Merge pull request #10255 from gilles-peskine-arm/migration-guide-20250624-mbedtls Migration guide for API changes in 2025Q2 in mbedtls

commit: 64e80ddf8926c21c874f6e7801e92be7b269df74 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Jun 30 18:33:36 2025 +0000
committer: GitHub <noreply@github.com> Mon Jun 30 18:33:36 2025 +0000
tree: 33a8bf4b2c470cd0998cba9a15ff1ce99b6f6fb1
parent: 921331867d83192a1ec632363cc900847759f5e0 [diff]
parent: 159a652096fcb523504bd4dd289ea12adaa0aa66 [diff]
diff --git a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt
new file mode 100644
index 0000000..0e396bb
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt

@@ -0,0 +1,4 @@
+API changes
+   * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared
+     as having const elements, reflecting the fact that the library will
+     not modify it

diff --git a/framework b/framework
index 2a3e2c5..893ad9e 160000
--- a/framework
+++ b/framework

@@ -1 +1 @@
-Subproject commit 2a3e2c5ea053c14b745dbdf41f609b1edc6a72fa
+Subproject commit 893ad9e8450a8e7459679d952abd5d6df26c41c4

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 59bd2f7..7ea0174 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1559,7 +1559,7 @@
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
 #if defined(MBEDTLS_SSL_ALPN)
-    const char **MBEDTLS_PRIVATE(alpn_list);         /*!< ordered list of protocols          */
+    const char *const *MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -4001,7 +4001,8 @@
  *
  * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
  */
-int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos);
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
+                                    const char *const *protos);
 
 /**
  * \brief          Get the name of the negotiated Application Layer Protocol.

diff --git a/library/debug.c b/library/debug.c
index 5210f0c..94b1c27 100644
--- a/library/debug.c
+++ b/library/debug.c

@@ -220,20 +220,21 @@
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
 
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level,
-                                         const char *file, int line, const char *text,
-                                         const unsigned char *buf, size_t len)
+/* no-check-names will be removed in mbedtls#10229. */
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names
+static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level,
+                                        const char *file, int line, const char *text,
+                                        const unsigned char *buf, size_t bitlen)
 {
     char str[DEBUG_BUF_SIZE];
-    size_t i, idx = 0;
+    size_t i, len_bytes = PSA_BITS_TO_BYTES(bitlen), idx = 0;
 
     mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n",
-                     text, (unsigned int) len * 8);
+                     text, (unsigned int) bitlen);
 
     debug_send_line(ssl, level, file, line, str);
 
-    for (i = 0; i < len; i++) {
+    for (i = 0; i < len_bytes; i++) {
         if (i >= 4096) {
             break;
         }
@@ -251,16 +252,15 @@
                                 (unsigned int) buf[i]);
     }
 
-    if (len > 0) {
-        for (/* i = i */; i % 16 != 0; i++) {
-            idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "   ");
-        }
-
+    if (len_bytes > 0) {
         mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
         debug_send_line(ssl, level, file, line, str);
     }
 }
+/* no-check-names will be removed in mbedtls#10229. */
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names
 
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
 static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level,
                                        const char *file, int line,
                                        const char *text, const mbedtls_pk_context *pk)
@@ -283,15 +283,115 @@
     /* X coordinate */
     coord_start = pk->pub_raw + 1;
     mbedtls_snprintf(str, sizeof(str), "%s(X)", text);
-    mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len);
+    mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8);
 
     /* Y coordinate */
     coord_start = coord_start + coord_len;
     mbedtls_snprintf(str, sizeof(str), "%s(Y)", text);
-    mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len);
+    mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8);
 }
 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
 
+/* no-check-names will be removed in mbedtls#10229. */
+#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names
+static size_t debug_count_valid_bits(unsigned char **buf, size_t len)
+{
+    size_t i, bits;
+
+    /* Ignore initial null bytes (if any). */
+    while ((len > 0) && (**buf == 0x00)) {
+        (*buf)++;
+        len--;
+    }
+
+    if (len == 0) {
+        return 0;
+    }
+
+    bits = len * 8;
+
+    /* Ignore initial null bits (if any). */
+    for (i = 7; i > 0; i--) {
+        if ((**buf & (0x1 << i)) != 0) {
+            break;
+        }
+        bits--;
+    }
+
+    return bits;
+}
+
+static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int level,
+                                        const char *file, int line,
+                                        const char *text, const mbedtls_pk_context *pk)
+{
+    char str[DEBUG_BUF_SIZE];
+    /* no-check-names will be removed in mbedtls#10229. */
+    unsigned char key_der[MBEDTLS_PK_MAX_RSA_PUBKEY_RAW_LEN]; //no-check-names
+    unsigned char *start_cur;
+    unsigned char *end_cur;
+    size_t len, bits;
+    int ret;
+
+    if (NULL == ssl              ||
+        NULL == ssl->conf        ||
+        NULL == ssl->conf->f_dbg ||
+        level > debug_threshold) {
+        return;
+    }
+
+    if (pk->pub_raw_len > sizeof(key_der)) {
+        snprintf(str, sizeof(str),
+                 "RSA public key too large: %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET,
+                 pk->pub_raw_len, sizeof(key_der));
+        debug_send_line(ssl, level, file, line, str);
+        return;
+    }
+
+    memcpy(key_der, pk->pub_raw, pk->pub_raw_len);
+    start_cur = key_der;
+    end_cur = key_der + pk->pub_raw_len;
+
+    /* This integer parsing solution should be replaced with mbedtls_asn1_get_integer().
+     * See #10238. */
+    ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len,
+                               MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED);
+    if (ret != 0) {
+        return;
+    }
+
+    ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER);
+    if (ret != 0) {
+        return;
+    }
+
+    bits = debug_count_valid_bits(&start_cur, len);
+    if (bits == 0) {
+        return;
+    }
+    len = PSA_BITS_TO_BYTES(bits);
+
+    mbedtls_snprintf(str, sizeof(str), "%s.N", text);
+    mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits);
+
+    start_cur += len;
+
+    ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER);
+    if (ret != 0) {
+        return;
+    }
+
+    bits = debug_count_valid_bits(&start_cur, len);
+    if (bits == 0) {
+        return;
+    }
+
+    mbedtls_snprintf(str, sizeof(str), "%s.E", text);
+    mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits);
+}
+/* no-check-names will be removed in mbedtls#10229. */
+#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names
+
 static void debug_print_pk(const mbedtls_ssl_context *ssl, int level,
                            const char *file, int line,
                            const char *text, const mbedtls_pk_context *pk)
@@ -321,6 +421,12 @@
             mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value);
         } else
 #endif /* MBEDTLS_RSA_C */
+/* no-check-names will be removed in mbedtls#10229. */
+#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names
+        if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { //no-check-names
+            mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value);
+        } else
+#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names
 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
         if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) {
             mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value);

diff --git a/library/ssl_client.c b/library/ssl_client.c
index cb57a97..307da0f 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c

@@ -141,7 +141,7 @@
      *     ProtocolName protocol_name_list<2..2^16-1>
      * } ProtocolNameList;
      */
-    for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
+    for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
         /*
          * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
          * protocol names is less than 255.

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 519b5b4..051fce3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2534,10 +2534,11 @@
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_ALPN)
-int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos)
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
+                                    const char *const *protos)
 {
     size_t cur_len, tot_len;
-    const char **p;
+    const char *const *p;
 
     /*
      * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
@@ -5111,7 +5112,7 @@
 #if defined(MBEDTLS_SSL_ALPN)
     {
         uint8_t alpn_len;
-        const char **cur;
+        const char *const *cur;
 
         if ((size_t) (end - p) < 1) {
             return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -8547,7 +8548,7 @@
     }
 
     /* Use our order of preference */
-    for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
+    for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
         size_t const alpn_len = strlen(*alpn);
         p = protocol_name_list;
         while (p < protocol_name_list_end) {

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 9af175b..b244921 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c

@@ -869,7 +869,7 @@
                               const unsigned char *buf, size_t len)
 {
     size_t list_len, name_len;
-    const char **p;
+    const char *const *p;
 
     /* If we didn't send it, the server shouldn't send it */
     if (ssl->conf->alpn_list == NULL) {

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 9386801..b7b075c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -158,7 +158,7 @@
 
     /* Check that the server chosen protocol was in our list and save it */
     MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len);
-    for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
+    for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
         if (protocol_name_len == strlen(*alpn) &&
             memcmp(p, *alpn, protocol_name_len) == 0) {
             ssl->alpn_chosen = *alpn;

diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 5a18afc..ef684b7 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl

@@ -49,20 +49,9 @@
 my $test_drivers_header_dir = 'framework/tests/include/test/drivers';
 my $test_drivers_source_dir = 'framework/tests/src/drivers';
 
-# This is a dirty patch to allow mbedtls#10091 to be merged without updating
-# tf-psa-crypto to psa#235. Once psa#235 will be merged, this dirty fix can
-# be removed.
-# The same holds also for @include_directories below.
-my @thirdparty_header_dirs;
-if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") {
-    @thirdparty_header_dirs = qw(
-        tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest
-    );
-} else {
-    @thirdparty_header_dirs = qw(
-        tf-psa-crypto/drivers/everest/include/everest
-    );
-}
+my @thirdparty_header_dirs = qw(
+    tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest
+);
 my @thirdparty_source_dirs = qw(
     tf-psa-crypto/drivers/everest/library
     tf-psa-crypto/drivers/everest/library/kremlib
@@ -72,36 +61,19 @@
 # Directories to add to the include path.
 # Order matters in case there are files with the same name in more than
 # one directory: the compiler will use the first match.
-my @include_directories;
-if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") {
-    @include_directories = qw(
-        include
-        tf-psa-crypto/include
-        tf-psa-crypto/drivers/builtin/include
-        tf-psa-crypto/drivers/everest/include/
-        tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest
-        tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013
-        tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib
-        tests/include
-        tf-psa-crypto/tests/include
-        framework/tests/include
-        framework/tests/programs
-    );
-} else {
-    @include_directories = qw(
-        include
-        tf-psa-crypto/include
-        tf-psa-crypto/drivers/builtin/include
-        tf-psa-crypto/drivers/everest/include/
-        tf-psa-crypto/drivers/everest/include/everest
-        tf-psa-crypto/drivers/everest/include/everest/vs2013
-        tf-psa-crypto/drivers/everest/include/everest/kremlib
-        tests/include
-        tf-psa-crypto/tests/include
-        framework/tests/include
-        framework/tests/programs
-    );
-}
+my @include_directories = qw(
+    include
+    tf-psa-crypto/include
+    tf-psa-crypto/drivers/builtin/include
+    tf-psa-crypto/drivers/everest/include/
+    tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest
+    tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013
+    tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib
+    tests/include
+    tf-psa-crypto/tests/include
+    framework/tests/include
+    framework/tests/programs
+);
 my $include_directories = join(';', map {"../../$_"} @include_directories);
 
 # Directories to add to the include path when building the libraries, but not

diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 95bfdb6..5bfdeda 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h

@@ -187,15 +187,6 @@
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 
 /*
- * Structure with endpoint's certificates for SSL communication tests.
- */
-typedef struct mbedtls_test_ssl_endpoint_certificate {
-    mbedtls_x509_crt *ca_cert;
-    mbedtls_x509_crt *cert;
-    mbedtls_pk_context *pkey;
-} mbedtls_test_ssl_endpoint_certificate;
-
-/*
  * Endpoint structure for SSL communication tests.
  */
 typedef struct mbedtls_test_ssl_endpoint {
@@ -203,7 +194,22 @@
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
     mbedtls_test_mock_socket socket;
-    mbedtls_test_ssl_endpoint_certificate cert;
+    uintptr_t user_data_cookie; /* A unique value associated with this endpoint */
+
+    /* Objects only used by DTLS.
+     * They should be guarded by MBEDTLS_SSL_PROTO_DTLS, but
+     * currently aren't because some code accesses them without guards. */
+    mbedtls_test_message_socket_context dtls_context;
+#if defined(MBEDTLS_TIMING_C)
+    mbedtls_timing_delay_context timer;
+#endif
+
+    /* Objects owned by the endpoint */
+    int *ciphersuites;
+    mbedtls_test_ssl_message_queue queue_input;
+    mbedtls_x509_crt *ca_chain;
+    mbedtls_x509_crt *cert;
+    mbedtls_pk_context *pkey;
 } mbedtls_test_ssl_endpoint;
 
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -432,8 +438,7 @@
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 
 /*
- * Initializes \p ep_cert structure and assigns it to endpoint
- * represented by \p ep.
+ * Load default CA certificates and endpoint keys into \p ep.
  *
  * \retval  0 on success, otherwise error code.
  */
@@ -442,34 +447,85 @@
                                                int opaque_alg, int opaque_alg2,
                                                int opaque_usage);
 
-/*
- * Initializes \p ep structure. It is important to call
- * `mbedtls_test_ssl_endpoint_free()` after calling this function
- * even if it fails.
+/** Initialize the configuration in an SSL endpoint structure.
  *
- * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
- * MBEDTLS_SSL_IS_CLIENT.
- * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
- * MBEDTLS_PK_ECDSA are supported.
- * \p dtls_context - in case of DTLS - this is the context handling metadata.
- * \p input_queue - used only in case of DTLS.
- * \p output_queue - used only in case of DTLS.
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep       The endpoint structure to configure.
+ * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT.
+ * \param[in] options   The options to use for configuring the endpoint
+ *                      structure.
+ *
+ * \retval  0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_init_conf(
+    mbedtls_test_ssl_endpoint *ep, int endpoint_type,
+    const mbedtls_test_handshake_test_options *options);
+
+/** Initialize the session context in an endpoint structure.
+ *
+ * \note The endpoint structure must have been set up with
+ *       mbedtls_test_ssl_endpoint_init_conf() with the same \p options.
+ *       Between calling mbedtls_test_ssl_endpoint_init_conf() and
+ *       mbedtls_test_ssl_endpoint_init_ssl(), you may configure `ep->ssl`
+ *       further if you know what you're doing.
+ *
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep       The endpoint structure to set up.
+ * \param[in] options   The options used for configuring the endpoint
+ *                      structure.
+ *
+ * \retval  0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_init_ssl(
+    mbedtls_test_ssl_endpoint *ep,
+    const mbedtls_test_handshake_test_options *options);
+
+/** Initialize the configuration and a context in an SSL endpoint structure.
+ *
+ * This function is equivalent to calling
+ * mbedtls_test_ssl_endpoint_init_conf() followed by
+ * mbedtls_test_ssl_endpoint_init_ssl().
+ *
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep       The endpoint structure to configure.
+ * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT.
+ * \param[in] options   The options to use for configuring the endpoint
+ *                      structure.
  *
  * \retval  0 on success, otherwise error code.
  */
 int mbedtls_test_ssl_endpoint_init(
     mbedtls_test_ssl_endpoint *ep, int endpoint_type,
-    mbedtls_test_handshake_test_options *options,
-    mbedtls_test_message_socket_context *dtls_context,
-    mbedtls_test_ssl_message_queue *input_queue,
-    mbedtls_test_ssl_message_queue *output_queue);
+    const mbedtls_test_handshake_test_options *options);
 
 /*
  * Deinitializes endpoint represented by \p ep.
  */
-void mbedtls_test_ssl_endpoint_free(
-    mbedtls_test_ssl_endpoint *ep,
-    mbedtls_test_message_socket_context *context);
+void mbedtls_test_ssl_endpoint_free(mbedtls_test_ssl_endpoint *ep);
+
+/* Join a DTLS client with a DTLS server.
+ *
+ * You must call this function after setting up the endpoint objects
+ * and before starting a DTLS handshake.
+ *
+ * \param client    The client. It must have been set up with
+ *                  mbedtls_test_ssl_endpoint_init().
+ * \param server    The server. It must have been set up with
+ *                  mbedtls_test_ssl_endpoint_init().
+ *
+ * \retval  0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client,
+                                         mbedtls_test_ssl_endpoint *server);
 
 /*
  * This function moves ssl handshake from \p ssl to prescribed \p state.
@@ -610,8 +666,51 @@
 #endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+/** Perform an SSL handshake and exchange data over the connection.
+ *
+ * This function also handles cases where the handshake is expected to fail.
+ *
+ * If the handshake succeeds as expected, this function validates that
+ * connection parameters are as expected, exchanges data over the
+ * connection, and exercises some optional protocol features if they
+ * are enabled. See the code to see what features are validated and exercised.
+ *
+ * The handshake is expected to fail in the following cases:
+ * - If `options->expected_handshake_result != 0`.
+ * - If `options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN`.
+ *
+ * \param[in] options   Options for the connection.
+ * \param client        The client endpoint. It must have been set up with
+ *                      mbedtls_test_ssl_endpoint_init() with \p options
+ *                      and #MBEDTLS_SSL_IS_CLIENT.
+ * \param server        The server endpoint. It must have been set up with
+ *                      mbedtls_test_ssl_endpoint_init() with \p options
+ *                      and #MBEDTLS_SSL_IS_CLIENT.
+ *
+ * \return              1 on success, 0 on failure. On failure, this function
+ *                      calls mbedtls_test_fail(), indicating the failure
+ *                      reason and location. The causes of failure are:
+ *                      - Inconsistent options or bad endpoint state.
+ *                      - Operational problem during the handshake.
+ *                      - The handshake was expected to pass, but failed.
+ *                      - The handshake was expected to fail, but passed or
+ *                        failed with a different result.
+ *                      - The handshake passed as expected, but some connection
+ *                        parameter (e.g. protocol version, cipher suite, ...)
+ *                        is not as expected.
+ *                      - The handshake passed as expected, but something
+ *                        went wrong when attempting to exchange data.
+ *                      - The handshake passed as expected, but something
+ *                        went wrong when exercising other features
+ *                        (e.g. renegotiation, serialization, ...).
+ */
+int mbedtls_test_ssl_perform_connection(
+    const mbedtls_test_handshake_test_options *options,
+    mbedtls_test_ssl_endpoint *client,
+    mbedtls_test_ssl_endpoint *server);
+
 void mbedtls_test_ssl_perform_handshake(
-    mbedtls_test_handshake_test_options *options);
+    const mbedtls_test_handshake_test_options *options);
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_TEST_HOOKS)

diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index 6f311ac..9e74572 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh

@@ -93,9 +93,6 @@
     scripts/config.py full
     loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS"
     loc_cflags="${loc_cflags} -I../framework/tests/include -O2"
-    # Allow a warning that we don't yet comply to.
-    # https://github.com/Mbed-TLS/mbedtls/issues/9944
-    loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization"
 
     make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
 

diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 1eed8ab..e6c082e 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c

@@ -71,7 +71,7 @@
     opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
     opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3;
     opts->pk_alg = MBEDTLS_PK_RSA;
-    opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
+    opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
     opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
     opts->cli_msg_len = 100;
     opts->srv_msg_len = 100;
@@ -572,36 +572,147 @@
     return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len;
 }
 
