 (1 limb) + negative
+MPI add #12 0 (1 limb) + negative
 mbedtls_mpi_add_mpi:"0":"-7b":"-7b"
 
-MPI add #12 0 (1 limb) + positive with leading zero limb
+MPI add #13 0 (1 limb) + positive with leading zero limb
 mbedtls_mpi_add_mpi:"0":"0000000000000000123":"123"
 
-MPI add #13 0 (1 limb) + negative with leading zero limb
+MPI add #14 0 (1 limb) + negative with leading zero limb
 mbedtls_mpi_add_mpi:"0":"-0000000000000000123":"-123"
 
-MPI add #14 0 (1 limb) + large positive
+MPI add #15 0 (1 limb) + large positive
 mbedtls_mpi_add_mpi:"0":"1230000000000000000":"1230000000000000000"
 
-MPI add #15 0 (1 limb) + large negative
+MPI add #16 0 (1 limb) + large negative
 mbedtls_mpi_add_mpi:"0":"-1230000000000000000":"-1230000000000000000"
 
-MPI add #16 positive + positive
+MPI add #17 positive + 0 (null)
+mbedtls_mpi_add_mpi:"7b":"":"7b"
+
+MPI add #18 positive + 0 (1 limb)
+mbedtls_mpi_add_mpi:"7b":"0":"7b"
+
+MPI add #19 positive + positive
 mbedtls_mpi_add_mpi:"7b":"7b":"f6"
 
-MPI add #17 positive + negative
+MPI add #20 positive + negative
 mbedtls_mpi_add_mpi:"7b":"-7b":"0"
 
-MPI add #18 positive + positive with leading zero limb
+MPI add #21 positive + positive with leading zero limb
 mbedtls_mpi_add_mpi:"7b":"0000000000000000123":"19e"
 
-MPI add #19 positive + negative with leading zero limb
+MPI add #22 positive + negative with leading zero limb
 mbedtls_mpi_add_mpi:"7b":"-0000000000000000123":"-a8"
 
-MPI add #20 positive + large positive
+MPI add #23 positive + large positive
 mbedtls_mpi_add_mpi:"7b":"1230000000000000000":"123000000000000007b"
 
-MPI add #21 positive + large negative
+MPI add #24 positive + large negative
 mbedtls_mpi_add_mpi:"7b":"-1230000000000000000":"-122ffffffffffffff85"
 
-MPI add #22 negative + negative
+MPI add #25 negative + 0 (null)
+mbedtls_mpi_add_mpi:"-7b":"":"-7b"
+
+MPI add #26 negative + 0 (1 limb)
+mbedtls_mpi_add_mpi:"-7b":"0":"-7b"
+
+MPI add #27 negative + positive
+mbedtls_mpi_add_mpi:"-7b":"7b":"0"
+
+MPI add #28 negative + negative
 mbedtls_mpi_add_mpi:"-7b":"-7b":"-f6"
 
-MPI add #23 negative + positive with leading zero limb
+MPI add #29 negative + positive with leading zero limb
 mbedtls_mpi_add_mpi:"-7b":"0000000000000000123":"a8"
 
-MPI add #24 negative + negative with leading zero limb
+MPI add #30 negative + negative with leading zero limb
 mbedtls_mpi_add_mpi:"-7b":"-0000000000000000123":"-19e"
 
-MPI add #25 negative + large positive
+MPI add #31 negative + large positive
 mbedtls_mpi_add_mpi:"-7b":"1230000000000000000":"122ffffffffffffff85"
 
-MPI add #26 negative + large negative
+MPI add #32 negative + large negative
 mbedtls_mpi_add_mpi:"-7b":"-1230000000000000000":"-123000000000000007b"
 
-MPI add #27 positive with leading zero limb + positive with leading zero limb
+MPI add #33 positive with leading zero limb + 0 (null)
+mbedtls_mpi_add_mpi:"0000000000000000123":"":"123"
+
+MPI add #34 positive with leading zero limb + 0 (1 limb)
+mbedtls_mpi_add_mpi:"0000000000000000123":"0":"123"
+
+MPI add #35 positive with leading zero limb + positive
+mbedtls_mpi_add_mpi:"0000000000000000123":"7b":"19e"
+
+MPI add #36 positive with leading zero limb + negative
+mbedtls_mpi_add_mpi:"0000000000000000123":"-7b":"a8"
+
+MPI add #37 positive with leading zero limb + positive with leading zero limb
 mbedtls_mpi_add_mpi:"0000000000000000123":"0000000000000000123":"246"
 
-MPI add #28 positive with leading zero limb + negative with leading zero limb
+MPI add #38 positive with leading zero limb + negative with leading zero limb
 mbedtls_mpi_add_mpi:"0000000000000000123":"-0000000000000000123":"0"
 
-MPI add #29 positive with leading zero limb + large positive
+MPI add #39 positive with leading zero limb + large positive
 mbedtls_mpi_add_mpi:"0000000000000000123":"1230000000000000000":"1230000000000000123"
 
-MPI add #30 positive with leading zero limb + large negative
+MPI add #40 positive with leading zero limb + large negative
 mbedtls_mpi_add_mpi:"0000000000000000123":"-1230000000000000000":"-122fffffffffffffedd"
 
-MPI add #31 negative with leading zero limb + negative with leading zero limb
+MPI add #41 negative with leading zero limb + 0 (null)
+mbedtls_mpi_add_mpi:"-0000000000000000123":"":"-123"
+
+MPI add #42 negative with leading zero limb + 0 (1 limb)
+mbedtls_mpi_add_mpi:"-0000000000000000123":"0":"-123"
+
+MPI add #43 negative with leading zero limb + positive
+mbedtls_mpi_add_mpi:"-0000000000000000123":"7b":"-a8"
+
+MPI add #44 negative with leading zero limb + negative
+mbedtls_mpi_add_mpi:"-0000000000000000123":"-7b":"-19e"
+
+MPI add #45 negative with leading zero limb + positive with leading zero limb
+mbedtls_mpi_add_mpi:"-0000000000000000123":"0000000000000000123":"0"
+
+MPI add #46 negative with leading zero limb + negative with leading zero limb
 mbedtls_mpi_add_mpi:"-0000000000000000123":"-0000000000000000123":"-246"
 
-MPI add #32 negative with leading zero limb + large positive
+MPI add #47 negative with leading zero limb + large positive
 mbedtls_mpi_add_mpi:"-0000000000000000123":"1230000000000000000":"122fffffffffffffedd"
 
-MPI add #33 negative with leading zero limb + large negative
+MPI add #48 negative with leading zero limb + large negative
 mbedtls_mpi_add_mpi:"-0000000000000000123":"-1230000000000000000":"-1230000000000000123"
 
-MPI add #34 large positive + large positive
+MPI add #49 large positive + 0 (null)
+mbedtls_mpi_add_mpi:"1230000000000000000":"":"1230000000000000000"
+
+MPI add #50 large positive + 0 (1 limb)
+mbedtls_mpi_add_mpi:"1230000000000000000":"0":"1230000000000000000"
+
+MPI add #51 large positive + positive
+mbedtls_mpi_add_mpi:"1230000000000000000":"7b":"123000000000000007b"
+
+MPI add #52 large positive + negative
+mbedtls_mpi_add_mpi:"1230000000000000000":"-7b":"122ffffffffffffff85"
+
+MPI add #53 large positive + positive with leading zero limb
+mbedtls_mpi_add_mpi:"1230000000000000000":"0000000000000000123":"1230000000000000123"
+
+MPI add #54 large positive + negative with leading zero limb
+mbedtls_mpi_add_mpi:"1230000000000000000":"-0000000000000000123":"122fffffffffffffedd"
+
+MPI add #55 large positive + large positive
 mbedtls_mpi_add_mpi:"1230000000000000000":"1230000000000000000":"2460000000000000000"
 
-MPI add #35 large positive + large negative
+MPI add #56 large positive + large negative
 mbedtls_mpi_add_mpi:"1230000000000000000":"-1230000000000000000":"0"
 
-MPI add #36 large negative + large negative
+MPI add #57 large negative + 0 (null)
+mbedtls_mpi_add_mpi:"-1230000000000000000":"":"-1230000000000000000"
+
+MPI add #58 large negative + 0 (1 limb)
+mbedtls_mpi_add_mpi:"-1230000000000000000":"0":"-1230000000000000000"
+
+MPI add #59 large negative + positive
+mbedtls_mpi_add_mpi:"-1230000000000000000":"7b":"-122ffffffffffffff85"
+
+MPI add #60 large negative + negative
+mbedtls_mpi_add_mpi:"-1230000000000000000":"-7b":"-123000000000000007b"
+
+MPI add #61 large negative + positive with leading zero limb
+mbedtls_mpi_add_mpi:"-1230000000000000000":"0000000000000000123":"-122fffffffffffffedd"
+
+MPI add #62 large negative + negative with leading zero limb
+mbedtls_mpi_add_mpi:"-1230000000000000000":"-0000000000000000123":"-1230000000000000123"
+
+MPI add #63 large negative + large positive
+mbedtls_mpi_add_mpi:"-1230000000000000000":"1230000000000000000":"0"
+
+MPI add #64 large negative + large negative
 mbedtls_mpi_add_mpi:"-1230000000000000000":"-1230000000000000000":"-2460000000000000000"
 
-MPI add #37 large positive + large positive
+MPI add #65 large positive + large positive
 mbedtls_mpi_add_mpi:"1c67967269c6":"1c67967269c6":"38cf2ce4d38c"
 
-MPI add #38 large positive + positive
+MPI add #66 large positive + positive
 mbedtls_mpi_add_mpi:"1c67967269c6":"9cde3":"1c67967c37a9"
 
-MPI add #39 large positive + large negative
+MPI add #67 large positive + large negative
 mbedtls_mpi_add_mpi:"1c67967269c6":"-1c67967269c6":"0"
 
-MPI add #40 large positive + negative
+MPI add #68 large positive + negative
 mbedtls_mpi_add_mpi:"1c67967269c6":"-9cde3":"1c6796689be3"
 
-MPI add #41 positive + positive
+MPI add #69 positive + large positive
+mbedtls_mpi_add_mpi:"9cde3":"1c67967269c6":"1c67967c37a9"
+
+MPI add #70 positive + positive
 mbedtls_mpi_add_mpi:"9cde3":"9cde3":"139bc6"
 
-MPI add #42 positive + large negative
+MPI add #71 positive + large negative
 mbedtls_mpi_add_mpi:"9cde3":"-1c67967269c6":"-1c6796689be3"
 
-MPI add #43 positive + negative
+MPI add #72 positive + negative
 mbedtls_mpi_add_mpi:"9cde3":"-9cde3":"0"
 
-MPI add #44 large negative + large negative
+MPI add #73 large negative + large positive
+mbedtls_mpi_add_mpi:"-1c67967269c6":"1c67967269c6":"0"
+
+MPI add #74 large negative + positive
+mbedtls_mpi_add_mpi:"-1c67967269c6":"9cde3":"-1c6796689be3"
+
+MPI add #75 large negative + large negative
 mbedtls_mpi_add_mpi:"-1c67967269c6":"-1c67967269c6":"-38cf2ce4d38c"
 
-MPI add #45 large negative + negative
+MPI add #76 large negative + negative
 mbedtls_mpi_add_mpi:"-1c67967269c6":"-9cde3":"-1c67967c37a9"
 
-MPI add #46 negative + negative
+MPI add #77 negative + large positive
+mbedtls_mpi_add_mpi:"-9cde3":"1c67967269c6":"1c6796689be3"
+
+MPI add #78 negative + positive
+mbedtls_mpi_add_mpi:"-9cde3":"9cde3":"0"
+
+MPI add #79 negative + large negative
+mbedtls_mpi_add_mpi:"-9cde3":"-1c67967269c6":"-1c67967c37a9"
+
+MPI add #80 negative + negative
 mbedtls_mpi_add_mpi:"-9cde3":"-9cde3":"-139bc6"
 
 MPI compare #1 0 (null) == 0 (null)
@@ -162,100 +264,184 @@ mbedtls_mpi_cmp_mpi:"":"1230000000000000000":-1
 MPI compare #8 0 (null) > large negative
 mbedtls_mpi_cmp_mpi:"":"-1230000000000000000":1
 
-MPI compare #9 0 (1 limb) == 0 (1 limb)
+MPI compare #9 0 (1 limb) == 0 (null)
+mbedtls_mpi_cmp_mpi:"0":"":0
+
+MPI compare #10 0 (1 limb) == 0 (1 limb)
 mbedtls_mpi_cmp_mpi:"0":"0":0
 
-MPI compare #10 0 (1 limb) < positive
+MPI compare #11 0 (1 limb) < positive
 mbedtls_mpi_cmp_mpi:"0":"7b":-1
 
-MPI compare #11 0 (1 limb) > negative
+MPI compare #12 0 (1 limb) > negative
 mbedtls_mpi_cmp_mpi:"0":"-7b":1
 
-MPI compare #12 0 (1 limb) < positive with leading zero limb
+MPI compare #13 0 (1 limb) < positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"0":"0000000000000000123":-1
 
-MPI compare #13 0 (1 limb) > negative with leading zero limb
+MPI compare #14 0 (1 limb) > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"0":"-0000000000000000123":1
 
-MPI compare #14 0 (1 limb) < large positive
+MPI compare #15 0 (1 limb) < large positive
 mbedtls_mpi_cmp_mpi:"0":"1230000000000000000":-1
 
-MPI compare #15 0 (1 limb) > large negative
+MPI compare #16 0 (1 limb) > large negative
 mbedtls_mpi_cmp_mpi:"0":"-1230000000000000000":1
 
-MPI compare #16 positive == positive
+MPI compare #17 positive > 0 (null)
+mbedtls_mpi_cmp_mpi:"7b":"":1
+
+MPI compare #18 positive > 0 (1 limb)
+mbedtls_mpi_cmp_mpi:"7b":"0":1
+
+MPI compare #19 positive == positive
 mbedtls_mpi_cmp_mpi:"7b":"7b":0
 
-MPI compare #17 positive > negative
+MPI compare #20 positive > negative
 mbedtls_mpi_cmp_mpi:"7b":"-7b":1
 
-MPI compare #18 positive < positive with leading zero limb
+MPI compare #21 positive < positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"7b":"0000000000000000123":-1
 
-MPI compare #19 positive > negative with leading zero limb
+MPI compare #22 positive > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"7b":"-0000000000000000123":1
 
-MPI compare #20 positive < large positive
+MPI compare #23 positive < large positive
 mbedtls_mpi_cmp_mpi:"7b":"1230000000000000000":-1
 
-MPI compare #21 positive > large negative
+MPI compare #24 positive > large negative
 mbedtls_mpi_cmp_mpi:"7b":"-1230000000000000000":1
 
-MPI compare #22 negative == negative
+MPI compare #25 negative < 0 (null)
+mbedtls_mpi_cmp_mpi:"-7b":"":-1
+
+MPI compare #26 negative < 0 (1 limb)
+mbedtls_mpi_cmp_mpi:"-7b":"0":-1
+
+MPI compare #27 negative < positive
+mbedtls_mpi_cmp_mpi:"-7b":"7b":-1
+
+MPI compare #28 negative == negative
 mbedtls_mpi_cmp_mpi:"-7b":"-7b":0
 
-MPI compare #23 negative < positive with leading zero limb
+MPI compare #29 negative < positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"-7b":"0000000000000000123":-1
 
-MPI compare #24 negative > negative with leading zero limb
+MPI compare #30 negative > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"-7b":"-0000000000000000123":1
 
-MPI compare #25 negative < large positive
+MPI compare #31 negative < large positive
 mbedtls_mpi_cmp_mpi:"-7b":"1230000000000000000":-1
 
-MPI compare #26 negative > large negative
+MPI compare #32 negative > large negative
 mbedtls_mpi_cmp_mpi:"-7b":"-1230000000000000000":1
 
-MPI compare #27 positive with leading zero limb == positive with leading zero limb
+MPI compare #33 positive with leading zero limb > 0 (null)
+mbedtls_mpi_cmp_mpi:"0000000000000000123":"":1
+
+MPI compare #34 positive with leading zero limb > 0 (1 limb)
+mbedtls_mpi_cmp_mpi:"0000000000000000123":"0":1
+
+MPI compare #35 positive with leading zero limb > positive
+mbedtls_mpi_cmp_mpi:"0000000000000000123":"7b":1
+
+MPI compare #36 positive with leading zero limb > negative
+mbedtls_mpi_cmp_mpi:"0000000000000000123":"-7b":1
+
+MPI compare #37 positive with leading zero limb == positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"0000000000000000123":0
 
-MPI compare #28 positive with leading zero limb > negative with leading zero limb
+MPI compare #38 positive with leading zero limb > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"-0000000000000000123":1
 
-MPI compare #29 positive with leading zero limb < large positive
+MPI compare #39 positive with leading zero limb < large positive
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"1230000000000000000":-1
 
-MPI compare #30 positive with leading zero limb > large negative
+MPI compare #40 positive with leading zero limb > large negative
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"-1230000000000000000":1
 
-MPI compare #31 negative with leading zero limb == negative with leading zero limb
+MPI compare #41 negative with leading zero limb < 0 (null)
+mbedtls_mpi_cmp_mpi:"-0000000000000000123":"":-1
+
+MPI compare #42 negative with leading zero limb < 0 (1 limb)
+mbedtls_mpi_cmp_mpi:"-0000000000000000123":"0":-1
+
+MPI compare #43 negative with leading zero limb < positive
+mbedtls_mpi_cmp_mpi:"-0000000000000000123":"7b":-1
+
+MPI compare #44 negative with leading zero limb < negative
+mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-7b":-1
+
+MPI compare #45 negative with leading zero limb < positive with leading zero limb
+mbedtls_mpi_cmp_mpi:"-0000000000000000123":"0000000000000000123":-1
+
+MPI compare #46 negative with leading zero limb == negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-0000000000000000123":0
 
-MPI compare #32 negative with leading zero limb < large positive
+MPI compare #47 negative with leading zero limb < large positive
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"1230000000000000000":-1
 
-MPI compare #33 negative with leading zero limb > large negative
+MPI compare #48 negative with leading zero limb > large negative
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-1230000000000000000":1
 
-MPI compare #34 large positive == large positive
+MPI compare #49 large positive > 0 (null)
+mbedtls_mpi_cmp_mpi:"1230000000000000000":"":1
+
+MPI compare #50 large positive > 0 (1 limb)
+mbedtls_mpi_cmp_mpi:"1230000000000000000":"0":1
+
+MPI compare #51 large positive > positive
+mbedtls_mpi_cmp_mpi:"1230000000000000000":"7b":1
+
+MPI compare #52 large positive > negative
+mbedtls_mpi_cmp_mpi:"1230000000000000000":"-7b":1
+
+MPI compare #53 large positive > positive with leading zero limb
+mbedtls_mpi_cmp_mpi:"1230000000000000000":"0000000000000000123":1
+
+MPI compare #54 large positive > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"1230000000000000000":"-0000000000000000123":1
+
+MPI compare #55 large positive == large positive
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"1230000000000000000":0
 
