Merge pull request #9354 from eleuzi01/replace-ecp-have-secp512r1
Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
index 7dafbae..7a375d8 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -4,7 +4,7 @@
*
* This is an internal header. Do not include it directly.
*
- * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * Automatically enable certain dependencies. Generally, MBEDTLS_xxx
* configurations need to be explicitly enabled by the user: enabling
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
* compilation error. However, we do automatically enable certain options
@@ -433,7 +433,7 @@
#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
#endif
-/* Some internal helpers to determine which keys are availble. */
+/* Some internal helpers to determine which keys are available. */
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
#define MBEDTLS_SSL_HAVE_AES
@@ -447,7 +447,7 @@
#define MBEDTLS_SSL_HAVE_CAMELLIA
#endif
-/* Some internal helpers to determine which operation modes are availble. */
+/* Some internal helpers to determine which operation modes are available. */
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
#define MBEDTLS_SSL_HAVE_CBC
diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h
index 309524a..1f82d9c 100644
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/include/mbedtls/config_adjust_ssl.h
@@ -4,7 +4,7 @@
*
* This is an internal header. Do not include it directly.
*
- * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * Automatically enable certain dependencies. Generally, MBEDTLS_xxx
* configurations need to be explicitly enabled by the user: enabling
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
* compilation error. However, we do automatically enable certain options
diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h
index c063251..cfb2d88 100644
--- a/include/mbedtls/config_adjust_x509.h
+++ b/include/mbedtls/config_adjust_x509.h
@@ -4,7 +4,7 @@
*
* This is an internal header. Do not include it directly.
*
- * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * Automatically enable certain dependencies. Generally, MBEDTLS_xxx
* configurations need to be explicitly enabled by the user: enabling
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
* compilation error. However, we do automatically enable certain options
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 9b616de..0f1b54e 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -995,7 +995,7 @@
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
*
* \warning If SHA-256 is provided only by a PSA driver, you must call
- * psa_crypto_init() before the first hanshake (even if
+ * psa_crypto_init() before the first handshake (even if
* MBEDTLS_USE_PSA_CRYPTO is disabled).
*
* This enables the following ciphersuites (if other requisites are
@@ -2497,7 +2497,7 @@
* The CTR_DRBG generator uses AES-256 by default.
* To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
*
- * AES support can either be achived through builtin (MBEDTLS_AES_C) or PSA.
+ * AES support can either be achieved through builtin (MBEDTLS_AES_C) or PSA.
* Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA
* is used.
*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 82a40fa..36d8c90 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5611,7 +5611,7 @@
* about this list.
*/
static const uint16_t ssl_preset_default_groups[] = {
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
#endif
#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
@@ -5620,19 +5620,19 @@
#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
MBEDTLS_SSL_IANA_TLS_GROUP_X448,
#endif
#if defined(PSA_WANT_ECC_SECP_R1_521)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP256R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP384R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP512R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
#endif
#if defined(PSA_WANT_ALG_FFDH)
@@ -6243,13 +6243,13 @@
#if defined(PSA_WANT_ECC_SECP_R1_521)
{ 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521 },
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP512R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
{ 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512 },
#endif
#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
{ 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384 },
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP384R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
{ 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384 },
#endif
#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
@@ -6258,10 +6258,10 @@
#if defined(PSA_WANT_ECC_SECP_K1_256)
{ 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256 },
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP256R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
{ 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 },
#endif
-#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
+#if defined(PSA_WANT_ECC_SECP_R1_224)
{ 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 },
#endif
#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
@@ -6273,10 +6273,10 @@
#if defined(PSA_WANT_ECC_SECP_K1_192)
{ 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 },
#endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
{ 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 },
#endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
{ 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448 },
#endif
{ 0, MBEDTLS_ECP_DP_NONE, 0, 0 },
diff --git a/programs/test/metatest.c b/programs/test/metatest.c
index c52e579..75829ec 100644
--- a/programs/test/metatest.c
+++ b/programs/test/metatest.c
@@ -381,7 +381,7 @@
void (*entry_point)(const char *name);
} metatest_t;
-/* The list of availble meta-tests. Remember to register new functions here!
+/* The list of available meta-tests. Remember to register new functions here!
*
* Note that we always compile all the functions, so that `metatest --list`
* will always list all the available meta-tests.
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index f8147d1..993e23c 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -357,6 +357,12 @@
'Key ASN1 (Encrypted key PKCS5, trailing garbage data)',
re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'),
],
+ # Encrypted keys are not supported so far.
