Merge pull request #6275 from daverodgman/fixcopyright
Correct copyright and license in crypto_spe.h
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 2537521..8915011 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1426,11 +1426,11 @@
if( opt.psk_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(MBEDTLS_SHA384_C)
+#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* MBEDTLS_SHA384_C */
+#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8b63359..a1b2978 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2261,11 +2261,11 @@
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(MBEDTLS_SHA384_C)
+#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* MBEDTLS_SHA384_C */
+#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 8c35fab..7ff3345 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -296,23 +296,50 @@
#else
#define MBEDTLS_SSL_SIG_ALG( hash )
#endif
+
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
+#define HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
+#define HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
+#define HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
+#define HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
+#define HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+
uint16_t ssl_sig_algs_for_test[] = {
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
#endif
-#if defined(MBEDTLS_SHA384_C)
+#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
#endif
-#if defined(MBEDTLS_SHA224_C)
+#if defined(HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
#endif
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_RSA_C) && defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
+#if defined(HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
/* Allow SHA-1 as we use it extensively in tests. */
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )
#endif
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7f259f5..6c70f78 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1887,6 +1887,12 @@
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
make test
+
+ msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ tests/ssl-opt.sh
+
+ msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ tests/compat.sh
}
component_test_psa_crypto_config_accel_cipher () {
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c4628b0..9e14af1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -419,6 +419,73 @@
*) PSK_ONLY="NO";;
esac
+HAS_ALG_SHA_1="NO"
+HAS_ALG_SHA_224="NO"
+HAS_ALG_SHA_256="NO"
+HAS_ALG_SHA_384="NO"
+HAS_ALG_SHA_512="NO"
+
+check_for_hash_alg()
+{
+ CURR_ALG="INVALID";
+ USE_PSA="NO"
+ case $CONFIGS_ENABLED in
+ *" MBEDTLS_USE_PSA_CRYPTO"[\ =]*)
+ USE_PSA="YES";
+ ;;
+ *) :;;
+ esac
+ if [ $USE_PSA = "YES" ]; then
+ CURR_ALG=PSA_WANT_ALG_${1}
+ else
+ CURR_ALG=MBEDTLS_${1}_C
+ # Remove the second underscore to match MBEDTLS_* naming convention
+ CURR_ALG=$(echo "$CURR_ALG" | sed 's/_//2')
+ fi
+
+ case $CONFIGS_ENABLED in
+ *" $CURR_ALG"[\ =]*)
+ return 0
+ ;;
+ *) :;;
+ esac
+ return 1
+}
+
+populate_enabled_hash_algs()
+{
+ for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512; do
+ if check_for_hash_alg "$hash_alg"; then
+ hash_alg_variable=HAS_ALG_${hash_alg}
+ eval ${hash_alg_variable}=YES
+ fi
+ done
+}
+
+# skip next test if the given hash alg is not supported
+requires_hash_alg() {
+ HASH_DEFINE="Invalid"
+ HAS_HASH_ALG="NO"
+ case $1 in
+ SHA_1):;;
+ SHA_224):;;
+ SHA_256):;;
+ SHA_384):;;
+ SHA_512):;;
+ *)
+ echo "Unsupported hash alg - $1"
+ exit 1
+ ;;
+ esac
+
+ HASH_DEFINE=HAS_ALG_${1}
+ eval "HAS_HASH_ALG=\${${HASH_DEFINE}}"
+ if [ "$HAS_HASH_ALG" = "NO" ]
+ then
+ SKIP_NEXT="YES"
+ fi
+}
+
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
requires_openssl_with_fallback_scsv() {
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
@@ -1478,6 +1545,8 @@
get_options "$@"
+populate_enabled_hash_algs
+
# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell
# patterns rather than regular expressions, use a case statement instead
# of calling grep. To keep the optimizer simple, it is incomplete and only
@@ -1628,7 +1697,7 @@
# - the expected parameters are selected
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
-requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6"
+requires_hash_alg SHA_512 # "signature_algorithm ext: 6"
requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
run_test "Default" \
"$P_SRV debug_level=3" \
@@ -1676,7 +1745,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "TLS: password protected client key" \
"$P_SRV auth_mode=required" \
"$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
@@ -1685,7 +1754,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "TLS: password protected server key" \
"$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
"$P_CLI" \
@@ -1695,7 +1764,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "TLS: password protected server key, two certificates" \
"$P_SRV \
key_file=data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=data_files/server5.crt \
@@ -1717,7 +1786,7 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "CA callback on server" \
"$P_SRV auth_mode=required" \
"$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
@@ -1733,7 +1802,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-ECDSA" \
"$P_SRV auth_mode=required crt_file=data_files/server5.crt \
key_file=data_files/server5.key" \
@@ -1753,7 +1822,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-RSA" \
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key" \
@@ -1771,7 +1840,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client authentication: DHE-RSA" \
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key" \
@@ -1791,7 +1860,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-ECDSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
@@ -1808,7 +1877,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDH-" \
"$P_SRV force_version=tls12 auth_mode=required key_opaque=1\
crt_file=data_files/server5.ku-ka.crt\
@@ -1826,8 +1895,44 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key" \
+requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \
+ "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \
+ debug_level=1" \
+ "$P_CLI" \
+ 1 \
+ -s "key types: Opaque, none" \
+ -s "error" \
+ -c "error" \
+ -c "Public key type mismatch"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
+ "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key key_opaque_algs=ecdh,none \
+ debug_level=1" \
+ "$P_CLI" \
+ 1 \
+ -s "key types: Opaque, none" \
+ -s "error" \
+ -c "error" \
+ -c "Public key type mismatch"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \
debug_level=1" \
@@ -1843,8 +1948,9 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
-run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key" \
+requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=ecdh,none \
debug_level=1" \
@@ -1859,7 +1965,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_CCM_C
run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
@@ -1876,7 +1982,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server7.crt \
@@ -1897,7 +2003,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA384_C
+requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server7.crt \
@@ -1918,7 +2024,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA384_C
+requires_hash_alg SHA_384
requires_config_enabled MBEDTLS_CCM_C
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \
@@ -1942,7 +2048,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-RSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
@@ -1960,7 +2066,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: DHE-RSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
@@ -1977,7 +2083,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: RSA-PSK" \
"$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \
psk=abc123 psk_identity=foo" \
@@ -1995,7 +2101,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: RSA-" \
"$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \
@@ -2012,7 +2118,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \
@@ -2029,7 +2135,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: RSA keys with different algs" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
@@ -2051,7 +2157,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA384_C
+requires_hash_alg SHA_384
requires_config_enabled MBEDTLS_GCM_C
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \
@@ -2074,7 +2180,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
@@ -2096,7 +2202,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: ECDHE-RSA" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
@@ -2117,7 +2223,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: DHE-RSA" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
@@ -8562,7 +8668,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force a non ECC ciphersuite in the client side" \
@@ -8576,7 +8682,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force a non ECC ciphersuite in the server side" \
@@ -8588,7 +8694,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force an ECC ciphersuite in the client side" \
@@ -8602,7 +8708,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Force an ECC ciphersuite in the server side" \
@@ -9140,7 +9246,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_AES_C
requires_config_enabled MBEDTLS_GCM_C
@@ -9377,7 +9483,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_CHACHAPOLY_C
@@ -9410,7 +9516,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
@@ -9444,7 +9550,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
@@ -9478,7 +9584,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C
@@ -9513,7 +9619,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SHA256_C
+requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_AES_C