-MPI compare #35 large positive > large negative
+MPI compare #56 large positive > large negative
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"-1230000000000000000":1
 
-MPI compare #36 large negative == large negative
+MPI compare #57 large negative < 0 (null)
+mbedtls_mpi_cmp_mpi:"-1230000000000000000":"":-1
+
+MPI compare #58 large negative < 0 (1 limb)
+mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0":-1
+
+MPI compare #59 large negative < positive
+mbedtls_mpi_cmp_mpi:"-1230000000000000000":"7b":-1
+
+MPI compare #60 large negative < negative
+mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-7b":-1
+
+MPI compare #61 large negative < positive with leading zero limb
+mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0000000000000000123":-1
+
+MPI compare #62 large negative < negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-0000000000000000123":-1
+
+MPI compare #63 large negative < large positive
+mbedtls_mpi_cmp_mpi:"-1230000000000000000":"1230000000000000000":-1
+
+MPI compare #64 large negative == large negative
 mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-1230000000000000000":0
 
-MPI compare #37 negative > negative
+MPI compare #65 negative > negative
 mbedtls_mpi_cmp_mpi:"-2":"-3":1
 
-MPI compare #38 negative == negative
+MPI compare #66 negative == negative
 mbedtls_mpi_cmp_mpi:"-2":"-2":0
 
-MPI compare #39 positive < positive
+MPI compare #67 positive < positive
 mbedtls_mpi_cmp_mpi:"2b4":"2b5":-1
 
-MPI compare #40 positive < positive
+MPI compare #68 positive < positive
 mbedtls_mpi_cmp_mpi:"2b5":"2b6":-1
 
 MPI compare (abs) #1 0 (null) == 0 (null)
@@ -282,100 +468,184 @@ mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
 MPI compare (abs) #8 0 (null) < large positive
 mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
 
-MPI compare (abs) #9 0 (1 limb) == 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0":"0":0
+MPI compare (abs) #9 0 (1 limb) == 0 (null)
+mbedtls_mpi_cmp_abs:"0":"":0
 
-MPI compare (abs) #10 0 (1 limb) < positive
-mbedtls_mpi_cmp_abs:"0":"7b":-1
+MPI compare (abs) #10 0 (1 limb) == 0 (1 limb)
+mbedtls_mpi_cmp_abs:"0":"0":0
 
 MPI compare (abs) #11 0 (1 limb) < positive
 mbedtls_mpi_cmp_abs:"0":"7b":-1
 
-MPI compare (abs) #12 0 (1 limb) < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
+MPI compare (abs) #12 0 (1 limb) < positive
+mbedtls_mpi_cmp_abs:"0":"7b":-1
 
 MPI compare (abs) #13 0 (1 limb) < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
 
-MPI compare (abs) #14 0 (1 limb) < large positive
-mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
+MPI compare (abs) #14 0 (1 limb) < positive with leading zero limb
+mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
 
 MPI compare (abs) #15 0 (1 limb) < large positive
 mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
 
-MPI compare (abs) #16 positive == positive
+MPI compare (abs) #16 0 (1 limb) < large positive
+mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
+
+MPI compare (abs) #17 positive > 0 (null)
+mbedtls_mpi_cmp_abs:"7b":"":1
+
+MPI compare (abs) #18 positive > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"7b":"0":1
+
+MPI compare (abs) #19 positive == positive
 mbedtls_mpi_cmp_abs:"7b":"7b":0
 
-MPI compare (abs) #17 positive == positive
+MPI compare (abs) #20 positive == positive
 mbedtls_mpi_cmp_abs:"7b":"7b":0
 
-MPI compare (abs) #18 positive < positive with leading zero limb
+MPI compare (abs) #21 positive < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
 
-MPI compare (abs) #19 positive < positive with leading zero limb
+MPI compare (abs) #22 positive < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
 
-MPI compare (abs) #20 positive < large positive
+MPI compare (abs) #23 positive < large positive
 mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
 
-MPI compare (abs) #21 positive < large positive
+MPI compare (abs) #24 positive < large positive
 mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
 
-MPI compare (abs) #22 positive == positive
+MPI compare (abs) #25 positive > 0 (null)
+mbedtls_mpi_cmp_abs:"7b":"":1
+
+MPI compare (abs) #26 positive > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"7b":"0":1
+
+MPI compare (abs) #27 positive == positive
 mbedtls_mpi_cmp_abs:"7b":"7b":0
 
-MPI compare (abs) #23 positive < positive with leading zero limb
+MPI compare (abs) #28 positive == positive
+mbedtls_mpi_cmp_abs:"7b":"7b":0
+
+MPI compare (abs) #29 positive < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
 
-MPI compare (abs) #24 positive < positive with leading zero limb
+MPI compare (abs) #30 positive < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
 
-MPI compare (abs) #25 positive < large positive
+MPI compare (abs) #31 positive < large positive
 mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
 
-MPI compare (abs) #26 positive < large positive
+MPI compare (abs) #32 positive < large positive
 mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
 
-MPI compare (abs) #27 positive with leading zero limb == positive with leading zero limb
+MPI compare (abs) #33 positive with leading zero limb > 0 (null)
+mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
+
+MPI compare (abs) #34 positive with leading zero limb > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
+
+MPI compare (abs) #35 positive with leading zero limb > positive
+mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+
+MPI compare (abs) #36 positive with leading zero limb > positive
+mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+
+MPI compare (abs) #37 positive with leading zero limb == positive with leading zero limb
 mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
 
-MPI compare (abs) #28 positive with leading zero limb == positive with leading zero limb
+MPI compare (abs) #38 positive with leading zero limb == positive with leading zero limb
 mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
 
-MPI compare (abs) #29 positive with leading zero limb < large positive
+MPI compare (abs) #39 positive with leading zero limb < large positive
 mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
 
-MPI compare (abs) #30 positive with leading zero limb < large positive
+MPI compare (abs) #40 positive with leading zero limb < large positive
 mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
 
-MPI compare (abs) #31 positive with leading zero limb == positive with leading zero limb
+MPI compare (abs) #41 positive with leading zero limb > 0 (null)
+mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
+
+MPI compare (abs) #42 positive with leading zero limb > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
+
+MPI compare (abs) #43 positive with leading zero limb > positive
+mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+
+MPI compare (abs) #44 positive with leading zero limb > positive
+mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+
+MPI compare (abs) #45 positive with leading zero limb == positive with leading zero limb
 mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
 
-MPI compare (abs) #32 positive with leading zero limb < large positive
+MPI compare (abs) #46 positive with leading zero limb == positive with leading zero limb
+mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
+
+MPI compare (abs) #47 positive with leading zero limb < large positive
 mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
 
-MPI compare (abs) #33 positive with leading zero limb < large positive
+MPI compare (abs) #48 positive with leading zero limb < large positive
 mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
 
-MPI compare (abs) #34 large positive == large positive
+MPI compare (abs) #49 large positive > 0 (null)
+mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
+
+MPI compare (abs) #50 large positive > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
+
+MPI compare (abs) #51 large positive > positive
+mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+
+MPI compare (abs) #52 large positive > positive
+mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+
+MPI compare (abs) #53 large positive > positive with leading zero limb
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+
+MPI compare (abs) #54 large positive > positive with leading zero limb
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+
+MPI compare (abs) #55 large positive == large positive
 mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
 
-MPI compare (abs) #35 large positive == large positive
+MPI compare (abs) #56 large positive == large positive
 mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
 
-MPI compare (abs) #36 large positive == large positive
+MPI compare (abs) #57 large positive > 0 (null)
+mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
+
+MPI compare (abs) #58 large positive > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
+
+MPI compare (abs) #59 large positive > positive
+mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+
+MPI compare (abs) #60 large positive > positive
+mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+
+MPI compare (abs) #61 large positive > positive with leading zero limb
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+
+MPI compare (abs) #62 large positive > positive with leading zero limb
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+
+MPI compare (abs) #63 large positive == large positive
 mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
 
-MPI compare (abs) #37 positive < positive
+MPI compare (abs) #64 large positive == large positive
+mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
+
+MPI compare (abs) #65 positive < positive
 mbedtls_mpi_cmp_abs:"2":"3":-1
 
-MPI compare (abs) #38 positive == positive
+MPI compare (abs) #66 positive == positive
 mbedtls_mpi_cmp_abs:"2":"2":0
 
-MPI compare (abs) #39 positive < positive
+MPI compare (abs) #67 positive < positive
 mbedtls_mpi_cmp_abs:"2b4":"2b5":-1
 
-MPI compare (abs) #40 positive < positive
+MPI compare (abs) #68 positive < positive
 mbedtls_mpi_cmp_abs:"2b5":"2b6":-1
 
 # End of automatically generated file.

From 581c4601612e39ab32b55dfef92efd4d40c1c6fe Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 9 Nov 2022 22:02:16 +0100
Subject: [PATCH 082/112] Fix negative zero created by (-A) + (+A) or (-A) -
 (-A)

In mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi(), and by extention
mbedtls_mpi_add_int() and mbedtls_mpi_sub_int(), when the resulting value
was zero, the sign bit of the result was incorrectly set to -1 when the
left-hand operand was negative. This is not a valid mbedtls_mpi
representation. Fix this: always set the sign to +1 when the result is 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/bignum.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/library/bignum.c b/library/bignum.c
index d96c88f098..0e9ff196eb 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1264,14 +1264,19 @@ static int add_sub_mpi( mbedtls_mpi *X,
     s = A->s;
     if( A->s * B->s * flip_B < 0 )
     {
-        if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
+        int cmp = mbedtls_mpi_cmp_abs( A, B );
+        if( cmp >= 0 )
         {
             MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
-            X->s =  s;
+            /* If |A| = |B|, the result is 0 and we must set the sign bit
+             * to +1 regardless of which of A or B was negative. Otherwise,
+             * since |A| > |B|, the sign is the sign of A. */
+            X->s = cmp == 0 ? 1 : s;
         }
         else
         {
             MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
+            /* Since |A| < |B|, the sign is the opposite of A. */
             X->s = -s;
         }
     }

From 195e1c8107dc63fda623ca8fa00ee96cc7bc194d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 9 Nov 2022 22:05:52 +0100
Subject: [PATCH 083/112] Changelog entry for the negative zero from add/sub

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/negative-zero-from-add.txt | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 ChangeLog.d/negative-zero-from-add.txt

diff --git a/ChangeLog.d/negative-zero-from-add.txt b/ChangeLog.d/negative-zero-from-add.txt
new file mode 100644
index 0000000000..107d858d36
--- /dev/null
+++ b/ChangeLog.d/negative-zero-from-add.txt
@@ -0,0 +1,6 @@
+Bugfix
+   * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A)
+     with A > 0 created an unintended representation of the value 0 which was
+     not processed correctly by some bignum operations. Fix this. This had no
+     consequence on cryptography code, but might affect applications that call
+     bignum directly and use negative numbers.

From 53a7206269d5eaa131c491ddaafb4cc8f6d13a1f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 9 Nov 2022 21:08:44 +0100
Subject: [PATCH 084/112] Support negative zero as MPI test input

The bignum module does not officially support "negative zero" (an
mbedtls_mpi object with s=-1 and all limbs zero). However, we have a
history of bugs where a function that should produce an official
zero (with s=1), produces a negative zero in some circumstances. So it's
good to check that the bignum functions are robust when passed a negative
zero as input. And for that, we need a way to construct a negative zero
from test case arguments.

There are checks that functions don't produce negative zeros as output in
the test suite. Skip those checks if there's a negative zero input: we
don't want functions to _create_ negative zeros, but we don't mind if
they _propagate_ negative zeros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/include/test/helpers.h             | 26 +++++++++++++++++-----
 tests/src/helpers.c                      | 28 ++++++++++++++++++++++--
 tests/suites/test_suite_bignum.function  | 17 +++++++++++---
 tests/suites/test_suite_bignum.misc.data | 24 ++++++++++++++++++++
 4 files changed, 84 insertions(+), 11 deletions(-)

diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index fbb2a209c1..6d23d10703 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -360,13 +360,19 @@ void mbedtls_test_err_add_check( int high, int low,
 #if defined(MBEDTLS_BIGNUM_C)
 /** Read an MPI from a hexadecimal string.
  *
- * Like mbedtls_mpi_read_string(), but size the resulting bignum based
- * on the number of digits in the string. In particular, construct a
- * bignum with 0 limbs for an empty string, and a bignum with leading 0
- * limbs if the string has sufficiently many leading 0 digits.
+ * Like mbedtls_mpi_read_string(), but with tighter guarantees around
+ * edge cases.
  *
- * This is important so that the "0 (null)" and "0 (1 limb)" and
- * "leading zeros" test cases do what they claim.
+ * - This function guarantees that if \p s begins with '-' then the sign
+ *   bit of the result will be negative, even if the value is 0.
+ *   When this function encounters such a "negative 0", it
+ *   increments #mbedtls_test_read_mpi.
+ * - The size of the result is exactly the minimum number of limbs needed
+ *   to fit the digits in the input. In particular, this function constructs
+ *   a bignum with 0 limbs for an empty string, and a bignum with leading 0
+ *   limbs if the string has sufficiently many leading 0 digits.
+ *   This is important so that the "0 (null)" and "0 (1 limb)" and
+ *   "leading zeros" test cases do what they claim.
  *
  * \param[out] X        The MPI object to populate. It must be initialized.
  * \param[in] s         The null-terminated hexadecimal string to read from.
@@ -374,6 +380,14 @@ void mbedtls_test_err_add_check( int high, int low,
  * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
  */
 int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s );
+
+/** Nonzero if the current test case had an input parsed with
+ * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc.,
+ * constructing a result with the sign bit set to -1 and the value being
+ * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is
+ * tested for robustness).
+ */
+extern unsigned mbedtls_test_case_uses_negative_0;
 #endif /* MBEDTLS_BIGNUM_C */
 
 #endif /* TEST_HELPERS_H */
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index bfd21893d1..77b4d942db 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -107,6 +107,10 @@ void mbedtls_test_set_step( unsigned long step )
     mbedtls_test_info.step = step;
 }
 
+#if defined(MBEDTLS_BIGNUM_C)
+unsigned mbedtls_test_case_uses_negative_0 = 0;
+#endif
+
 void mbedtls_test_info_reset( void )
 {
     mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS;
@@ -116,6 +120,9 @@ void mbedtls_test_info_reset( void )
     mbedtls_test_info.filename = 0;
     memset( mbedtls_test_info.line1, 0, sizeof( mbedtls_test_info.line1 ) );
     memset( mbedtls_test_info.line2, 0, sizeof( mbedtls_test_info.line2 ) );
+#if defined(MBEDTLS_BIGNUM_C)
+    mbedtls_test_case_uses_negative_0 = 0;
+#endif
 }
 
 int mbedtls_test_equal( const char *test, int line_no, const char* filename,
@@ -426,6 +433,15 @@ void mbedtls_test_err_add_check( int high, int low,
 #if defined(MBEDTLS_BIGNUM_C)
 int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s )
 {
+    int negative = 0;
+    /* Always set the sign bit to -1 if the input has a minus sign, even for 0.
+     * This creates an invalid representation, which mbedtls_mpi_read_string()
+     * avoids but we want to be able to create that in test data. */
+    if( s[0] == '-' )
+    {
+        ++s;
+        negative = 1;
+    }
     /* mbedtls_mpi_read_string() currently retains leading zeros.
      * It always allocates at least one limb for the value 0. */
     if( s[0] == 0 )
@@ -433,7 +449,15 @@ int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s )
         mbedtls_mpi_free( X );
         return( 0 );
     }
-    else
-        return( mbedtls_mpi_read_string( X, 16, s ) );
+    int ret = mbedtls_mpi_read_string( X, 16, s );
+    if( ret != 0 )
+        return( ret );
+    if( negative )
+    {
+        if( mbedtls_mpi_cmp_int( X, 0 ) == 0 )
+            ++mbedtls_test_case_uses_negative_0;
+        X->s = -1;
+    }
+    return( 0 );
 }
 #endif
diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index a53d0cb9a5..83c8011daf 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -11,10 +11,21 @@
  * constructing the value. */
 static int sign_is_valid( const mbedtls_mpi *X )
 {
+    /* Only +1 and -1 are valid sign bits, not e.g. 0 */
     if( X->s != 1 && X->s != -1 )
-        return( 0 ); // invalid sign bit, e.g. 0
-    if( mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 )
-        return( 0 ); // negative zero
+        return( 0 );
+
+    /* The value 0 must be represented with the sign +1. A "negative zero"
+     * with s=-1 is an invalid representation. Forbid that. As an exception,
+     * we sometimes test the robustness of library functions when given
+     * a negative zero input. If a test case has a negative zero as input,
+     * we don't mind if the function has a negative zero output. */
+    if( ! mbedtls_test_case_uses_negative_0 &&
+        mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 )
+    {
+        return( 0 );
+    }
+
     return( 1 );
 }
 
diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data
index 8bb5e772c6..a9b05d7cf2 100644
--- a/tests/suites/test_suite_bignum.misc.data
+++ b/tests/suites/test_suite_bignum.misc.data
@@ -1141,6 +1141,18 @@ mbedtls_mpi_div_mpi:"":"1":"":"":0
 Test mbedtls_mpi_div_mpi: 0 (null) / -1
 mbedtls_mpi_div_mpi:"":"-1":"":"":0
 
+Test mbedtls_mpi_div_mpi: -0 (null) / 1
+mbedtls_mpi_div_mpi:"-":"1":"":"":0
+
+Test mbedtls_mpi_div_mpi: -0 (null) / -1
+mbedtls_mpi_div_mpi:"-":"-1":"":"":0
+
+Test mbedtls_mpi_div_mpi: -0 (null) / 42
+mbedtls_mpi_div_mpi:"-":"2a":"":"":0
+
+Test mbedtls_mpi_div_mpi: -0 (null) / -42
+mbedtls_mpi_div_mpi:"-":"-2a":"":"":0
+
 Test mbedtls_mpi_div_mpi #1
 mbedtls_mpi_div_mpi:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"22":"4a6abf75b13dc268ea9cc8b5b6aaf0ac85ecd437a4e0987fb13cf8d2acc57c0306c738c1583":"1a":0
 
@@ -1201,6 +1213,18 @@ mbedtls_mpi_mod_mpi:"":"1":"":0
 Test mbedtls_mpi_mod_mpi: 0 (null) % -1
 mbedtls_mpi_mod_mpi:"":"-1":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 
+Test mbedtls_mpi_mod_mpi: -0 (null) % 1
+mbedtls_mpi_mod_mpi:"-":"1":"":0
+
+Test mbedtls_mpi_mod_mpi: -0 (null) % -1
+mbedtls_mpi_mod_mpi:"-":"-1":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
+Test mbedtls_mpi_mod_mpi: -0 (null) % 42
+mbedtls_mpi_mod_mpi:"-":"2a":"":0
+
+Test mbedtls_mpi_mod_mpi: -0 (null) % -42
+mbedtls_mpi_mod_mpi:"-":"-2a":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
 Base test mbedtls_mpi_mod_int #1
 mbedtls_mpi_mod_int:"3e8":13:12:0
 

From 92c5d31b443353c423c7cc9c0de3b69ee2ce7527 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 9 Nov 2022 22:06:34 +0100
Subject: [PATCH 085/112] Add negative zero as an input to automatically
 generated tests

Although negative zero is officially unsupported, we've had bugs related to
it in the past. So do test functions with a negative zero input.