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \
+    defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)  && \
+    defined(MBEDTLS_SSL_SRV_C)
+static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
+                              const unsigned char *name, size_t name_len)
+{
+    (void) p_info;
+    (void) ssl;
+    (void) name;
+    (void) name_len;
+
+    return 0;
+}
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED &&
+          MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED  &&
+          MBEDTLS_SSL_SRV_C */
+
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 
+static int set_ciphersuite(mbedtls_test_ssl_endpoint *ep,
+                           const char *cipher)
+{
+    if (cipher == NULL || cipher[0] == 0) {
+        return 1;
+    }
+
+    int ok = 0;
+
+    TEST_CALLOC(ep->ciphersuites, 2);
+    ep->ciphersuites[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
+    ep->ciphersuites[1] = 0;
+
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+        mbedtls_ssl_ciphersuite_from_id(ep->ciphersuites[0]);
+
+    TEST_ASSERT(ciphersuite_info != NULL);
+    TEST_ASSERT(ciphersuite_info->min_tls_version <= ep->conf.max_tls_version);
+    TEST_ASSERT(ciphersuite_info->max_tls_version >= ep->conf.min_tls_version);
+
+    if (ep->conf.max_tls_version > ciphersuite_info->max_tls_version) {
+        ep->conf.max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version;
+    }
+    if (ep->conf.min_tls_version < ciphersuite_info->min_tls_version) {
+        ep->conf.min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version;
+    }
+
+    mbedtls_ssl_conf_ciphersuites(&ep->conf, ep->ciphersuites);
+    ok = 1;
+
+exit:
+    return ok;
+}
+
 /*
  * Deinitializes certificates from endpoint represented by \p ep.
  */
 static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
 {
-    mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert);
-    if (cert != NULL) {
-        if (cert->ca_cert != NULL) {
-            mbedtls_x509_crt_free(cert->ca_cert);
-            mbedtls_free(cert->ca_cert);
-            cert->ca_cert = NULL;
-        }
-        if (cert->cert != NULL) {
-            mbedtls_x509_crt_free(cert->cert);
-            mbedtls_free(cert->cert);
-            cert->cert = NULL;
-        }
-        if (cert->pkey != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-            if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) {
-                psa_destroy_key(cert->pkey->priv_id);
-            }
-#endif
-            mbedtls_pk_free(cert->pkey);
-            mbedtls_free(cert->pkey);
-            cert->pkey = NULL;
-        }
+    if (ep->ca_chain != NULL) {
+        mbedtls_x509_crt_free(ep->ca_chain);
+        mbedtls_free(ep->ca_chain);
+        ep->ca_chain = NULL;
     }
+    if (ep->cert != NULL) {
+        mbedtls_x509_crt_free(ep->cert);
+        mbedtls_free(ep->cert);
+        ep->cert = NULL;
+    }
+    if (ep->pkey != NULL) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+        if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) {
+            psa_destroy_key(ep->pkey->priv_id);
+        }
+#endif
+        mbedtls_pk_free(ep->pkey);
+        mbedtls_free(ep->pkey);
+        ep->pkey = NULL;
+    }
+}
+
+static int load_endpoint_rsa(mbedtls_test_ssl_endpoint *ep)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
+        ret = mbedtls_x509_crt_parse(
+            ep->cert,
+            (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
+            mbedtls_test_srv_crt_rsa_sha256_der_len);
+        TEST_EQUAL(ret, 0);
+        ret = mbedtls_pk_parse_key(
+            ep->pkey,
+            (const unsigned char *) mbedtls_test_srv_key_rsa_der,
+            mbedtls_test_srv_key_rsa_der_len, NULL, 0);
+        TEST_EQUAL(ret, 0);
+    } else {
+        ret = mbedtls_x509_crt_parse(
+            ep->cert,
+            (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
+            mbedtls_test_cli_crt_rsa_der_len);
+        TEST_EQUAL(ret, 0);
+        ret = mbedtls_pk_parse_key(
+            ep->pkey,
+            (const unsigned char *) mbedtls_test_cli_key_rsa_der,
+            mbedtls_test_cli_key_rsa_der_len, NULL, 0);
+        TEST_EQUAL(ret, 0);
+    }
+
+exit:
+    return ret;
+}
+
+static int load_endpoint_ecc(mbedtls_test_ssl_endpoint *ep)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
+        ret = mbedtls_x509_crt_parse(
+            ep->cert,
+            (const unsigned char *) mbedtls_test_srv_crt_ec_der,
+            mbedtls_test_srv_crt_ec_der_len);
+        TEST_EQUAL(ret, 0);
+        ret = mbedtls_pk_parse_key(
+            ep->pkey,
+            (const unsigned char *) mbedtls_test_srv_key_ec_der,
+            mbedtls_test_srv_key_ec_der_len, NULL, 0);
+        TEST_EQUAL(ret, 0);
+    } else {
+        ret = mbedtls_x509_crt_parse(
+            ep->cert,
+            (const unsigned char *) mbedtls_test_cli_crt_ec_der,
+            mbedtls_test_cli_crt_ec_len);
+        TEST_EQUAL(ret, 0);
+        ret = mbedtls_pk_parse_key(
+            ep->pkey,
+            (const unsigned char *) mbedtls_test_cli_key_ec_der,
+            mbedtls_test_cli_key_ec_der_len, NULL, 0);
+        TEST_EQUAL(ret, 0);
+    }
+
+exit:
+    return ret;
 }
 
 int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
@@ -612,7 +723,6 @@
     int i = 0;
     int ret = -1;
     int ok = 0;
-    mbedtls_test_ssl_endpoint_certificate *cert = NULL;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
 #endif
@@ -621,86 +731,37 @@
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    cert = &(ep->cert);
-    TEST_CALLOC(cert->ca_cert, 1);
-    TEST_CALLOC(cert->cert, 1);
-    TEST_CALLOC(cert->pkey, 1);
+    TEST_CALLOC(ep->ca_chain, 1);
+    TEST_CALLOC(ep->cert, 1);
+    TEST_CALLOC(ep->pkey, 1);
 
-    mbedtls_x509_crt_init(cert->ca_cert);
-    mbedtls_x509_crt_init(cert->cert);
-    mbedtls_pk_init(cert->pkey);
+    mbedtls_x509_crt_init(ep->ca_chain);
+    mbedtls_x509_crt_init(ep->cert);
+    mbedtls_pk_init(ep->pkey);
 
     /* Load the trusted CA */
 
     for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
         ret = mbedtls_x509_crt_parse_der(
-            cert->ca_cert,
+            ep->ca_chain,
             (const unsigned char *) mbedtls_test_cas_der[i],
             mbedtls_test_cas_der_len[i]);
-        TEST_ASSERT(ret == 0);
+        TEST_EQUAL(ret, 0);
     }
 
     /* Load own certificate and private key */
 
-    if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
-        if (pk_alg == MBEDTLS_PK_RSA) {
-            ret = mbedtls_x509_crt_parse(
-                cert->cert,
-                (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
-                mbedtls_test_srv_crt_rsa_sha256_der_len);
-            TEST_ASSERT(ret == 0);
-
-            ret = mbedtls_pk_parse_key(
-                cert->pkey,
-                (const unsigned char *) mbedtls_test_srv_key_rsa_der,
-                mbedtls_test_srv_key_rsa_der_len, NULL, 0);
-            TEST_ASSERT(ret == 0);
-        } else {
-            ret = mbedtls_x509_crt_parse(
-                cert->cert,
-                (const unsigned char *) mbedtls_test_srv_crt_ec_der,
-                mbedtls_test_srv_crt_ec_der_len);
-            TEST_ASSERT(ret == 0);
-
-            ret = mbedtls_pk_parse_key(
-                cert->pkey,
-                (const unsigned char *) mbedtls_test_srv_key_ec_der,
-                mbedtls_test_srv_key_ec_der_len, NULL, 0);
-            TEST_ASSERT(ret == 0);
-        }
+    if (pk_alg == MBEDTLS_PK_RSA) {
+        TEST_EQUAL(load_endpoint_rsa(ep), 0);
     } else {
-        if (pk_alg == MBEDTLS_PK_RSA) {
-            ret = mbedtls_x509_crt_parse(
-                cert->cert,
-                (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
-                mbedtls_test_cli_crt_rsa_der_len);
-            TEST_ASSERT(ret == 0);
-
-            ret = mbedtls_pk_parse_key(
-                cert->pkey,
-                (const unsigned char *) mbedtls_test_cli_key_rsa_der,
-                mbedtls_test_cli_key_rsa_der_len, NULL, 0);
-            TEST_ASSERT(ret == 0);
-        } else {
-            ret = mbedtls_x509_crt_parse(
-                cert->cert,
-                (const unsigned char *) mbedtls_test_cli_crt_ec_der,
-                mbedtls_test_cli_crt_ec_len);
-            TEST_ASSERT(ret == 0);
-
-            ret = mbedtls_pk_parse_key(
-                cert->pkey,
-                (const unsigned char *) mbedtls_test_cli_key_ec_der,
-                mbedtls_test_cli_key_ec_der_len, NULL, 0);
-            TEST_ASSERT(ret == 0);
-        }
+        TEST_EQUAL(load_endpoint_ecc(ep), 0);
     }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opaque_alg != 0) {
         psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
         /* Use a fake key usage to get a successful initial guess for the PSA attributes. */
-        TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH,
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(ep->pkey, PSA_KEY_USAGE_SIGN_HASH,
                                                  &key_attr), 0);
         /* Then manually usage, alg and alg2 as requested by the test. */
         psa_set_key_usage_flags(&key_attr, opaque_usage);
@@ -708,10 +769,10 @@
         if (opaque_alg2 != PSA_ALG_NONE) {
             psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2);
         }
-        TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0);
-        mbedtls_pk_free(cert->pkey);
-        mbedtls_pk_init(cert->pkey);
-        TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0);
+        TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0);
+        mbedtls_pk_free(ep->pkey);
+        mbedtls_pk_init(ep->pkey);
+        TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0);
     }
 #else
     (void) opaque_alg;
@@ -719,20 +780,11 @@
     (void) opaque_usage;
 #endif
 
-    mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL);
+    mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL);
 
-    ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
-                                    cert->pkey);
-    TEST_ASSERT(ret == 0);
-    TEST_ASSERT(ep->conf.key_cert != NULL);
-
-    ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL);
-    TEST_ASSERT(ret == 0);
-    TEST_ASSERT(ep->conf.key_cert == NULL);
-
-    ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
-                                    cert->pkey);
-    TEST_ASSERT(ret == 0);
+    ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert,
+                                    ep->pkey);
+    TEST_EQUAL(ret, 0);
 
     ok = 1;
 
@@ -748,21 +800,14 @@
     return ret;
 }
 
-int mbedtls_test_ssl_endpoint_init(
+int mbedtls_test_ssl_endpoint_init_conf(
     mbedtls_test_ssl_endpoint *ep, int endpoint_type,
-    mbedtls_test_handshake_test_options *options,
-    mbedtls_test_message_socket_context *dtls_context,
-    mbedtls_test_ssl_message_queue *input_queue,
-    mbedtls_test_ssl_message_queue *output_queue)
+    const mbedtls_test_handshake_test_options *options)
 {
     int ret = -1;
-    uintptr_t user_data_n;
-
-    if (dtls_context != NULL &&
-        (input_queue == NULL || output_queue == NULL)) {
-        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
-
-    }
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+    const char *psk_identity = "foo";
+#endif
 
     if (ep == NULL) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -774,6 +819,7 @@
 
     mbedtls_ssl_init(&(ep->ssl));
     mbedtls_ssl_config_init(&(ep->conf));
+    mbedtls_test_message_socket_init(&ep->dtls_context);
 
     TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL);
     TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0);
@@ -781,38 +827,19 @@
     TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0);
 
     (void) mbedtls_test_rnd_std_rand(NULL,
-                                     (void *) &user_data_n,
-                                     sizeof(user_data_n));
-    mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n);
-    mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n);
+                                     (void *) &ep->user_data_cookie,
+                                     sizeof(ep->user_data_cookie));
+    mbedtls_ssl_conf_set_user_data_n(&ep->conf, ep->user_data_cookie);
+    mbedtls_ssl_set_user_data_n(&ep->ssl, ep->user_data_cookie);
 
-    if (dtls_context != NULL) {
-        TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue,
-                                                      100, &(ep->socket),
-                                                      dtls_context) == 0);
-    } else {
-        mbedtls_test_mock_socket_init(&(ep->socket));
-    }
-
-    /* Non-blocking callbacks without timeout */
-    if (dtls_context != NULL) {
-        mbedtls_ssl_set_bio(&(ep->ssl), dtls_context,
-                            mbedtls_test_mock_tcp_send_msg,
-                            mbedtls_test_mock_tcp_recv_msg,
-                            NULL);
-    } else {
-        mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket),
-                            mbedtls_test_mock_tcp_send_nb,
-                            mbedtls_test_mock_tcp_recv_nb,
-                            NULL);
-    }
+    mbedtls_test_mock_socket_init(&(ep->socket));
 
     ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type,
-                                      (dtls_context != NULL) ?
+                                      options->dtls ?
                                       MBEDTLS_SSL_TRANSPORT_DATAGRAM :
                                       MBEDTLS_SSL_TRANSPORT_STREAM,
                                       MBEDTLS_SSL_PRESET_DEFAULT);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
 
     if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
         if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
@@ -836,11 +863,19 @@
         }
     }
 
+    if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
+        TEST_ASSERT(set_ciphersuite(ep, options->cipher));
+    }
+
     if (options->group_list != NULL) {
         mbedtls_ssl_conf_groups(&(ep->conf), options->group_list);
     }
 
-    mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
+    if (MBEDTLS_SSL_IS_SERVER == endpoint_type) {
+        mbedtls_ssl_conf_authmode(&(ep->conf), options->srv_auth_mode);
+    } else {
+        mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
+    }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data);
@@ -851,6 +886,7 @@
                                              options->max_early_data_size);
     }
 #endif
+
 #if defined(MBEDTLS_SSL_ALPN)
     /* check that alpn_list contains at least one valid entry */
     if (options->alpn_list[0] != NULL) {
@@ -859,6 +895,15 @@
 #endif
 #endif
 
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if (options->renegotiate) {
+        mbedtls_ssl_conf_renegotiation(&ep->conf,
+                                       MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+        mbedtls_ssl_conf_legacy_renegotiation(&ep->conf,
+                                              options->legacy_renegotiation);
+    }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
 #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C)
     if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) {
         mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache,
@@ -867,16 +912,16 @@
     }
 #endif
 
-    ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
-    TEST_ASSERT(ret == 0);
-
-    if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
-        ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost");
-        TEST_EQUAL(ret, 0);
-    }
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&ep->conf,
+                                             (unsigned char) options->mfl),
+               0);
+#else
+    TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl);
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
-    if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
+    if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->dtls) {
         mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);
     }
 #endif
@@ -902,11 +947,71 @@
                                                      options->opaque_alg,
                                                      options->opaque_alg2,
                                                      options->opaque_usage);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
 
-    TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n);
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+    if (options->psk_str != NULL && options->psk_str->len > 0) {
+        TEST_EQUAL(mbedtls_ssl_conf_psk(
+                       &ep->conf, options->psk_str->x,
+                       options->psk_str->len,
+                       (const unsigned char *) psk_identity,
+                       strlen(psk_identity)), 0);
+#if defined(MBEDTLS_SSL_SRV_C)
+        if (MBEDTLS_SSL_IS_SERVER == endpoint_type) {
+            mbedtls_ssl_conf_psk_cb(&ep->conf, psk_dummy_callback, NULL);
+        }
+#endif
+    }
+#endif
+
+    TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf),
+               ep->user_data_cookie);
     mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep);
-    TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n);
+
+    return 0;
+
+exit:
+    if (ret == 0) {
+        /* Exiting due to a test assertion that isn't ret == 0 */
+        ret = -1;
+    }
+    return ret;
+}
+
+int mbedtls_test_ssl_endpoint_init_ssl(
+    mbedtls_test_ssl_endpoint *ep,
+    const mbedtls_test_handshake_test_options *options)
+{
+    int endpoint_type = mbedtls_ssl_conf_get_endpoint(&ep->conf);
+    int ret = -1;
+
+    ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
+    TEST_EQUAL(ret, 0);
+
+    if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
+        ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost");
+        TEST_EQUAL(ret, 0);
+    }
+
+    /* Non-blocking callbacks without timeout */
+    if (options->dtls) {
+        mbedtls_ssl_set_bio(&(ep->ssl), &ep->dtls_context,
+                            mbedtls_test_mock_tcp_send_msg,
+                            mbedtls_test_mock_tcp_recv_msg,
+                            NULL);
+#if defined(MBEDTLS_TIMING_C)
+        mbedtls_ssl_set_timer_cb(&ep->ssl, &ep->timer,
+                                 mbedtls_timing_set_delay,
+                                 mbedtls_timing_get_delay);
+#endif
+    } else {
+        mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket),
+                            mbedtls_test_mock_tcp_send_nb,
+                            mbedtls_test_mock_tcp_recv_nb,
+                            NULL);
+    }
+
+    TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), ep->user_data_cookie);
     mbedtls_ssl_set_user_data_p(&ep->ssl, ep);
 
     return 0;
@@ -919,22 +1024,56 @@
     return ret;
 }
 
-void mbedtls_test_ssl_endpoint_free(
-    mbedtls_test_ssl_endpoint *ep,
-    mbedtls_test_message_socket_context *context)
+int mbedtls_test_ssl_endpoint_init(
+    mbedtls_test_ssl_endpoint *ep, int endpoint_type,
+    const mbedtls_test_handshake_test_options *options)
 {
-    test_ssl_endpoint_certificate_free(ep);
+    int ret = mbedtls_test_ssl_endpoint_init_conf(ep, endpoint_type, options);
+    if (ret != 0) {
+        return ret;
+    }
+    ret = mbedtls_test_ssl_endpoint_init_ssl(ep, options);
+    return ret;
+}
 
+void mbedtls_test_ssl_endpoint_free(
+    mbedtls_test_ssl_endpoint *ep)
+{
     mbedtls_ssl_free(&(ep->ssl));
     mbedtls_ssl_config_free(&(ep->conf));
 
-    if (context != NULL) {
-        mbedtls_test_message_socket_close(context);
+    mbedtls_free(ep->ciphersuites);
+    ep->ciphersuites = NULL;
+    test_ssl_endpoint_certificate_free(ep);
+
+    if (ep->dtls_context.socket != NULL) {
+        mbedtls_test_message_socket_close(&ep->dtls_context);
     } else {
         mbedtls_test_mock_socket_close(&(ep->socket));
     }
 }
 
+int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client,
+                                         mbedtls_test_ssl_endpoint *server)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    ret = mbedtls_test_message_socket_setup(&client->queue_input,
+                                            &server->queue_input,
+                                            100, &(client->socket),
+                                            &client->dtls_context);
+    TEST_EQUAL(ret, 0);
+
+    ret = mbedtls_test_message_socket_setup(&server->queue_input,
+                                            &client->queue_input,
+                                            100, &(server->socket),
+                                            &server->dtls_context);
+    TEST_EQUAL(ret, 0);
+
+exit:
+    return ret;
+}
+
 int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,
                                          mbedtls_ssl_context *second_ssl,
                                          int state)
@@ -985,7 +1124,7 @@
     /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
      * a valid no-op for TLS connections. */
     if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
-        TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0);
+        TEST_EQUAL(mbedtls_ssl_write(ssl, NULL, 0), 0);
     }
 
     ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
@@ -1032,7 +1171,7 @@
     /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
      * a valid no-op for TLS connections. */
     if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
-        TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0);
+        TEST_EQUAL(mbedtls_ssl_read(ssl, NULL, 0), 0);
     }
 
     ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
@@ -1042,7 +1181,7 @@
     }
 
     if (expected_fragments == 0) {
-        TEST_ASSERT(ret == 0);
+        TEST_EQUAL(ret, 0);
     } else if (expected_fragments == 1) {
         TEST_ASSERT(ret == buf_len ||
                     ret == MBEDTLS_ERR_SSL_WANT_READ ||
@@ -1061,52 +1200,6 @@
     return -1;
 }
 
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
-                            int *forced_ciphersuite)
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-    forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
-    forced_ciphersuite[1] = 0;
-
-    ciphersuite_info =
-        mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]);
-
-    TEST_ASSERT(ciphersuite_info != NULL);
-    TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version);
-    TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version);
-
-    if (conf->max_tls_version > ciphersuite_info->max_tls_version) {
-        conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version;
-    }
-    if (conf->min_tls_version < ciphersuite_info->min_tls_version) {
-        conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version;
-    }
-
-    mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite);
-
-exit:
-    return;
-}
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \
-    defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)  && \
-    defined(MBEDTLS_SSL_SRV_C)
-static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
-                              const unsigned char *name, size_t name_len)
-{
-    (void) p_info;
-    (void) ssl;
-    (void) name;
-    (void) name_len;
-
-    return 0;
-}
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED &&
-          MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED  &&
-          MBEDTLS_SSL_SRV_C */
-
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
     defined(PSA_WANT_ALG_CBC_NO_PADDING) && defined(PSA_WANT_KEY_TYPE_AES)
 int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
@@ -1929,10 +2022,10 @@
                 if (expected_fragments_1 == 0) {
                     /* This error is expected when the message is too large and
                      * cannot be fragmented */
-                    TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+                    TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
                     msg_len_1 = 0;
                 } else {
-                    TEST_ASSERT(ret == 0);
+                    TEST_EQUAL(ret, 0);
                 }
             }
 