+ 'ssl-opt': [
+ 'TLS: password protected server key',
+ 'TLS: password protected client key',
+ 'TLS: password protected server key, two certificates',
+ ],
}
}
},
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1cc1115..0b8f129 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -595,6 +595,7 @@
*) PSK_ONLY="NO";;
esac
+HAS_ALG_MD5="NO"
HAS_ALG_SHA_1="NO"
HAS_ALG_SHA_224="NO"
HAS_ALG_SHA_256="NO"
@@ -613,7 +614,10 @@
else
CURR_ALG=MBEDTLS_${1}_C
# Remove the second underscore to match MBEDTLS_* naming convention
- CURR_ALG=$(echo "$CURR_ALG" | sed 's/_//2')
+ # MD5 is an exception to this convention
+ if [ "${1}" != "MD5" ]; then
+ CURR_ALG=$(echo "$CURR_ALG" | sed 's/_//2')
+ fi
fi
case $CONFIGS_ENABLED in
@@ -627,7 +631,7 @@
populate_enabled_hash_algs()
{
- for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512; do
+ for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512 MD5; do
if check_for_hash_alg "$hash_alg"; then
hash_alg_variable=HAS_ALG_${hash_alg}
eval ${hash_alg_variable}=YES
@@ -640,6 +644,7 @@
HASH_DEFINE="Invalid"
HAS_HASH_ALG="NO"
case $1 in
+ MD5):;;
SHA_1):;;
SHA_224):;;
SHA_256):;;
@@ -1814,7 +1819,7 @@
# a maximum fragment length.
# first argument ($1) is MFL for SSL client
# second argument ($2) is memory usage for SSL client with default MFL (16k)
-run_test_memory_after_hanshake_with_mfl()
+run_test_memory_after_handshake_with_mfl()
{
# The test passes if the difference is around 2*(16k-MFL)
MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))"
@@ -1834,7 +1839,7 @@
# Test that the server's memory usage after a handshake is reduced when a client specifies
# different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes
-run_tests_memory_after_hanshake()
+run_tests_memory_after_handshake()
{
# all tests in this sequence requires the same configuration (see requires_config_enabled())
SKIP_THIS_TESTS="$SKIP_NEXT"
@@ -1850,16 +1855,16 @@
-F "handshake_memory_get MEMORY_USAGE_MFL_16K"
SKIP_NEXT="$SKIP_THIS_TESTS"
- run_test_memory_after_hanshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K"
+ run_test_memory_after_handshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K"
SKIP_NEXT="$SKIP_THIS_TESTS"
- run_test_memory_after_hanshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K"
+ run_test_memory_after_handshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K"
SKIP_NEXT="$SKIP_THIS_TESTS"
- run_test_memory_after_hanshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K"
+ run_test_memory_after_handshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K"
SKIP_NEXT="$SKIP_THIS_TESTS"
- run_test_memory_after_hanshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K"
+ run_test_memory_after_handshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K"
}
cleanup() {
@@ -2109,11 +2114,11 @@
-c "Key size is 128"
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_MD_CAN_MD5
# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
# module does not support PSA dispatching so we need builtin support.
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_AES_C
+requires_hash_alg MD5
requires_hash_alg SHA_256
run_test "TLS: password protected client key" \
"$P_SRV force_version=tls12 auth_mode=required" \
@@ -2121,11 +2126,11 @@
0
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_MD_CAN_MD5
# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
# module does not support PSA dispatching so we need builtin support.
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_AES_C
+requires_hash_alg MD5
requires_hash_alg SHA_256
run_test "TLS: password protected server key" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \
@@ -2134,11 +2139,11 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_MD_CAN_MD5
# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
# module does not support PSA dispatching so we need builtin support.
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_AES_C
+requires_hash_alg MD5
requires_hash_alg SHA_256
run_test "TLS: password protected server key, two certificates" \
"$P_SRV force_version=tls12\
@@ -5549,7 +5554,7 @@
-c "client hello, adding renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
- -C "ssl_hanshake() returned" \
+ -C "ssl_handshake() returned" \
-C "error" \
-c "HTTP/1.0 200 [Oo][Kk]"
@@ -5563,7 +5568,7 @@
-c "client hello, adding renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
- -C "ssl_hanshake() returned" \
+ -C "ssl_handshake() returned" \
-C "error" \
-c "HTTP/1.0 200 [Oo][Kk]"
@@ -5607,7 +5612,7 @@
-c "client hello, adding renegotiation extension" \
-C "found renegotiation extension" \
-c "=> renegotiate" \
- -C "ssl_hanshake() returned" \
+ -C "ssl_handshake() returned" \
-C "error" \
-c "HTTP/1.0 200 [Oo][Kk]"
@@ -14143,7 +14148,7 @@
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 16384
-run_tests_memory_after_hanshake
+run_tests_memory_after_handshake
if [ "$LIST_TESTS" -eq 0 ]; then
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 5770d2a..eb68dbc 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -35,11 +35,11 @@
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"
PK utils: ECKEY_DH Curve25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"
PK utils: ECKEY_DH Curve448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"
PK utils: ECDSA SECP192R1
@@ -419,11 +419,11 @@
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0:0:0
ECDSA sign-verify: BP256R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_BRAINPOOL_P_R1_256
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0:0:0
ECDSA sign-verify: BP512R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP512R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_BRAINPOOL_P_R1_512
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0:0:0
EC(DSA) sign-verify: SECP192R1
@@ -676,15 +676,15 @@
pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:0
PSA wrapped sign: BP256R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_BRAINPOOL_P_R1_256
pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:0
PSA wrapped sign: BP384R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP384R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_BRAINPOOL_P_R1_384
pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:0
PSA wrapped sign: BP512R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP512R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_BRAINPOOL_P_R1_512
pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:0
PSA wrapped sign: RSA PKCS1 v1.5
@@ -1670,5 +1670,5 @@
pk_copy_public_from_psa:"587CF7C57EB7C6254CBF80CC59846521B4FBCBA8BC4B362A9B043F0DEB49CCA1":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)
Copy from PSA: non-exportable -> public, Curve25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_copy_public_from_psa:"a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY)
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index f5a626b..12c712a 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -959,7 +959,7 @@
pk_parse_public_keyfile_ec:"../framework/data_files/ec_pub.comp.pem":0
Parse Public EC Key #3 (RFC 5480, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP224R1
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_224
pk_parse_public_keyfile_ec:"../framework/data_files/ec_224_pub.pem":0
# Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and
@@ -993,7 +993,7 @@
pk_parse_public_keyfile_ec:"../framework/data_files/ec_521_pub.comp.pem":0
Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP256R1
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256
pk_parse_public_keyfile_ec:"../framework/data_files/ec_bp256_pub.pem":0
Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)
@@ -1001,7 +1001,7 @@
pk_parse_public_keyfile_ec:"../framework/data_files/ec_bp256_pub.comp.pem":0
Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP384R1
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384
pk_parse_public_keyfile_ec:"../framework/data_files/ec_bp384_pub.pem":0
Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)
@@ -1009,7 +1009,7 @@
pk_parse_public_keyfile_ec:"../framework/data_files/ec_bp384_pub.comp.pem":0
Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP512R1
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512
pk_parse_public_keyfile_ec:"../framework/data_files/ec_bp512_pub.pem":0
Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)
@@ -1017,19 +1017,19 @@
pk_parse_public_keyfile_ec:"../framework/data_files/ec_bp512_pub.comp.pem":0
Parse Public EC Key #10 (RFC 8410, DER, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_public_keyfile_ec:"../framework/data_files/ec_x25519_pub.der":0
Parse Public EC Key #11 (RFC 8410, DER, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_448
pk_parse_public_keyfile_ec:"../framework/data_files/ec_x448_pub.der":0
Parse Public EC Key #12 (RFC 8410, PEM, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_public_keyfile_ec:"../framework/data_files/ec_x25519_pub.pem":0
Parse Public EC Key #13 (RFC 8410, PEM, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_448
pk_parse_public_keyfile_ec:"../framework/data_files/ec_x448_pub.pem":0
Parse EC Key #1 (SEC1 DER)
@@ -1081,7 +1081,7 @@
pk_parse_keyfile_ec:"../framework/data_files/ec_prv.pk8param.pem":"NULL":0
Parse EC Key #8 (SEC1 PEM, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP224R1
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_224