There will likely be cases where we don't want to accept negative zero as if
it was valid, because it's too hard to handle. We'll add exceptions on a
case by case basis.

For the functions that are currently tested by the generated tests, the new
test cases pass.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/generate_bignum_tests.py        |  35 +-
 tests/suites/test_suite_bignum.generated.data | 824 ++++++++++++------
 2 files changed, 606 insertions(+), 253 deletions(-)

diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
index 174398d4d2..2cdd07d7ff 100755
--- a/tests/scripts/generate_bignum_tests.py
+++ b/tests/scripts/generate_bignum_tests.py
@@ -67,7 +67,13 @@ from mbedtls_dev import test_data_generation
 T = TypeVar('T') #pylint: disable=invalid-name
 
 def hex_to_int(val: str) -> int:
-    return int(val, 16) if val else 0
+    """Implement the syntax accepted by mbedtls_test_read_mpi().
+
+    This is a superset of what is accepted by mbedtls_test_read_mpi_core().
+    """
+    if val == '' or val == '-':
+        return 0
+    return int(val, 16)
 
 def quote_str(val) -> str:
     return "\"{}\"".format(val)
@@ -98,7 +104,8 @@ class BignumOperation(BignumTarget, metaclass=ABCMeta):
     """
     symbol = ""
     input_values = [
-        "", "0", "7b", "-7b",
+        "", "0", "-", "-0",
+        "7b", "-7b",
         "0000000000000000123", "-0000000000000000123",
         "1230000000000000000", "-1230000000000000000"
     ] # type: List[str]
@@ -113,6 +120,10 @@ class BignumOperation(BignumTarget, metaclass=ABCMeta):
     def arguments(self) -> List[str]:
         return [quote_str(self.arg_a), quote_str(self.arg_b), self.result()]
 
+    def description_suffix(self) -> str:
+        """Text to add at the end of the test case description."""
+        return ""
+
     def description(self) -> str:
         """Generate a description for the test case.
 
@@ -126,6 +137,9 @@ class BignumOperation(BignumTarget, metaclass=ABCMeta):
                 self.symbol,
                 self.value_description(self.arg_b)
             )
+            description_suffix = self.description_suffix()
+            if description_suffix:
+                self.case_description += " " + description_suffix
         return super().description()
 
     @abstractmethod
@@ -146,6 +160,8 @@ class BignumOperation(BignumTarget, metaclass=ABCMeta):
         """
         if val == "":
             return "0 (null)"
+        if val == "-":
+            return "negative 0 (null)"
         if val == "0":
             return "0 (1 limb)"
 
@@ -221,8 +237,21 @@ class BignumAdd(BignumOperation):
         ]
     )
 
+    def __init__(self, val_a: str, val_b: str) -> None:
+        super().__init__(val_a, val_b)
+        self._result = self.int_a + self.int_b
+
+    def description_suffix(self) -> str:
+        if (self.int_a >= 0 and self.int_b >= 0):
+            return "" # obviously positive result or 0
+        if (self.int_a <= 0 and self.int_b <= 0):
+            return "" # obviously negative result or 0
+        # The sign of the result is not obvious, so indicate it
+        return ", result{}0".format('>' if self._result > 0 else
+                                    '<' if self._result < 0 else '=')
+
     def result(self) -> str:
-        return quote_str("{:x}".format(self.int_a + self.int_b))
+        return quote_str("{:x}".format(self._result))
 
 if __name__ == '__main__':
     # Use the section of the docstring relevant to the CLI as description
diff --git a/tests/suites/test_suite_bignum.generated.data b/tests/suites/test_suite_bignum.generated.data
index 6924cb7cb8..00379effbf 100644
--- a/tests/suites/test_suite_bignum.generated.data
+++ b/tests/suites/test_suite_bignum.generated.data
@@ -6,238 +6,346 @@ mbedtls_mpi_add_mpi:"":"":"0"
 MPI add #2 0 (null) + 0 (1 limb)
 mbedtls_mpi_add_mpi:"":"0":"0"
 
-MPI add #3 0 (null) + positive
+MPI add #3 0 (null) + negative 0 (null)
+mbedtls_mpi_add_mpi:"":"-":"0"
+
+MPI add #4 0 (null) + negative with leading zero limb
+mbedtls_mpi_add_mpi:"":"-0":"0"
+
+MPI add #5 0 (null) + positive
 mbedtls_mpi_add_mpi:"":"7b":"7b"
 
-MPI add #4 0 (null) + negative
+MPI add #6 0 (null) + negative
 mbedtls_mpi_add_mpi:"":"-7b":"-7b"
 
-MPI add #5 0 (null) + positive with leading zero limb
+MPI add #7 0 (null) + positive with leading zero limb
 mbedtls_mpi_add_mpi:"":"0000000000000000123":"123"
 
-MPI add #6 0 (null) + negative with leading zero limb
+MPI add #8 0 (null) + negative with leading zero limb
 mbedtls_mpi_add_mpi:"":"-0000000000000000123":"-123"
 
-MPI add #7 0 (null) + large positive
+MPI add #9 0 (null) + large positive
 mbedtls_mpi_add_mpi:"":"1230000000000000000":"1230000000000000000"
 
-MPI add #8 0 (null) + large negative
+MPI add #10 0 (null) + large negative
 mbedtls_mpi_add_mpi:"":"-1230000000000000000":"-1230000000000000000"
 
-MPI add #9 0 (1 limb) + 0 (null)
+MPI add #11 0 (1 limb) + 0 (null)
 mbedtls_mpi_add_mpi:"0":"":"0"
 
-MPI add #10 0 (1 limb) + 0 (1 limb)
+MPI add #12 0 (1 limb) + 0 (1 limb)
 mbedtls_mpi_add_mpi:"0":"0":"0"
 
-MPI add #11 0 (1 limb) + positive
-mbedtls_mpi_add_mpi:"0":"7b":"7b"
-
-MPI add #12 0 (1 limb) + negative
-mbedtls_mpi_add_mpi:"0":"-7b":"-7b"
-
-MPI add #13 0 (1 limb) + positive with leading zero limb
-mbedtls_mpi_add_mpi:"0":"0000000000000000123":"123"
+MPI add #13 0 (1 limb) + negative 0 (null)
+mbedtls_mpi_add_mpi:"0":"-":"0"
 
 MPI add #14 0 (1 limb) + negative with leading zero limb
+mbedtls_mpi_add_mpi:"0":"-0":"0"
+
+MPI add #15 0 (1 limb) + positive
+mbedtls_mpi_add_mpi:"0":"7b":"7b"
+
+MPI add #16 0 (1 limb) + negative
+mbedtls_mpi_add_mpi:"0":"-7b":"-7b"
+
+MPI add #17 0 (1 limb) + positive with leading zero limb
+mbedtls_mpi_add_mpi:"0":"0000000000000000123":"123"
+
+MPI add #18 0 (1 limb) + negative with leading zero limb
 mbedtls_mpi_add_mpi:"0":"-0000000000000000123":"-123"
 
-MPI add #15 0 (1 limb) + large positive
+MPI add #19 0 (1 limb) + large positive
 mbedtls_mpi_add_mpi:"0":"1230000000000000000":"1230000000000000000"
 
-MPI add #16 0 (1 limb) + large negative
+MPI add #20 0 (1 limb) + large negative
 mbedtls_mpi_add_mpi:"0":"-1230000000000000000":"-1230000000000000000"
 
-MPI add #17 positive + 0 (null)
+MPI add #21 negative 0 (null) + 0 (null)
+mbedtls_mpi_add_mpi:"-":"":"0"
+
+MPI add #22 negative 0 (null) + 0 (1 limb)
+mbedtls_mpi_add_mpi:"-":"0":"0"
+
+MPI add #23 negative 0 (null) + negative 0 (null)
+mbedtls_mpi_add_mpi:"-":"-":"0"
+
+MPI add #24 negative 0 (null) + negative with leading zero limb
+mbedtls_mpi_add_mpi:"-":"-0":"0"
+
+MPI add #25 negative 0 (null) + positive
+mbedtls_mpi_add_mpi:"-":"7b":"7b"
+
+MPI add #26 negative 0 (null) + negative
+mbedtls_mpi_add_mpi:"-":"-7b":"-7b"
+
+MPI add #27 negative 0 (null) + positive with leading zero limb
+mbedtls_mpi_add_mpi:"-":"0000000000000000123":"123"
+
+MPI add #28 negative 0 (null) + negative with leading zero limb
+mbedtls_mpi_add_mpi:"-":"-0000000000000000123":"-123"
+
+MPI add #29 negative 0 (null) + large positive
+mbedtls_mpi_add_mpi:"-":"1230000000000000000":"1230000000000000000"
+
+MPI add #30 negative 0 (null) + large negative
+mbedtls_mpi_add_mpi:"-":"-1230000000000000000":"-1230000000000000000"
+
+MPI add #31 negative with leading zero limb + 0 (null)
+mbedtls_mpi_add_mpi:"-0":"":"0"
+
+MPI add #32 negative with leading zero limb + 0 (1 limb)
+mbedtls_mpi_add_mpi:"-0":"0":"0"
+
+MPI add #33 negative with leading zero limb + negative 0 (null)
+mbedtls_mpi_add_mpi:"-0":"-":"0"
+
+MPI add #34 negative with leading zero limb + negative with leading zero limb
+mbedtls_mpi_add_mpi:"-0":"-0":"0"
+
+MPI add #35 negative with leading zero limb + positive
+mbedtls_mpi_add_mpi:"-0":"7b":"7b"
+
+MPI add #36 negative with leading zero limb + negative
+mbedtls_mpi_add_mpi:"-0":"-7b":"-7b"
+
+MPI add #37 negative with leading zero limb + positive with leading zero limb
+mbedtls_mpi_add_mpi:"-0":"0000000000000000123":"123"
+
+MPI add #38 negative with leading zero limb + negative with leading zero limb
+mbedtls_mpi_add_mpi:"-0":"-0000000000000000123":"-123"
+
+MPI add #39 negative with leading zero limb + large positive
+mbedtls_mpi_add_mpi:"-0":"1230000000000000000":"1230000000000000000"
+
+MPI add #40 negative with leading zero limb + large negative
+mbedtls_mpi_add_mpi:"-0":"-1230000000000000000":"-1230000000000000000"
+
+MPI add #41 positive + 0 (null)
 mbedtls_mpi_add_mpi:"7b":"":"7b"
 
-MPI add #18 positive + 0 (1 limb)
+MPI add #42 positive + 0 (1 limb)
 mbedtls_mpi_add_mpi:"7b":"0":"7b"
 
-MPI add #19 positive + positive
+MPI add #43 positive + negative 0 (null)
+mbedtls_mpi_add_mpi:"7b":"-":"7b"
+
+MPI add #44 positive + negative with leading zero limb
+mbedtls_mpi_add_mpi:"7b":"-0":"7b"
+
+MPI add #45 positive + positive
 mbedtls_mpi_add_mpi:"7b":"7b":"f6"
 
-MPI add #20 positive + negative
+MPI add #46 positive + negative , result=0
 mbedtls_mpi_add_mpi:"7b":"-7b":"0"
 
-MPI add #21 positive + positive with leading zero limb
+MPI add #47 positive + positive with leading zero limb
 mbedtls_mpi_add_mpi:"7b":"0000000000000000123":"19e"
 
-MPI add #22 positive + negative with leading zero limb
+MPI add #48 positive + negative with leading zero limb , result<0
 mbedtls_mpi_add_mpi:"7b":"-0000000000000000123":"-a8"
 
-MPI add #23 positive + large positive
+MPI add #49 positive + large positive
 mbedtls_mpi_add_mpi:"7b":"1230000000000000000":"123000000000000007b"
 
-MPI add #24 positive + large negative
+MPI add #50 positive + large negative , result<0
 mbedtls_mpi_add_mpi:"7b":"-1230000000000000000":"-122ffffffffffffff85"
 
-MPI add #25 negative + 0 (null)
+MPI add #51 negative + 0 (null)
 mbedtls_mpi_add_mpi:"-7b":"":"-7b"
 
-MPI add #26 negative + 0 (1 limb)
+MPI add #52 negative + 0 (1 limb)
 mbedtls_mpi_add_mpi:"-7b":"0":"-7b"
 
-MPI add #27 negative + positive
+MPI add #53 negative + negative 0 (null)
+mbedtls_mpi_add_mpi:"-7b":"-":"-7b"
+
+MPI add #54 negative + negative with leading zero limb
+mbedtls_mpi_add_mpi:"-7b":"-0":"-7b"
+
+MPI add #55 negative + positive , result=0
 mbedtls_mpi_add_mpi:"-7b":"7b":"0"
 
-MPI add #28 negative + negative
+MPI add #56 negative + negative
 mbedtls_mpi_add_mpi:"-7b":"-7b":"-f6"
 
-MPI add #29 negative + positive with leading zero limb
+MPI add #57 negative + positive with leading zero limb , result>0
 mbedtls_mpi_add_mpi:"-7b":"0000000000000000123":"a8"
 
-MPI add #30 negative + negative with leading zero limb
+MPI add #58 negative + negative with leading zero limb
 mbedtls_mpi_add_mpi:"-7b":"-0000000000000000123":"-19e"
 
-MPI add #31 negative + large positive
+MPI add #59 negative + large positive , result>0
 mbedtls_mpi_add_mpi:"-7b":"1230000000000000000":"122ffffffffffffff85"
 
-MPI add #32 negative + large negative
+MPI add #60 negative + large negative
 mbedtls_mpi_add_mpi:"-7b":"-1230000000000000000":"-123000000000000007b"
 
-MPI add #33 positive with leading zero limb + 0 (null)
+MPI add #61 positive with leading zero limb + 0 (null)
 mbedtls_mpi_add_mpi:"0000000000000000123":"":"123"
 
-MPI add #34 positive with leading zero limb + 0 (1 limb)
+MPI add #62 positive with leading zero limb + 0 (1 limb)
 mbedtls_mpi_add_mpi:"0000000000000000123":"0":"123"
 
-MPI add #35 positive with leading zero limb + positive
+MPI add #63 positive with leading zero limb + negative 0 (null)
+mbedtls_mpi_add_mpi:"0000000000000000123":"-":"123"
+
+MPI add #64 positive with leading zero limb + negative with leading zero limb
+mbedtls_mpi_add_mpi:"0000000000000000123":"-0":"123"
+
+MPI add #65 positive with leading zero limb + positive
 mbedtls_mpi_add_mpi:"0000000000000000123":"7b":"19e"
 
-MPI add #36 positive with leading zero limb + negative
+MPI add #66 positive with leading zero limb + negative , result>0
 mbedtls_mpi_add_mpi:"0000000000000000123":"-7b":"a8"
 
-MPI add #37 positive with leading zero limb + positive with leading zero limb
+MPI add #67 positive with leading zero limb + positive with leading zero limb
 mbedtls_mpi_add_mpi:"0000000000000000123":"0000000000000000123":"246"
 
-MPI add #38 positive with leading zero limb + negative with leading zero limb
+MPI add #68 positive with leading zero limb + negative with leading zero limb , result=0
 mbedtls_mpi_add_mpi:"0000000000000000123":"-0000000000000000123":"0"
 
-MPI add #39 positive with leading zero limb + large positive
+MPI add #69 positive with leading zero limb + large positive
 mbedtls_mpi_add_mpi:"0000000000000000123":"1230000000000000000":"1230000000000000123"
 
-MPI add #40 positive with leading zero limb + large negative
+MPI add #70 positive with leading zero limb + large negative , result<0
 mbedtls_mpi_add_mpi:"0000000000000000123":"-1230000000000000000":"-122fffffffffffffedd"
 
-MPI add #41 negative with leading zero limb + 0 (null)
+MPI add #71 negative with leading zero limb + 0 (null)
 mbedtls_mpi_add_mpi:"-0000000000000000123":"":"-123"
 
-MPI add #42 negative with leading zero limb + 0 (1 limb)
+MPI add #72 negative with leading zero limb + 0 (1 limb)
 mbedtls_mpi_add_mpi:"-0000000000000000123":"0":"-123"
 
-MPI add #43 negative with leading zero limb + positive
+MPI add #73 negative with leading zero limb + negative 0 (null)
+mbedtls_mpi_add_mpi:"-0000000000000000123":"-":"-123"
+
+MPI add #74 negative with leading zero limb + negative with leading zero limb
+mbedtls_mpi_add_mpi:"-0000000000000000123":"-0":"-123"
+
+MPI add #75 negative with leading zero limb + positive , result<0
 mbedtls_mpi_add_mpi:"-0000000000000000123":"7b":"-a8"
 
-MPI add #44 negative with leading zero limb + negative
+MPI add #76 negative with leading zero limb + negative
 mbedtls_mpi_add_mpi:"-0000000000000000123":"-7b":"-19e"
 
-MPI add #45 negative with leading zero limb + positive with leading zero limb
+MPI add #77 negative with leading zero limb + positive with leading zero limb , result=0
 mbedtls_mpi_add_mpi:"-0000000000000000123":"0000000000000000123":"0"
 
-MPI add #46 negative with leading zero limb + negative with leading zero limb
+MPI add #78 negative with leading zero limb + negative with leading zero limb
 mbedtls_mpi_add_mpi:"-0000000000000000123":"-0000000000000000123":"-246"
 
-MPI add #47 negative with leading zero limb + large positive
+MPI add #79 negative with leading zero limb + large positive , result>0
 mbedtls_mpi_add_mpi:"-0000000000000000123":"1230000000000000000":"122fffffffffffffedd"
 
-MPI add #48 negative with leading zero limb + large negative
+MPI add #80 negative with leading zero limb + large negative
 mbedtls_mpi_add_mpi:"-0000000000000000123":"-1230000000000000000":"-1230000000000000123"
 
-MPI add #49 large positive + 0 (null)
+MPI add #81 large positive + 0 (null)
 mbedtls_mpi_add_mpi:"1230000000000000000":"":"1230000000000000000"
 
-MPI add #50 large positive + 0 (1 limb)
+MPI add #82 large positive + 0 (1 limb)
 mbedtls_mpi_add_mpi:"1230000000000000000":"0":"1230000000000000000"
 
-MPI add #51 large positive + positive
+MPI add #83 large positive + negative 0 (null)
+mbedtls_mpi_add_mpi:"1230000000000000000":"-":"1230000000000000000"
+
+MPI add #84 large positive + negative with leading zero limb
+mbedtls_mpi_add_mpi:"1230000000000000000":"-0":"1230000000000000000"
+
+MPI add #85 large positive + positive
 mbedtls_mpi_add_mpi:"1230000000000000000":"7b":"123000000000000007b"
 
-MPI add #52 large positive + negative
+MPI add #86 large positive + negative , result>0
 mbedtls_mpi_add_mpi:"1230000000000000000":"-7b":"122ffffffffffffff85"
 