@@ -1944,10 +2037,10 @@
                 if (expected_fragments_2 == 0) {
                     /* This error is expected when the message is too large and
                      * cannot be fragmented */
-                    TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+                    TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
                     msg_len_2 = 0;
                 } else {
-                    TEST_ASSERT(ret == 0);
+                    TEST_EQUAL(ret, 0);
                 }
             }
 
@@ -1957,7 +2050,7 @@
                                                 msg_len_2, &read_1,
                                                 &fragments_2,
                                                 expected_fragments_2);
-                TEST_ASSERT(ret == 0);
+                TEST_EQUAL(ret, 0);
             }
 
             /* ssl_2 reading */
@@ -1966,15 +2059,15 @@
                                                 msg_len_1, &read_2,
                                                 &fragments_1,
                                                 expected_fragments_1);
-                TEST_ASSERT(ret == 0);
+                TEST_EQUAL(ret, 0);
             }
         }
 
         ret = -1;
-        TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1));
-        TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2));
-        TEST_ASSERT(fragments_1 == expected_fragments_1);
-        TEST_ASSERT(fragments_2 == expected_fragments_2);
+        TEST_EQUAL(0, memcmp(msg_buf_1, in_buf_2, msg_len_1));
+        TEST_EQUAL(0, memcmp(msg_buf_2, in_buf_1, msg_len_2));
+        TEST_EQUAL(fragments_1, expected_fragments_1);
+        TEST_EQUAL(fragments_2, expected_fragments_2);
     }
 
     ret = 0;
@@ -2010,15 +2103,23 @@
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 static int check_ssl_version(
     mbedtls_ssl_protocol_version expected_negotiated_version,
-    const mbedtls_ssl_context *ssl)
+    const mbedtls_ssl_context *client,
+    const mbedtls_ssl_context *server)
 {
-    const char *version_string = mbedtls_ssl_get_version(ssl);
+    /* First check that both sides have chosen the same version.
+     * If so, we can make more sanity checks just on one side.
+     * If not, something is deeply wrong. */
+    TEST_EQUAL(client->tls_version, server->tls_version);
+
+    /* Make further checks on the client to validate that the
+     * reported data about the version is correct. */
+    const char *version_string = mbedtls_ssl_get_version(client);
     mbedtls_ssl_protocol_version version_number =
-        mbedtls_ssl_get_version_number(ssl);
+        mbedtls_ssl_get_version_number(client);
 
-    TEST_EQUAL(ssl->tls_version, expected_negotiated_version);
+    TEST_EQUAL(client->tls_version, expected_negotiated_version);
 
-    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+    if (client->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         TEST_EQUAL(version_string[0], 'D');
         ++version_string;
     }
@@ -2026,12 +2127,12 @@
     switch (expected_negotiated_version) {
         case MBEDTLS_SSL_VERSION_TLS1_2:
             TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2);
-            TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0);
+            TEST_EQUAL(strcmp(version_string, "TLSv1.2"), 0);
             break;
 
         case MBEDTLS_SSL_VERSION_TLS1_3:
             TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3);
-            TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0);
+            TEST_EQUAL(strcmp(version_string, "TLSv1.3"), 0);
             break;
 
         default:
@@ -2066,13 +2167,11 @@
     options->server_max_version = proto;
     options->client_max_version = proto;
 
-    ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options,
-                                         NULL, NULL, NULL);
+    ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options);
     if (ret != 0) {
         return ret;
     }
-    ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options,
-                                         NULL, NULL, NULL);
+    ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options);
     if (ret != 0) {
         return ret;
     }
@@ -2104,35 +2203,275 @@
 #endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-void mbedtls_test_ssl_perform_handshake(
-    mbedtls_test_handshake_test_options *options)
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+static int test_renegotiation(const mbedtls_test_handshake_test_options *options,
+                              mbedtls_test_ssl_endpoint *client,
+                              mbedtls_test_ssl_endpoint *server)
 {
-    /* forced_ciphersuite needs to last until the end of the handshake */
-    int forced_ciphersuite[2];
-    enum { BUFFSIZE = 17000 };
-    mbedtls_test_ssl_endpoint client, server;
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-    const char *psk_identity = "foo";
+    int ok = 0;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    (void) options; // only used in some configurations
+
+    /* Start test with renegotiation */
+    TEST_EQUAL(server->ssl.renego_status,
+               MBEDTLS_SSL_INITIAL_HANDSHAKE);
+    TEST_EQUAL(client->ssl.renego_status,
+               MBEDTLS_SSL_INITIAL_HANDSHAKE);
+
+    /* After calling this function for the server, it only sends a handshake
+     * request. All renegotiation should happen during data exchanging */
+    TEST_EQUAL(mbedtls_ssl_renegotiate(&(server->ssl)), 0);
+    TEST_EQUAL(server->ssl.renego_status,
+               MBEDTLS_SSL_RENEGOTIATION_PENDING);
+    TEST_EQUAL(client->ssl.renego_status,
+               MBEDTLS_SSL_INITIAL_HANDSHAKE);
+
+    TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0);
+    TEST_EQUAL(server->ssl.renego_status,
+               MBEDTLS_SSL_RENEGOTIATION_DONE);
+    TEST_EQUAL(client->ssl.renego_status,
+               MBEDTLS_SSL_RENEGOTIATION_DONE);
+
+    /* After calling mbedtls_ssl_renegotiate for the client,
+     * all renegotiation should happen inside this function.
+     * However in this test, we cannot perform simultaneous communication
+     * between client and server so this function will return waiting error
+     * on the socket. All rest of renegotiation should happen
+     * during data exchanging */
+    ret = mbedtls_ssl_renegotiate(&(client->ssl));
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+    if (options->resize_buffers != 0) {
+        /* Ensure that the buffer sizes are appropriate before resizes */
+        TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
+        TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN);
+    }
 #endif
-#if defined(MBEDTLS_TIMING_C)
-    mbedtls_timing_delay_context timer_client, timer_server;
-#endif
+    TEST_ASSERT(ret == 0 ||
+                ret == MBEDTLS_ERR_SSL_WANT_READ ||
+                ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+    TEST_EQUAL(server->ssl.renego_status,
+               MBEDTLS_SSL_RENEGOTIATION_DONE);
+    TEST_EQUAL(client->ssl.renego_status,
+               MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS);
+
+    TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0);
+    TEST_EQUAL(server->ssl.renego_status,
+               MBEDTLS_SSL_RENEGOTIATION_DONE);
+    TEST_EQUAL(client->ssl.renego_status,
+               MBEDTLS_SSL_RENEGOTIATION_DONE);
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+    /* Validate buffer sizes after renegotiation */
+    if (options->resize_buffers != 0) {
+        TEST_EQUAL(client->ssl.out_buf_len,
+                   mbedtls_ssl_get_output_buflen(&client->ssl));
+        TEST_EQUAL(client->ssl.in_buf_len,
+                   mbedtls_ssl_get_input_buflen(&client->ssl));
+        TEST_EQUAL(server->ssl.out_buf_len,
+                   mbedtls_ssl_get_output_buflen(&server->ssl));
+        TEST_EQUAL(server->ssl.in_buf_len,
+                   mbedtls_ssl_get_input_buflen(&server->ssl));
+    }
+#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+
+    ok = 1;
+
+exit:
+    return ok;
+}
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+static int test_serialization(const mbedtls_test_handshake_test_options *options,
+                              mbedtls_test_ssl_endpoint *client,
+                              mbedtls_test_ssl_endpoint *server)
+{
+    int ok = 0;
     unsigned char *context_buf = NULL;
     size_t context_buf_len;
+
+    TEST_EQUAL(options->dtls, 1);
+
+    TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), NULL,
+                                        0, &context_buf_len),
+               MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+
+    context_buf = mbedtls_calloc(1, context_buf_len);
+    TEST_ASSERT(context_buf != NULL);
+
+    TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), context_buf,
+                                        context_buf_len,
+                                        &context_buf_len),
+               0);
+
+    mbedtls_ssl_free(&(server->ssl));
+    mbedtls_ssl_init(&(server->ssl));
+
+    TEST_EQUAL(mbedtls_ssl_setup(&(server->ssl), &(server->conf)), 0);
+
+    mbedtls_ssl_set_bio(&(server->ssl), &server->dtls_context,
+                        mbedtls_test_mock_tcp_send_msg,
+                        mbedtls_test_mock_tcp_recv_msg,
+                        NULL);
+
+    mbedtls_ssl_set_user_data_p(&server->ssl, server);
+
+#if defined(MBEDTLS_TIMING_C)
+    mbedtls_ssl_set_timer_cb(&server->ssl, &server->timer,
+                             mbedtls_timing_set_delay,
+                             mbedtls_timing_get_delay);
 #endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int ret = -1;
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+    if (options->resize_buffers != 0) {
+        /* Ensure that the buffer sizes are appropriate before resizes */
+        TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
+        TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN);
+    }
 #endif
+    TEST_EQUAL(mbedtls_ssl_context_load(&(server->ssl), context_buf,
+                                        context_buf_len), 0);
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+    /* Validate buffer sizes after context deserialization */
+    if (options->resize_buffers != 0) {
+        TEST_EQUAL(server->ssl.out_buf_len,
+                   mbedtls_ssl_get_output_buflen(&server->ssl));
+        TEST_EQUAL(server->ssl.in_buf_len,
+                   mbedtls_ssl_get_input_buflen(&server->ssl));
+    }
+#endif
+    /* Retest writing/reading */
+    if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
+        TEST_EQUAL(mbedtls_test_ssl_exchange_data(
+                       &(client->ssl), options->cli_msg_len,
+                       options->expected_cli_fragments,
+                       &(server->ssl), options->srv_msg_len,
+                       options->expected_srv_fragments),
+                   0);
+    }
+
+    ok = 1;
+
+exit:
+    mbedtls_free(context_buf);
+    return ok;
+}
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+int mbedtls_test_ssl_perform_connection(
+    const mbedtls_test_handshake_test_options *options,
+    mbedtls_test_ssl_endpoint *client,
+    mbedtls_test_ssl_endpoint *server)
+{
+    enum { BUFFSIZE = 17000 };
     int expected_handshake_result = options->expected_handshake_result;
+    int ok = 0;
+
+    TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client->socket),
+                                                &(server->socket),
+                                                BUFFSIZE), 0);
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+    if (options->resize_buffers != 0) {
+        /* Ensure that the buffer sizes are appropriate before resizes */
+        TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
+        TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN);
+        TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
+        TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN);
+    }
+#endif
+
+    if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) {
+        expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
+    }
+
+    TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client->ssl),
+                                                    &(server->ssl),
+                                                    MBEDTLS_SSL_HANDSHAKE_OVER),
+               expected_handshake_result);
+
+    if (expected_handshake_result != 0) {
+        /* Connection will have failed by this point, skip to cleanup */
+        ok = 1;
+        goto exit;
+    }
+
+    TEST_EQUAL(mbedtls_ssl_is_handshake_over(&client->ssl), 1);
+
+    /* Make sure server state is moved to HANDSHAKE_OVER also. */
+    TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server->ssl),
+                                                    &(client->ssl),
+                                                    MBEDTLS_SSL_HANDSHAKE_OVER),
+               0);
+
+    TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server->ssl), 1);
+
+    /* Check that both sides have negotiated the expected version. */
+    TEST_ASSERT(check_ssl_version(options->expected_negotiated_version,
+                                  &client->ssl,
+                                  &server->ssl));
+
+    if (options->expected_ciphersuite != 0) {
+        TEST_EQUAL(server->ssl.session->ciphersuite,
+                   options->expected_ciphersuite);
+    }
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+    if (options->resize_buffers != 0) {
+        /* A server, when using DTLS, might delay a buffer resize to happen
+         * after it receives a message, so we force it. */
+        TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0);
+
+        TEST_EQUAL(client->ssl.out_buf_len,
+                   mbedtls_ssl_get_output_buflen(&client->ssl));
+        TEST_EQUAL(client->ssl.in_buf_len,
+                   mbedtls_ssl_get_input_buflen(&client->ssl));
+        TEST_EQUAL(server->ssl.out_buf_len,
+                   mbedtls_ssl_get_output_buflen(&server->ssl));
+        TEST_EQUAL(server->ssl.in_buf_len,
+                   mbedtls_ssl_get_input_buflen(&server->ssl));
+    }
+#endif
+
+    if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
+        /* Start data exchanging test */
+        TEST_EQUAL(mbedtls_test_ssl_exchange_data(
+                       &(client->ssl), options->cli_msg_len,
+                       options->expected_cli_fragments,
+                       &(server->ssl), options->srv_msg_len,
+                       options->expected_srv_fragments),
+                   0);
+    }
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+    if (options->serialize == 1) {
+        TEST_ASSERT(test_serialization(options, client, server));
+    }
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if (options->renegotiate) {
+        TEST_ASSERT(test_renegotiation(options, client, server));
+    }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+    ok = 1;
+
+exit:
+    return ok;
+}
+
+void mbedtls_test_ssl_perform_handshake(
+    const mbedtls_test_handshake_test_options *options)
+{
+    mbedtls_test_ssl_endpoint client_struct;
+    memset(&client_struct, 0, sizeof(client_struct));
+    mbedtls_test_ssl_endpoint *const client = &client_struct;
+    mbedtls_test_ssl_endpoint server_struct;
+    memset(&server_struct, 0, sizeof(server_struct));
+    mbedtls_test_ssl_endpoint *const server = &server_struct;
 
     MD_OR_USE_PSA_INIT();
-    mbedtls_platform_zeroize(&client, sizeof(client));
-    mbedtls_platform_zeroize(&server, sizeof(server));
-    mbedtls_test_ssl_message_queue server_queue, client_queue;
-    mbedtls_test_message_socket_context server_context, client_context;
-    mbedtls_test_message_socket_init(&server_context);
-    mbedtls_test_message_socket_init(&client_context);
 
 #if defined(MBEDTLS_DEBUG_C)
     if (options->cli_log_fun || options->srv_log_fun) {
@@ -2141,322 +2480,34 @@
 #endif
 
     /* Client side */
-    if (options->dtls != 0) {
-        TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
-                                                   MBEDTLS_SSL_IS_CLIENT,
-                                                   options, &client_context,
-                                                   &client_queue,
-                                                   &server_queue) == 0);
-#if defined(MBEDTLS_TIMING_C)
-        mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client,
-                                 mbedtls_timing_set_delay,
-                                 mbedtls_timing_get_delay);
-#endif
-    } else {
-        TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
-                                                   MBEDTLS_SSL_IS_CLIENT,
-                                                   options, NULL, NULL,
-                                                   NULL) == 0);
-    }
-
-    if (strlen(options->cipher) > 0) {
-        set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
-    }
+    TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client,
+                                              MBEDTLS_SSL_IS_CLIENT,
+                                              options), 0);
 
     /* Server side */
-    if (options->dtls != 0) {
-        TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
-                                                   MBEDTLS_SSL_IS_SERVER,
-                                                   options, &server_context,
-                                                   &server_queue,
-                                                   &client_queue) == 0);
-#if defined(MBEDTLS_TIMING_C)
-        mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
-                                 mbedtls_timing_set_delay,
-                                 mbedtls_timing_get_delay);
-#endif
-    } else {
-        TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
-                                                   MBEDTLS_SSL_IS_SERVER,
-                                                   options, NULL, NULL,
-                                                   NULL) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server,
+                                              MBEDTLS_SSL_IS_SERVER,
+                                              options), 0);
+
+    if (options->dtls) {
+        TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0);
     }
 
-    mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode);
+    TEST_ASSERT(mbedtls_test_ssl_perform_connection(options, client, server));
 