pk_parse_keyfile_ec:"../framework/data_files/ec_224_prv.pem":"NULL":0
Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)
@@ -1113,7 +1113,7 @@
pk_parse_keyfile_ec:"../framework/data_files/ec_521_prv.comp.pem":"NULL":0
Parse EC Key #12 (SEC1 PEM, bp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP256R1
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256
pk_parse_keyfile_ec:"../framework/data_files/ec_bp256_prv.pem":"NULL":0
Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)
@@ -1121,7 +1121,7 @@
pk_parse_keyfile_ec:"../framework/data_files/ec_bp256_prv.comp.pem":"NULL":0
Parse EC Key #13 (SEC1 PEM, bp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP384R1
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384
pk_parse_keyfile_ec:"../framework/data_files/ec_bp384_prv.pem":"NULL":0
Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)
@@ -1129,7 +1129,7 @@
pk_parse_keyfile_ec:"../framework/data_files/ec_bp384_prv.comp.pem":"NULL":0
Parse EC Key #14 (SEC1 PEM, bp512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP512R1
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512
pk_parse_keyfile_ec:"../framework/data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)
@@ -1141,19 +1141,19 @@
pk_parse_keyfile_ec:"../framework/data_files/ec_prv.specdom.der":"NULL":0
Parse EC Key #16 (RFC 8410, DER, X25519)
-depends_on:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_keyfile_ec:"../framework/data_files/ec_x25519_prv.der":"NULL":0
Parse EC Key #17 (RFC 8410, DER, X448)
-depends_on:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:PSA_WANT_ECC_MONTGOMERY_448
pk_parse_keyfile_ec:"../framework/data_files/ec_x448_prv.der":"NULL":0
Parse EC Key #18 (RFC 8410, PEM, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_keyfile_ec:"../framework/data_files/ec_x25519_prv.pem":"NULL":0
Parse EC Key #19 (RFC 8410, PEM, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_448
pk_parse_keyfile_ec:"../framework/data_files/ec_x448_prv.pem":"NULL":0
Key ASN1 (No data)
@@ -1167,39 +1167,39 @@
pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with NULL private key)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier)
pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (Encrypted key PKCS5, trailing garbage data)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_key_encrypted:"307C304006092A864886F70D01050D3033301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC3949100438AD100BAC552FD0AE70BECAFA60F5E519B6180C77E8DB0B9ECC6F23FEDD30AB9BDCA2AF9F97BC470FC3A82DCA2364E22642DE0AF9275A82CB":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
Key ASN1 (Encrypted key PKCS12, trailing garbage data)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
pk_parse_key_encrypted:"3058301C060A2A864886F70D010C0103300E0409CCCCCCCCCCCCCCCCCC02010A04380A8CAF39C4FA001884D0583B323C5E70942444FBE1F650B92F8ADF4AD7BD5049B4748F53A2531139EBF253FE01E8FC925C82C759C944B4D0":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
# From RFC8410 Appendix A but made into version 0
OneAsymmetricKey X25519, doesn't match masking requirements #1
-depends_on:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_fix_montgomery:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"
# Full inverse of the expected x25519 pattern:
@@ -1208,7 +1208,7 @@
# - 2nd MSb to 0
# Note: Montgomery keys are written in Little endian format.
OneAsymmetricKey X25519, doesn't match masking requirements #2
-depends_on:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:PSA_WANT_ECC_MONTGOMERY_255
pk_parse_fix_montgomery:"302e020100300506032b656e04220420ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbf":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"
# Full inverse of the expected x448 pattern:
@@ -1216,5 +1216,5 @@
# - MSb to 0
# Note: Montgomery keys are written in Little endian format.
OneAsymmetricKey X448, doesn't match masking requirements #3
-depends_on:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:PSA_WANT_ECC_MONTGOMERY_448
pk_parse_fix_montgomery:"3046020100300506032b656f043a0438ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f":"3046020100300506032b656f043a0438fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index f53f67d..d6f535c 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -31,27 +31,27 @@
pk_write_pubkey_check:"../framework/data_files/ec_521_pub.der":TEST_DER
Public key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_BP512R1
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512
pk_write_pubkey_check:"../framework/data_files/ec_bp512_pub.pem":TEST_PEM
Public key write check EC Brainpool 512 bits (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_BRAINPOOL_P_R1_512
pk_write_pubkey_check:"../framework/data_files/ec_bp512_pub.der":TEST_DER
Public key write check EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
pk_write_pubkey_check:"../framework/data_files/ec_x25519_pub.pem":TEST_PEM
Public key write check EC X25519 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_write_pubkey_check:"../framework/data_files/ec_x25519_pub.der":TEST_DER
Public key write check EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
pk_write_pubkey_check:"../framework/data_files/ec_x448_pub.pem":TEST_PEM
Public key write check EC X448 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448
pk_write_pubkey_check:"../framework/data_files/ec_x448_pub.der":TEST_DER
Private key write check RSA
@@ -103,27 +103,27 @@
pk_write_key_check:"../framework/data_files/ec_521_short_prv.der":TEST_DER
Private key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_BP512R1
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512