-MPI add #53 large positive + positive with leading zero limb
+MPI add #87 large positive + positive with leading zero limb
 mbedtls_mpi_add_mpi:"1230000000000000000":"0000000000000000123":"1230000000000000123"
 
-MPI add #54 large positive + negative with leading zero limb
+MPI add #88 large positive + negative with leading zero limb , result>0
 mbedtls_mpi_add_mpi:"1230000000000000000":"-0000000000000000123":"122fffffffffffffedd"
 
-MPI add #55 large positive + large positive
+MPI add #89 large positive + large positive
 mbedtls_mpi_add_mpi:"1230000000000000000":"1230000000000000000":"2460000000000000000"
 
-MPI add #56 large positive + large negative
+MPI add #90 large positive + large negative , result=0
 mbedtls_mpi_add_mpi:"1230000000000000000":"-1230000000000000000":"0"
 
-MPI add #57 large negative + 0 (null)
+MPI add #91 large negative + 0 (null)
 mbedtls_mpi_add_mpi:"-1230000000000000000":"":"-1230000000000000000"
 
-MPI add #58 large negative + 0 (1 limb)
+MPI add #92 large negative + 0 (1 limb)
 mbedtls_mpi_add_mpi:"-1230000000000000000":"0":"-1230000000000000000"
 
-MPI add #59 large negative + positive
+MPI add #93 large negative + negative 0 (null)
+mbedtls_mpi_add_mpi:"-1230000000000000000":"-":"-1230000000000000000"
+
+MPI add #94 large negative + negative with leading zero limb
+mbedtls_mpi_add_mpi:"-1230000000000000000":"-0":"-1230000000000000000"
+
+MPI add #95 large negative + positive , result<0
 mbedtls_mpi_add_mpi:"-1230000000000000000":"7b":"-122ffffffffffffff85"
 
-MPI add #60 large negative + negative
+MPI add #96 large negative + negative
 mbedtls_mpi_add_mpi:"-1230000000000000000":"-7b":"-123000000000000007b"
 
-MPI add #61 large negative + positive with leading zero limb
+MPI add #97 large negative + positive with leading zero limb , result<0
 mbedtls_mpi_add_mpi:"-1230000000000000000":"0000000000000000123":"-122fffffffffffffedd"
 
-MPI add #62 large negative + negative with leading zero limb
+MPI add #98 large negative + negative with leading zero limb
 mbedtls_mpi_add_mpi:"-1230000000000000000":"-0000000000000000123":"-1230000000000000123"
 
-MPI add #63 large negative + large positive
+MPI add #99 large negative + large positive , result=0
 mbedtls_mpi_add_mpi:"-1230000000000000000":"1230000000000000000":"0"
 
-MPI add #64 large negative + large negative
+MPI add #100 large negative + large negative
 mbedtls_mpi_add_mpi:"-1230000000000000000":"-1230000000000000000":"-2460000000000000000"
 
-MPI add #65 large positive + large positive
+MPI add #101 large positive + large positive
 mbedtls_mpi_add_mpi:"1c67967269c6":"1c67967269c6":"38cf2ce4d38c"
 
-MPI add #66 large positive + positive
+MPI add #102 large positive + positive
 mbedtls_mpi_add_mpi:"1c67967269c6":"9cde3":"1c67967c37a9"
 
-MPI add #67 large positive + large negative
+MPI add #103 large positive + large negative , result=0
 mbedtls_mpi_add_mpi:"1c67967269c6":"-1c67967269c6":"0"
 
-MPI add #68 large positive + negative
+MPI add #104 large positive + negative , result>0
 mbedtls_mpi_add_mpi:"1c67967269c6":"-9cde3":"1c6796689be3"
 
-MPI add #69 positive + large positive
+MPI add #105 positive + large positive
 mbedtls_mpi_add_mpi:"9cde3":"1c67967269c6":"1c67967c37a9"
 
-MPI add #70 positive + positive
+MPI add #106 positive + positive
 mbedtls_mpi_add_mpi:"9cde3":"9cde3":"139bc6"
 
-MPI add #71 positive + large negative
+MPI add #107 positive + large negative , result<0
 mbedtls_mpi_add_mpi:"9cde3":"-1c67967269c6":"-1c6796689be3"
 
-MPI add #72 positive + negative
+MPI add #108 positive + negative , result=0
 mbedtls_mpi_add_mpi:"9cde3":"-9cde3":"0"
 
-MPI add #73 large negative + large positive
+MPI add #109 large negative + large positive , result=0
 mbedtls_mpi_add_mpi:"-1c67967269c6":"1c67967269c6":"0"
 
-MPI add #74 large negative + positive
+MPI add #110 large negative + positive , result<0
 mbedtls_mpi_add_mpi:"-1c67967269c6":"9cde3":"-1c6796689be3"
 
-MPI add #75 large negative + large negative
+MPI add #111 large negative + large negative
 mbedtls_mpi_add_mpi:"-1c67967269c6":"-1c67967269c6":"-38cf2ce4d38c"
 
-MPI add #76 large negative + negative
+MPI add #112 large negative + negative
 mbedtls_mpi_add_mpi:"-1c67967269c6":"-9cde3":"-1c67967c37a9"
 
-MPI add #77 negative + large positive
+MPI add #113 negative + large positive , result>0
 mbedtls_mpi_add_mpi:"-9cde3":"1c67967269c6":"1c6796689be3"
 
-MPI add #78 negative + positive
+MPI add #114 negative + positive , result=0
 mbedtls_mpi_add_mpi:"-9cde3":"9cde3":"0"
 
-MPI add #79 negative + large negative
+MPI add #115 negative + large negative
 mbedtls_mpi_add_mpi:"-9cde3":"-1c67967269c6":"-1c67967c37a9"
 
-MPI add #80 negative + negative
+MPI add #116 negative + negative
 mbedtls_mpi_add_mpi:"-9cde3":"-9cde3":"-139bc6"
 
 MPI compare #1 0 (null) == 0 (null)
@@ -246,202 +354,310 @@ mbedtls_mpi_cmp_mpi:"":"":0
 MPI compare #2 0 (null) == 0 (1 limb)
 mbedtls_mpi_cmp_mpi:"":"0":0
 
-MPI compare #3 0 (null) < positive
+MPI compare #3 0 (null) == negative 0 (null)
+mbedtls_mpi_cmp_mpi:"":"-":0
+
+MPI compare #4 0 (null) == negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"":"-0":0
+
+MPI compare #5 0 (null) < positive
 mbedtls_mpi_cmp_mpi:"":"7b":-1
 
-MPI compare #4 0 (null) > negative
+MPI compare #6 0 (null) > negative
 mbedtls_mpi_cmp_mpi:"":"-7b":1
 
-MPI compare #5 0 (null) < positive with leading zero limb
+MPI compare #7 0 (null) < positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"":"0000000000000000123":-1
 
-MPI compare #6 0 (null) > negative with leading zero limb
+MPI compare #8 0 (null) > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"":"-0000000000000000123":1
 
-MPI compare #7 0 (null) < large positive
+MPI compare #9 0 (null) < large positive
 mbedtls_mpi_cmp_mpi:"":"1230000000000000000":-1
 
-MPI compare #8 0 (null) > large negative
+MPI compare #10 0 (null) > large negative
 mbedtls_mpi_cmp_mpi:"":"-1230000000000000000":1
 
-MPI compare #9 0 (1 limb) == 0 (null)
+MPI compare #11 0 (1 limb) == 0 (null)
 mbedtls_mpi_cmp_mpi:"0":"":0
 
-MPI compare #10 0 (1 limb) == 0 (1 limb)
+MPI compare #12 0 (1 limb) == 0 (1 limb)
 mbedtls_mpi_cmp_mpi:"0":"0":0
 
-MPI compare #11 0 (1 limb) < positive
+MPI compare #13 0 (1 limb) == negative 0 (null)
+mbedtls_mpi_cmp_mpi:"0":"-":0
+
+MPI compare #14 0 (1 limb) == negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"0":"-0":0
+
+MPI compare #15 0 (1 limb) < positive
 mbedtls_mpi_cmp_mpi:"0":"7b":-1
 
-MPI compare #12 0 (1 limb) > negative
+MPI compare #16 0 (1 limb) > negative
 mbedtls_mpi_cmp_mpi:"0":"-7b":1
 
-MPI compare #13 0 (1 limb) < positive with leading zero limb
+MPI compare #17 0 (1 limb) < positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"0":"0000000000000000123":-1
 
-MPI compare #14 0 (1 limb) > negative with leading zero limb
+MPI compare #18 0 (1 limb) > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"0":"-0000000000000000123":1
 
-MPI compare #15 0 (1 limb) < large positive
+MPI compare #19 0 (1 limb) < large positive
 mbedtls_mpi_cmp_mpi:"0":"1230000000000000000":-1
 
-MPI compare #16 0 (1 limb) > large negative
+MPI compare #20 0 (1 limb) > large negative
 mbedtls_mpi_cmp_mpi:"0":"-1230000000000000000":1
 
-MPI compare #17 positive > 0 (null)
+MPI compare #21 negative 0 (null) == 0 (null)
+mbedtls_mpi_cmp_mpi:"-":"":0
+
+MPI compare #22 negative 0 (null) == 0 (1 limb)
+mbedtls_mpi_cmp_mpi:"-":"0":0
+
+MPI compare #23 negative 0 (null) == negative 0 (null)
+mbedtls_mpi_cmp_mpi:"-":"-":0
+
+MPI compare #24 negative 0 (null) == negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"-":"-0":0
+
+MPI compare #25 negative 0 (null) < positive
+mbedtls_mpi_cmp_mpi:"-":"7b":-1
+
+MPI compare #26 negative 0 (null) > negative
+mbedtls_mpi_cmp_mpi:"-":"-7b":1
+
+MPI compare #27 negative 0 (null) < positive with leading zero limb
+mbedtls_mpi_cmp_mpi:"-":"0000000000000000123":-1
+
+MPI compare #28 negative 0 (null) > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"-":"-0000000000000000123":1
+
+MPI compare #29 negative 0 (null) < large positive
+mbedtls_mpi_cmp_mpi:"-":"1230000000000000000":-1
+
+MPI compare #30 negative 0 (null) > large negative
+mbedtls_mpi_cmp_mpi:"-":"-1230000000000000000":1
+
+MPI compare #31 negative with leading zero limb == 0 (null)
+mbedtls_mpi_cmp_mpi:"-0":"":0
+
+MPI compare #32 negative with leading zero limb == 0 (1 limb)
+mbedtls_mpi_cmp_mpi:"-0":"0":0
+
+MPI compare #33 negative with leading zero limb == negative 0 (null)
+mbedtls_mpi_cmp_mpi:"-0":"-":0
+
+MPI compare #34 negative with leading zero limb == negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"-0":"-0":0
+
+MPI compare #35 negative with leading zero limb < positive
+mbedtls_mpi_cmp_mpi:"-0":"7b":-1
+
+MPI compare #36 negative with leading zero limb > negative
+mbedtls_mpi_cmp_mpi:"-0":"-7b":1
+
+MPI compare #37 negative with leading zero limb < positive with leading zero limb
+mbedtls_mpi_cmp_mpi:"-0":"0000000000000000123":-1
+
+MPI compare #38 negative with leading zero limb > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"-0":"-0000000000000000123":1
+
+MPI compare #39 negative with leading zero limb < large positive
+mbedtls_mpi_cmp_mpi:"-0":"1230000000000000000":-1
+
+MPI compare #40 negative with leading zero limb > large negative
+mbedtls_mpi_cmp_mpi:"-0":"-1230000000000000000":1
+
+MPI compare #41 positive > 0 (null)
 mbedtls_mpi_cmp_mpi:"7b":"":1
 
-MPI compare #18 positive > 0 (1 limb)
+MPI compare #42 positive > 0 (1 limb)
 mbedtls_mpi_cmp_mpi:"7b":"0":1
 
-MPI compare #19 positive == positive
+MPI compare #43 positive > negative 0 (null)
+mbedtls_mpi_cmp_mpi:"7b":"-":1
+
+MPI compare #44 positive > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"7b":"-0":1
+
+MPI compare #45 positive == positive
 mbedtls_mpi_cmp_mpi:"7b":"7b":0
 
-MPI compare #20 positive > negative
+MPI compare #46 positive > negative
 mbedtls_mpi_cmp_mpi:"7b":"-7b":1
 
-MPI compare #21 positive < positive with leading zero limb
+MPI compare #47 positive < positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"7b":"0000000000000000123":-1
 
-MPI compare #22 positive > negative with leading zero limb
+MPI compare #48 positive > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"7b":"-0000000000000000123":1
 
-MPI compare #23 positive < large positive
+MPI compare #49 positive < large positive
 mbedtls_mpi_cmp_mpi:"7b":"1230000000000000000":-1
 
-MPI compare #24 positive > large negative
+MPI compare #50 positive > large negative
 mbedtls_mpi_cmp_mpi:"7b":"-1230000000000000000":1
 
-MPI compare #25 negative < 0 (null)
+MPI compare #51 negative < 0 (null)
 mbedtls_mpi_cmp_mpi:"-7b":"":-1
 
-MPI compare #26 negative < 0 (1 limb)
+MPI compare #52 negative < 0 (1 limb)
 mbedtls_mpi_cmp_mpi:"-7b":"0":-1
 
-MPI compare #27 negative < positive
+MPI compare #53 negative < negative 0 (null)
+mbedtls_mpi_cmp_mpi:"-7b":"-":-1
+
+MPI compare #54 negative < negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"-7b":"-0":-1
+
+MPI compare #55 negative < positive
 mbedtls_mpi_cmp_mpi:"-7b":"7b":-1
 
-MPI compare #28 negative == negative
+MPI compare #56 negative == negative
 mbedtls_mpi_cmp_mpi:"-7b":"-7b":0
 
-MPI compare #29 negative < positive with leading zero limb
+MPI compare #57 negative < positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"-7b":"0000000000000000123":-1
 
-MPI compare #30 negative > negative with leading zero limb
+MPI compare #58 negative > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"-7b":"-0000000000000000123":1
 
-MPI compare #31 negative < large positive
+MPI compare #59 negative < large positive
 mbedtls_mpi_cmp_mpi:"-7b":"1230000000000000000":-1
 
-MPI compare #32 negative > large negative
+MPI compare #60 negative > large negative
 mbedtls_mpi_cmp_mpi:"-7b":"-1230000000000000000":1
 
-MPI compare #33 positive with leading zero limb > 0 (null)
+MPI compare #61 positive with leading zero limb > 0 (null)
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"":1
 
-MPI compare #34 positive with leading zero limb > 0 (1 limb)
+MPI compare #62 positive with leading zero limb > 0 (1 limb)
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"0":1
 
-MPI compare #35 positive with leading zero limb > positive
+MPI compare #63 positive with leading zero limb > negative 0 (null)
+mbedtls_mpi_cmp_mpi:"0000000000000000123":"-":1
+
+MPI compare #64 positive with leading zero limb > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"0000000000000000123":"-0":1
+
+MPI compare #65 positive with leading zero limb > positive
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"7b":1
 
-MPI compare #36 positive with leading zero limb > negative
+MPI compare #66 positive with leading zero limb > negative
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"-7b":1
 
-MPI compare #37 positive with leading zero limb == positive with leading zero limb
+MPI compare #67 positive with leading zero limb == positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"0000000000000000123":0
 
-MPI compare #38 positive with leading zero limb > negative with leading zero limb
+MPI compare #68 positive with leading zero limb > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"-0000000000000000123":1
 
-MPI compare #39 positive with leading zero limb < large positive
+MPI compare #69 positive with leading zero limb < large positive
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"1230000000000000000":-1
 
-MPI compare #40 positive with leading zero limb > large negative
+MPI compare #70 positive with leading zero limb > large negative
 mbedtls_mpi_cmp_mpi:"0000000000000000123":"-1230000000000000000":1
 
-MPI compare #41 negative with leading zero limb < 0 (null)
+MPI compare #71 negative with leading zero limb < 0 (null)
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"":-1
 
-MPI compare #42 negative with leading zero limb < 0 (1 limb)
+MPI compare #72 negative with leading zero limb < 0 (1 limb)
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"0":-1
 
-MPI compare #43 negative with leading zero limb < positive
+MPI compare #73 negative with leading zero limb < negative 0 (null)
+mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-":-1
+
+MPI compare #74 negative with leading zero limb < negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-0":-1
+
+MPI compare #75 negative with leading zero limb < positive
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"7b":-1
 
-MPI compare #44 negative with leading zero limb < negative
+MPI compare #76 negative with leading zero limb < negative
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-7b":-1
 
-MPI compare #45 negative with leading zero limb < positive with leading zero limb
+MPI compare #77 negative with leading zero limb < positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"0000000000000000123":-1
 
-MPI compare #46 negative with leading zero limb == negative with leading zero limb
+MPI compare #78 negative with leading zero limb == negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-0000000000000000123":0
 
-MPI compare #47 negative with leading zero limb < large positive
+MPI compare #79 negative with leading zero limb < large positive
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"1230000000000000000":-1
 
-MPI compare #48 negative with leading zero limb > large negative
+MPI compare #80 negative with leading zero limb > large negative
 mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-1230000000000000000":1
 
-MPI compare #49 large positive > 0 (null)
+MPI compare #81 large positive > 0 (null)
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"":1
 
-MPI compare #50 large positive > 0 (1 limb)
+MPI compare #82 large positive > 0 (1 limb)
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"0":1
 
-MPI compare #51 large positive > positive
+MPI compare #83 large positive > negative 0 (null)
+mbedtls_mpi_cmp_mpi:"1230000000000000000":"-":1
+
+MPI compare #84 large positive > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"1230000000000000000":"-0":1
+
+MPI compare #85 large positive > positive
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"7b":1
 
-MPI compare #52 large positive > negative
+MPI compare #86 large positive > negative
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"-7b":1
 
-MPI compare #53 large positive > positive with leading zero limb
+MPI compare #87 large positive > positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"0000000000000000123":1
 
-MPI compare #54 large positive > negative with leading zero limb
+MPI compare #88 large positive > negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"-0000000000000000123":1
 
-MPI compare #55 large positive == large positive
+MPI compare #89 large positive == large positive
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"1230000000000000000":0
 
-MPI compare #56 large positive > large negative
+MPI compare #90 large positive > large negative
 mbedtls_mpi_cmp_mpi:"1230000000000000000":"-1230000000000000000":1
 
-MPI compare #57 large negative < 0 (null)
+MPI compare #91 large negative < 0 (null)
 mbedtls_mpi_cmp_mpi:"-1230000000000000000":"":-1
 
-MPI compare #58 large negative < 0 (1 limb)
+MPI compare #92 large negative < 0 (1 limb)
 mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0":-1
 
-MPI compare #59 large negative < positive
+MPI compare #93 large negative < negative 0 (null)
+mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-":-1
+
+MPI compare #94 large negative < negative with leading zero limb
+mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-0":-1
+
+MPI compare #95 large negative < positive
 mbedtls_mpi_cmp_mpi:"-1230000000000000000":"7b":-1
 