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf),
-                                              (unsigned char) options->mfl)
-                == 0);
-    TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf),
-                                              (unsigned char) options->mfl)
-                == 0);
-#else
-    TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl);
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-    if (options->psk_str != NULL && options->psk_str->len > 0) {
-        TEST_ASSERT(mbedtls_ssl_conf_psk(
-                        &client.conf, options->psk_str->x,
-                        options->psk_str->len,
-                        (const unsigned char *) psk_identity,
-                        strlen(psk_identity)) == 0);
-
-        TEST_ASSERT(mbedtls_ssl_conf_psk(
-                        &server.conf, options->psk_str->x,
-                        options->psk_str->len,
-                        (const unsigned char *) psk_identity,
-                        strlen(psk_identity)) == 0);
-#if defined(MBEDTLS_SSL_SRV_C)
-        mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL);
-#endif
-    }
-#endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if (options->renegotiate) {
-        mbedtls_ssl_conf_renegotiation(&(server.conf),
-                                       MBEDTLS_SSL_RENEGOTIATION_ENABLED);
-        mbedtls_ssl_conf_renegotiation(&(client.conf),
-                                       MBEDTLS_SSL_RENEGOTIATION_ENABLED);
-
-        mbedtls_ssl_conf_legacy_renegotiation(&(server.conf),
-                                              options->legacy_renegotiation);
-        mbedtls_ssl_conf_legacy_renegotiation(&(client.conf),
-                                              options->legacy_renegotiation);
-    }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-    TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
-                                                 &(server.socket),
-                                                 BUFFSIZE) == 0);
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-    if (options->resize_buffers != 0) {
-        /* Ensure that the buffer sizes are appropriate before resizes */
-        TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
-        TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
-        TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
-        TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
-    }
-#endif
-
-    if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) {
-        expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
-    }
-
-    TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl),
-                                                     &(server.ssl),
-                                                     MBEDTLS_SSL_HANDSHAKE_OVER)
-                ==  expected_handshake_result);
-
-    if (expected_handshake_result != 0) {
-        /* Connection will have failed by this point, skip to cleanup */
-        goto exit;
-    }
-
-    TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1);
-
-    /* Make sure server state is moved to HANDSHAKE_OVER also. */
-    TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl),
-                                                    &(client.ssl),
-                                                    MBEDTLS_SSL_HANDSHAKE_OVER),
-               0);
-
-    TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1);
-    /* Check that both sides have negotiated the expected version. */
-    mbedtls_test_set_step(0);
-    if (!check_ssl_version(options->expected_negotiated_version,
-                           &client.ssl)) {
-        goto exit;
-    }
-
-    mbedtls_test_set_step(1);
-    if (!check_ssl_version(options->expected_negotiated_version,
-                           &server.ssl)) {
-        goto exit;
-    }
-
-    if (options->expected_ciphersuite != 0) {
-        TEST_EQUAL(server.ssl.session->ciphersuite,
-                   options->expected_ciphersuite);
-    }
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-    if (options->resize_buffers != 0) {
-        /* A server, when using DTLS, might delay a buffer resize to happen
-         * after it receives a message, so we force it. */
-        TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
-
-        TEST_ASSERT(client.ssl.out_buf_len ==
-                    mbedtls_ssl_get_output_buflen(&client.ssl));
-        TEST_ASSERT(client.ssl.in_buf_len ==
-                    mbedtls_ssl_get_input_buflen(&client.ssl));
-        TEST_ASSERT(server.ssl.out_buf_len ==
-                    mbedtls_ssl_get_output_buflen(&server.ssl));
-        TEST_ASSERT(server.ssl.in_buf_len ==
-                    mbedtls_ssl_get_input_buflen(&server.ssl));
-    }
-#endif
-
-    if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
-        /* Start data exchanging test */
-        TEST_ASSERT(mbedtls_test_ssl_exchange_data(
-                        &(client.ssl), options->cli_msg_len,
-                        options->expected_cli_fragments,
-                        &(server.ssl), options->srv_msg_len,
-                        options->expected_srv_fragments)
-                    == 0);
-    }
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-    if (options->serialize == 1) {
-        TEST_ASSERT(options->dtls == 1);
-
-        TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL,
-                                             0, &context_buf_len)
-                    == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
-
-        context_buf = mbedtls_calloc(1, context_buf_len);
-        TEST_ASSERT(context_buf != NULL);
-
-        TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf,
-                                             context_buf_len,
-                                             &context_buf_len)
-                    == 0);
-
-        mbedtls_ssl_free(&(server.ssl));
-        mbedtls_ssl_init(&(server.ssl));
-
-        TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0);
-
-        mbedtls_ssl_set_bio(&(server.ssl), &server_context,
-                            mbedtls_test_mock_tcp_send_msg,
-                            mbedtls_test_mock_tcp_recv_msg,
-                            NULL);
-
-        mbedtls_ssl_set_user_data_p(&server.ssl, &server);
-
-#if defined(MBEDTLS_TIMING_C)
-        mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
-                                 mbedtls_timing_set_delay,
-                                 mbedtls_timing_get_delay);
-#endif
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-        if (options->resize_buffers != 0) {
-            /* Ensure that the buffer sizes are appropriate before resizes */
-            TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
-            TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
-        }
-#endif
-        TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf,
-                                             context_buf_len) == 0);
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-        /* Validate buffer sizes after context deserialization */
-        if (options->resize_buffers != 0) {
-            TEST_ASSERT(server.ssl.out_buf_len ==
-                        mbedtls_ssl_get_output_buflen(&server.ssl));
-            TEST_ASSERT(server.ssl.in_buf_len ==
-                        mbedtls_ssl_get_input_buflen(&server.ssl));
-        }
-#endif
-        /* Retest writing/reading */
-        if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
-            TEST_ASSERT(mbedtls_test_ssl_exchange_data(
-                            &(client.ssl), options->cli_msg_len,
-                            options->expected_cli_fragments,
-                            &(server.ssl), options->srv_msg_len,
-                            options->expected_srv_fragments)
-                        == 0);
-        }
-    }
-#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if (options->renegotiate) {
-        /* Start test with renegotiation */
-        TEST_ASSERT(server.ssl.renego_status ==
-                    MBEDTLS_SSL_INITIAL_HANDSHAKE);
-        TEST_ASSERT(client.ssl.renego_status ==
-                    MBEDTLS_SSL_INITIAL_HANDSHAKE);
-
-        /* After calling this function for the server, it only sends a handshake
-         * request. All renegotiation should happen during data exchanging */
-        TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0);
-        TEST_ASSERT(server.ssl.renego_status ==
-                    MBEDTLS_SSL_RENEGOTIATION_PENDING);
-        TEST_ASSERT(client.ssl.renego_status ==
-                    MBEDTLS_SSL_INITIAL_HANDSHAKE);
-
-        TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
-        TEST_ASSERT(server.ssl.renego_status ==
-                    MBEDTLS_SSL_RENEGOTIATION_DONE);
-        TEST_ASSERT(client.ssl.renego_status ==
-                    MBEDTLS_SSL_RENEGOTIATION_DONE);
-
-        /* After calling mbedtls_ssl_renegotiate for the client,
-         * all renegotiation should happen inside this function.
-         * However in this test, we cannot perform simultaneous communication
-         * between client and server so this function will return waiting error
-         * on the socket. All rest of renegotiation should happen
-         * during data exchanging */
-        ret = mbedtls_ssl_renegotiate(&(client.ssl));
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-        if (options->resize_buffers != 0) {
-            /* Ensure that the buffer sizes are appropriate before resizes */
-            TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
-            TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
-        }
-#endif
-        TEST_ASSERT(ret == 0 ||
-                    ret == MBEDTLS_ERR_SSL_WANT_READ ||
-                    ret == MBEDTLS_ERR_SSL_WANT_WRITE);
-        TEST_ASSERT(server.ssl.renego_status ==
-                    MBEDTLS_SSL_RENEGOTIATION_DONE);
-        TEST_ASSERT(client.ssl.renego_status ==
-                    MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS);
-
-        TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
-        TEST_ASSERT(server.ssl.renego_status ==
-                    MBEDTLS_SSL_RENEGOTIATION_DONE);
-        TEST_ASSERT(client.ssl.renego_status ==
-                    MBEDTLS_SSL_RENEGOTIATION_DONE);
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-        /* Validate buffer sizes after renegotiation */
-        if (options->resize_buffers != 0) {
-            TEST_ASSERT(client.ssl.out_buf_len ==
-                        mbedtls_ssl_get_output_buflen(&client.ssl));
-            TEST_ASSERT(client.ssl.in_buf_len ==
-                        mbedtls_ssl_get_input_buflen(&client.ssl));
-            TEST_ASSERT(server.ssl.out_buf_len ==
-                        mbedtls_ssl_get_output_buflen(&server.ssl));
-            TEST_ASSERT(server.ssl.in_buf_len ==
-                        mbedtls_ssl_get_input_buflen(&server.ssl));
-        }
-#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
-    }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-    TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client);
-    TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client);
-    TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server);
-    TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server);
+    TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client->conf) == client);
+    TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client->ssl) == client);
+    TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server->conf) == server);
+    TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server->ssl) == server);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client,
-                                   options->dtls != 0 ? &client_context : NULL);
-    mbedtls_test_ssl_endpoint_free(&server,
-                                   options->dtls != 0 ? &server_context : NULL);
+    mbedtls_test_ssl_endpoint_free(client);
+    mbedtls_test_ssl_endpoint_free(server);
 #if defined(MBEDTLS_DEBUG_C)
     if (options->cli_log_fun || options->srv_log_fun) {
         mbedtls_debug_set_threshold(0);
     }
 #endif
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-    if (context_buf != NULL) {
-        mbedtls_free(context_buf);
-    }
-#endif
     MD_OR_USE_PSA_DONE();
 }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -2620,11 +2671,11 @@
     mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
 
     ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
-                                         client_options, NULL, NULL, NULL);
+                                         client_options);
     TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
-                                         server_options, NULL, NULL, NULL);
+                                         server_options);
     TEST_EQUAL(ret, 0);
 
     mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -2652,8 +2703,8 @@
     ok = 1;
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
 
     if (ret == 0 && !ok) {
         /* Exiting due to a test assertion that isn't ret == 0 */

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 4567dbd..c47b216 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -435,50 +435,41 @@
     memset(input, 0, sizeof(input));
 
     /* Make sure calling put and get on NULL buffer results in error. */
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input))
-                == -1);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output))
-                == -1);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input))
-                == -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)), -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)), -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)), -1);
 
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, 0), -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, NULL, 0), -1);
 
     /* Make sure calling put and get on a buffer that hasn't been set up results
      * in error. */
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
-                == -1);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output))
-                == -1);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input))
-                == -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)), -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1);
 
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), -1);
 
     /* Make sure calling put and get on NULL input only results in
      * error if the length is not zero, and that a NULL output is valid for data
      * dropping.
      */
 
-    TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)),  0);
 
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input))
-                == -1);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output))
-                == 0);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)), 0);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), 0);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), 0);
 
     /* Make sure calling put several times in the row is safe */
 
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
-                == sizeof(input));
-    TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), sizeof(input));
+    TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, 2), 2);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 1), 1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 1);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 0);
 
 
 exit:
@@ -519,7 +510,7 @@
 
     mbedtls_test_ssl_buffer_init(&buf);
     USE_PSA_INIT();
-    TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, size),  0);
 
     /* Check the sanity of input parameters and initialise local variables. That
      * is, ensure that the amount of data is not negative and that we are not
@@ -578,17 +569,16 @@
 
     written = read = 0;
     for (j = 0; j < ROUNDS; j++) {
-        TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf,
-                                                              input + written, put[j]));
+        TEST_EQUAL(put_ret[j],  mbedtls_test_ssl_buffer_put(&buf,
+                                                            input + written, put[j]));
         written += put_ret[j];
-        TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf,
-                                                              output + read, get[j]));
+        TEST_EQUAL(get_ret[j],  mbedtls_test_ssl_buffer_get(&buf,
+                                                            output + read, get[j]));
         read += get_ret[j];
         TEST_ASSERT(read <= written);
         if (get_ret[j] > 0) {
-            TEST_ASSERT(memcmp(output + read - get_ret[j],
-                               input + read - get_ret[j], get_ret[j])
-                        == 0);
+            TEST_EQUAL(memcmp(output + read - get_ret[j],
+                              input + read - get_ret[j], get_ret[j]),  0);
         }
     }
 
@@ -673,8 +663,8 @@
     }
 
     /* Make sure that sending a message takes a few  iterations. */
-    TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
-                                                      BUFLEN));
+    TEST_EQUAL(0,  mbedtls_test_mock_socket_connect(&client, &server,
+                                                    BUFLEN));
 
     /* Send the message to the server */
     send_ret = recv_ret = 1;
@@ -690,9 +680,9 @@
         if (send_ret == BUFLEN) {
             int blocking_ret = send(&client, message, 1);
             if (blocking) {
-                TEST_ASSERT(blocking_ret == 0);
+                TEST_EQUAL(blocking_ret,  0);
             } else {
-                TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+                TEST_EQUAL(blocking_ret,  MBEDTLS_ERR_SSL_WANT_WRITE);
             }
         }
 
@@ -704,9 +694,9 @@
             TEST_ASSERT(recv_ret <= BUFLEN);
             read += recv_ret;
         } else if (blocking) {
-            TEST_ASSERT(recv_ret == 0);
+            TEST_EQUAL(recv_ret,  0);
         } else {
-            TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ);
+            TEST_EQUAL(recv_ret,  MBEDTLS_ERR_SSL_WANT_READ);
             recv_ret = 0;
         }
 
@@ -714,13 +704,13 @@
         if (recv_ret == BUFLEN) {
             int blocking_ret = recv(&server, received, 1);
             if (blocking) {
-                TEST_ASSERT(blocking_ret == 0);
+                TEST_EQUAL(blocking_ret,  0);
             } else {
-                TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ);
+                TEST_EQUAL(blocking_ret,  MBEDTLS_ERR_SSL_WANT_READ);
             }
         }
     }
-    TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+    TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
 
 exit:
     mbedtls_test_mock_socket_close(&client);
@@ -774,8 +764,8 @@
     }
 
     /* Make sure that sending a message takes a few  iterations. */
-    TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
-                                                      BUFLEN));
+    TEST_EQUAL(0,  mbedtls_test_mock_socket_connect(&client, &server,
+                                                    BUFLEN));
 
     /* Send the message from both sides, interleaving. */
     progress = 1;
@@ -803,9 +793,9 @@
             if (send_ret[i] == BUFLEN) {
                 int blocking_ret = send(socket, message[i], 1);
                 if (blocking) {
-                    TEST_ASSERT(blocking_ret == 0);
+                    TEST_EQUAL(blocking_ret,  0);
                 } else {
-                    TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+                    TEST_EQUAL(blocking_ret,  MBEDTLS_ERR_SSL_WANT_WRITE);
                 }
             }
         }
@@ -823,9 +813,9 @@
                 TEST_ASSERT(recv_ret[i] <= BUFLEN);
                 read[i] += recv_ret[i];
             } else if (blocking) {
-                TEST_ASSERT(recv_ret[i] == 0);
+                TEST_EQUAL(recv_ret[i],  0);
             } else {
-                TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ);
+                TEST_EQUAL(recv_ret[i],  MBEDTLS_ERR_SSL_WANT_READ);
                 recv_ret[i] = 0;
             }
 
@@ -834,9 +824,9 @@
             if (recv_ret[i] == BUFLEN) {
                 int blocking_ret = recv(socket, received[i], 1);
                 if (blocking) {
-                    TEST_ASSERT(blocking_ret == 0);
+                    TEST_EQUAL(blocking_ret,  0);
                 } else {
-                    TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ);
+                    TEST_EQUAL(blocking_ret,  MBEDTLS_ERR_SSL_WANT_READ);
                 }
             }
         }
@@ -848,7 +838,7 @@
     }
 
     for (i = 0; i < ROUNDS; i++) {
-        TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0);
+        TEST_EQUAL(memcmp(message[i], received[i], MSGLEN),  0);
     }
 
 exit:
@@ -865,14 +855,14 @@
 
     USE_PSA_INIT();
     /* Trying to push/pull to an empty queue */
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1)
-                == MBEDTLS_TEST_ERROR_ARG_NULL);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1)
-                == MBEDTLS_TEST_ERROR_ARG_NULL);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(NULL, 1),
+               MBEDTLS_TEST_ERROR_ARG_NULL);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(NULL, 1),
+               MBEDTLS_TEST_ERROR_ARG_NULL);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
-    TEST_ASSERT(queue.capacity == 3);
-    TEST_ASSERT(queue.num == 0);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3),  0);
+    TEST_EQUAL(queue.capacity,  3);
+    TEST_EQUAL(queue.num,  0);
 
 exit:
     mbedtls_test_ssl_message_queue_free(&queue);
@@ -886,22 +876,22 @@
     mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
 
     USE_PSA_INIT();
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3),  0);
 
     /* Sanity test - 3 pushes and 3 pops with sufficient space */
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
-    TEST_ASSERT(queue.capacity == 3);
-    TEST_ASSERT(queue.num == 1);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
-    TEST_ASSERT(queue.capacity == 3);
-    TEST_ASSERT(queue.num == 2);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
-    TEST_ASSERT(queue.capacity == 3);
-    TEST_ASSERT(queue.num == 3);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1),  1);
+    TEST_EQUAL(queue.capacity,  3);
+    TEST_EQUAL(queue.num,  1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1),  1);
+    TEST_EQUAL(queue.capacity,  3);
+    TEST_EQUAL(queue.num,  2);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2),  2);
+    TEST_EQUAL(queue.capacity,  3);
+    TEST_EQUAL(queue.num,  3);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1),  1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1),  1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2),  2);
 
 exit:
     mbedtls_test_ssl_message_queue_free(&queue);
@@ -915,21 +905,21 @@
     mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
 
     USE_PSA_INIT();
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3),  0);
 
     /* 4 pushes (last one with an error), 4 pops (last one with an error) */
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3)
-                == MBEDTLS_ERR_SSL_WANT_WRITE);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1),  1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1),  1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2),  2);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3),
+               MBEDTLS_ERR_SSL_WANT_WRITE);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1),  1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1),  1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2),  2);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1)
-                == MBEDTLS_ERR_SSL_WANT_READ);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1),
+               MBEDTLS_ERR_SSL_WANT_READ);
 
 exit:
     mbedtls_test_ssl_message_queue_free(&queue);
@@ -943,29 +933,29 @@
     mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
 
     USE_PSA_INIT();
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3),  0);
 
     /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
      * (to wrap around the buffer) */
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1),  1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1),  1);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1),  1);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2),  2);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3),  3);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1),  1);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2),  2);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 5),  5);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 8),  8);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 3),  3);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 5),  5);
 
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 8),  8);
 
 exit:
     mbedtls_test_ssl_message_queue_free(&queue);
@@ -981,13 +971,13 @@
     size_t buffer_len = 5;
 
     USE_PSA_INIT();
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 1),  0);
 
     /* Popping without a sufficient buffer */
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len)
-                == (int) message_len);
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len)
-                == (int) buffer_len);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, message_len),
+               (int) message_len);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len),
+               (int) buffer_len);
 exit:
     mbedtls_test_ssl_message_queue_free(&queue);
     USE_PSA_DONE();
@@ -1007,40 +997,40 @@
 
     USE_PSA_INIT();
     /* Send with a NULL context */
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN)
-                == MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN),
+               MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN)
-                == MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN),
+               MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
-                                                  &client_queue, 1,
-                                                  &server,
-                                                  &server_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+                                                 &client_queue, 1,
+                                                 &server,
+                                                 &server_context),  0);
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
-                                                  &server_queue, 1,
-                                                  &client,
-                                                  &client_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+                                                 &server_queue, 1,
+                                                 &client,
+                                                 &client_context),  0);
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN)
-                == MBEDTLS_TEST_ERROR_SEND_FAILED);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN),
+               MBEDTLS_TEST_ERROR_SEND_FAILED);
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MBEDTLS_ERR_SSL_WANT_READ);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MBEDTLS_ERR_SSL_WANT_READ);
 
     /* Push directly to a queue to later simulate a disconnected behavior */
-    TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue,
-                                                         MSGLEN)
-                == MSGLEN);
+    TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&server_queue,
+                                                        MSGLEN),
+               MSGLEN);
 
     /* Test if there's an error when trying to read from a disconnected
      * socket */
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MBEDTLS_TEST_ERROR_RECV_FAILED);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MBEDTLS_TEST_ERROR_RECV_FAILED);
 exit:
     mbedtls_test_message_socket_close(&server_context);
     mbedtls_test_message_socket_close(&client_context);
@@ -1062,46 +1052,46 @@
     mbedtls_test_message_socket_init(&client_context);
     USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
-                                                  &client_queue, 1,
-                                                  &server,
-                                                  &server_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+                                                 &client_queue, 1,
+                                                 &server,
+                                                 &server_context),  0);
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
-                                                  &server_queue, 1,
-                                                  &client,
-                                                  &client_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+                                                 &server_queue, 1,
+                                                 &client,
+                                                 &client_context),  0);
 
     /* Fill up the buffer with structured data so that unwanted changes
      * can be detected */
     for (i = 0; i < MSGLEN; i++) {
         message[i] = i & 0xFF;
     }
-    TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
-                                                      MSGLEN));
+    TEST_EQUAL(0,  mbedtls_test_mock_socket_connect(&client, &server,
+                                                    MSGLEN));
 
     /* Send the message to the server */
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN) == MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN),  MSGLEN);
 
     /* Read from the server */
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MSGLEN);
 
-    TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+    TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
     memset(received, 0, MSGLEN);
 
     /* Send the message to the client */
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
-                                               MSGLEN)
-                == MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message,
+                                              MSGLEN),
+               MSGLEN);
 
     /* Read from the client */
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
-                                               MSGLEN)
-                == MSGLEN);
-    TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+                                              MSGLEN),
+               MSGLEN);
+    TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
 
 exit:
     mbedtls_test_message_socket_close(&server_context);
@@ -1124,51 +1114,51 @@
     mbedtls_test_message_socket_init(&client_context);
     USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
-                                                  &client_queue, 2,
-                                                  &server,
-                                                  &server_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+                                                 &client_queue, 2,
+                                                 &server,
+                                                 &server_context),  0);
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
-                                                  &server_queue, 2,
-                                                  &client,
-                                                  &client_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+                                                 &server_queue, 2,
+                                                 &client,
+                                                 &client_context),  0);
 
     /* Fill up the buffer with structured data so that unwanted changes
      * can be detected */
     for (i = 0; i < MSGLEN; i++) {
         message[i] = i & 0xFF;
     }
-    TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
-                                                      MSGLEN*2));
+    TEST_EQUAL(0,  mbedtls_test_mock_socket_connect(&client, &server,
+                                                    MSGLEN*2));
 
     /* Send three message to the server, last one with an error */
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN - 1)
-                == MSGLEN - 1);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN - 1),
+               MSGLEN - 1);
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN)
-                == MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN),
+               MSGLEN);
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN)
-                == MBEDTLS_ERR_SSL_WANT_WRITE);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN),
+               MBEDTLS_ERR_SSL_WANT_WRITE);
 
     /* Read three messages from the server, last one with an error */
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN - 1)
-                == MSGLEN - 1);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN - 1),
+               MSGLEN - 1);
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MSGLEN);
 
-    TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+    TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MBEDTLS_ERR_SSL_WANT_READ);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MBEDTLS_ERR_SSL_WANT_READ);
 
 exit:
     mbedtls_test_message_socket_close(&server_context);
@@ -1191,39 +1181,39 @@
     mbedtls_test_message_socket_init(&client_context);
     USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
-                                                  &client_queue, 2,
-                                                  &server,
-                                                  &server_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+                                                 &client_queue, 2,
+                                                 &server,
+                                                 &server_context),  0);
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
-                                                  &server_queue, 2,
-                                                  &client,
-                                                  &client_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+                                                 &server_queue, 2,
+                                                 &client,
+                                                 &client_context),  0);
 
     /* Fill up the buffer with structured data so that unwanted changes
      * can be detected */
     for (i = 0; i < MSGLEN; i++) {
         message[i] = i & 0xFF;
     }
-    TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
-                                                      MSGLEN));
+    TEST_EQUAL(0,  mbedtls_test_mock_socket_connect(&client, &server,
+                                                    MSGLEN));
 
     /* Send two message to the server, second one with an error */
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN)
-                == MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN),
+               MSGLEN);
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN)
-                == MBEDTLS_TEST_ERROR_SEND_FAILED);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN),
+               MBEDTLS_TEST_ERROR_SEND_FAILED);
 