pk_write_key_check:"../framework/data_files/ec_bp512_prv.pem":TEST_PEM
Private key write check EC Brainpool 512 bits (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_BRAINPOOL_P_R1_512
pk_write_key_check:"../framework/data_files/ec_bp512_prv.der":TEST_DER
Private key write check EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
pk_write_key_check:"../framework/data_files/ec_x25519_prv.pem":TEST_PEM
Private key write check EC X25519 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_write_key_check:"../framework/data_files/ec_x25519_prv.der":TEST_DER
Private key write check EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448
pk_write_key_check:"../framework/data_files/ec_x448_prv.pem":TEST_PEM
Private key write check EC X448 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448
pk_write_key_check:"../framework/data_files/ec_x448_prv.der":TEST_DER
Derive public key RSA
@@ -143,13 +143,13 @@
pk_write_public_from_private:"../framework/data_files/ec_521_prv.der":"../framework/data_files/ec_521_pub.der"
Derive public key EC Brainpool 512 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_BRAINPOOL_P_R1_512
pk_write_public_from_private:"../framework/data_files/ec_bp512_prv.der":"../framework/data_files/ec_bp512_pub.der"
Derive public key EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255
pk_write_public_from_private:"../framework/data_files/ec_x25519_prv.der":"../framework/data_files/ec_x25519_pub.der"
Derive public key EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448
pk_write_public_from_private:"../framework/data_files/ec_x448_prv.der":"../framework/data_files/ec_x448_pub.der"
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 332d986..5987394 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -2924,7 +2924,7 @@
# Vector from RFC 8448
# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"'
# For all other data, see Section 4, 'construct a ClientHello handshake message:'
-depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_HAVE_CURVE25519
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_MONTGOMERY_255
ssl_tls13_create_psk_binder:PSA_ALG_SHA_256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 521c703..6a0c92f 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3009,7 +3009,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_ECP_HAVE_SECP224R1:MBEDTLS_ECP_HAVE_SECP256R1 */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ECC_SECP_R1_224:MBEDTLS_ECP_HAVE_SECP256R1 */
void conf_curve()
{
@@ -3560,7 +3560,7 @@
#else
TEST_UNAVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521);
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP512R1) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
TEST_AVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512);
#else
TEST_UNAVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512);
@@ -3570,7 +3570,7 @@
#else
TEST_UNAVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384);
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP384R1) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
TEST_AVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384);
#else
TEST_UNAVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384);
@@ -3585,12 +3585,12 @@
#else
TEST_UNAVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256);
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP256R1) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
TEST_AVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
#else
TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
#endif
-#if defined(MBEDTLS_ECP_HAVE_SECP224R1) || defined(PSA_WANT_ECC_SECP_R1_224)
+#if defined(PSA_WANT_ECC_SECP_R1_224)
TEST_AVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
#else
TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
@@ -3610,12 +3610,12 @@
#else
TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
#endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(PSA_WANT_ECC_MONTGOMERY_255)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
#else
TEST_UNAVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
#endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE448) || defined(PSA_WANT_ECC_MONTGOMERY_448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
TEST_AVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448);
#else
TEST_UNAVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448);
diff --git a/tf-psa-crypto/core/psa_util.c b/tf-psa-crypto/core/psa_util.c
index 390ce5a..e89b00f 100644
--- a/tf-psa-crypto/core/psa_util.c
+++ b/tf-psa-crypto/core/psa_util.c
@@ -195,7 +195,7 @@
*bits = 192;
return PSA_ECC_FAMILY_SECP_R1;
#endif
-#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
+#if defined(PSA_WANT_ECC_SECP_R1_224)
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_R1;
@@ -215,22 +215,22 @@
*bits = 521;
return PSA_ECC_FAMILY_SECP_R1;
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP256R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP384R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
#endif
-#if defined(MBEDTLS_ECP_HAVE_BP512R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
#endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return PSA_ECC_FAMILY_MONTGOMERY;
@@ -248,7 +248,7 @@
*bits = 256;
return PSA_ECC_FAMILY_SECP_K1;
#endif
-#if defined(MBEDTLS_ECP_HAVE_CURVE448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return PSA_ECC_FAMILY_MONTGOMERY;
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h
index a0909d6..a6a5069 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h
@@ -325,7 +325,7 @@
* \brief This function sets up an ECDH context from an EC key.