-MPI compare #60 large negative < negative
+MPI compare #96 large negative < negative
 mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-7b":-1
 
-MPI compare #61 large negative < positive with leading zero limb
+MPI compare #97 large negative < positive with leading zero limb
 mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0000000000000000123":-1
 
-MPI compare #62 large negative < negative with leading zero limb
+MPI compare #98 large negative < negative with leading zero limb
 mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-0000000000000000123":-1
 
-MPI compare #63 large negative < large positive
+MPI compare #99 large negative < large positive
 mbedtls_mpi_cmp_mpi:"-1230000000000000000":"1230000000000000000":-1
 
-MPI compare #64 large negative == large negative
+MPI compare #100 large negative == large negative
 mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-1230000000000000000":0
 
-MPI compare #65 negative > negative
+MPI compare #101 negative > negative
 mbedtls_mpi_cmp_mpi:"-2":"-3":1
 
-MPI compare #66 negative == negative
+MPI compare #102 negative == negative
 mbedtls_mpi_cmp_mpi:"-2":"-2":0
 
-MPI compare #67 positive < positive
+MPI compare #103 positive < positive
 mbedtls_mpi_cmp_mpi:"2b4":"2b5":-1
 
-MPI compare #68 positive < positive
+MPI compare #104 positive < positive
 mbedtls_mpi_cmp_mpi:"2b5":"2b6":-1
 
 MPI compare (abs) #1 0 (null) == 0 (null)
@@ -450,202 +666,310 @@ mbedtls_mpi_cmp_abs:"":"":0
 MPI compare (abs) #2 0 (null) == 0 (1 limb)
 mbedtls_mpi_cmp_abs:"":"0":0
 
-MPI compare (abs) #3 0 (null) < positive
+MPI compare (abs) #3 0 (null) == 0 (null)
+mbedtls_mpi_cmp_abs:"":"":0
+
+MPI compare (abs) #4 0 (null) == 0 (1 limb)
+mbedtls_mpi_cmp_abs:"":"0":0
+
+MPI compare (abs) #5 0 (null) < positive
 mbedtls_mpi_cmp_abs:"":"7b":-1
 
-MPI compare (abs) #4 0 (null) < positive
+MPI compare (abs) #6 0 (null) < positive
 mbedtls_mpi_cmp_abs:"":"7b":-1
 
-MPI compare (abs) #5 0 (null) < positive with leading zero limb
+MPI compare (abs) #7 0 (null) < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1
 
-MPI compare (abs) #6 0 (null) < positive with leading zero limb
+MPI compare (abs) #8 0 (null) < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1
 
-MPI compare (abs) #7 0 (null) < large positive
+MPI compare (abs) #9 0 (null) < large positive
 mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
 
-MPI compare (abs) #8 0 (null) < large positive
+MPI compare (abs) #10 0 (null) < large positive
 mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
 
-MPI compare (abs) #9 0 (1 limb) == 0 (null)
+MPI compare (abs) #11 0 (1 limb) == 0 (null)
 mbedtls_mpi_cmp_abs:"0":"":0
 
-MPI compare (abs) #10 0 (1 limb) == 0 (1 limb)
+MPI compare (abs) #12 0 (1 limb) == 0 (1 limb)
 mbedtls_mpi_cmp_abs:"0":"0":0
 
-MPI compare (abs) #11 0 (1 limb) < positive
+MPI compare (abs) #13 0 (1 limb) == 0 (null)
+mbedtls_mpi_cmp_abs:"0":"":0
+
+MPI compare (abs) #14 0 (1 limb) == 0 (1 limb)
+mbedtls_mpi_cmp_abs:"0":"0":0
+
+MPI compare (abs) #15 0 (1 limb) < positive
 mbedtls_mpi_cmp_abs:"0":"7b":-1
 
-MPI compare (abs) #12 0 (1 limb) < positive
+MPI compare (abs) #16 0 (1 limb) < positive
 mbedtls_mpi_cmp_abs:"0":"7b":-1
 
-MPI compare (abs) #13 0 (1 limb) < positive with leading zero limb
+MPI compare (abs) #17 0 (1 limb) < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
 
-MPI compare (abs) #14 0 (1 limb) < positive with leading zero limb
+MPI compare (abs) #18 0 (1 limb) < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
 
-MPI compare (abs) #15 0 (1 limb) < large positive
+MPI compare (abs) #19 0 (1 limb) < large positive
 mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
 
-MPI compare (abs) #16 0 (1 limb) < large positive
+MPI compare (abs) #20 0 (1 limb) < large positive
 mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
 
-MPI compare (abs) #17 positive > 0 (null)
+MPI compare (abs) #21 0 (null) == 0 (null)
+mbedtls_mpi_cmp_abs:"":"":0
+
+MPI compare (abs) #22 0 (null) == 0 (1 limb)
+mbedtls_mpi_cmp_abs:"":"0":0
+
+MPI compare (abs) #23 0 (null) == 0 (null)
+mbedtls_mpi_cmp_abs:"":"":0
+
+MPI compare (abs) #24 0 (null) == 0 (1 limb)
+mbedtls_mpi_cmp_abs:"":"0":0
+
+MPI compare (abs) #25 0 (null) < positive
+mbedtls_mpi_cmp_abs:"":"7b":-1
+
+MPI compare (abs) #26 0 (null) < positive
+mbedtls_mpi_cmp_abs:"":"7b":-1
+
+MPI compare (abs) #27 0 (null) < positive with leading zero limb
+mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1
+
+MPI compare (abs) #28 0 (null) < positive with leading zero limb
+mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1
+
+MPI compare (abs) #29 0 (null) < large positive
+mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
+
+MPI compare (abs) #30 0 (null) < large positive
+mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
+
+MPI compare (abs) #31 0 (1 limb) == 0 (null)
+mbedtls_mpi_cmp_abs:"0":"":0
+
+MPI compare (abs) #32 0 (1 limb) == 0 (1 limb)
+mbedtls_mpi_cmp_abs:"0":"0":0
+
+MPI compare (abs) #33 0 (1 limb) == 0 (null)
+mbedtls_mpi_cmp_abs:"0":"":0
+
+MPI compare (abs) #34 0 (1 limb) == 0 (1 limb)
+mbedtls_mpi_cmp_abs:"0":"0":0
+
+MPI compare (abs) #35 0 (1 limb) < positive
+mbedtls_mpi_cmp_abs:"0":"7b":-1
+
+MPI compare (abs) #36 0 (1 limb) < positive
+mbedtls_mpi_cmp_abs:"0":"7b":-1
+
+MPI compare (abs) #37 0 (1 limb) < positive with leading zero limb
+mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
+
+MPI compare (abs) #38 0 (1 limb) < positive with leading zero limb
+mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
+
+MPI compare (abs) #39 0 (1 limb) < large positive
+mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
+
+MPI compare (abs) #40 0 (1 limb) < large positive
+mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
+
+MPI compare (abs) #41 positive > 0 (null)
 mbedtls_mpi_cmp_abs:"7b":"":1
 
-MPI compare (abs) #18 positive > 0 (1 limb)
+MPI compare (abs) #42 positive > 0 (1 limb)
 mbedtls_mpi_cmp_abs:"7b":"0":1
 
-MPI compare (abs) #19 positive == positive
-mbedtls_mpi_cmp_abs:"7b":"7b":0
-
-MPI compare (abs) #20 positive == positive
-mbedtls_mpi_cmp_abs:"7b":"7b":0
-
-MPI compare (abs) #21 positive < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
-
-MPI compare (abs) #22 positive < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
-
-MPI compare (abs) #23 positive < large positive
-mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
-
-MPI compare (abs) #24 positive < large positive
-mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
-
-MPI compare (abs) #25 positive > 0 (null)
+MPI compare (abs) #43 positive > 0 (null)
 mbedtls_mpi_cmp_abs:"7b":"":1
 
-MPI compare (abs) #26 positive > 0 (1 limb)
+MPI compare (abs) #44 positive > 0 (1 limb)
 mbedtls_mpi_cmp_abs:"7b":"0":1
 
-MPI compare (abs) #27 positive == positive
+MPI compare (abs) #45 positive == positive
 mbedtls_mpi_cmp_abs:"7b":"7b":0
 
-MPI compare (abs) #28 positive == positive
+MPI compare (abs) #46 positive == positive
 mbedtls_mpi_cmp_abs:"7b":"7b":0
 
-MPI compare (abs) #29 positive < positive with leading zero limb
+MPI compare (abs) #47 positive < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
 
-MPI compare (abs) #30 positive < positive with leading zero limb
+MPI compare (abs) #48 positive < positive with leading zero limb
 mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
 
-MPI compare (abs) #31 positive < large positive
+MPI compare (abs) #49 positive < large positive
 mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
 
-MPI compare (abs) #32 positive < large positive
+MPI compare (abs) #50 positive < large positive
 mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
 
-MPI compare (abs) #33 positive with leading zero limb > 0 (null)
+MPI compare (abs) #51 positive > 0 (null)
+mbedtls_mpi_cmp_abs:"7b":"":1
+
+MPI compare (abs) #52 positive > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"7b":"0":1
+
+MPI compare (abs) #53 positive > 0 (null)
+mbedtls_mpi_cmp_abs:"7b":"":1
+
+MPI compare (abs) #54 positive > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"7b":"0":1
+
+MPI compare (abs) #55 positive == positive
+mbedtls_mpi_cmp_abs:"7b":"7b":0
+
+MPI compare (abs) #56 positive == positive
+mbedtls_mpi_cmp_abs:"7b":"7b":0
+
+MPI compare (abs) #57 positive < positive with leading zero limb
+mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
+
+MPI compare (abs) #58 positive < positive with leading zero limb
+mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
+
+MPI compare (abs) #59 positive < large positive
+mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
+
+MPI compare (abs) #60 positive < large positive
+mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
+
+MPI compare (abs) #61 positive with leading zero limb > 0 (null)
 mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
 
-MPI compare (abs) #34 positive with leading zero limb > 0 (1 limb)
+MPI compare (abs) #62 positive with leading zero limb > 0 (1 limb)
 mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
 
-MPI compare (abs) #35 positive with leading zero limb > positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
-
-MPI compare (abs) #36 positive with leading zero limb > positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
-
-MPI compare (abs) #37 positive with leading zero limb == positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
-
-MPI compare (abs) #38 positive with leading zero limb == positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
-
-MPI compare (abs) #39 positive with leading zero limb < large positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
-
-MPI compare (abs) #40 positive with leading zero limb < large positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
-
-MPI compare (abs) #41 positive with leading zero limb > 0 (null)
+MPI compare (abs) #63 positive with leading zero limb > 0 (null)
 mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
 
-MPI compare (abs) #42 positive with leading zero limb > 0 (1 limb)
+MPI compare (abs) #64 positive with leading zero limb > 0 (1 limb)
 mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
 
-MPI compare (abs) #43 positive with leading zero limb > positive
+MPI compare (abs) #65 positive with leading zero limb > positive
 mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
 
-MPI compare (abs) #44 positive with leading zero limb > positive
+MPI compare (abs) #66 positive with leading zero limb > positive
 mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
 
-MPI compare (abs) #45 positive with leading zero limb == positive with leading zero limb
+MPI compare (abs) #67 positive with leading zero limb == positive with leading zero limb
 mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
 
-MPI compare (abs) #46 positive with leading zero limb == positive with leading zero limb
+MPI compare (abs) #68 positive with leading zero limb == positive with leading zero limb
 mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
 
-MPI compare (abs) #47 positive with leading zero limb < large positive
+MPI compare (abs) #69 positive with leading zero limb < large positive
 mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
 
-MPI compare (abs) #48 positive with leading zero limb < large positive
+MPI compare (abs) #70 positive with leading zero limb < large positive
 mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
 
-MPI compare (abs) #49 large positive > 0 (null)
+MPI compare (abs) #71 positive with leading zero limb > 0 (null)
+mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
+
+MPI compare (abs) #72 positive with leading zero limb > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
+
+MPI compare (abs) #73 positive with leading zero limb > 0 (null)
+mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
+
+MPI compare (abs) #74 positive with leading zero limb > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
+
+MPI compare (abs) #75 positive with leading zero limb > positive
+mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+
+MPI compare (abs) #76 positive with leading zero limb > positive
+mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+
+MPI compare (abs) #77 positive with leading zero limb == positive with leading zero limb
+mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
+
+MPI compare (abs) #78 positive with leading zero limb == positive with leading zero limb
+mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
+
+MPI compare (abs) #79 positive with leading zero limb < large positive
+mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
+
+MPI compare (abs) #80 positive with leading zero limb < large positive
+mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
+
+MPI compare (abs) #81 large positive > 0 (null)
 mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
 
-MPI compare (abs) #50 large positive > 0 (1 limb)
+MPI compare (abs) #82 large positive > 0 (1 limb)
 mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
 
-MPI compare (abs) #51 large positive > positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
-
-MPI compare (abs) #52 large positive > positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
-
-MPI compare (abs) #53 large positive > positive with leading zero limb
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
-
-MPI compare (abs) #54 large positive > positive with leading zero limb
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
-
-MPI compare (abs) #55 large positive == large positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
-
-MPI compare (abs) #56 large positive == large positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
-
-MPI compare (abs) #57 large positive > 0 (null)
+MPI compare (abs) #83 large positive > 0 (null)
 mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
 
-MPI compare (abs) #58 large positive > 0 (1 limb)
+MPI compare (abs) #84 large positive > 0 (1 limb)
 mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
 
-MPI compare (abs) #59 large positive > positive
+MPI compare (abs) #85 large positive > positive
 mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
 
-MPI compare (abs) #60 large positive > positive
+MPI compare (abs) #86 large positive > positive
 mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
 
-MPI compare (abs) #61 large positive > positive with leading zero limb
+MPI compare (abs) #87 large positive > positive with leading zero limb
 mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
 
-MPI compare (abs) #62 large positive > positive with leading zero limb
+MPI compare (abs) #88 large positive > positive with leading zero limb
 mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
 
-MPI compare (abs) #63 large positive == large positive
+MPI compare (abs) #89 large positive == large positive
 mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
 
-MPI compare (abs) #64 large positive == large positive
+MPI compare (abs) #90 large positive == large positive
 mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
 
-MPI compare (abs) #65 positive < positive
+MPI compare (abs) #91 large positive > 0 (null)
+mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
+
+MPI compare (abs) #92 large positive > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
+
+MPI compare (abs) #93 large positive > 0 (null)
+mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
+
+MPI compare (abs) #94 large positive > 0 (1 limb)
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
+
+MPI compare (abs) #95 large positive > positive
+mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+
+MPI compare (abs) #96 large positive > positive
+mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+
+MPI compare (abs) #97 large positive > positive with leading zero limb
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+
+MPI compare (abs) #98 large positive > positive with leading zero limb
+mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+
+MPI compare (abs) #99 large positive == large positive
+mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
+
+MPI compare (abs) #100 large positive == large positive
+mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
+
+MPI compare (abs) #101 positive < positive
 mbedtls_mpi_cmp_abs:"2":"3":-1
 
-MPI compare (abs) #66 positive == positive
+MPI compare (abs) #102 positive == positive
 mbedtls_mpi_cmp_abs:"2":"2":0
 
-MPI compare (abs) #67 positive < positive
+MPI compare (abs) #103 positive < positive
 mbedtls_mpi_cmp_abs:"2b4":"2b5":-1
 
-MPI compare (abs) #68 positive < positive
+MPI compare (abs) #104 positive < positive
 mbedtls_mpi_cmp_abs:"2b5":"2b6":-1
 
 # End of automatically generated file.

From 83763ab6b161307fd4dcadf8fd7f6b1ace207693 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 10 Nov 2022 09:15:21 +0100
Subject: [PATCH 086/112] Pacify pylint

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/generate_bignum_tests.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
index 2cdd07d7ff..c76294ca53 100755
--- a/tests/scripts/generate_bignum_tests.py
+++ b/tests/scripts/generate_bignum_tests.py
@@ -55,7 +55,6 @@ of BaseTarget in test_data_generation.py.
 # limitations under the License.
 
 import sys
-import typing
 
 from abc import ABCMeta, abstractmethod
 from typing import Iterator, List, Tuple, TypeVar
@@ -71,7 +70,7 @@ def hex_to_int(val: str) -> int:
 
     This is a superset of what is accepted by mbedtls_test_read_mpi_core().
     """
-    if val == '' or val == '-':
+    if val in ['', '-']:
         return 0
     return int(val, 16)
 
@@ -121,6 +120,7 @@ class BignumOperation(BignumTarget, metaclass=ABCMeta):
         return [quote_str(self.arg_a), quote_str(self.arg_b), self.result()]
 
     def description_suffix(self) -> str:
+        #pylint: disable=no-self-use # derived classes need self
         """Text to add at the end of the test case description."""
         return ""
 

From f22f73ef4eca739ade02d1faa9db1b05bc7d45fd Mon Sep 17 00:00:00 2001
From: Aditya Deshpande <aditya.deshpande@arm.com>
Date: Thu, 10 Nov 2022 15:18:35 +0000
Subject: [PATCH 087/112] Fix issue in dh_genprime.c where the error code
 returned by mbedtls_mpi_write_file() is incorrectly reported on failure

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
---
 ChangeLog.d/fix_dh_genprime_error_reporting.txt | 4 ++++
 programs/pkey/dh_genprime.c                     | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 ChangeLog.d/fix_dh_genprime_error_reporting.txt

diff --git a/ChangeLog.d/fix_dh_genprime_error_reporting.txt b/ChangeLog.d/fix_dh_genprime_error_reporting.txt
new file mode 100644
index 0000000000..1c98947f3b
--- /dev/null
+++ b/ChangeLog.d/fix_dh_genprime_error_reporting.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Fix bug in error reporting in dh_genprime.c where upon failure,
+     the error code returned by mbedtls_mpi_write_file() is overwritten
+     and therefore not printed.
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 51f6971d29..84f498e337 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -161,8 +161,8 @@ int main( int argc, char **argv )
         goto exit;
     }
 
-    if( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 ) ||
-        ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) )
+    if( ( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) ) != 0 ) ||
+        ( ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) ) != 0 ) )
     {
         mbedtls_printf( " failed\n  ! mbedtls_mpi_write_file returned %d\n\n", ret );
         fclose( fout );

From c2c6fcbcc5162209bd320dedcdede69074d0daac Mon Sep 17 00:00:00 2001
From: Tom Cosgrove <tom.cosgrove@arm.com>
Date: Wed, 9 Nov 2022 12:59:33 +0000
Subject: [PATCH 088/112] Enable mpi_mod_int test case to take full-range MPI
 integers

Also add commented-out test cases that currently fail

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
---
 tests/suites/test_suite_bignum.function  | 37 +++++++++++++++++-----
 tests/suites/test_suite_bignum.misc.data | 40 +++++++++++++++++-------
 2 files changed, 58 insertions(+), 19 deletions(-)

diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index a53d0cb9a5..b1908dd0bb 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -1172,24 +1172,47 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_mod_int( char * input_X, int input_Y,
-                          int input_A, int div_result )
+void mbedtls_mpi_mod_int( char * input_X, char * input_Y,
+                          char * input_A, int mod_result )
 {
     mbedtls_mpi X;
+    mbedtls_mpi Y;
+    mbedtls_mpi A;
     int res;
     mbedtls_mpi_uint r;
-    mbedtls_mpi_init( &X );
 