     /* Read the only message from the server */
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MSGLEN);
 
-    TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+    TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
 
 exit:
     mbedtls_test_message_socket_close(&server_context);
@@ -1246,15 +1236,15 @@
     mbedtls_test_message_socket_init(&client_context);
     USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
-                                                  &client_queue, 2,
-                                                  &server,
-                                                  &server_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+                                                 &client_queue, 2,
+                                                 &server,
+                                                 &server_context),  0);
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
-                                                  &server_queue, 2,
-                                                  &client,
-                                                  &client_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+                                                 &server_queue, 2,
+                                                 &client,
+                                                 &client_context),  0);
 
     memset(received, 0, MSGLEN);
     /* Fill up the buffer with structured data so that unwanted changes
@@ -1262,35 +1252,35 @@
     for (i = 0; i < MSGLEN; i++) {
         message[i] = i & 0xFF;
     }
-    TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
-                                                      2 * MSGLEN));
+    TEST_EQUAL(0,  mbedtls_test_mock_socket_connect(&client, &server,
+                                                    2 * MSGLEN));
 
     /* Send two messages to the server, the second one small enough to fit in the
      * receiver's buffer. */
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN)
-                == MSGLEN);
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN / 2)
-                == MSGLEN / 2);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN),
+               MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN / 2),
+               MSGLEN / 2);
     /* Read a truncated message from the server */
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN/2)
-                == MSGLEN/2);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN/2),
+               MSGLEN/2);
 
     /* Test that the first half of the message is valid, and second one isn't */
-    TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0);
+    TEST_EQUAL(memcmp(message, received, MSGLEN/2),  0);
     TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2)
                 != 0);
     memset(received, 0, MSGLEN);
 
     /* Read a full message from the server */
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN/2)
-                == MSGLEN / 2);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN/2),
+               MSGLEN / 2);
 
     /* Test that the first half of the message is valid */
-    TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0);
+    TEST_EQUAL(memcmp(message, received, MSGLEN/2),  0);
 
 exit:
     mbedtls_test_message_socket_close(&server_context);
@@ -1313,33 +1303,33 @@
     mbedtls_test_message_socket_init(&client_context);
     USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
-                                                  &client_queue, 1,
-                                                  &server,
-                                                  &server_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+                                                 &client_queue, 1,
+                                                 &server,
+                                                 &server_context),  0);
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
-                                                  &server_queue, 1,
-                                                  &client,
-                                                  &client_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+                                                 &server_queue, 1,
+                                                 &client,
+                                                 &client_context),  0);
 
     /* Fill up the buffer with structured data so that unwanted changes
      * can be detected */
     for (i = 0; i < MSGLEN; i++) {
         message[i] = i & 0xFF;
     }
-    TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
-                                                      MSGLEN));
+    TEST_EQUAL(0,  mbedtls_test_mock_socket_connect(&client, &server,
+                                                    MSGLEN));
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                               MSGLEN)
-                == MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                              MSGLEN),
+               MSGLEN);
 
     /* Force a read error by disconnecting the socket by hand */
     server.status = 0;
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MBEDTLS_TEST_ERROR_RECV_FAILED);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MBEDTLS_TEST_ERROR_RECV_FAILED);
     /* Return to a valid state */
     server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
 
@@ -1347,11 +1337,11 @@
 
     /* Test that even though the server tried to read once disconnected, the
      * continuity is preserved */
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MSGLEN);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MSGLEN);
 
-    TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+    TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
 
 exit:
     mbedtls_test_message_socket_close(&server_context);
@@ -1374,48 +1364,48 @@
     mbedtls_test_message_socket_init(&client_context);
     USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
-                                                  &client_queue, 3,
-                                                  &server,
-                                                  &server_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+                                                 &client_queue, 3,
+                                                 &server,
+                                                 &server_context),  0);
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
-                                                  &server_queue, 3,
-                                                  &client,
-                                                  &client_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+                                                 &server_queue, 3,
+                                                 &client,
+                                                 &client_context),  0);
 
     /* Fill up the buffer with structured data so that unwanted changes
      * can be detected */
     for (i = 0; i < MSGLEN; i++) {
         message[i] = i & 0xFF;
     }
-    TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
-                                                      MSGLEN*3));
+    TEST_EQUAL(0,  mbedtls_test_mock_socket_connect(&client, &server,
+                                                    MSGLEN*3));
 
     /* Interleaved test - [2 sends, 1 read] twice, and then two reads
      * (to wrap around the buffer) */
     for (i = 0; i < 2; i++) {
-        TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                                   MSGLEN) == MSGLEN);
-        TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+        TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                                  MSGLEN),  MSGLEN);
+        TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
         memset(received, 0, sizeof(received));
     }
 
     for (i = 0; i < 2; i++) {
-        TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+        TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
     }
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MBEDTLS_ERR_SSL_WANT_READ);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MBEDTLS_ERR_SSL_WANT_READ);
 exit:
     mbedtls_test_message_socket_close(&server_context);
     mbedtls_test_message_socket_close(&client_context);
@@ -1437,75 +1427,75 @@
     mbedtls_test_message_socket_init(&client_context);
     USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
-                                                  &client_queue, 3,
-                                                  &server,
-                                                  &server_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+                                                 &client_queue, 3,
+                                                 &server,
+                                                 &server_context),  0);
 
-    TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
-                                                  &server_queue, 3,
-                                                  &client,
-                                                  &client_context) == 0);
+    TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+                                                 &server_queue, 3,
+                                                 &client,
+                                                 &client_context),  0);
 
     /* Fill up the buffer with structured data so that unwanted changes
      * can be detected */
     for (i = 0; i < MSGLEN; i++) {
         message[i] = i & 0xFF;
     }
-    TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
-                                                      MSGLEN*3));
+    TEST_EQUAL(0,  mbedtls_test_mock_socket_connect(&client, &server,
+                                                    MSGLEN*3));
 
     /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
      * (to wrap around the buffer) both ways. */
     for (i = 0; i < 2; i++) {
-        TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+        TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
 
         memset(received, 0, sizeof(received));
 
-        TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+        TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
 
         memset(received, 0, sizeof(received));
     }
 
     for (i = 0; i < 2; i++) {
-        TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+        TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
         memset(received, 0, sizeof(received));
 
-        TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
-                                                   MSGLEN) == MSGLEN);
+        TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+                                                  MSGLEN),  MSGLEN);
 
-        TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+        TEST_EQUAL(memcmp(message, received, MSGLEN),  0);
         memset(received, 0, sizeof(received));
     }
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
-                                               MSGLEN)
-                == MBEDTLS_ERR_SSL_WANT_READ);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+                                              MSGLEN),
+               MBEDTLS_ERR_SSL_WANT_READ);
 
-    TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
-                                               MSGLEN)
-                == MBEDTLS_ERR_SSL_WANT_READ);
+    TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+                                              MSGLEN),
+               MBEDTLS_ERR_SSL_WANT_READ);
 exit:
     mbedtls_test_message_socket_close(&server_context);
     mbedtls_test_message_socket_close(&client_context);
@@ -1524,12 +1514,12 @@
     mbedtls_ssl_config_init(&conf);
     MD_OR_USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
-                                            MBEDTLS_SSL_IS_CLIENT,
-                                            MBEDTLS_SSL_TRANSPORT_DATAGRAM,
-                                            MBEDTLS_SSL_PRESET_DEFAULT) == 0);
+    TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
+                                           MBEDTLS_SSL_IS_CLIENT,
+                                           MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+                                           MBEDTLS_SSL_PRESET_DEFAULT),  0);
 
-    TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
+    TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf),  0);
 
     /* Read previous record numbers */
     for (len = 0; len < prevs->len; len += 6) {
@@ -1539,7 +1529,7 @@
 
     /* Check new number */
     memcpy(ssl.in_ctr + 2, new->x, 6);
-    TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret);
+    TEST_EQUAL(mbedtls_ssl_dtls_replay_check(&ssl),  ret);
 
 exit:
     mbedtls_ssl_free(&ssl);
@@ -1557,13 +1547,13 @@
     mbedtls_ssl_init(&ssl);
     USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname0) == 0);
+    TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname0),  0);
     output_hostname = mbedtls_ssl_get_hostname(&ssl);
-    TEST_ASSERT(strcmp(input_hostname0, output_hostname) == 0);
+    TEST_EQUAL(strcmp(input_hostname0, output_hostname),  0);
 
-    TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname1) == 0);
+    TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname1),  0);
     output_hostname = mbedtls_ssl_get_hostname(&ssl);
-    TEST_ASSERT(strcmp(input_hostname1, output_hostname) == 0);
+    TEST_EQUAL(strcmp(input_hostname1, output_hostname),  0);
 
 exit:
     mbedtls_ssl_free(&ssl);
@@ -1601,7 +1591,7 @@
                                             (size_t) cid0_len,
                                             (size_t) cid1_len);
 
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret,  0);
 
     TEST_CALLOC(buf, buflen);
 
@@ -1660,7 +1650,7 @@
             /* DTLS 1.2 + CID hides the real content type and
              * uses a special CID content type in the protected
              * record. Double-check this. */
-            TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID);
+            TEST_EQUAL(rec.type,  MBEDTLS_SSL_MSG_CID);
         }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
@@ -1669,24 +1659,24 @@
             /* TLS 1.3 hides the real content type and
              * always uses Application Data as the content type
              * for protected records. Double-check this. */
-            TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA);
+            TEST_EQUAL(rec.type,  MBEDTLS_SSL_MSG_APPLICATION_DATA);
         }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
         /* Decrypt record with t_dec */
         ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec);
-        TEST_ASSERT(ret == 0);
+        TEST_EQUAL(ret,  0);
 
         /* Compare results */
-        TEST_ASSERT(rec.type == rec_backup.type);
-        TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0);
-        TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]);
-        TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]);
-        TEST_ASSERT(rec.data_len == rec_backup.data_len);
-        TEST_ASSERT(rec.data_offset == rec_backup.data_offset);
-        TEST_ASSERT(memcmp(rec.buf + rec.data_offset,
-                           rec_backup.buf + rec_backup.data_offset,
-                           rec.data_len) == 0);
+        TEST_EQUAL(rec.type,  rec_backup.type);
+        TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8),  0);
+        TEST_EQUAL(rec.ver[0],  rec_backup.ver[0]);
+        TEST_EQUAL(rec.ver[1],  rec_backup.ver[1]);
+        TEST_EQUAL(rec.data_len,  rec_backup.data_len);
+        TEST_EQUAL(rec.data_offset,  rec_backup.data_offset);
+        TEST_EQUAL(memcmp(rec.buf + rec.data_offset,
+                          rec_backup.buf + rec_backup.data_offset,
+                          rec.data_len),  0);
     }
 
 exit:
@@ -1754,7 +1744,7 @@
                                             (size_t) cid0_len,
                                             (size_t) cid1_len);
 
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret,  0);
 
     TEST_CALLOC(buf, buflen);
 
@@ -1819,7 +1809,7 @@
                 /* DTLS 1.2 + CID hides the real content type and
                  * uses a special CID content type in the protected
                  * record. Double-check this. */
-                TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID);
+                TEST_EQUAL(rec.type,  MBEDTLS_SSL_MSG_CID);
             }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
@@ -1828,26 +1818,26 @@
                 /* TLS 1.3 hides the real content type and
                  * always uses Application Data as the content type
                  * for protected records. Double-check this. */
-                TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA);
+                TEST_EQUAL(rec.type,  MBEDTLS_SSL_MSG_APPLICATION_DATA);
             }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
             /* Decrypt record with t_dec */
-            TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0);
+            TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec),  0);
 
             /* Compare results */
-            TEST_ASSERT(rec.type == rec_backup.type);
-            TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0);
-            TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]);
-            TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]);
-            TEST_ASSERT(rec.data_len == rec_backup.data_len);
-            TEST_ASSERT(rec.data_offset == rec_backup.data_offset);
-            TEST_ASSERT(memcmp(rec.buf + rec.data_offset,
-                               rec_backup.buf + rec_backup.data_offset,
-                               rec.data_len) == 0);
+            TEST_EQUAL(rec.type,  rec_backup.type);
+            TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8),  0);
+            TEST_EQUAL(rec.ver[0],  rec_backup.ver[0]);
+            TEST_EQUAL(rec.ver[1],  rec_backup.ver[1]);
+            TEST_EQUAL(rec.data_len,  rec_backup.data_len);
+            TEST_EQUAL(rec.data_offset,  rec_backup.data_offset);
+            TEST_EQUAL(memcmp(rec.buf + rec.data_offset,
+                              rec_backup.buf + rec_backup.data_offset,
+                              rec.data_len),  0);
         }
 
-        TEST_ASSERT(seen_success == 1);
+        TEST_EQUAL(seen_success,  1);
     }
 
 exit:
@@ -1886,16 +1876,16 @@
 
     /* Check sanity of test parameters. */
     TEST_ASSERT((size_t) desired_length <= sizeof(dst));
-    TEST_ASSERT((size_t) desired_length == expected->len);
+    TEST_EQUAL((size_t) desired_length,  expected->len);
 
     PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_hkdf_expand_label(
-                    (psa_algorithm_t) hash_alg,
-                    secret->x, secret->len,
-                    lbl, lbl_len,
-                    ctx->x, ctx->len,
-                    dst, desired_length) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_hkdf_expand_label(
+                   (psa_algorithm_t) hash_alg,
+                   secret->x, secret->len,
+                   lbl, lbl_len,
+                   ctx->x, ctx->len,
+                   dst, desired_length),  0);
 
     TEST_MEMORY_COMPARE(dst, (size_t) desired_length,
                         expected->x, (size_t) expected->len);
@@ -1919,7 +1909,7 @@
     mbedtls_ssl_key_set keys;
 
     /* Check sanity of test parameters. */
-    TEST_ASSERT(client_secret->len == server_secret->len);
+    TEST_EQUAL(client_secret->len,  server_secret->len);
     TEST_ASSERT(
         expected_client_write_iv->len == expected_server_write_iv->len &&
         expected_client_write_iv->len == (size_t) desired_iv_len);
@@ -1984,17 +1974,17 @@
 
     /* Check sanity of test parameters. */
     TEST_ASSERT((size_t) desired_length <= sizeof(dst));
-    TEST_ASSERT((size_t) desired_length == expected->len);
+    TEST_EQUAL((size_t) desired_length,  expected->len);
 
     PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_derive_secret(
-                    (psa_algorithm_t) hash_alg,
-                    secret->x, secret->len,
-                    lbl, lbl_len,
-                    ctx->x, ctx->len,
-                    already_hashed,
-                    dst, desired_length) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_derive_secret(
+                   (psa_algorithm_t) hash_alg,
+                   secret->x, secret->len,
+                   lbl, lbl_len,
+                   ctx->x, ctx->len,
+                   already_hashed,
+                   dst, desired_length),  0);
 
     TEST_MEMORY_COMPARE(dst, desired_length,
                         expected->x, desired_length);
@@ -2016,16 +2006,16 @@
 
     /* Check sanity of test parameters. */
     TEST_ASSERT((size_t) desired_length <= sizeof(dst));
-    TEST_ASSERT((size_t) desired_length == expected->len);
+    TEST_EQUAL((size_t) desired_length,  expected->len);
 
     PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_exporter(
-                    (psa_algorithm_t) hash_alg,
-                    secret->x, secret->len,
-                    (unsigned char *) label, strlen(label),
-                    (unsigned char *) context_value, strlen(context_value),
-                    dst, desired_length) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_exporter(
+                   (psa_algorithm_t) hash_alg,
+                   secret->x, secret->len,
+                   (unsigned char *) label, strlen(label),
+                   (unsigned char *) context_value, strlen(context_value),
+                   dst, desired_length),  0);
 
     TEST_MEMORY_COMPARE(dst, desired_length,
                         expected->x, desired_length);
@@ -2055,9 +2045,9 @@
 
     PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_derive_early_secrets(
-                    alg, secret->x, transcript->x, transcript->len,
-                    &secrets) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_derive_early_secrets(
+                   alg, secret->x, transcript->x, transcript->len,
+                   &secrets),  0);
 
     TEST_MEMORY_COMPARE(secrets.client_early_traffic_secret, hash_len,
                         traffic_expected->x, traffic_expected->len);
@@ -2089,9 +2079,9 @@
 
     PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_derive_handshake_secrets(
-                    alg, secret->x, transcript->x, transcript->len,
-                    &secrets) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_derive_handshake_secrets(
+                   alg, secret->x, transcript->x, transcript->len,
+                   &secrets),  0);
 
     TEST_MEMORY_COMPARE(secrets.client_handshake_traffic_secret, hash_len,
                         client_expected->x, client_expected->len);
@@ -2125,9 +2115,9 @@
 
     PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_derive_application_secrets(
-                    alg, secret->x, transcript->x, transcript->len,
-                    &secrets) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_derive_application_secrets(
+                   alg, secret->x, transcript->x, transcript->len,
+                   &secrets),  0);
 
     TEST_MEMORY_COMPARE(secrets.client_application_traffic_secret_N, hash_len,
                         client_expected->x, client_expected->len);
@@ -2159,9 +2149,9 @@
 
     PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_derive_resumption_master_secret(
-                    alg, secret->x, transcript->x, transcript->len,
-                    &secrets) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_derive_resumption_master_secret(
+                   alg, secret->x, transcript->x, transcript->len,
+                   &secrets),  0);
 
     TEST_MEMORY_COMPARE(secrets.resumption_master_secret, hash_len,
                         resumption_expected->x, resumption_expected->len);
@@ -2189,13 +2179,13 @@
 
     PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_create_psk_binder(
-                    NULL,  /* SSL context for debugging only */
-                    alg,
-                    psk->x, psk->len,
-                    psk_type,
-                    transcript->x,
-                    binder) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_create_psk_binder(
+                   NULL,   /* SSL context for debugging only */
+                   alg,
+                   psk->x, psk->len,
+                   psk_type,
+                   transcript->x,
+                   binder),  0);
 
     TEST_MEMORY_COMPARE(binder, hash_len,
                         binder_expected->x, binder_expected->len);
@@ -2237,8 +2227,8 @@
         other_endpoint = MBEDTLS_SSL_IS_SERVER;
     }
 
-    TEST_ASSERT(server_write_key->len == client_write_key->len);
-    TEST_ASSERT(server_write_iv->len  == client_write_iv->len);
+    TEST_EQUAL(server_write_key->len,  client_write_key->len);
+    TEST_EQUAL(server_write_iv->len,  client_write_iv->len);
 
     memcpy(keys.client_write_key,
            client_write_key->x, client_write_key->len);
@@ -2254,12 +2244,12 @@
 
     MD_OR_USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_populate_transform(
-                    &transform_send, endpoint,
-                    ciphersuite, &keys, NULL) == 0);
-    TEST_ASSERT(mbedtls_ssl_tls13_populate_transform(
-                    &transform_recv, other_endpoint,
-                    ciphersuite, &keys, NULL) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_populate_transform(
+                   &transform_send, endpoint,
+                   ciphersuite, &keys, NULL),  0);
+    TEST_EQUAL(mbedtls_ssl_tls13_populate_transform(
+                   &transform_recv, other_endpoint,
+                   ciphersuite, &keys, NULL),  0);
 
     /* Make sure we have enough space in the buffer even if
      * we use more padding than the KAT. */
@@ -2286,14 +2276,14 @@
     memset(&rec.ctr[0], 0, 8);
     rec.ctr[7] = ctr;
 
-    TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0);
+    TEST_EQUAL(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec),  0);
 
     if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) {
         TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len,
                             ciphertext->x, ciphertext->len);
     }
 
-    TEST_ASSERT(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec) == 0);
+    TEST_EQUAL(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec),  0);
     TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len,
                         plaintext->x, plaintext->len);
 
@@ -2315,11 +2305,11 @@
 
     PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls13_evolve_secret(
-                    (psa_algorithm_t) hash_alg,
-                    secret->len ? secret->x : NULL,
-                    input->len ? input->x : NULL, input->len,
-                    secret_new) == 0);
+    TEST_EQUAL(mbedtls_ssl_tls13_evolve_secret(
+                   (psa_algorithm_t) hash_alg,
+                   secret->len ? secret->x : NULL,
+                   input->len ? input->x : NULL, input->len,
+                   secret_new),  0);
 
     TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len,
                         expected->x, (size_t) expected->len);
@@ -2342,13 +2332,13 @@
 
     MD_OR_USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len,
-                                    label, random->x, random->len,
-                                    output, result_str->len) == exp_ret);
+    TEST_EQUAL(mbedtls_ssl_tls_prf(type, secret->x, secret->len,
+                                   label, random->x, random->len,
+                                   output, result_str->len),  exp_ret);
 
     if (exp_ret == 0) {
-        TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
-                                        result_str->len, result_str->len) == 0);
+        TEST_EQUAL(mbedtls_test_hexcmp(output, result_str->x,
+                                       result_str->len, result_str->len),  0);
     }
 exit:
 
@@ -2378,94 +2368,94 @@
     ((void) crt_file);
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
-        TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
-                        &original, 0, endpoint_type) == 0);
+        TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+                       &original, 0, endpoint_type),  0);
     }
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
-        TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
-                        &original, ticket_len, endpoint_type, crt_file) == 0);
+        TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+                       &original, ticket_len, endpoint_type, crt_file),  0);
     }
 #endif
 
     /* Serialize it */
-    TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len)
-                == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+    TEST_EQUAL(mbedtls_ssl_session_save(&original, NULL, 0, &len),
+               MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
     TEST_CALLOC(buf, len);
-    TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len)
-                == 0);
+    TEST_EQUAL(mbedtls_ssl_session_save(&original, buf, len, &len),
+               0);
 
     /* Restore session from serialized data */
-    TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0);
+    TEST_EQUAL(mbedtls_ssl_session_load(&restored, buf, len),  0);
 
     /*
      * Make sure both session structures are identical
      */
 #if defined(MBEDTLS_HAVE_TIME)
     if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
-        TEST_ASSERT(original.start == restored.start);
+        TEST_EQUAL(original.start,  restored.start);
     }
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
-    TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time);
+    TEST_EQUAL(original.ticket_creation_time,  restored.ticket_creation_time);
 #endif
 #endif /* MBEDTLS_HAVE_TIME */
 
-    TEST_ASSERT(original.tls_version == restored.tls_version);
-    TEST_ASSERT(original.endpoint == restored.endpoint);
-    TEST_ASSERT(original.ciphersuite == restored.ciphersuite);
+    TEST_EQUAL(original.tls_version,  restored.tls_version);
+    TEST_EQUAL(original.endpoint,  restored.endpoint);
+    TEST_EQUAL(original.ciphersuite,  restored.ciphersuite);
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
-        TEST_ASSERT(original.id_len == restored.id_len);
-        TEST_ASSERT(memcmp(original.id,
-                           restored.id, sizeof(original.id)) == 0);
-        TEST_ASSERT(memcmp(original.master,
-                           restored.master, sizeof(original.master)) == 0);
+        TEST_EQUAL(original.id_len,  restored.id_len);
+        TEST_EQUAL(memcmp(original.id,
+                          restored.id, sizeof(original.id)),  0);
+        TEST_EQUAL(memcmp(original.master,
+                          restored.master, sizeof(original.master)),  0);
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
         TEST_ASSERT((original.peer_cert == NULL) ==
                     (restored.peer_cert == NULL));
         if (original.peer_cert != NULL) {
-            TEST_ASSERT(original.peer_cert->raw.len ==
-                        restored.peer_cert->raw.len);
-            TEST_ASSERT(memcmp(original.peer_cert->raw.p,
-                               restored.peer_cert->raw.p,
-                               original.peer_cert->raw.len) == 0);
+            TEST_EQUAL(original.peer_cert->raw.len,
+                       restored.peer_cert->raw.len);
+            TEST_EQUAL(memcmp(original.peer_cert->raw.p,
+                              restored.peer_cert->raw.p,
+                              original.peer_cert->raw.len),  0);
         }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-        TEST_ASSERT(original.peer_cert_digest_type ==
-                    restored.peer_cert_digest_type);
-        TEST_ASSERT(original.peer_cert_digest_len ==
-                    restored.peer_cert_digest_len);
+        TEST_EQUAL(original.peer_cert_digest_type,
+                   restored.peer_cert_digest_type);
+        TEST_EQUAL(original.peer_cert_digest_len,
+                   restored.peer_cert_digest_len);
         TEST_ASSERT((original.peer_cert_digest == NULL) ==
                     (restored.peer_cert_digest == NULL));
         if (original.peer_cert_digest != NULL) {
-            TEST_ASSERT(memcmp(original.peer_cert_digest,
-                               restored.peer_cert_digest,
-                               original.peer_cert_digest_len) == 0);
+            TEST_EQUAL(memcmp(original.peer_cert_digest,
+                              restored.peer_cert_digest,
+                              original.peer_cert_digest_len),  0);
         }
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-        TEST_ASSERT(original.verify_result == restored.verify_result);
+        TEST_EQUAL(original.verify_result,  restored.verify_result);
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-        TEST_ASSERT(original.mfl_code == restored.mfl_code);
+        TEST_EQUAL(original.mfl_code,  restored.mfl_code);
 #endif
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-        TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac);
+        TEST_EQUAL(original.encrypt_then_mac,  restored.encrypt_then_mac);
 #endif
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-        TEST_ASSERT(original.ticket_len == restored.ticket_len);
+        TEST_EQUAL(original.ticket_len,  restored.ticket_len);
         if (original.ticket_len != 0) {
             TEST_ASSERT(original.ticket != NULL);
             TEST_ASSERT(restored.ticket != NULL);
-            TEST_ASSERT(memcmp(original.ticket,
-                               restored.ticket, original.ticket_len) == 0);
+            TEST_EQUAL(memcmp(original.ticket,
+                              restored.ticket, original.ticket_len),  0);
         }
-        TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime);
+        TEST_EQUAL(original.ticket_lifetime,  restored.ticket_lifetime);
 #endif
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -2473,15 +2463,15 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-        TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add);
-        TEST_ASSERT(original.ticket_flags == restored.ticket_flags);
-        TEST_ASSERT(original.resumption_key_len == restored.resumption_key_len);
+        TEST_EQUAL(original.ticket_age_add,  restored.ticket_age_add);
+        TEST_EQUAL(original.ticket_flags,  restored.ticket_flags);
+        TEST_EQUAL(original.resumption_key_len,  restored.resumption_key_len);
         if (original.resumption_key_len != 0) {
             TEST_ASSERT(original.resumption_key != NULL);
             TEST_ASSERT(restored.resumption_key != NULL);
-            TEST_ASSERT(memcmp(original.resumption_key,
-                               restored.resumption_key,
-                               original.resumption_key_len) == 0);
+            TEST_EQUAL(memcmp(original.resumption_key,
+                              restored.resumption_key,
+                              original.resumption_key_len),  0);
         }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
@@ -2502,16 +2492,16 @@
         if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) {
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 #if defined(MBEDTLS_HAVE_TIME)
-            TEST_ASSERT(original.ticket_reception_time == restored.ticket_reception_time);
+            TEST_EQUAL(original.ticket_reception_time,  restored.ticket_reception_time);
 #endif
-            TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime);
-            TEST_ASSERT(original.ticket_len == restored.ticket_len);
+            TEST_EQUAL(original.ticket_lifetime,  restored.ticket_lifetime);
+            TEST_EQUAL(original.ticket_len,  restored.ticket_len);
             if (original.ticket_len != 0) {
                 TEST_ASSERT(original.ticket != NULL);
                 TEST_ASSERT(restored.ticket != NULL);
-                TEST_ASSERT(memcmp(original.ticket,
-                                   restored.ticket,
-                                   original.ticket_len) == 0);
+                TEST_EQUAL(memcmp(original.ticket,
+                                  restored.ticket,
+                                  original.ticket_len),  0);
             }
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
             TEST_ASSERT(original.hostname != NULL);
@@ -2526,12 +2516,12 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    TEST_ASSERT(
-        original.max_early_data_size == restored.max_early_data_size);
+    TEST_EQUAL(
+        original.max_early_data_size,  restored.max_early_data_size);
 #endif
 
 #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
-    TEST_ASSERT(original.record_size_limit == restored.record_size_limit);
+    TEST_EQUAL(original.record_size_limit,  restored.record_size_limit);
 #endif
 
 exit:
@@ -2563,15 +2553,15 @@
     switch (tls_version) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
         case MBEDTLS_SSL_VERSION_TLS1_3:
-            TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
-                            &session, 0, endpoint_type) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+                           &session, 0, endpoint_type),  0);
             break;
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         case MBEDTLS_SSL_VERSION_TLS1_2:
-            TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
-                            &session, ticket_len, endpoint_type, crt_file) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+                           &session, ticket_len, endpoint_type, crt_file),  0);
             break;
 #endif
         default:
@@ -2581,31 +2571,31 @@
     }
 
     /* Get desired buffer size for serializing */
-    TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0)
-                == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+    TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &len0),
+               MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
 
     /* Allocate first buffer */
     buf1 = mbedtls_calloc(1, len0);
     TEST_ASSERT(buf1 != NULL);
 
     /* Serialize to buffer and free live session */
-    TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1)
-                == 0);
-    TEST_ASSERT(len0 == len1);
+    TEST_EQUAL(mbedtls_ssl_session_save(&session, buf1, len0, &len1),
+               0);
+    TEST_EQUAL(len0,  len1);
     mbedtls_ssl_session_free(&session);
 
     /* Restore session from serialized data */
-    TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0);
+    TEST_EQUAL(mbedtls_ssl_session_load(&session, buf1, len1),  0);
 
     /* Allocate second buffer and serialize to it */
     buf2 = mbedtls_calloc(1, len0);
     TEST_ASSERT(buf2 != NULL);
-    TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2)
-                == 0);
+    TEST_EQUAL(mbedtls_ssl_session_save(&session, buf2, len0, &len2),
+               0);
 
     /* Make sure both serialized versions are identical */
-    TEST_ASSERT(len1 == len2);
-    TEST_ASSERT(memcmp(buf1, buf2, len1) == 0);
+    TEST_EQUAL(len1,  len2);
+    TEST_EQUAL(memcmp(buf1, buf2, len1),  0);
 
 exit:
     mbedtls_ssl_session_free(&session);
@@ -2636,14 +2626,14 @@
     switch (tls_version) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
         case MBEDTLS_SSL_VERSION_TLS1_3:
-            TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
-                            &session, 0, endpoint_type) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+                           &session, 0, endpoint_type),  0);
             break;
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         case MBEDTLS_SSL_VERSION_TLS1_2:
-            TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
-                            &session, ticket_len, endpoint_type, crt_file) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+                           &session, ticket_len, endpoint_type, crt_file),  0);
             break;
 #endif
         default:
@@ -2652,8 +2642,8 @@
             break;
     }
 
-    TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
-                == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+    TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len),
+               MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
 
     /* Try all possible bad lengths */
     for (bad_len = 1; bad_len < good_len; bad_len++) {
@@ -2661,10 +2651,10 @@
         mbedtls_free(buf);
         buf = NULL;
         TEST_CALLOC(buf, bad_len);
-        TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len,
-                                             &test_len)
-                    == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
-        TEST_ASSERT(test_len == good_len);
+        TEST_EQUAL(mbedtls_ssl_session_save(&session, buf, bad_len,
+                                            &test_len),
+                   MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+        TEST_EQUAL(test_len,  good_len);
     }
 
 exit:
@@ -2695,15 +2685,15 @@
     switch (tls_version) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
         case MBEDTLS_SSL_VERSION_TLS1_3:
-            TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
-                            &session, 0, endpoint_type) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+                           &session, 0, endpoint_type),  0);
             break;
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         case MBEDTLS_SSL_VERSION_TLS1_2:
-            TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
-                            &session, ticket_len, endpoint_type, crt_file) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+                           &session, ticket_len, endpoint_type, crt_file),  0);
             break;
 #endif
 
@@ -2713,11 +2703,11 @@
             break;
     }
 
-    TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
-                == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+    TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len),
+               MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
     TEST_CALLOC(good_buf, good_len);
-    TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len,
-                                         &good_len) == 0);
+    TEST_EQUAL(mbedtls_ssl_session_save(&session, good_buf, good_len,
+                                        &good_len),  0);
     mbedtls_ssl_session_free(&session);
 
     /* Try all possible bad lengths */
@@ -2728,8 +2718,8 @@
         TEST_CALLOC_NONNULL(bad_buf, bad_len);
         memcpy(bad_buf, good_buf, bad_len);
 
-        TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len)
-                    == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+        TEST_EQUAL(mbedtls_ssl_session_load(&session, bad_buf, bad_len),
+                   MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
     }
 
 exit:
@@ -2764,14 +2754,14 @@
     switch (tls_version) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
         case MBEDTLS_SSL_VERSION_TLS1_3:
-            TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
-                            &session, 0, endpoint_type) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+                           &session, 0, endpoint_type),  0);
             break;
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         case MBEDTLS_SSL_VERSION_TLS1_2:
-            TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
-                            &session, 0, endpoint_type, NULL) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+                           &session, 0, endpoint_type, NULL),  0);
 
             break;
 #endif
@@ -2782,18 +2772,18 @@
     }
 
     /* Infer length of serialized session. */
-    TEST_ASSERT(mbedtls_ssl_session_save(&session,
-                                         serialized_session,
-                                         sizeof(serialized_session),
-                                         &serialized_session_len) == 0);
+    TEST_EQUAL(mbedtls_ssl_session_save(&session,
+                                        serialized_session,
+                                        sizeof(serialized_session),
+                                        &serialized_session_len),  0);
 
     mbedtls_ssl_session_free(&session);
 
     /* Without any modification, we should be able to successfully
      * de-serialize the session - double-check that. */
-    TEST_ASSERT(mbedtls_ssl_session_load(&session,
-                                         serialized_session,
-                                         serialized_session_len) == 0);
+    TEST_EQUAL(mbedtls_ssl_session_load(&session,
+                                        serialized_session,
+                                        serialized_session_len),  0);
     mbedtls_ssl_session_free(&session);
 
     /* Go through the bytes in the serialized session header and
@@ -2812,10 +2802,10 @@
             *byte ^= corrupted_bit;
 
             /* Attempt to deserialize */
-            TEST_ASSERT(mbedtls_ssl_session_load(&session,
-                                                 serialized_session,
-                                                 serialized_session_len) ==
-                        MBEDTLS_ERR_SSL_VERSION_MISMATCH);
+            TEST_EQUAL(mbedtls_ssl_session_load(&session,
+                                                serialized_session,
+                                                serialized_session_len),
+                       MBEDTLS_ERR_SSL_VERSION_MISMATCH);
 
             /* Undo the change */
             *byte ^= corrupted_bit;
@@ -2840,15 +2830,15 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
         case MBEDTLS_SSL_VERSION_TLS1_3:
             ciphersuite_id = MBEDTLS_TLS1_3_AES_128_GCM_SHA256;
-            TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
-                            &session, 0, MBEDTLS_SSL_IS_SERVER) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+                           &session, 0, MBEDTLS_SSL_IS_SERVER),  0);
             break;
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         case MBEDTLS_SSL_VERSION_TLS1_2:
             ciphersuite_id = MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256;
-            TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
-                            &session, 0, MBEDTLS_SSL_IS_SERVER, NULL) == 0);
+            TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+                           &session, 0, MBEDTLS_SSL_IS_SERVER, NULL),  0);
 
             break;
 #endif
@@ -2857,15 +2847,18 @@
             TEST_ASSERT(0);
             break;
     }
+
+    /* We expect pointers to the same strings, not just strings with
+     * the same content. */
     TEST_ASSERT(*mbedtls_ssl_session_get_id(&session) == session.id);
-    TEST_ASSERT(mbedtls_ssl_session_get_id_len(&session) == session.id_len);
+    TEST_EQUAL(mbedtls_ssl_session_get_id_len(&session),  session.id_len);
     /* mbedtls_test_ssl_tls1x_populate_session sets a mock suite-id of 0xabcd */
-    TEST_ASSERT(mbedtls_ssl_session_get_ciphersuite_id(&session) == 0xabcd);
+    TEST_EQUAL(mbedtls_ssl_session_get_ciphersuite_id(&session),  0xabcd);
 
     /* Test setting a reference id for tls1.3 and tls1.2 */
     ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
     if (ciphersuite_info != NULL) {
-        TEST_ASSERT(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info) == ciphersuite_id);
+        TEST_EQUAL(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info),  ciphersuite_id);
     }
 
 exit:
@@ -2879,6 +2872,7 @@
 {
     enum { BUFFSIZE = 1024 };
     mbedtls_test_ssl_endpoint ep;
+    memset(&ep, 0, sizeof(ep));
     int ret = -1;
     mbedtls_test_handshake_test_options options;
     mbedtls_test_init_handshake_options(&options);
@@ -2886,20 +2880,18 @@
 
     MD_OR_USE_PSA_INIT();
 
-    ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options,
-                                         NULL, NULL, NULL);
-    TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
+    ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options);
+    TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA,  ret);
 
     ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg,
                                                      0, 0, 0);
-    TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
+    TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA,  ret);
 
-    ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options,
-                                         NULL, NULL, NULL);
-    TEST_ASSERT(ret == 0);
+    ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options);
+    TEST_EQUAL(ret,  0);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&ep);
     mbedtls_test_free_handshake_options(&options);
     MD_OR_USE_PSA_DONE();
 }
@@ -2910,6 +2902,8 @@
 {
     enum { BUFFSIZE = 1024 };
     mbedtls_test_ssl_endpoint base_ep, second_ep;
+    memset(&base_ep, 0, sizeof(base_ep));
+    memset(&second_ep, 0, sizeof(second_ep));
     int ret = -1;
     (void) tls_version;
 
@@ -2935,25 +2929,22 @@
 #endif
 
     MD_OR_USE_PSA_INIT();
-    mbedtls_platform_zeroize(&base_ep, sizeof(base_ep));
-    mbedtls_platform_zeroize(&second_ep, sizeof(second_ep));
 
-    ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options,
-                                         NULL, NULL, NULL);
-    TEST_ASSERT(ret == 0);
+    ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options);
+    TEST_EQUAL(ret,  0);
 
     ret = mbedtls_test_ssl_endpoint_init(
         &second_ep,
         (endpoint_type == MBEDTLS_SSL_IS_SERVER) ?
         MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
-        &options, NULL, NULL, NULL);
+        &options);
 
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret,  0);
 
     ret = mbedtls_test_mock_socket_connect(&(base_ep.socket),
                                            &(second_ep.socket),
                                            BUFFSIZE);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret,  0);
 
     ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl),
                                                &(second_ep.ssl),
@@ -2962,7 +2953,7 @@
         TEST_ASSERT(ret == 0 ||
                     ret == MBEDTLS_ERR_SSL_WANT_READ ||
                     ret == MBEDTLS_ERR_SSL_WANT_WRITE);
-        TEST_ASSERT(base_ep.ssl.state == state);
+        TEST_EQUAL(base_ep.ssl.state,  state);
     } else {
         TEST_ASSERT(ret != 0 &&
                     ret != MBEDTLS_ERR_SSL_WANT_READ &&
@@ -2972,8 +2963,8 @@
 
 exit:
     mbedtls_test_free_handshake_options(&options);
-    mbedtls_test_ssl_endpoint_free(&base_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&second_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&base_ep);
+    mbedtls_test_ssl_endpoint_free(&second_ep);
     MD_OR_USE_PSA_DONE();
 }
 /* END_CASE */
@@ -3053,6 +3044,7 @@
     options.opaque_alg = psa_alg;
     options.opaque_alg2 = psa_alg2;
     options.opaque_usage = psa_usage;
+    options.srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
     options.expected_handshake_result = expected_handshake_result;
     options.expected_ciphersuite = expected_ciphersuite;
 
@@ -3232,8 +3224,7 @@
     client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer;
 #endif
     TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
-                                              &client_options, NULL, NULL,
-                                              NULL), 0);
+                                              &client_options), 0);
 
     server_options.server_min_version = version;
     server_options.server_max_version = version;
@@ -3242,8 +3233,7 @@
     server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
 #endif
     TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
-                                              &server_options, NULL, NULL,
-                                              NULL), 0);
+                                              &server_options), 0);
 
     TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket,
                                                 &server.socket,
@@ -3328,8 +3318,8 @@
 #endif
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client, NULL);
-    mbedtls_test_ssl_endpoint_free(&server, NULL);
+    mbedtls_test_ssl_endpoint_free(&client);
+    mbedtls_test_ssl_endpoint_free(&server);
     mbedtls_test_free_handshake_options(&client_options);
     mbedtls_test_free_handshake_options(&server_options);
     MD_OR_USE_PSA_DONE();
@@ -3415,13 +3405,13 @@
     mbedtls_ssl_config_init(&conf);
     MD_OR_USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_conf_psk(&conf,
-                                     psk0, sizeof(psk0),
-                                     psk0_identity, sizeof(psk0_identity)) == 0);
-    TEST_ASSERT(mbedtls_ssl_conf_psk(&conf,
-                                     psk1, sizeof(psk1),
-                                     psk1_identity, sizeof(psk1_identity)) ==
-                MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
+    TEST_EQUAL(mbedtls_ssl_conf_psk(&conf,
+                                    psk0, sizeof(psk0),
+                                    psk0_identity, sizeof(psk0_identity)), 0);
+    TEST_EQUAL(mbedtls_ssl_conf_psk(&conf,
+                                    psk1, sizeof(psk1),
+                                    psk1_identity, sizeof(psk1_identity)),
+               MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
 
 exit:
     mbedtls_ssl_config_free(&conf);
@@ -3460,43 +3450,43 @@
     switch (mode) {
         case 0:
 
-            TEST_ASSERT(mbedtls_ssl_conf_psk(&conf,
-                                             psk0_raw, sizeof(psk0_raw),
-                                             psk0_raw_identity, sizeof(psk0_raw_identity))
-                        == 0);
-            TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf,
-                                                    psk1_opaque,
-                                                    psk1_opaque_identity,
-                                                    sizeof(psk1_opaque_identity))
-                        == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
+            TEST_EQUAL(mbedtls_ssl_conf_psk(&conf,
+                                            psk0_raw, sizeof(psk0_raw),
+                                            psk0_raw_identity, sizeof(psk0_raw_identity)),
+                       0);
+            TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf,
+                                                   psk1_opaque,
+                                                   psk1_opaque_identity,
+                                                   sizeof(psk1_opaque_identity)),
+                       MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
             break;
 
         case 1:
 
-            TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf,
-                                                    psk0_opaque,
-                                                    psk0_opaque_identity,
-                                                    sizeof(psk0_opaque_identity))
-                        == 0);
-            TEST_ASSERT(mbedtls_ssl_conf_psk(&conf,
-                                             psk1_raw, sizeof(psk1_raw),
-                                             psk1_raw_identity, sizeof(psk1_raw_identity))
-                        == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
+            TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf,
+                                                   psk0_opaque,
+                                                   psk0_opaque_identity,
+                                                   sizeof(psk0_opaque_identity)),
+                       0);
+            TEST_EQUAL(mbedtls_ssl_conf_psk(&conf,
+                                            psk1_raw, sizeof(psk1_raw),
+                                            psk1_raw_identity, sizeof(psk1_raw_identity)),
+                       MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
 
             break;
 
         case 2:
 
-            TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf,
-                                                    psk0_opaque,
-                                                    psk0_opaque_identity,
-                                                    sizeof(psk0_opaque_identity))
-                        == 0);
-            TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf,
-                                                    psk1_opaque,
-                                                    psk1_opaque_identity,
-                                                    sizeof(psk1_opaque_identity))
-                        == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
+            TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf,
+                                                   psk0_opaque,
+                                                   psk0_opaque_identity,
+                                                   sizeof(psk0_opaque_identity)),
+                       0);
+            TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf,
+                                                   psk1_opaque,
+                                                   psk1_opaque_identity,
+                                                   sizeof(psk1_opaque_identity)),
+                       MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
 
             break;
 
@@ -3529,7 +3519,7 @@
     mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version);
     mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version);
 
-    TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result);
+    TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), expected_ssl_setup_result);
     TEST_EQUAL(mbedtls_ssl_conf_get_endpoint(
                    mbedtls_ssl_context_get_config(&ssl)), endpoint);
 
@@ -3562,7 +3552,7 @@
     mbedtls_ssl_init(&ssl);
     MD_OR_USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
+    TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
 
     TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list != NULL);
 
@@ -3587,6 +3577,8 @@
     enum { BUFFSIZE = 1024 };
     mbedtls_test_handshake_test_options options;
     mbedtls_test_ssl_endpoint client, server;
+    memset(&client, 0, sizeof(client));
+    memset(&server, 0, sizeof(server));
     mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern;
     mbedtls_test_message_socket_context server_context, client_context;
 
@@ -3597,49 +3589,45 @@
     options.srv_log_obj = &srv_pattern;
     options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
 
-    mbedtls_platform_zeroize(&client, sizeof(client));
-    mbedtls_platform_zeroize(&server, sizeof(server));
-
     mbedtls_test_message_socket_init(&server_context);
     mbedtls_test_message_socket_init(&client_context);
     MD_OR_USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
-                                               &options, NULL, NULL,
-                                               NULL) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
+                                              &options), 0);
 
-    TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
-                                               &options, NULL, NULL, NULL) == 0);
+    TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
+                                              &options), 0);
 
     mbedtls_debug_set_threshold(1);
     mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun,
                          options.srv_log_obj);
 
-    TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
-                                                 &(server.socket),
-                                                 BUFFSIZE) == 0);
+    TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket),
+                                                &(server.socket),
+                                                BUFFSIZE), 0);
 
-    TEST_ASSERT(mbedtls_test_move_handshake_to_state(
-                    &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP)
-                ==  0);
+    TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+                   &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP),
+               0);
     /* Force a bad session_id_len that will be read by the server in
      * mbedtls_ssl_cache_set. */
     server.ssl.session_negotiate->id_len = 33;
     if (options.cli_msg_len != 0 || options.srv_msg_len != 0) {
         /* Start data exchanging test */
-        TEST_ASSERT(mbedtls_test_ssl_exchange_data(
-                        &(client.ssl), options.cli_msg_len,
-                        options.expected_cli_fragments,
-                        &(server.ssl), options.srv_msg_len,
-                        options.expected_srv_fragments)
-                    == 0);
+        TEST_EQUAL(mbedtls_test_ssl_exchange_data(
+                       &(client.ssl), options.cli_msg_len,
+                       options.expected_cli_fragments,
+                       &(server.ssl), options.srv_msg_len,
+                       options.expected_srv_fragments),
+                   0);
     }
 
     /* Make sure that the cache did not store the session */
     TEST_EQUAL(srv_pattern.counter, 1);
 exit:
-    mbedtls_test_ssl_endpoint_free(&client, NULL);
-    mbedtls_test_ssl_endpoint_free(&server, NULL);
+    mbedtls_test_ssl_endpoint_free(&client);
+    mbedtls_test_ssl_endpoint_free(&server);
     mbedtls_test_free_handshake_options(&options);
     mbedtls_debug_set_threshold(0);
     MD_OR_USE_PSA_DONE();
@@ -3686,7 +3674,7 @@
     USE_PSA_INIT();
     mbedtls_timing_set_delay(&delay_context, 50, 100);
 
-    TEST_ASSERT(mbedtls_timing_get_final_delay(&delay_context) == 100);
+    TEST_EQUAL(mbedtls_timing_get_final_delay(&delay_context), 100);
 
 exit:
     USE_PSA_DONE();
@@ -3710,63 +3698,63 @@
     mbedtls_ssl_config_init(&conf);
     MD_OR_USE_PSA_INIT();
 
-    TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
-                                            MBEDTLS_SSL_IS_CLIENT,
-                                            MBEDTLS_SSL_TRANSPORT_STREAM,
-                                            MBEDTLS_SSL_PRESET_DEFAULT)
-                == 0);
+    TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
+                                           MBEDTLS_SSL_IS_CLIENT,
+                                           MBEDTLS_SSL_TRANSPORT_STREAM,
+                                           MBEDTLS_SSL_PRESET_DEFAULT),
+               0);
 
-    TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
+    TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
 
     /* Can't use CID functions with stream transport. */
-    TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
-                                    sizeof(own_cid))
-                == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+    TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+                                   sizeof(own_cid)),
+               MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
 
-    TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
-                                        &own_cid_len)
-                == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+    TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
+                                       &own_cid_len),
+               MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
 
-    TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
-                                            MBEDTLS_SSL_IS_CLIENT,
-                                            MBEDTLS_SSL_TRANSPORT_DATAGRAM,
-                                            MBEDTLS_SSL_PRESET_DEFAULT)
-                == 0);
+    TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
+                                           MBEDTLS_SSL_IS_CLIENT,
+                                           MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+                                           MBEDTLS_SSL_PRESET_DEFAULT),
+               0);
 
     /* Attempt to set config cid size too big. */
-    TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1,
-                                     MBEDTLS_SSL_UNEXPECTED_CID_IGNORE)
-                == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+    TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1,
+                                    MBEDTLS_SSL_UNEXPECTED_CID_IGNORE),
+               MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
 
-    TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid),
-                                     MBEDTLS_SSL_UNEXPECTED_CID_IGNORE)
-                == 0);
+    TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid),
+                                    MBEDTLS_SSL_UNEXPECTED_CID_IGNORE),
+               0);
 
     /* Attempt to set CID length not matching config. */
-    TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
-                                    MBEDTLS_SSL_CID_IN_LEN_MAX - 1)
-                == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+    TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+                                   MBEDTLS_SSL_CID_IN_LEN_MAX - 1),
+               MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
 
-    TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
-                                    sizeof(own_cid))
-                == 0);
+    TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+                                   sizeof(own_cid)),
+               0);
 
     /* Test we get back what we put in. */
-    TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
-                                        &own_cid_len)
-                == 0);
+    TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
+                                       &own_cid_len),
+               0);
 
     TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_ENABLED);
     TEST_MEMORY_COMPARE(own_cid, own_cid_len, test_cid, own_cid_len);
 
     /* Test disabling works. */
-    TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL,
-                                    0)
-                == 0);
+    TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL,
+                                   0),
+               0);
 
-    TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
-                                        &own_cid_len)
-                == 0);
+    TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
+                                       &own_cid_len),
+               0);
 
     TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_DISABLED);
 
@@ -3782,6 +3770,8 @@
 {
     enum { BUFFSIZE = 17000 };
     mbedtls_test_ssl_endpoint client, server;
+    memset(&client, 0, sizeof(client));
+    memset(&server, 0, sizeof(server));
     mbedtls_psa_stats_t stats;
     size_t free_slots_before = -1;
     mbedtls_test_handshake_test_options client_options, server_options;
@@ -3791,8 +3781,6 @@
     uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
                                        MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
     MD_OR_USE_PSA_INIT();
-    mbedtls_platform_zeroize(&client, sizeof(client));
-    mbedtls_platform_zeroize(&server, sizeof(server));
 
     /* Client side, force SECP256R1 to make one key bitflip fail
      * the raw key agreement. Flipping the first byte makes the
@@ -3800,16 +3788,14 @@
     client_options.pk_alg = MBEDTLS_PK_ECDSA;
     client_options.group_list = iana_tls_group_list;
     TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
-                                              &client_options, NULL, NULL,
-                                              NULL), 0);
+                                              &client_options), 0);
 
     /* Server side */
     server_options.pk_alg = MBEDTLS_PK_ECDSA;
     server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
     server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
     TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
-                                              &server_options, NULL, NULL,
-                                              NULL), 0);
+                                              &server_options), 0);
 
     TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket),
                                                 &(server.socket),
@@ -3843,8 +3829,8 @@
     }
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client, NULL);
-    mbedtls_test_ssl_endpoint_free(&server, NULL);
+    mbedtls_test_ssl_endpoint_free(&client);
+    mbedtls_test_ssl_endpoint_free(&server);
     mbedtls_test_free_handshake_options(&client_options);
     mbedtls_test_free_handshake_options(&server_options);
 
@@ -3856,6 +3842,8 @@
 {
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     unsigned char *buf, *end;
     size_t buf_len;
     int step = 0;
@@ -3867,21 +3855,19 @@
     /*
      * Test set-up
      */
-    mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
-    mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
 
     mbedtls_test_init_handshake_options(&client_options);
     MD_OR_USE_PSA_INIT();
 
     client_options.pk_alg = MBEDTLS_PK_ECDSA;
     ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
-                                         &client_options, NULL, NULL, NULL);
+                                         &client_options);
     TEST_EQUAL(ret, 0);
 
     mbedtls_test_init_handshake_options(&server_options);
     server_options.pk_alg = MBEDTLS_PK_ECDSA;
     ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
-                                         &server_options, NULL, NULL, NULL);
+                                         &server_options);
     TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
@@ -3925,8 +3911,8 @@
         ret = mbedtls_ssl_tls13_parse_certificate(&(client_ep.ssl), buf, end);
         TEST_EQUAL(ret, expected_result);
 
-        TEST_ASSERT(mbedtls_ssl_cmp_chk_buf_ptr_fail_args(
-                        &expected_chk_buf_ptr_args) == 0);
+        TEST_EQUAL(mbedtls_ssl_cmp_chk_buf_ptr_fail_args(
+                       &expected_chk_buf_ptr_args), 0);
 
         mbedtls_ssl_reset_chk_buf_ptr_fail_args();
 
@@ -3939,8 +3925,8 @@
 
 exit:
     mbedtls_ssl_reset_chk_buf_ptr_fail_args();
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
     mbedtls_test_free_handshake_options(&client_options);
     mbedtls_test_free_handshake_options(&server_options);
     MD_OR_USE_PSA_DONE();
@@ -4105,12 +4091,12 @@
 {
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options client_options;
     mbedtls_test_handshake_test_options server_options;
     mbedtls_ssl_session saved_session;
 
-    mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
-    mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
     mbedtls_test_init_handshake_options(&client_options);
     mbedtls_test_init_handshake_options(&server_options);
     mbedtls_ssl_session_init(&saved_session);
@@ -4131,11 +4117,11 @@
      * Prepare for handshake with the ticket.
      */
     ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
-                                         &client_options, NULL, NULL, NULL);
+                                         &client_options);
     TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
-                                         &server_options, NULL, NULL, NULL);
+                                         &server_options);
     TEST_EQUAL(ret, 0);
 
     mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -4168,8 +4154,8 @@
                MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
     mbedtls_test_free_handshake_options(&client_options);
     mbedtls_test_free_handshake_options(&server_options);
     mbedtls_ssl_session_free(&saved_session);
@@ -4190,6 +4176,8 @@
     const char *early_data = "This is early data.";
     size_t early_data_len = strlen(early_data);
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options client_options;
     mbedtls_test_handshake_test_options server_options;
     mbedtls_ssl_session saved_session;
@@ -4200,8 +4188,6 @@
         MBEDTLS_SSL_IANA_TLS_GROUP_NONE
     };
 
-    mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
-    mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
     mbedtls_test_init_handshake_options(&client_options);
     mbedtls_test_init_handshake_options(&server_options);
     mbedtls_ssl_session_init(&saved_session);
@@ -4293,13 +4279,13 @@
     }
 
     ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
-                                         &client_options, NULL, NULL, NULL);
+                                         &client_options);
     TEST_EQUAL(ret, 0);
 
     server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
     server_options.srv_log_obj = &server_pattern;
     ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
-                                         &server_options, NULL, NULL, NULL);
+                                         &server_options);
     TEST_EQUAL(ret, 0);
 
     mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -4374,8 +4360,8 @@
                    MBEDTLS_SSL_HANDSHAKE_OVER), 0);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
     mbedtls_test_free_handshake_options(&client_options);
     mbedtls_test_free_handshake_options(&server_options);
     mbedtls_ssl_session_free(&saved_session);
@@ -4389,6 +4375,8 @@
 {
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options client_options;
     mbedtls_test_handshake_test_options server_options;
     mbedtls_ssl_session saved_session;
@@ -4399,8 +4387,6 @@
     };
     uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
 
-    mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
-    mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
     mbedtls_test_init_handshake_options(&client_options);
     mbedtls_test_init_handshake_options(&server_options);
     mbedtls_ssl_session_init(&saved_session);
@@ -4447,11 +4433,11 @@
     }
 
     ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
-                                         &client_options, NULL, NULL, NULL);
+                                         &client_options);
     TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
-                                         &server_options, NULL, NULL, NULL);
+                                         &server_options);
     TEST_EQUAL(ret, 0);
 
     mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -4667,7 +4653,7 @@
                 break;
 
             case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
-                TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR);
+                TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR);
                 TEST_EQUAL(client_ep.ssl.early_data_state,
                            MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
                 break;
@@ -4748,8 +4734,8 @@
 #endif
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
     mbedtls_test_free_handshake_options(&client_options);
     mbedtls_test_free_handshake_options(&server_options);
     mbedtls_ssl_session_free(&saved_session);
@@ -4762,6 +4748,8 @@
 {
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options client_options;
     mbedtls_test_handshake_test_options server_options;
     mbedtls_ssl_session saved_session;
@@ -4772,8 +4760,6 @@
     };
     int beyond_first_hello = 0;
 
-    mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
-    mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
     mbedtls_test_init_handshake_options(&client_options);
     mbedtls_test_init_handshake_options(&server_options);
     mbedtls_ssl_session_init(&saved_session);
@@ -4824,11 +4810,11 @@
     }
 
     ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
-                                         &client_options, NULL, NULL, NULL);
+                                         &client_options);
     TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
-                                         &server_options, NULL, NULL, NULL);
+                                         &server_options);
     TEST_EQUAL(ret, 0);
 
     mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -5068,12 +5054,12 @@
          * this first part of the handshake with HRR.
          */
         if ((scenario == TEST_EARLY_DATA_HRR) && (beyond_first_hello)) {
-            TEST_ASSERT(mbedtls_test_move_handshake_to_state(
-                            &(client_ep.ssl), &(server_ep.ssl),
-                            MBEDTLS_SSL_SERVER_HELLO) == 0);
-            TEST_ASSERT(mbedtls_test_move_handshake_to_state(
-                            &(client_ep.ssl), &(server_ep.ssl),
-                            MBEDTLS_SSL_CLIENT_HELLO) == 0);
+            TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+                           &(client_ep.ssl), &(server_ep.ssl),
+                           MBEDTLS_SSL_SERVER_HELLO), 0);
+            TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+                           &(client_ep.ssl), &(server_ep.ssl),
+                           MBEDTLS_SSL_CLIENT_HELLO), 0);
         }
 
         TEST_EQUAL(mbedtls_test_move_handshake_to_state(
@@ -5097,8 +5083,8 @@
     } while (1);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
     mbedtls_test_free_handshake_options(&client_options);
     mbedtls_test_free_handshake_options(&server_options);
     mbedtls_ssl_session_free(&saved_session);
@@ -5111,6 +5097,8 @@
 {
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options client_options;
     mbedtls_test_handshake_test_options server_options;
     mbedtls_ssl_session saved_session;
@@ -5120,8 +5108,6 @@
     uint32_t written_early_data_size = 0;
     uint32_t read_early_data_size = 0;
 
-    mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
-    mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
     mbedtls_test_init_handshake_options(&client_options);
     mbedtls_test_init_handshake_options(&server_options);
     mbedtls_ssl_session_init(&saved_session);
@@ -5147,11 +5133,11 @@
      * Prepare for handshake with the ticket.
      */
     ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
-                                         &client_options, NULL, NULL, NULL);
+                                         &client_options);
     TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
-                                         &server_options, NULL, NULL, NULL);
+                                         &server_options);
     TEST_EQUAL(ret, 0);
 
     mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -5239,13 +5225,13 @@
     ret = mbedtls_ssl_handshake(&(server_ep.ssl));
     TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);
 