*
* It is used by clients and servers in place of the
- * ServerKeyEchange for static ECDH, and imports ECDH
+ * ServerKeyExchange for static ECDH, and imports ECDH
* parameters from the EC key information of a certificate.
*
* \see ecp.h
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
index d7a3c66..7b0a80d 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
@@ -207,7 +207,7 @@
* range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
* which is congruent mod \p P to the given MPI, and is close enough to \p pbits
* in size, so that it may be efficiently brought in the 0..P-1 range by a few
- * additions or subtractions. Therefore, it is only an approximative modular
+ * additions or subtractions. Therefore, it is only an approximate modular
* reduction. It must return 0 on success and non-zero on failure.
*
* \note Alternative implementations of the ECP module must obey the
diff --git a/tf-psa-crypto/drivers/builtin/src/oid.c b/tf-psa-crypto/drivers/builtin/src/oid.c
index 6aa288b..df7d949 100644
--- a/tf-psa-crypto/drivers/builtin/src/oid.c
+++ b/tf-psa-crypto/drivers/builtin/src/oid.c
@@ -548,12 +548,12 @@
MBEDTLS_ECP_DP_SECP192R1,
},
#endif /* PSA_WANT_ECC_SECP_R1_192 */
-#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
+#if defined(PSA_WANT_ECC_SECP_R1_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"),
MBEDTLS_ECP_DP_SECP224R1,
},
-#endif /* MBEDTLS_ECP_HAVE_SECP224R1 */
+#endif /* PSA_WANT_ECC_SECP_R1_224 */
#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"),
@@ -590,24 +590,24 @@
MBEDTLS_ECP_DP_SECP256K1,
},
#endif /* PSA_WANT_ECC_SECP_K1_256 */
-#if defined(MBEDTLS_ECP_HAVE_BP256R1)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"),
MBEDTLS_ECP_DP_BP256R1,
},
-#endif /* MBEDTLS_ECP_HAVE_BP256R1 */
-#if defined(MBEDTLS_ECP_HAVE_BP384R1)
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"),
MBEDTLS_ECP_DP_BP384R1,
},
-#endif /* MBEDTLS_ECP_HAVE_BP384R1 */
-#if defined(MBEDTLS_ECP_HAVE_BP512R1)
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"),
MBEDTLS_ECP_DP_BP512R1,
},
-#endif /* MBEDTLS_ECP_HAVE_BP512R1 */
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_ECP_DP_NONE,
@@ -633,18 +633,18 @@
static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] =
{
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
{
OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"),
MBEDTLS_ECP_DP_CURVE25519,
},
-#endif /* MBEDTLS_ECP_HAVE_CURVE25519 */
-#if defined(MBEDTLS_ECP_HAVE_CURVE448)
+#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
{
OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"),
MBEDTLS_ECP_DP_CURVE448,
},
-#endif /* MBEDTLS_ECP_HAVE_CURVE448 */
+#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_ECP_DP_NONE,
diff --git a/tf-psa-crypto/drivers/builtin/src/pk_internal.h b/tf-psa-crypto/drivers/builtin/src/pk_internal.h
index e86a3a0..b728615 100644
--- a/tf-psa-crypto/drivers/builtin/src/pk_internal.h
+++ b/tf-psa-crypto/drivers/builtin/src/pk_internal.h
@@ -114,9 +114,9 @@
}
/* Helper for Montgomery curves */
-#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448)
+#if defined(PSA_WANT_ECC_MONTGOMERY_255) || defined(PSA_WANT_ECC_MONTGOMERY_448)
#define MBEDTLS_PK_HAVE_RFC8410_CURVES
-#endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */
+#endif /* PSA_WANT_ECC_MONTGOMERY_255 || PSA_WANT_ECC_MONTGOMERY_448 */
#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
diff --git a/tf-psa-crypto/drivers/builtin/src/platform_util.c b/tf-psa-crypto/drivers/builtin/src/platform_util.c
index 0741bf5..19ef07a 100644
--- a/tf-psa-crypto/drivers/builtin/src/platform_util.c
+++ b/tf-psa-crypto/drivers/builtin/src/platform_util.c
@@ -149,7 +149,7 @@
#include <time.h>
#if !defined(_WIN32) && (defined(unix) || \
defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
- defined(__MACH__)) || defined__midipix__)
+ defined(__MACH__)) || defined(__midipix__))
#include <unistd.h>
#endif /* !_WIN32 && (unix || __unix || __unix__ ||
* (__APPLE__ && __MACH__) || __midipix__) */