-    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
-    res = mbedtls_mpi_mod_int( &r, &X, input_Y );
-    TEST_ASSERT( res == div_result );
+    mbedtls_mpi_init( &X );
+    mbedtls_mpi_init( &Y );
+    mbedtls_mpi_init( &A );
+
+    /* We use MPIs to read Y and A since the test framework limits us to
+     * ints, so we can't have 64-bit values */
+    TEST_EQUAL( mbedtls_test_read_mpi( &X, input_X ), 0 );
+    TEST_EQUAL( mbedtls_test_read_mpi( &Y, input_Y ), 0 );
+    TEST_EQUAL( mbedtls_test_read_mpi( &A, input_A ), 0 );
+
+    TEST_EQUAL( Y.n, 1 );
+    TEST_EQUAL( A.n, 1 );
+
+    /* Convert the MPIs for Y and A to signed mbedtls_mpi_uints */
+    mbedtls_mpi_uint y = Y.p[0];
+    if( Y.s == -1 )
+        y = -y;
+    mbedtls_mpi_uint a = A.p[0];
+    if( A.s == -1 )
+        a = -a;
+
+    res = mbedtls_mpi_mod_int( &r, &X, y );
+    TEST_EQUAL( res, mod_result );
     if( res == 0 )
     {
-        TEST_ASSERT( r == (mbedtls_mpi_uint) input_A );
+        TEST_EQUAL( r, a );
     }
 
 exit:
     mbedtls_mpi_free( &X );
+    mbedtls_mpi_free( &Y );
+    mbedtls_mpi_free( &A );
 }
 /* END_CASE */
 
diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data
index 8bb5e772c6..dfe299e591 100644
--- a/tests/suites/test_suite_bignum.misc.data
+++ b/tests/suites/test_suite_bignum.misc.data
@@ -1202,40 +1202,56 @@ Test mbedtls_mpi_mod_mpi: 0 (null) % -1
 mbedtls_mpi_mod_mpi:"":"-1":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 
 Base test mbedtls_mpi_mod_int #1
-mbedtls_mpi_mod_int:"3e8":13:12:0
+mbedtls_mpi_mod_int:"3e8":"d":"c":0
 
 Base test mbedtls_mpi_mod_int #2 (Divide by zero)
-mbedtls_mpi_mod_int:"3e8":0:0:MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mbedtls_mpi_mod_int:"3e8":"0":"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
 
 Base test mbedtls_mpi_mod_int #3
-mbedtls_mpi_mod_int:"-3e8":13:1:0
+mbedtls_mpi_mod_int:"-3e8":"d":"1":0
 
 Base test mbedtls_mpi_mod_int #4 (Negative modulo)
-mbedtls_mpi_mod_int:"3e8":-13:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mbedtls_mpi_mod_int:"3e8":"-d":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 
 Base test mbedtls_mpi_mod_int #5 (Negative modulo)
-mbedtls_mpi_mod_int:"-3e8":-13:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mbedtls_mpi_mod_int:"-3e8":"-d":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 
 Base test mbedtls_mpi_mod_int #6 (By 1)
-mbedtls_mpi_mod_int:"3e8":1:0:0
+mbedtls_mpi_mod_int:"3e8":"1":"0":0
 
 Base test mbedtls_mpi_mod_int #7 (By 2)
-mbedtls_mpi_mod_int:"3e9":2:1:0
+mbedtls_mpi_mod_int:"3e9":"2":"1":0
 
 Base test mbedtls_mpi_mod_int #8 (By 2)
-mbedtls_mpi_mod_int:"3e8":2:0:0
+mbedtls_mpi_mod_int:"3e8":"2":"0":0
 
 Test mbedtls_mpi_mod_int: 0 (null) % 1
-mbedtls_mpi_mod_int:"":1:0:0
+mbedtls_mpi_mod_int:"":"1":"0":0
 
 Test mbedtls_mpi_mod_int: 0 (null) % 2
-mbedtls_mpi_mod_int:"":2:0:0
+mbedtls_mpi_mod_int:"":"2":"0":0
 
 Test mbedtls_mpi_mod_int: 0 (null) % -1
-mbedtls_mpi_mod_int:"":-1:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mbedtls_mpi_mod_int:"":"-1":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 
 Test mbedtls_mpi_mod_int: 0 (null) % -2
-mbedtls_mpi_mod_int:"":-2:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mbedtls_mpi_mod_int:"":"-2":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
+# CURRENTLY FAILS
+#Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810
+#depends_on:MBEDTLS_HAVE_INT64
+#mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0
+
+Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810
+mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0
+
+# CURRENTLY FAILS WHEN MPIS ARE 32-BIT: WHEN FIXED, REMOVE "depends_on" LINE
+Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 1205652040 -> 3644370
+depends_on:MBEDTLS_HAVE_INT64
+mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
+
+Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 1205652040 -> 3644370
+mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
 
 Base test mbedtls_mpi_exp_mod #1
 mbedtls_mpi_exp_mod:"17":"d":"1d":"18":0

From 5c307b9bbe2338e0e7bfec3a2b056fbaac3a556d Mon Sep 17 00:00:00 2001
From: Tom Cosgrove <tom.cosgrove@arm.com>
Date: Thu, 10 Nov 2022 12:05:55 +0000
Subject: [PATCH 089/112] Use mbedtls_mpi_sint not mbedtls_mpi_uint in
 mpi_mod_int test

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
---
 tests/suites/test_suite_bignum.function | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index b1908dd0bb..7f8c9371a7 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -1194,11 +1194,21 @@ void mbedtls_mpi_mod_int( char * input_X, char * input_Y,
     TEST_EQUAL( Y.n, 1 );
     TEST_EQUAL( A.n, 1 );
 
-    /* Convert the MPIs for Y and A to signed mbedtls_mpi_uints */
-    mbedtls_mpi_uint y = Y.p[0];
+    /* Convert the MPIs for Y and A to (signed) mbedtls_mpi_sints */
+
+    /* Since we're converting sign+magnitude to two's complement, we lose one
+     * bit of value in the output. This means there are some values we can't
+     * represent, e.g. (hex) -A0000000 on 32-bit systems. These are technically
+     * invalid test cases, so could be considered "won't happen", but they are
+     * easy to test for, and this helps guard against human error. */
+
+    mbedtls_mpi_sint y = (mbedtls_mpi_sint) Y.p[0];
+    TEST_ASSERT( y >= 0 );      /* If y < 0 here, we can't make negative y */
     if( Y.s == -1 )
         y = -y;
-    mbedtls_mpi_uint a = A.p[0];
+
+    mbedtls_mpi_sint a = (mbedtls_mpi_sint) A.p[0];
+    TEST_ASSERT( a >= 0 );      /* Same goes for a */
     if( A.s == -1 )
         a = -a;
 

From 020ab7f0afecb5b2875ec15b0a8cbef7881d9bfa Mon Sep 17 00:00:00 2001
From: Tom Cosgrove <tom.cosgrove@arm.com>
Date: Thu, 10 Nov 2022 12:17:36 +0000
Subject: [PATCH 090/112] Add additional (would fail) test cases for
 mpi_mod_int with 0 remainder

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
---
 tests/suites/test_suite_bignum.misc.data | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data
index dfe299e591..51ea081922 100644
--- a/tests/suites/test_suite_bignum.misc.data
+++ b/tests/suites/test_suite_bignum.misc.data
@@ -1237,7 +1237,7 @@ mbedtls_mpi_mod_int:"":"-1":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 Test mbedtls_mpi_mod_int: 0 (null) % -2
 mbedtls_mpi_mod_int:"":"-2":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 
-# CURRENTLY FAILS
+# CURRENTLY FAILS - SEE GITHUB ISSUE #6540
 #Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810
 #depends_on:MBEDTLS_HAVE_INT64
 #mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0
@@ -1245,7 +1245,15 @@ mbedtls_mpi_mod_int:"":"-2":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810
 mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0
 
-# CURRENTLY FAILS WHEN MPIS ARE 32-BIT: WHEN FIXED, REMOVE "depends_on" LINE
+# CURRENTLY FAILS - SEE GITHUB ISSUE #6540
+#Test mbedtls_mpi_mod_int: 230772460340062999996714233870911201200 % 5178236083361335880 -> 0
+#depends_on:MBEDTLS_HAVE_INT64
+#mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":"47DCCA4847DCCA48":"0":0
+
+Test mbedtls_mpi_mod_mpi: 230772460340062999996714233870911201200 % 5178236083361335880 -> 0
+mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":"47DCCA4847DCCA48":"0":0
+
+# CURRENTLY FAILS WHEN MPIS ARE 32-BIT (ISSUE #6450): WHEN FIXED, REMOVE "depends_on" LINE
 Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 1205652040 -> 3644370
 depends_on:MBEDTLS_HAVE_INT64
 mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
@@ -1253,6 +1261,14 @@ mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
 Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 1205652040 -> 3644370
 mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
 
+# CURRENTLY FAILS WHEN MPIS ARE 32-BIT (ISSUE #6450): WHEN FIXED, REMOVE "depends_on" LINE
+Test mbedtls_mpi_mod_int: 230772460340063000000100500000296355640 % 1205652040 -> 0
+depends_on:MBEDTLS_HAVE_INT64
+mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980974738":"47DCCA48":"0":0
+
+Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000296355640 % 1205652040 -> 0
+mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980974738":"47DCCA48":"0":0
+
 Base test mbedtls_mpi_exp_mod #1
 mbedtls_mpi_exp_mod:"17":"d":"1d":"18":0
 

From d64123a17e00af0765dae522ecf0a72a8ab93155 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 11 Nov 2022 15:59:51 +0100
Subject: [PATCH 091/112] Fix autocucumber in documentation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/include/test/helpers.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index 6d23d10703..7a87c5b84d 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -366,7 +366,7 @@ void mbedtls_test_err_add_check( int high, int low,
  * - This function guarantees that if \p s begins with '-' then the sign
  *   bit of the result will be negative, even if the value is 0.
  *   When this function encounters such a "negative 0", it
- *   increments #mbedtls_test_read_mpi.
+ *   increments #mbedtls_test_case_uses_negative_0.
  * - The size of the result is exactly the minimum number of limbs needed
  *   to fit the digits in the input. In particular, this function constructs
  *   a bignum with 0 limbs for an empty string, and a bignum with leading 0

From d3f7df4b8a85a4df61fc0c60d9d996dfb64979fb Mon Sep 17 00:00:00 2001
From: Valerio Setti <vsetti@baylibre.com>
Date: Wed, 19 Oct 2022 15:14:29 +0200
Subject: [PATCH 092/112] Adding unit test for
 mbedtls_x509write_csr_set_extension()

The already existing "x509_csr_check()" function is extended in order
to support/test also CSR's extensions. The test is performed by
adding an extended key usage.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
---
 tests/data_files/Makefile                  |  5 ++
 tests/data_files/server1.req.sha256.ext    | 17 +++++++
 tests/suites/test_suite_x509write.data     | 30 +++++++-----
 tests/suites/test_suite_x509write.function | 56 +++++++++++++++++++++-
 4 files changed, 94 insertions(+), 14 deletions(-)
 create mode 100644 tests/data_files/server1.req.sha256.ext

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 49db4cab27..34af96f9aa 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -909,6 +909,11 @@ server1.req.sha256: server1.key
 	$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
 all_final += server1.req.sha256
 
+server1.req.sha256.ext: server1.key
+	# Generating this with OpenSSL as a comparison point to test we're getting the same result
+	openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth"
+all_final += server1.req.sha256.ext
+
 server1.req.sha384: server1.key
 	$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
 all_final += server1.req.sha384
diff --git a/tests/data_files/server1.req.sha256.ext b/tests/data_files/server1.req.sha256.ext
new file mode 100644
index 0000000000..3f26f09ef0
--- /dev/null
+++ b/tests/data_files/server1.req.sha256.ext
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpzCCAY8CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAmMCQGCSqGSIb3DQEJDjEX
+MBUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAHi0yEGu
+Fh5tuLiLuT95UrRnly55+lTY9xchFiKtlcoEdSheybYxqk3JHuSSqojOFKZBlRdk
+oG6Azg56/aMHPWyvtCMSRQX4b+FgjeQsm9IfhYNMquQOxyPxm62vjuU3MfZIofXH
+hKdI6Ci2CDF4Fyvw50KBWniV38eE9+kjsvDLdXD3ESZJGhjjuFl8ReUiA2wdBTcP
+XEZaXUIc6B4tUnlPeqn/2zp4GBqqWzNZx6TXBpApASGG3BEJnM52FVPC7E9p+8YZ
+qIGuiF5Cz/rYZkpwffBWIfS2zZakHLm5TB8FgZkWlyReJU9Ihk2Tl/sZ1kllFdYa
+xLPnLCL82KFL1Co=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 1c1cf30334..aa8b3cd263 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -1,54 +1,58 @@
 Certificate Request check Server1 SHA1
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0:0
 
 Certificate Request check Server1 SHA224
 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0:0
 
 Certificate Request check Server1 SHA256
 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0:0
 
 Certificate Request check Server1 SHA384
 depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0:0
 
 Certificate Request check Server1 SHA512
 depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0:0
 
 Certificate Request check Server1 MD4
 depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0:0
 
 Certificate Request check Server1 MD5
 depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0:0
 
 Certificate Request check Server1 key_usage
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0
 
 Certificate Request check Server1 key_usage empty
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0:0
 
 Certificate Request check Server1 ns_cert_type
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0
 
 Certificate Request check Server1 ns_cert_type empty
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1:0
 
 Certificate Request check Server1 key_usage + ns_cert_type
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0
 
 Certificate Request check Server5 ECDSA, key_usage
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0
+x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0
+
+Certificate Request check Server1, set_extension
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256.ext":MBEDTLS_MD_SHA256:0:0:0:0:1
 
 Certificate Request check opaque Server5 ECDSA, key_usage
 depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 12c8f399ad..b27a252183 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -5,6 +5,7 @@
 #include "mbedtls/pem.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/rsa.h"
+#include "mbedtls/asn1write.h"
 
 #if defined(MBEDTLS_RSA_C)
 int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
@@ -68,6 +69,56 @@ cleanup:
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
 
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+
+/*
+ * The size of this temporary buffer is given by the sequence of functions
+ * called hereinafter:
+ * - mbedtls_asn1_write_oid()
+ *     - 8 bytes for MBEDTLS_OID_EXTENDED_KEY_USAGE raw value
+ *     - 1 byte for MBEDTLS_OID_EXTENDED_KEY_USAGE length
+ *     - 1 byte for MBEDTLS_ASN1_OID tag
+ * - mbedtls_asn1_write_len()
+ *     - 1 byte since we're dealing with sizes which are less than 0x80
+ * - mbedtls_asn1_write_tag()
+ *     - 1 byte
+ *
+ * This length is fine as long as this function is called using the
+ * MBEDTLS_OID_SERVER_AUTH OID. If this is changed in the future, then this
+ * buffer's length should be adjusted accordingly.
+ * Unfortunately there's no predefined max size for OIDs which can be used
+ * to set an overall upper boundary which is always guaranteed.
+ */
+#define EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH    12
+
+static int csr_set_extended_key_usage( mbedtls_x509write_csr *ctx,
+                        const char *oid, size_t oid_len )
+{
+    unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 };
+    unsigned char *p = buf + sizeof( buf );
+    int ret;
+    size_t len = 0;
+
+    /*
+     * Following functions fail anyway if the temporary buffer is not large,
+     * but we set an extra check here to emphasize a possible source of errors
+     */
+    if ( oid_len > EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH )
+    {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &p, buf, oid, oid_len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, ret ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
+                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+    ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_EXTENDED_KEY_USAGE,
+              MBEDTLS_OID_SIZE( MBEDTLS_OID_EXTENDED_KEY_USAGE ), p, len );
+
+    return ret;
+}
+#endif  /* MBEDTLS_X509_CSR_WRITE_C */
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -78,7 +129,7 @@ cleanup:
 /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
 void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
                      int key_usage, int set_key_usage, int cert_type,
-                     int set_cert_type )
+                     int set_cert_type, int set_extension )
 {
     mbedtls_pk_context key;
     mbedtls_x509write_csr req;
@@ -105,6 +156,9 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
         TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
     if( set_cert_type != 0 )
         TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
+    if ( set_extension != 0 )
+        TEST_ASSERT( csr_set_extended_key_usage( &req, MBEDTLS_OID_SERVER_AUTH,
+                            MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ) ) == 0 );
 
     ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
                                      mbedtls_test_rnd_pseudo_rand, &rnd_info );

From 6b7c3ccfed6c53f9fec4590e96adf05af10b48b2 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 15 Nov 2022 23:54:26 +0100
Subject: [PATCH 093/112] Use .datax for `make test`, not .data

Looking for the .data file doesn't work in out-of-tree builds. Use the
.datax file instead. `make clean` removes all .datax files, so this resolves
the issue of executables not present on the current branch being left behind
after a branch change followed by a `make clean`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/run-test-suites.pl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 8a5bb937dc..cedc0bfa5a 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -50,10 +50,10 @@ GetOptions(
            'verbose|v:1' => \$verbose,
           ) or die;
 
-# All test suites = executable files derived from a .data file.
+# All test suites = executable files with a .datax file.
 my @suites = ();
-for my $data_file (glob 'suites/test_suite_*.data') {
-    (my $base = $data_file) =~ s#^suites/(.*)\.data$#$1#;
+for my $data_file (glob 'test_suite_*.datax') {
+    (my $base = $data_file) =~ s/\.datax$//;
     push @suites, $base if -x $base;
     push @suites, "$base.exe" if -e "$base.exe";
 }

From cab02f6bc8e8623080f53003813fa8a2b5a40fb8 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 15 Nov 2022 21:22:27 +0100
Subject: [PATCH 094/112] Document mbedtls_mpi_uint and mbedtls_mpi_sint

Since they're part of the public API (even if only through a few functions),
they should be documented.