-    TEST_ASSERT(mbedtls_test_move_handshake_to_state(
-                    &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER)
-                ==  0);
+    TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+                   &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER),
+               0);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
     mbedtls_test_free_handshake_options(&client_options);
     mbedtls_test_free_handshake_options(&server_options);
     mbedtls_ssl_session_free(&saved_session);
@@ -5264,6 +5250,8 @@
 {
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options client_options;
     mbedtls_test_handshake_test_options server_options;
     mbedtls_ssl_session saved_session;
@@ -5282,8 +5270,6 @@
     uint32_t written_early_data_size = 0;
     uint32_t max_early_data_size;
 
-    mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
-    mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
     mbedtls_test_init_handshake_options(&client_options);
     mbedtls_test_init_handshake_options(&server_options);
     mbedtls_ssl_session_init(&saved_session);
@@ -5351,11 +5337,11 @@
     }
 
     ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
-                                         &client_options, NULL, NULL, NULL);
+                                         &client_options);
     TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
-                                         &server_options, NULL, NULL, NULL);
+                                         &server_options);
     TEST_EQUAL(ret, 0);
 
     mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -5473,7 +5459,7 @@
                     goto exit;
                 }
 
-                TEST_ASSERT(ret == MBEDTLS_ERR_SSL_WANT_READ);
+                TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);
 
                 TEST_EQUAL(server_pattern.counter, 1);
                 server_pattern.counter = 0;
@@ -5498,8 +5484,8 @@
     TEST_EQUAL(server_pattern.counter, 1);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
     mbedtls_test_free_handshake_options(&client_options);
     mbedtls_test_free_handshake_options(&server_options);
     mbedtls_ssl_session_free(&saved_session);
@@ -5547,16 +5533,16 @@
     options.pk_alg = pk_alg;
 
     ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
-                                         &options, NULL, NULL, NULL);
-    TEST_EQUAL(ret,  0);
+                                         &options);
+    TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
-                                         &options, NULL, NULL, NULL);
-    TEST_EQUAL(ret,  0);
+                                         &options);
+    TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket,
                                            BUFFSIZE);
-    TEST_EQUAL(ret,  0);
+    TEST_EQUAL(ret, 0);
 
     /* Make the server move to the required state */
     ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, state);
@@ -5573,13 +5559,13 @@
     do {
         ret = mbedtls_ssl_handshake_step(&server.ssl);
     } while (ret == 0 && server.ssl.state == state);
-    TEST_EQUAL(ret,  expected_ret);
+    TEST_EQUAL(ret, expected_ret);
     TEST_ASSERT(srv_pattern.counter >= 1);
 
 exit:
     mbedtls_test_free_handshake_options(&options);
-    mbedtls_test_ssl_endpoint_free(&server, NULL);
-    mbedtls_test_ssl_endpoint_free(&client, NULL);
+    mbedtls_test_ssl_endpoint_free(&server);
+    mbedtls_test_ssl_endpoint_free(&client);
     mbedtls_debug_set_threshold(0);
     PSA_DONE();
 }
@@ -5625,16 +5611,16 @@
     options.pk_alg = MBEDTLS_PK_ECDSA;
 
     ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
-                                         &options, NULL, NULL, NULL);
-    TEST_EQUAL(ret,  0);
+                                         &options);
+    TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
-                                         &options, NULL, NULL, NULL);
-    TEST_EQUAL(ret,  0);
+                                         &options);
+    TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket,
                                            BUFFSIZE);
-    TEST_EQUAL(ret,  0);
+    TEST_EQUAL(ret, 0);
 
     /* Make the server move past the initial dummy state */
     ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl,
@@ -5692,8 +5678,8 @@
 
 exit:
     mbedtls_test_free_handshake_options(&options);
-    mbedtls_test_ssl_endpoint_free(&server, NULL);
-    mbedtls_test_ssl_endpoint_free(&client, NULL);
+    mbedtls_test_ssl_endpoint_free(&server);
+    mbedtls_test_ssl_endpoint_free(&client);
     mbedtls_debug_set_threshold(0);
     mbedtls_free(first_frag);
     PSA_DONE();
@@ -5709,12 +5695,14 @@
     uint8_t *key_buffer_server = NULL;
     uint8_t *key_buffer_client = NULL;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options options;
 
     MD_OR_USE_PSA_INIT();
 
     ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
 
     TEST_ASSERT(exported_key_length > 0);
     TEST_CALLOC(key_buffer_server, exported_key_length);
@@ -5729,17 +5717,17 @@
                                              key_buffer_server, (size_t) exported_key_length,
                                              label, sizeof(label),
                                              context, sizeof(context), use_context);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
     ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
                                              key_buffer_client, (size_t) exported_key_length,
                                              label, sizeof(label),
                                              context, sizeof(context), use_context);
-    TEST_ASSERT(ret == 0);
-    TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length) == 0);
+    TEST_EQUAL(ret, 0);
+    TEST_EQUAL(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length), 0);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
     mbedtls_test_free_handshake_options(&options);
     mbedtls_free(key_buffer_server);
     mbedtls_free(key_buffer_client);
@@ -5754,12 +5742,14 @@
 
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options options;
 
     MD_OR_USE_PSA_INIT();
 
     ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
 
     char label_server[] = "test-label-server";
     char label_client[] = "test-label-client";
@@ -5770,17 +5760,17 @@
                                              key_buffer_server, sizeof(key_buffer_server),
                                              label_server, sizeof(label_server),
                                              context, sizeof(context), 1);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
     ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
                                              key_buffer_client, sizeof(key_buffer_client),
                                              label_client, sizeof(label_client),
                                              context, sizeof(context), 1);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
     TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
     mbedtls_test_free_handshake_options(&options);
     MD_OR_USE_PSA_DONE();
 }
@@ -5793,12 +5783,14 @@
 
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options options;
 
     MD_OR_USE_PSA_INIT();
 
     ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
 
     char label[] = "test-label";
     uint8_t key_buffer_server[24] = { 0 };
@@ -5809,17 +5801,17 @@
                                              key_buffer_server, sizeof(key_buffer_server),
                                              label, sizeof(label),
                                              context_server, sizeof(context_server), 1);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
     ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
                                              key_buffer_client, sizeof(key_buffer_client),
                                              label, sizeof(label),
                                              context_client, sizeof(context_client), 1);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
     TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
     mbedtls_test_free_handshake_options(&options);
     MD_OR_USE_PSA_DONE();
 }
@@ -5833,6 +5825,8 @@
 
     int ret = -1;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options options;
 
     MD_OR_USE_PSA_INIT();
@@ -5841,7 +5835,7 @@
                                                        &client_ep,
                                                        &options,
                                                        MBEDTLS_SSL_VERSION_TLS1_3);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
 
     char label[] = "test-label";
     uint8_t key_buffer_server[16] = { 0 };
@@ -5851,17 +5845,17 @@
                                              key_buffer_server, sizeof(key_buffer_server),
                                              label, sizeof(label),
                                              context, sizeof(context), 1);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
     ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
                                              key_buffer_client, sizeof(key_buffer_client),
                                              label, sizeof(label),
                                              context, sizeof(context), 1);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
     TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
     mbedtls_test_free_handshake_options(&options);
     MD_OR_USE_PSA_DONE();
 }
@@ -5876,6 +5870,8 @@
     char *label = NULL;
     uint8_t *context = NULL;
     mbedtls_test_ssl_endpoint client_ep, server_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
     mbedtls_test_handshake_test_options options;
 
     TEST_ASSERT(exported_key_length > 0);
@@ -5888,17 +5884,17 @@
     MD_OR_USE_PSA_INIT();
 
     ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
 
     ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
                                              key_buffer, exported_key_length,
                                              label, label_length,
                                              context, context_length, 1);
-    TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+    TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
     mbedtls_test_free_handshake_options(&options);
     mbedtls_free(key_buffer);
     mbedtls_free(label);
@@ -5914,6 +5910,8 @@
 
     int ret = -1;
     mbedtls_test_ssl_endpoint server_ep, client_ep;
+    memset(&client_ep, 0, sizeof(client_ep));
+    memset(&server_ep, 0, sizeof(server_ep));
 
     mbedtls_test_handshake_test_options options;
     mbedtls_test_init_handshake_options(&options);
@@ -5924,22 +5922,22 @@
 
     MD_OR_USE_PSA_INIT();
 
-    ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options,
-                                         NULL, NULL, NULL);
-    TEST_ASSERT(ret == 0);
-    ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options,
-                                         NULL, NULL, NULL);
-    TEST_ASSERT(ret == 0);
+    ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options);
+    TEST_EQUAL(ret, 0);
+    ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options);
+    TEST_EQUAL(ret, 0);
 
     ret = mbedtls_test_mock_socket_connect(&client_ep.socket, &server_ep.socket, BUFFSIZE);
-    TEST_ASSERT(ret == 0);
+    TEST_EQUAL(ret, 0);
 
     if (check_server) {
         ret = mbedtls_test_move_handshake_to_state(&server_ep.ssl, &client_ep.ssl, state);
     } else {
         ret = mbedtls_test_move_handshake_to_state(&client_ep.ssl, &server_ep.ssl, state);
     }
-    TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || MBEDTLS_ERR_SSL_WANT_WRITE);
+    if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+        TEST_EQUAL(ret, 0);
+    }
 
     char label[] = "test-label";
     uint8_t key_buffer[24] = { 0 };
@@ -5949,11 +5947,11 @@
                                              NULL, 0, 0);
 
     /* FIXME: A more appropriate error code should be created for this case. */
-    TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+    TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
 
 exit:
-    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
-    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&server_ep);
+    mbedtls_test_ssl_endpoint_free(&client_ep);
     mbedtls_test_free_handshake_options(&options);
     MD_OR_USE_PSA_DONE();
 }

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index c7c465b..c2a7f30 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data

@@ -1330,15 +1330,15 @@
 
 X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 3)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
 
 X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 4)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
 
 X509 CRT ASN1 (TBS, valid version tag + length, version number overflow)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
 
 X509 CRT ASN1 (TBS, serial missing)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
@@ -1370,47 +1370,47 @@
 
 X509 CRT ASN1 (TBS, inv AlgID, OID missing)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff3000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201033000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv AlgID, OID tag wrong)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv AlgID, OID inv length encoding)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv AlgID, OID length out of bounds)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv AlgID, OID empty)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
+x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
 
 X509 CRT ASN1 (TBS, inv AlgID, OID unknown)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
+x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
 
 X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv AlgID, param length out of bounds)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv AlgID, param length mismatch)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv AlgID, params present but empty)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG
 
 X509 CRT ASN1 (TBS, inv AlgID, bad RSASSA-PSS params)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_X509_RSASSA_PSS_SUPPORT
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, Issuer missing)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
@@ -1434,83 +1434,83 @@
 
 X509 CRT ASN1 (TBS, inv Issuer, RDNSequence empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, RDN inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv Issuer, RDN inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Issuer, RDN length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, RDN empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv no length data)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length mismatch)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv Issuer, 2nd AttributeTypeValue empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, Validity missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1534,63 +1534,63 @@
 
 X509 CRT ASN1 (TBS, inv Validity, notBefore missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Validity, notBefore inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv Validity, notBefore no length)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Validity, notBefore inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Validity, notBefore length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Validity, notBefore empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
 
 X509 CRT ASN1 (TBS, inv Validity, notBefore invalid)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
 
 X509 CRT ASN1 (TBS, inv Validity, notAfter missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Validity, notAfter inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv Validity, notAfter length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Validity, notAfter inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Validity, notAfter length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Validity, notAfter empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
 
 X509 CRT ASN1 (TBS, inv Validity, notAfter invalid)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
 
 X509 CRT ASN1 (TBS, inv Validity, data remaining after 'notAfter')
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, Subject missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1614,79 +1614,79 @@
 
 X509 CRT ASN1 (TBS, inv Subject, RDN inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv Subject, RDN inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Subject, RDN length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Subject, RDN empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv no length data)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type length out of bounds )
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length mismatch)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv Subject, 2nd AttributeTypeValue empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, SubPubKeyInfo missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1730,11 +1730,11 @@
 
 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d30000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm unknown)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010100050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010005000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
 
 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1770,11 +1770,11 @@
 
 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
 
 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
 
 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1795,263 +1795,263 @@
 # and hence we obtain an INVALID_TAG error during extension parsing.
 X509 CRT ASN1 (TBS, inv IssuerID, inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201030500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv IssuerID, length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv IssuerID, inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv IssuerID, length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv v3Ext, outer length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, outer length inv encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, outer length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, outer length 0)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv v3Ext, inner length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, inner length inv encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, inner length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, inner/outer length mismatch)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, first ext inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv v3Ext, first ext length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, inv first ext length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, first ext length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, first ext empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, no extnValue)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, inv critical tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv v3Ext, critical length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, critical inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, critical length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, critical length 0)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, critical length 2)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, extnValue inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv v3Ext, extnValue length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, extnValue length inv encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, extnValue length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv v3Ext, data remaining after extnValue)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, invalid outer tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length inv encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, no policies)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length inv encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length inv encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier no length)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1
@@ -2063,199 +2063,199 @@
 
 X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length mismatch)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage bad second tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, inv tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, data remaining after name SEQUENCE)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, name component length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, name component inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, name component length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, name component unexpected tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, otherName component empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, otherName invalid OID tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName EXPLICIT tag missing
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected EXPLICIT tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inv outer length)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length 0)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner tag invalid)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length inv encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName empty)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected OID tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID no length)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data invalid tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #1)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #2)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #3)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
 
 X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage repeated)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
 
 X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT (TBS, valid v3Ext in v3 CRT)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\nsubject alt name  \:\n    dNSName \: foo.test\n    dNSName \: bar.test\n":0
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\nsubject alt name  \:\n    dNSName \: foo.test\n    dNSName \: bar.test\n":0
 
 X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1
@@ -2263,117 +2263,117 @@
 
 X509 CRT ASN1 (SignatureAlgorithm missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (inv SignatureAlgorithm, bad tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (inv SignatureAlgorithm, length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (inv SignatureAlgorithm, inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (inv SignatureAlgorithm, length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (inv SignatureAlgorithm, not the same as SignatureAlgorithm in TBS)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH
 
 X509 CRT ASN1 (Signature missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (inv Signature, bad tag)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
 
 X509 CRT ASN1 (inv Signature, length missing)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (inv Signature, inv length encoding)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
 
 X509 CRT ASN1 (inv Signature, length out of bounds)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
 
 X509 CRT ASN1 (inv Signature, inv data #1)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
 # signature = bit string with invalid encoding (missing number of unused bits)
-x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA)
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA)
 
 X509 CRT ASN1 (inv Signature, inv data #2)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
 # signature = bit string with invalid encoding (number of unused bits too large)
-x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA)
+x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA)
 
 X509 CRT ASN1 (empty Signature)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
 # signature = empty bit string in DER encoding
-x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\nsubject alt name  \:\n    dNSName \: foo.test\n    dNSName \: bar.test\n":0
+x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\nsubject alt name  \:\n    dNSName \: foo.test\n    dNSName \: bar.test\n":0
 
 X509 CRT ASN1 (dummy 24-bit Signature)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
 # signature = bit string "011001100110111101101111"
-x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\nsubject alt name  \:\n    dNSName \: foo.test\n    dNSName \: bar.test\n":0
+x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\nsubject alt name  \:\n    dNSName \: foo.test\n    dNSName \: bar.test\n":0
 
 # The ASN.1 module rejects non-octet-aligned bit strings.
 X509 CRT ASN1 (inv Signature: not octet-aligned)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
 # signature = bit string "01100110011011110110111"
-x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA)
+x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA)
 
 X509 CRT ASN1 (inv Signature, length mismatch)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
+x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
 
 X509 CRT ASN1 (well-formed)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (GeneralizedTime in notBefore, UTCTime in notAfter)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2010-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2010-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (UTCTime in notBefore, GeneralizedTime in notAfter)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-12-31 23\:59\:59\nexpires on        \: 2010-01-01 00\:00\:00\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-12-31 23\:59\:59\nexpires on        \: 2010-01-01 00\:00\:00\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (Name with X520 CN)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: CN=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: CN=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (Name with X520 C)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: C=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: C=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (Name with X520 L)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: L=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: L=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (Name with X520 ST)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ST=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ST=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (Name with X520 O)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: O=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: O=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (Name with X520 OU)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: OU=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: OU=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (Name with unknown X520 part)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (Name with composite RDN)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1
@@ -2381,11 +2381,11 @@
 
 X509 CRT ASN1 (Name with PKCS9 email)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: emailAddress=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: emailAddress=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (Name with unknown PKCS9 part)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
+x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version     \: 1\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ?\?=Test\nsubject name      \: ?\?=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\n":0
 
 X509 CRT ASN1 (ECDSA signature, RSA key)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA
@@ -2421,19 +2421,19 @@
 
 X509 CRT ASN1 (Unsupported critical policy recognized by callback)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\ncertificate policies \: ???\n":0
+x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\ncertificate policies \: ???\n":0
 
 X509 CRT ASN1 (Unsupported critical policy not recognized by callback)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
+x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
 
 X509 CRT ASN1 (Unsupported non critical policy recognized by callback)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\ncertificate policies \: ???\n":0
+x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\ncertificate policies \: ???\n":0
 
 X509 CRT ASN1 (Unsupported non critical policy not recognized by callback)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\ncertificate policies \: ???\n":0
+x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version     \: 3\nserial number     \: DE\:AD\:BE\:EF\nissuer name       \: ??=Test\nsubject name      \: ??=Test\nissued  on        \: 2009-01-01 00\:00\:00\nexpires on        \: 2009-12-31 23\:59\:59\nsigned using      \: RSA with SHA-256\nRSA key size      \: 128 bits\ncertificate policies \: ???\n":0
 
 X509 CRL ASN1 (Incorrect first tag)
 x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT

diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 09b248e..4f0605c 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function

@@ -1120,15 +1120,29 @@
     mbedtls_x509_crt   crt;
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
     unsigned char output[2000] = { 0 };
-    int res;
 #else
     ((void) result_str);
 #endif
+    /* Tests whose result is MBEDTLS_ERR_PK_INVALID_PUBKEY might return
+     * MBEDTLS_ERR_ASN1_UNEXPECTED_TAG until psa#308 is merged. This variable
+     * is therefore used for backward compatiblity and will be removed in
+     * mbedtls#10229. */
+    int result_back_comp = result;
+    int res;
+
+#if !defined(MBEDTLS_PK_USE_PSA_RSA_DATA)
+    /* Support for mbedtls#10213 before psa#308. Once psa#308 will be
+     * merged this dirty fix can be removed. */
+    if (result == MBEDTLS_ERR_PK_INVALID_PUBKEY) {
+        result_back_comp = MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+    }
+#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */
 
     mbedtls_x509_crt_init(&crt);
     USE_PSA_INIT();
 
-    TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result);
+    res = mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len);
+    TEST_ASSERT((res == result) || (res == result_back_comp));
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
     if ((result) == 0) {
         res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@@ -1143,7 +1157,8 @@
     mbedtls_x509_crt_free(&crt);
     mbedtls_x509_crt_init(&crt);
 
-    TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result);
+    res = mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len);
+    TEST_ASSERT((res == result) || (res == result_back_comp));
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
     if ((result) == 0) {
         memset(output, 0, 2000);
@@ -1161,8 +1176,8 @@
     mbedtls_x509_crt_free(&crt);
     mbedtls_x509_crt_init(&crt);
 
-    TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL),
-               result);
+    res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL);
+    TEST_ASSERT((res == result) || (res == result_back_comp));
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
     if ((result) == 0) {
         res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@@ -1178,8 +1193,8 @@
     mbedtls_x509_crt_free(&crt);
     mbedtls_x509_crt_init(&crt);
 
-    TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL),
-               result);
+    res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL);
+    TEST_ASSERT((res == result) || (res == result_back_comp));
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
     if ((result) == 0) {
         res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
commit	64e80ddf8926c21c874f6e7801e92be7b269df74	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Jun 30 18:33:36 2025 +0000
committer	GitHub <noreply@github.com>	Mon Jun 30 18:33:36 2025 +0000
tree	33a8bf4b2c470cd0998cba9a15ff1ce99b6f6fb1
parent	921331867d83192a1ec632363cc900847759f5e0 [diff]
parent	159a652096fcb523504bd4dd289ea12adaa0aa66 [diff]