I deliberately skipped documenting how to configure the size of the type.
Right now, MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 have no Doxygen
documentation, so it's ambiguous whether they're part of the public API.
Resolving this ambiguity is out of scope of my current work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/bignum.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 60c1ce2cd6..5a393c143b 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -182,6 +182,20 @@
     #endif /* !MBEDTLS_NO_UDBL_DIVISION */
 #endif /* !MBEDTLS_HAVE_INT64 */
 
+/** \typedef mbedtls_mpi_uint
+ * \brief The type of machine digits in a bignum, called _limbs_.
+ *
+ * This is always an unsigned integer type with no padding bits. The size
+ * is platform-dependent.
+ */
+
+/** \typedef mbedtls_mpi_sint
+ * \brief The signed type corresponding to #mbedtls_mpi_uint.
+ *
+ * This is always an signed integer type with no padding bits. The size
+ * is platform-dependent.
+ */
+
 #ifdef __cplusplus
 extern "C" {
 #endif

From 103cf59e461d03a331f27aad3cc7015f7906354d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 15 Nov 2022 22:59:00 +0100
Subject: [PATCH 095/112] Fix NULL+0 in addition 0 + 0

Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/mpi-add-0-ub.txt | 4 ++++
 library/bignum.c             | 5 +++++
 2 files changed, 9 insertions(+)
 create mode 100644 ChangeLog.d/mpi-add-0-ub.txt

diff --git a/ChangeLog.d/mpi-add-0-ub.txt b/ChangeLog.d/mpi-add-0-ub.txt
new file mode 100644
index 0000000000..9f131a4300
--- /dev/null
+++ b/ChangeLog.d/mpi-add-0-ub.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Fix undefined behavior (typically harmless in practice) of
+     mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int()
+     when both operands are 0 and the left operand is represented with 0 limbs.
diff --git a/library/bignum.c b/library/bignum.c
index ce72b1fb0e..e52afbaab0 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1130,6 +1130,11 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
         if( B->p[j - 1] != 0 )
             break;
 
+    /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0
+     * and B is 0 (of any size). */
+    if( j == 0 )
+        return( 0 );
+
     MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
 
     o = B->p; p = X->p; c = 0;

From de1629aff99f2701cdec0b26170b0c6e803479f6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 15 Nov 2022 23:02:14 +0100
Subject: [PATCH 096/112] Fix undefined behavior with the most negative
 mbedtls_mpi_sint

When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/mpi-most-negative-sint.txt   |   4 +
 library/bignum.c                         |  10 +-
 tests/suites/test_suite_bignum.function  | 144 +++++++++++++++++++++++
 tests/suites/test_suite_bignum.misc.data |   3 +
 4 files changed, 156 insertions(+), 5 deletions(-)
 create mode 100644 ChangeLog.d/mpi-most-negative-sint.txt

diff --git a/ChangeLog.d/mpi-most-negative-sint.txt b/ChangeLog.d/mpi-most-negative-sint.txt
new file mode 100644
index 0000000000..5e775c4825
--- /dev/null
+++ b/ChangeLog.d/mpi-most-negative-sint.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Fix undefined behavior (typically harmless in practice) when some bignum
+     functions receive the most negative value of mbedtls_mpi_sint. Credit
+     to OSS-Fuzz. Fixes #6597.
diff --git a/library/bignum.c b/library/bignum.c
index e52afbaab0..8ed9804f91 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -273,7 +273,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
     MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
     memset( X->p, 0, X->n * ciL );
 
-    X->p[0] = ( z < 0 ) ? -z : z;
+    X->p[0] = ( z < 0 ) ? -(mbedtls_mpi_uint)z : z;
     X->s    = ( z < 0 ) ? -1 : 1;
 
 cleanup:
@@ -1093,7 +1093,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
     mbedtls_mpi_uint p[1];
     MPI_VALIDATE_RET( X != NULL );
 
-    *p  = ( z < 0 ) ? -z : z;
+    *p  = ( z < 0 ) ? -(mbedtls_mpi_uint)z : z;
     Y.s = ( z < 0 ) ? -1 : 1;
     Y.n = 1;
     Y.p = p;
@@ -1334,7 +1334,7 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
     MPI_VALIDATE_RET( X != NULL );
     MPI_VALIDATE_RET( A != NULL );
 
-    p[0] = ( b < 0 ) ? -b : b;
+    p[0] = ( b < 0 ) ? -(mbedtls_mpi_uint)b : b;
     B.s = ( b < 0 ) ? -1 : 1;
     B.n = 1;
     B.p = p;
@@ -1352,7 +1352,7 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
     MPI_VALIDATE_RET( X != NULL );
     MPI_VALIDATE_RET( A != NULL );
 
-    p[0] = ( b < 0 ) ? -b : b;
+    p[0] = ( b < 0 ) ? -(mbedtls_mpi_uint)b : b;
     B.s = ( b < 0 ) ? -1 : 1;
     B.n = 1;
     B.p = p;
@@ -1773,7 +1773,7 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
     mbedtls_mpi_uint p[1];
     MPI_VALIDATE_RET( A != NULL );
 
-    p[0] = ( b < 0 ) ? -b : b;
+    p[0] = ( b < 0 ) ? -(mbedtls_mpi_uint)b : b;
     B.s = ( b < 0 ) ? -1 : 1;
     B.n = 1;
     B.p = p;
diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index 7f8c9371a7..a0d0404159 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -1660,6 +1660,150 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void most_negative_mpi_sint( )
+{
+    /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We
+     * guarantee that mbedtls_mpi_sint is a two's complement type, so this
+     * is a valid value. However, negating it (`-n`) has undefined behavior
+     * (although in practice `-n` evaluates to the value n).
+     *
+     * This function has ad hoc tests for this value. It's separated from other
+     * functions because the test framework makes it hard to pass this value
+     * into test cases.
+     *
+     * In the comments here:
+     * - biL = number of bits in limbs
+     * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range)
+     * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range)
+     */
+
+    mbedtls_mpi A, R, X;
+    mbedtls_mpi_init( &A );
+    mbedtls_mpi_init( &R );
+    mbedtls_mpi_init( &X );
+
+    const size_t biL = 8 * sizeof( mbedtls_mpi_sint );
+    mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << ( biL - 1 );
+    const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1;
+    const mbedtls_mpi_sint most_negative = - most_positive - 1;
+    TEST_EQUAL( (mbedtls_mpi_uint) most_negative,
+                (mbedtls_mpi_uint) 1 << ( biL - 1 ) );
+    TEST_EQUAL( (mbedtls_mpi_uint) most_negative << 1, 0 );
+
+    /* Test mbedtls_mpi_lset() */
+    TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
+    TEST_EQUAL( A.s, -1 );
+    TEST_EQUAL( A.n, 1 );
+    TEST_EQUAL( A.p[0], most_positive_plus_1 );
+
+    /* Test mbedtls_mpi_cmp_int(): -p == -p */
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 0 );
+
+    /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */
+    A.p[0] = most_positive_plus_1 + 1;
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), -1 );
+
+    /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */
+    A.p[0] = most_positive_plus_1 - 1;
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 1 );
+
+    /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */
+    TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
+    TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 );
+
+    /* Test mbedtls_mpi_add_int(): (0) + (-p) */
+    TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, most_negative ), 0 );
+
+    /* Test mbedtls_mpi_add_int(): (-p) + (-p) */
+    TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
+    TEST_EQUAL( X.s, -1 );
+    TEST_EQUAL( X.n, 2 );
+    TEST_EQUAL( X.p[0], 0 );
+    TEST_EQUAL( X.p[1], 1 );
+
+    /* Test mbedtls_mpi_sub_int(): (p) - (-p) */
+    mbedtls_mpi_free( &X );
+    TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
+    TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
+    TEST_EQUAL( X.s, 1 );
+    TEST_EQUAL( X.n, 1 );
+    TEST_EQUAL( X.p[0], ~(mbedtls_mpi_uint)0 );
+
+    /* Test mbedtls_mpi_sub_int(): (0) - (-p) */
+    TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
+    TEST_EQUAL( X.s, 1 );
+    TEST_EQUAL( X.n, 1 );
+    TEST_EQUAL( X.p[0], most_positive_plus_1 );
+
+    /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */
+    TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
+
+    /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */
+    TEST_EQUAL( mbedtls_mpi_lset( &A, -most_positive ), 0 );
+    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 );
+
+    /* Test mbedtls_mpi_div_int(): (-p) / (-p) */
+    TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
+
+    /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */
+    TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 2 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
+
+    /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */
+    TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 );
+
+    /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */
+    TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
+    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, most_positive ), 0 );
+
+    /* Test mbedtls_mpi_div_int(): (p) / (-p) */
+    TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
+
+    /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */
+    TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -2 ), 0 );
+    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
+
+    /* Test mbedtls_mpi_mod_int(): never valid */
+    TEST_EQUAL( mbedtls_mpi_mod_int( X.p, &A, most_negative ),
+                MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+
+    /* Test mbedtls_mpi_random(): never valid */
+    TEST_EQUAL( mbedtls_mpi_random( &X, most_negative, &A,
+                                    mbedtls_test_rnd_std_rand, NULL ),
+                MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+exit:
+    mbedtls_mpi_free( &A );
+    mbedtls_mpi_free( &R );
+    mbedtls_mpi_free( &X );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void mpi_selftest(  )
 {
diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data
index 51ea081922..2ab59246b7 100644
--- a/tests/suites/test_suite_bignum.misc.data
+++ b/tests/suites/test_suite_bignum.misc.data
@@ -1931,6 +1931,9 @@ mpi_random_fail:2:"01":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
 MPI random bad arguments: min > N = 1, 0 limb in upper bound
 mpi_random_fail:2:"000000000000000001":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
 
+Most negative mbedtls_mpi_sint
+most_negative_mpi_sint:
+
 MPI Selftest
 depends_on:MBEDTLS_SELF_TEST
 mpi_selftest:

From ae7cbd7576e67359eb230ac749c7d179bce77034 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 15 Nov 2022 23:25:27 +0100
Subject: [PATCH 097/112] Express abs(z) in a way that satisfies GCC and MSVC

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/bignum.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/library/bignum.c b/library/bignum.c
index 8ed9804f91..9dcd0f895d 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -262,6 +262,17 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
     memcpy(  Y, &T, sizeof( mbedtls_mpi ) );
 }
 
+static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z )
+{
+    if( z >= 0 )
+        return( z );
+    /* Take care to handle the most negative value (-2^(biL-1)) correctly.
+     * A naive -z would have undefined behavior.
+     * Write this in a way that makes popular compilers happy (GCC, Clang,
+     * MSVC). */
+    return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z );
+}
+
 /*
  * Set value from integer
  */
@@ -273,7 +284,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
     MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
     memset( X->p, 0, X->n * ciL );
 
-    X->p[0] = ( z < 0 ) ? -(mbedtls_mpi_uint)z : z;
+    X->p[0] = mpi_sint_abs( z );
     X->s    = ( z < 0 ) ? -1 : 1;
 
 cleanup:
@@ -1093,7 +1104,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
     mbedtls_mpi_uint p[1];
     MPI_VALIDATE_RET( X != NULL );
 
-    *p  = ( z < 0 ) ? -(mbedtls_mpi_uint)z : z;
+    *p  = mpi_sint_abs( z );
     Y.s = ( z < 0 ) ? -1 : 1;
     Y.n = 1;
     Y.p = p;
@@ -1334,7 +1345,7 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
     MPI_VALIDATE_RET( X != NULL );
     MPI_VALIDATE_RET( A != NULL );
 
-    p[0] = ( b < 0 ) ? -(mbedtls_mpi_uint)b : b;
+    p[0] = mpi_sint_abs( b );
     B.s = ( b < 0 ) ? -1 : 1;
     B.n = 1;
     B.p = p;
@@ -1352,7 +1363,7 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
     MPI_VALIDATE_RET( X != NULL );
     MPI_VALIDATE_RET( A != NULL );
 
-    p[0] = ( b < 0 ) ? -(mbedtls_mpi_uint)b : b;
+    p[0] = mpi_sint_abs( b );
     B.s = ( b < 0 ) ? -1 : 1;
     B.n = 1;
     B.p = p;
@@ -1773,7 +1784,7 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
     mbedtls_mpi_uint p[1];
     MPI_VALIDATE_RET( A != NULL );
 
-    p[0] = ( b < 0 ) ? -(mbedtls_mpi_uint)b : b;
+    p[0] = mpi_sint_abs( b );
     B.s = ( b < 0 ) ? -1 : 1;
     B.n = 1;
     B.p = p;

From aa11281c073b922e5bfbcfd719ee188b96be9328 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 22 Nov 2022 08:13:45 -0500
Subject: [PATCH 098/112] Add a SHA512_NO_SHA384_C test to depends.py

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index c7eddb8f36..0c77e67291 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -263,6 +263,7 @@ REVERSE_DEPENDENCIES = {
 # if a given define is the only one enabled from an exclusive group.
 EXCLUSIVE_GROUPS = {
     'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL'],
+    'MBEDTLS_SHA512_NO_SHA384': ['+MBEDTLS_SHA512_C'],
     'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
                                         '-MBEDTLS_ECDSA_DETERMINISTIC',
                                         '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
@@ -392,6 +393,7 @@ class DomainData:
         self.all_config_symbols = set(collect_config_symbols(options))
         # Find hash modules by name.
         hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z')
+        hash_symbols.append("MBEDTLS_SHA512_NO_SHA384")
         # Find elliptic curve enabling macros by name.
         curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z')
         # Find key exchange enabling macros by name.
@@ -415,7 +417,8 @@ class DomainData:
             'curves': ExclusiveDomain(curve_symbols, build_and_test),
             # Hash algorithms. Exclude exclusive domain of MD, RIPEMD, SHA1 (obsolete)
             'hashes': DualDomain(hash_symbols, build_and_test,
-                                 exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)'),
+                                 exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)'\
+                                          '|!MBEDTLS_*_NO_SHA'),
             # Key exchange types. Only build the library and the sample
             # programs.
             'kex': ExclusiveDomain(key_exchange_symbols,

From f675727701b80a24dc29605808bfc8f48134540c Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 22 Nov 2022 09:10:38 -0500
Subject: [PATCH 099/112] Remove blowfish tests from test_suite_ssl

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 include/mbedtls/ssl_internal.h   |   3 +-
 tests/suites/test_suite_ssl.data | 704 -------------------------------
 2 files changed, 1 insertion(+), 706 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index a2b23cb0f6..46ade67b9c 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -149,8 +149,7 @@
     ( defined(MBEDTLS_AES_C)      ||                                  \
       defined(MBEDTLS_CAMELLIA_C) ||                                  \
       defined(MBEDTLS_ARIA_C)     ||                                  \
-      defined(MBEDTLS_DES_C)      ||                                  \
-      defined(MBEDTLS_BLOWFISH_C) )
+      defined(MBEDTLS_DES_C) )
 #define MBEDTLS_SSL_SOME_SUITES_USE_CBC
 #endif
 
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 0997ab14b2..9b1c712a3c 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3856,358 +3856,6 @@ Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM
 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
 
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, BLOWFISH-CBC, SSL3, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, BLOWFISH-CBC, SSL3, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, BLOWFISH-CBC, SSL3, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, BLOWFISH-CBC, SSL3, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
 Record crypt, AES-128-GCM, 1.2
 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -8288,358 +7936,6 @@ Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM
 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
 
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
-
-Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, little space, BLOWFISH-CBC, SSL3, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
-Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-
 Record crypt, little space, AES-128-GCM, 1.2
 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0

From f53d0ba529ad40873d5b6687b6024604b3cf1741 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 23 Nov 2022 05:54:46 -0500
Subject: [PATCH 100/112] depends.py: remove tls defines in SHA-512-only test

TLS 1.2 requires either SHA-256 or SHA-384.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/scripts/depends.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 0c77e67291..2c38f9d705 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -263,7 +263,20 @@ REVERSE_DEPENDENCIES = {
 # if a given define is the only one enabled from an exclusive group.
 EXCLUSIVE_GROUPS = {
     'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL'],
-    'MBEDTLS_SHA512_NO_SHA384': ['+MBEDTLS_SHA512_C'],
+    'MBEDTLS_SHA512_NO_SHA384': ['+MBEDTLS_SHA512_C',
+                                 '-MBEDTLS_SSL_PROTO_TLS1_2',
+                                 '-MBEDTLS_SSL_PROTO_DTLS',
+                                 '-MBEDTLS_SSL_TLS_C',
+                                 '-MBEDTLS_SSL_CLI_C',
+                                 '-MBEDTLS_SSL_SRV_C',
+                                 '-MBEDTLS_SSL_DTLS_HELLO_VERIFY',
+                                 '-MBEDTLS_SSL_DTLS_ANTI_REPLAY',
+                                 '-MBEDTLS_SSL_DTLS_CONNECTION_ID',
+                                 '-MBEDTLS_SSL_DTLS_BADMAC_LIMIT',
+                                 '-MBEDTLS_SSL_ENCRYPT_THEN_MAC',
+                                 '-MBEDTLS_SSL_EXTENDED_MASTER_SECRET',
+                                 '-MBEDTLS_SSL_DTLS_SRTP',
+                                 '-MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE'],
     'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
                                         '-MBEDTLS_ECDSA_DETERMINISTIC',
                                         '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',

From 01bf63115950753170a8e452026333cd61c13eff Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 23 Nov 2022 14:15:57 +0100
Subject: [PATCH 101/112] Fix NULL+0 undefined behavior in ECB encryption and
 decryption

psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/psa-ecb-ub.txt                  |  3 ++
 library/common.h                            | 37 +++++++++++++++++++++
 library/psa_crypto.c                        |  4 +--
 library/psa_crypto_cipher.c                 | 22 +++++++-----
 tests/suites/test_suite_psa_crypto.function |  5 +--
 5 files changed, 58 insertions(+), 13 deletions(-)
 create mode 100644 ChangeLog.d/psa-ecb-ub.txt

diff --git a/ChangeLog.d/psa-ecb-ub.txt b/ChangeLog.d/psa-ecb-ub.txt
new file mode 100644
index 0000000000..9d725ac706
--- /dev/null
+++ b/ChangeLog.d/psa-ecb-ub.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix undefined behavior (typically harmless in practice) in PSA ECB
+     encryption and decryption.
diff --git a/library/common.h b/library/common.h
index c06472418d..c36615680b 100644
--- a/library/common.h
+++ b/library/common.h
@@ -29,6 +29,7 @@
 #include "mbedtls/config.h"
 #endif
 
+#include <stddef.h>
 #include <stdint.h>
 
 /** Helper to define a function as static except when building invasive tests.
@@ -52,6 +53,42 @@
 #define MBEDTLS_STATIC_TESTABLE static
 #endif
 
+/** Return an offset into a buffer.
+ *
+ * This is just the addition of an offset to a pointer, except that this
+ * function also accepts an offset of 0 into a buffer whose pointer is null.
+ *
+ * \param p     Pointer to a buffer of at least n bytes.
+ *              This may be \p NULL if \p n is zero.
+ * \param n     An offset in bytes.
+ * \return      Pointer to offset \p n in the buffer \p p.
+ *              Note that this is only a valid pointer if the size of the
+ *              buffer is at least \p n + 1.
+ */
+static inline unsigned char *mbedtls_buffer_offset(
+    unsigned char *p, size_t n )
+{
+    return( p == NULL ? NULL : p + n );
+}
+
+/** Return an offset into a read-only buffer.
+ *
+ * This is just the addition of an offset to a pointer, except that this
+ * function also accepts an offset of 0 into a buffer whose pointer is null.
+ *
+ * \param p     Pointer to a buffer of at least n bytes.
+ *              This may be \p NULL if \p n is zero.
+ * \param n     An offset in bytes.
+ * \return      Pointer to offset \p n in the buffer \p p.
+ *              Note that this is only a valid pointer if the size of the
+ *              buffer is at least \p n + 1.
+ */
+static inline const unsigned char *mbedtls_buffer_offset_const(
+    const unsigned char *p, size_t n )
+{
+    return( p == NULL ? NULL : p + n );
+}
+
 /** Byte Reading Macros
  *
  * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f76c8296de..10c7d1e668 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3638,8 +3638,8 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
     status = psa_driver_wrapper_cipher_encrypt(
         &attributes, slot->key.data, slot->key.bytes,
         alg, local_iv, default_iv_length, input, input_length,
-        output + default_iv_length, output_size - default_iv_length,
-        output_length );
+        mbedtls_buffer_offset( output, default_iv_length ),
+        output_size - default_iv_length, output_length );
 
 exit:
     unlock_status = psa_unlock_key_slot( slot );
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 38962cd848..13006fa4ae 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -514,9 +514,10 @@ psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
     if( status != PSA_SUCCESS )
         goto exit;
 
-    status = mbedtls_psa_cipher_finish( &operation, output + update_output_length,
-                            output_size - update_output_length,
-                            &finish_output_length );
+    status = mbedtls_psa_cipher_finish(
+        &operation,
+        mbedtls_buffer_offset( output, update_output_length ),
+        output_size - update_output_length, &finish_output_length );
     if( status != PSA_SUCCESS )
         goto exit;
 
@@ -560,17 +561,20 @@ psa_status_t mbedtls_psa_cipher_decrypt(
             goto exit;
     }
 
-    status = mbedtls_psa_cipher_update( &operation, input + operation.iv_length,
-                                        input_length - operation.iv_length,
-                                        output, output_size, &olength );
+    status = mbedtls_psa_cipher_update(
+        &operation,
+        mbedtls_buffer_offset_const( input, operation.iv_length ),
+        input_length - operation.iv_length,
+        output, output_size, &olength );
     if( status != PSA_SUCCESS )
         goto exit;
 
     accumulated_length = olength;
 
-    status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length,
-                                        output_size - accumulated_length,
-                                        &olength );
+    status = mbedtls_psa_cipher_finish(
+        &operation,
+        mbedtls_buffer_offset( output, accumulated_length ),
+        output_size - accumulated_length, &olength );
     if( status != PSA_SUCCESS )
         goto exit;
 
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index f9e909372a..0f4e313335 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4,6 +4,7 @@
 #include "mbedtls/asn1.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/oid.h"
+#include "common.h"
 
 /* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random()
  * uses mbedtls_ctr_drbg internally. */
@@ -2658,7 +2659,7 @@ void cipher_alg_without_iv( int alg_arg, int key_type_arg, data_t *key_data,
     TEST_LE_U( length, output_buffer_size );
     output_length += length;
     PSA_ASSERT( psa_cipher_finish( &operation,
-                                   output + output_length,
+                                   mbedtls_buffer_offset( output, output_length ),
                                    output_buffer_size - output_length,
                                    &length ) );
     output_length += length;
@@ -2676,7 +2677,7 @@ void cipher_alg_without_iv( int alg_arg, int key_type_arg, data_t *key_data,
     TEST_LE_U( length, output_buffer_size );
     output_length += length;
     PSA_ASSERT( psa_cipher_finish( &operation,
-                                   output + output_length,
+                                   mbedtls_buffer_offset( output, output_length ),
                                    output_buffer_size - output_length,
                                    &length ) );
     output_length += length;

From 8fe23a065a6226a6fab1ce73523e7d5cb4763568 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 23 Nov 2022 17:24:37 +0100
Subject: [PATCH 102/112] Fix MSVC 12 (Visual Studio 2013) choking on inline

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/common.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/common.h b/library/common.h
index c36615680b..0169325bb9 100644
--- a/library/common.h
+++ b/library/common.h
@@ -32,6 +32,12 @@
 #include <stddef.h>
 #include <stdint.h>
 
+/* Define `inline` on some non-C99-compliant compilers. */
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
 /** Helper to define a function as static except when building invasive tests.
  *
  * If a function is only used inside its own source file and should be

From 0f6fb0cab23c384cb20ef693395a9e6ac3171066 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Thu, 24 Nov 2022 12:59:52 +0100
Subject: [PATCH 103/112] compat.sh: Restore testing against OpenSSL for pre
 1.2 TLS versions

Restore compatibiltiy testing against OpenSSL for
(D)TLS versions smaller that 1.2.

. Fix the check for support in OpenSSL for these versions
. For test cases for (D)TLS version smaller than 1.2,
  restore the configuration of OpenSSL client/server
  with the given TLS version, as it was before #5660
  that broke it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/compat.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/compat.sh b/tests/compat.sh
index 560af59d6e..9d955186d7 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -867,12 +867,15 @@ setup_arguments()
     G_MODE=""
     case "$MODE" in
         "ssl3")
+            O_MODE="ssl3"
             G_PRIO_MODE="+VERS-SSL3.0"
             ;;
         "tls1")
+            O_MODE="tls1"
             G_PRIO_MODE="+VERS-TLS1.0"
             ;;
         "tls1_1")
+            O_MODE="tls1_1"
             G_PRIO_MODE="+VERS-TLS1.1"
             ;;
         "tls12")
@@ -880,6 +883,7 @@ setup_arguments()
             G_PRIO_MODE="+VERS-TLS1.2"
             ;;
         "dtls1")
+            O_MODE="dtls1"
             G_PRIO_MODE="+VERS-DTLS1.0"
             G_MODE="-u"
             ;;

From 4eea196d44299a7f2c35d00bc34f99c962baec57 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 24 Nov 2022 22:21:15 +0100
Subject: [PATCH 104/112] Enable all ciphers in OpenSSL >=1.1.0

OpenSSL may be configured to support features such as cipher suites or
protocol versions that are disabled by default. Enable them all: we're
testing, we don't care about enabling insecure stuff. This is not needed
with the builds of OpenSSL that we're currently using on the Jenkins CI, but
it's needed with more recent versions such as typically found on developer
machines, and with future CI additions.

The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we
don't need to do anything special with earlier versions.

With OpenSSL 1.1.1f on Ubuntu 20.04, this is needed to enable TLS 1.0, TLS
1.1 and DTLS 1.0. This also allows SHA-1 in certificates, which is still
needed for a few test cases in ssl-opt.sh. Curiously, this is also needed
for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and no other,
including other DHE-PSK or ARIA cipher suites).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/compat.sh  | 14 ++++++++++++++
 tests/ssl-opt.sh | 14 ++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/tests/compat.sh b/tests/compat.sh
index 560af59d6e..ee2d46001d 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -930,6 +930,20 @@ setup_arguments()
     G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
     G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
 
+    # Newer versions of OpenSSL have a syntax to enable all "ciphers", even
+    # low-security ones. This covers not just cipher suites but also protocol
+    # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
+    # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
+    # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
+    # a way to discover it from -help, so check the openssl version.
+    case $($OPENSSL_CMD version) in
+        "OpenSSL 0"*|"OpenSSL 1.0"*) :;;
+        *)
+            O_CLIENT_ARGS="$O_CLIENT_ARGS -cipher ALL@SECLEVEL=0"
+            O_SERVER_ARGS="$O_SERVER_ARGS -cipher ALL@SECLEVEL=0"
+            ;;
+    esac
+
     if [ "X$VERIFY" = "XYES" ];
     then
         M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index fbf3bf7b8e..c1fffa9ede 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1493,6 +1493,20 @@ if [ -n "${OPENSSL_LEGACY:-}" ]; then
     O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT"
 fi
 
+# Newer versions of OpenSSL have a syntax to enable all "ciphers", even
+# low-security ones. This covers not just cipher suites but also protocol
+# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
+# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
+# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
+# a way to discover it from -help, so check the openssl version.
+case $($OPENSSL_CMD version) in
+    "OpenSSL 0"*|"OpenSSL 1.0"*) :;;
+    *)
+        O_CLI="$O_CLI -cipher ALL@SECLEVEL=0"
+        O_SRV="$O_SRV -cipher ALL@SECLEVEL=0"
+        ;;
+esac
+
 if [ -n "${OPENSSL_NEXT:-}" ]; then
     O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
     O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"

From a7ba2b57af9381e20ba9aab45298810f6b304fe1 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Thu, 24 Nov 2022 12:59:52 +0100
Subject: [PATCH 105/112] compat.sh: Restore testing against OpenSSL for pre
 1.2 TLS versions

Restore compatibiltiy testing against OpenSSL for
(D)TLS versions smaller that 1.2.

. Fix the check for support in OpenSSL for these versions
. For test cases for (D)TLS version smaller than 1.2,
  restore the configuration of OpenSSL client/server
  with the given TLS version, as it was before #5660
  that broke it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/compat.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/compat.sh b/tests/compat.sh
index ee2d46001d..6791c5511a 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -867,12 +867,15 @@ setup_arguments()
     G_MODE=""
     case "$MODE" in
         "ssl3")
+            O_MODE="ssl3"
             G_PRIO_MODE="+VERS-SSL3.0"
             ;;
         "tls1")
+            O_MODE="tls1"
             G_PRIO_MODE="+VERS-TLS1.0"
             ;;
         "tls1_1")
+            O_MODE="tls1_1"
             G_PRIO_MODE="+VERS-TLS1.1"
             ;;
         "tls12")
@@ -880,6 +883,7 @@ setup_arguments()
             G_PRIO_MODE="+VERS-TLS1.2"
             ;;
         "dtls1")
+            O_MODE="dtls1"
             G_PRIO_MODE="+VERS-DTLS1.0"
             G_MODE="-u"
             ;;

From 35e58d8e2abf9796dcb94dccdf5d6ac2f89e7441 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 23 Nov 2022 14:30:00 +0100
Subject: [PATCH 106/112] Update the Travis "full" build to use modern Clang

Don't use an all.sh component because there isn't one that does what we
want (modern Clang with ASan, and test everything).

* We need to set CC explicitly or tweak PATH, because clang in $PATH on
  Travis focal instances is Clang 7 which is too old (we want Clang 10).
* Travis lacks the array of versions of openssl and gnutls that we normally
  use for testing, so we need to exclude some tests (or build our
  own multiple versions of openssl and gnutls).

The SSL test exclusions are ad hoc and based on what currently works.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .travis.yml | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 2b41c28f14..0e3f9b0e7b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,8 +27,42 @@ jobs:
         - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
 
     - name: full configuration
+      os: linux
+      dist: focal
+      addons:
+        apt:
+          packages:
+          - clang-10
+          - gnutls-bin
       script:
-        - tests/scripts/all.sh -k test_full_cmake_gcc_asan
+        # Do a manual build+test sequence rather than using all.sh,
+        # because there's no all.sh component that does what we want,
+        # which is a build with Clang >= 10 and ASan, running all the SSL
+        # testing.
+        #   - The clang executable in the default PATH is Clang 7 on
+        #     Travis's focal instances, but we want Clang >= 10.
+        #   - Running all the SSL testing requires a specific set of
+        #     OpenSSL and GnuTLS versions and we don't want to bother
+        #     with those on Travis.
+        # So we explicitly select clang-10 as the compiler, and we
+        # have ad hoc restrictions on SSL testing based on what is
+        # passing at the time of writing. We will remove these limitations
+        # gradually.
+        - make CC=clang-10 CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all -O2' LDFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
+        - make test
+        - programs/test/selftest
+        - tests/scripts/test_psa_constant_names.py
+        - tests/ssl-opt.sh
+        # Modern OpenSSL does not support fixed ECDH, null or ancient ciphers.
+        - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-\|DES\|RC4'
+        - tests/scripts/travis-log-failure.sh
+        # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
+        # Modern GnuTLS does not support DES.
+        # One NULL cipher suite is strangely missing in pre-1.2 protocol
+        # versions (it works with (D)TLS1.2, but don't bother).
+        - tests/compat.sh -p GnuTLS -e 'CAMELLIA\|DES\|TLS-RSA-WITH-NULL-SHA256'
+        - tests/scripts/travis-log-failure.sh
+        - tests/context-info.sh
 
     - name: Windows
       os: windows

From 53740c84731a05dcc3358004b5dfcfb1e83d2246 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 25 Nov 2022 11:33:11 +0100
Subject: [PATCH 107/112] Travis: exclude test cases that are failing
 mysteriously

The test cases using tcp_client.pl are failing only on Travis's bionic and
focal systems (I can't reproduce the failure locally). Exclude them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .travis.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 0e3f9b0e7b..d7d2c7d43c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -52,7 +52,9 @@ jobs:
         - make test
         - programs/test/selftest
         - tests/scripts/test_psa_constant_names.py
-        - tests/ssl-opt.sh
+        # Exclude a few test cases that are failing mysteriously.
+        # https://github.com/Mbed-TLS/mbedtls/issues/6660
+        - tests/ssl-opt.sh -e 'Fallback SCSV: .*list'
         # Modern OpenSSL does not support fixed ECDH, null or ancient ciphers.
         - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-\|DES\|RC4'
         - tests/scripts/travis-log-failure.sh

From d5514130275005e82f701cbec3d9ca52688991de Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 25 Nov 2022 13:27:34 +0100
Subject: [PATCH 108/112] Remove now-redundant definitions of inline

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/aria.c       | 5 -----
 library/chacha20.c   | 5 -----
 library/debug.c      | 5 -----
 library/ecp.c        | 5 -----
 library/ecp_curves.c | 5 -----
 library/mps_reader.c | 5 -----
 library/poly1305.c   | 5 -----
 7 files changed, 35 deletions(-)

diff --git a/library/aria.c b/library/aria.c
index 924f952834..5e52eea91e 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -37,11 +37,6 @@
 
 #include "mbedtls/platform_util.h"
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 /* Parameter validation macros */
 #define ARIA_VALIDATE_RET( cond )                                       \
     MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )
diff --git a/library/chacha20.c b/library/chacha20.c
index 44d1612bfe..bd0701482c 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -36,11 +36,6 @@
 
 #if !defined(MBEDTLS_CHACHA20_ALT)
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 /* Parameter validation macros */
 #define CHACHA20_VALIDATE_RET( cond )                                       \
     MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
diff --git a/library/debug.c b/library/debug.c
index 0cc5af8d1c..353b4bf07b 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -30,11 +30,6 @@
 #include <stdio.h>
 #include <string.h>
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #define DEBUG_BUF_SIZE      512
 
 static int debug_threshold = 0;
diff --git a/library/ecp.c b/library/ecp.c
index 80adc55c8b..ad19e05fb2 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -104,11 +104,6 @@
 #endif
 #endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #if defined(MBEDTLS_SELF_TEST)
 /*
  * Counts of point addition and doubling, and field multiplications.
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 2199be6461..47761eef4e 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -38,11 +38,6 @@
 #define ECP_VALIDATE( cond )        \
     MBEDTLS_INTERNAL_VALIDATE( cond )
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
 
 #define ECP_MPI_INIT_ARRAY(x)   \
diff --git a/library/mps_reader.c b/library/mps_reader.c
index 9af5073cc9..b304db3f42 100644
--- a/library/mps_reader.c
+++ b/library/mps_reader.c
@@ -29,11 +29,6 @@
 
 #include <string.h>
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #if defined(MBEDTLS_MPS_ENABLE_TRACE)
 static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER;
 #endif /* MBEDTLS_MPS_ENABLE_TRACE */
diff --git a/library/poly1305.c b/library/poly1305.c
index f38f48a457..a1c5b19d8e 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -32,11 +32,6 @@
 
 #if !defined(MBEDTLS_POLY1305_ALT)
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 /* Parameter validation macros */
 #define POLY1305_VALIDATE_RET( cond )                                       \
     MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )

From ff97f336e3f05849d9e80412f98ebaa383463456 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 25 Nov 2022 13:34:59 +0100
Subject: [PATCH 109/112] Explain why p + n isn't good enough

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/common.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/common.h b/library/common.h
index 0169325bb9..1663d50226 100644
--- a/library/common.h
+++ b/library/common.h
@@ -63,6 +63,9 @@
  *
  * This is just the addition of an offset to a pointer, except that this
  * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
+ * A null pointer is a valid buffer pointer when the size is 0, for example
+ * as the result of `malloc(0)` on some platforms.)
  *
  * \param p     Pointer to a buffer of at least n bytes.
  *              This may be \p NULL if \p n is zero.
@@ -79,8 +82,7 @@ static inline unsigned char *mbedtls_buffer_offset(
 
 /** Return an offset into a read-only buffer.
  *
- * This is just the addition of an offset to a pointer, except that this
- * function also accepts an offset of 0 into a buffer whose pointer is null.
+ * Similar to mbedtls_buffer_offset(), but for const pointers.
  *
  * \param p     Pointer to a buffer of at least n bytes.
  *              This may be \p NULL if \p n is zero.

From a1d41c0a7546f1839c2d02504e5b1154f177e4f8 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 25 Nov 2022 13:57:34 +0100
Subject: [PATCH 110/112] You can't have colon-space in unquoted YAML (plain
 scalars)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index d7d2c7d43c..cdf74c7177 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -54,7 +54,7 @@ jobs:
         - tests/scripts/test_psa_constant_names.py
         # Exclude a few test cases that are failing mysteriously.
         # https://github.com/Mbed-TLS/mbedtls/issues/6660
-        - tests/ssl-opt.sh -e 'Fallback SCSV: .*list'
+        - tests/ssl-opt.sh -e 'Fallback SCSV:\ .*list'
         # Modern OpenSSL does not support fixed ECDH, null or ancient ciphers.
         - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-\|DES\|RC4'
         - tests/scripts/travis-log-failure.sh

From f3fee1299e1a730a96a879f41a80d6f2a7e61650 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 25 Nov 2022 15:50:30 +0000
Subject: [PATCH 111/112] Fix typo 'unsupoported' -> 'unsupported'

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/data_files/Makefile            | 2 +-
 tests/data_files/test-ca.opensslconf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index f249fb54d3..b123dc9138 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -280,7 +280,7 @@ server5-nonprintable_othername.crt: server5.key
 	$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
 
 server5-unsupported_othername.crt: server5.key
-	$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
+	$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -out $@
 
 server5-fan.crt: server5.key
 	$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 3bb237903c..b2c2fa1bcc 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -18,7 +18,7 @@ subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
 [nonprintable_othername_san]
 subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
 
-[unsupoported_othername_san]
+[unsupported_othername_san]
 subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
 
 [dns_alt_names]

From 5f49b3cbe5085668816f38ff3e0020cbf5eb24e6 Mon Sep 17 00:00:00 2001
From: Tom Cosgrove <tom.cosgrove@arm.com>
Date: Wed, 30 Nov 2022 11:13:00 +0000
Subject: [PATCH 112/112] Fix the name of basic-build-test.sh within the file

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
---
 tests/scripts/basic-build-test.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 56fd5b981c..3a902919d7 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# basic-build-tests.sh
+# basic-build-test.sh
 #
 # Copyright The Mbed TLS Contributors
 # SPDX-License-Identifier: Apache-2.0
@@ -36,7 +36,7 @@
 #
 # This script has been written to be generic and should work on any shell.
 #
-# Usage: basic-build-tests.sh
+# Usage: basic-build-test.sh
 #
 
 # Abort on errors (and uninitiliased variables)