Merge pull request #7090 from paul-elliott-arm/fix_iar_warnings_dev
Fix IAR Warnings
diff --git a/README.md b/README.md
index 7b45a1f..f4bf4e1 100644
--- a/README.md
+++ b/README.md
@@ -264,6 +264,7 @@
- `int` and `size_t` must be at least 32 bits wide.
- The types `uint8_t`, `uint16_t`, `uint32_t` and their signed equivalents must be available.
- Mixed-endian platforms are not supported.
+- SIZE_MAX must be at least as big as INT_MAX and UINT_MAX.
PSA cryptography API
--------------------
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 18b37a9..7a28a19 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -419,11 +419,22 @@
}
mbedtls_ecp_keypair;
-/*
- * Point formats, from RFC 4492's enum ECPointFormat
+/**
+ * The uncompressed point format for Short Weierstrass curves
+ * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX).
*/
-#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */
-#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format. */
+#define MBEDTLS_ECP_PF_UNCOMPRESSED 0
+/**
+ * The compressed point format for Short Weierstrass curves
+ * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX).
+ *
+ * \warning While this format is supported for all concerned curves for
+ * writing, when it comes to parsing, it is not supported for all
+ * curves. Specifically, parsing compressed points on
+ * MBEDTLS_ECP_DP_SECP224R1 and MBEDTLS_ECP_DP_SECP224K1 is not
+ * supported.
+ */
+#define MBEDTLS_ECP_PF_COMPRESSED 1
/*
* Some other constants from RFC 4492
@@ -752,6 +763,9 @@
* belongs to the given group, see mbedtls_ecp_check_pubkey()
* for that.
*
+ * \note For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+ * limitations.
+ *
* \param grp The group to which the point should belong.
* This must be initialized and have group parameters
* set, for example through mbedtls_ecp_group_load().
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index fdc1355..0e4ee38 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -846,6 +846,9 @@
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
* specific key type, check the result with mbedtls_pk_can_do().
*
+ * \note For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+ * limitations.
+ *
* \note The key is also checked for correctness.
*
* \return 0 if successful, or a specific PK or PEM error code
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 13fa6d4..acc4208 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -98,14 +98,13 @@
if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
-#if SIZE_MAX > INT_MAX
+
/* This shouldn't be an issue because
* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible
* configuration, but make sure anyway. */
if (len > INT_MAX) {
return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
}
-#endif
/* For backward compatibility with Mbed TLS <= 2.19, store the
* entropy nonce length in a field that already exists, but isn't
diff --git a/library/pk.c b/library/pk.c
index ed3ca41..05afdbc 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -501,11 +501,9 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_rsassa_pss_options *pss_opts;
-#if SIZE_MAX > UINT_MAX
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
-#endif /* SIZE_MAX > UINT_MAX */
if (options == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index fa296e8..dc7a27f 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -174,11 +174,9 @@
PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg));
size_t rsa_len = mbedtls_rsa_get_len(rsa);
-#if SIZE_MAX > UINT_MAX
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
-#endif /* SIZE_MAX > UINT_MAX */
if (sig_len < rsa_len) {
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
@@ -230,11 +228,9 @@
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
size_t rsa_len = mbedtls_rsa_get_len(rsa);
-#if SIZE_MAX > UINT_MAX
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
-#endif /* SIZE_MAX > UINT_MAX */
if (sig_len < rsa_len) {
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
@@ -345,11 +341,9 @@
{
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
-#if SIZE_MAX > UINT_MAX
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
-#endif /* SIZE_MAX > UINT_MAX */
*sig_len = mbedtls_rsa_get_len(rsa);
if (sig_size < *sig_len) {
@@ -1330,11 +1324,9 @@
{
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
-#if SIZE_MAX > UINT_MAX
if (UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
-#endif /* SIZE_MAX > UINT_MAX */
*sig_len = rsa_alt->key_len_func(rsa_alt->key);
if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index c720615..6e90f1c 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -332,11 +332,9 @@
/* The Mbed TLS RSA module uses an unsigned int for hash length
* parameters. Validate that it fits so that we don't risk an
* overflow later. */
-#if SIZE_MAX > UINT_MAX
if (hash_length > UINT_MAX) {
return PSA_ERROR_INVALID_ARGUMENT;
}
-#endif
/* For signatures using a hash, the hash length must be correct. */
if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index b660393..dee780f 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -125,12 +125,10 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#if SIZE_MAX > UINT32_MAX
/* ITS file sizes are limited to 32 bits. */
if (driver->u.internal.persistent_data_size > UINT32_MAX) {
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif
/* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */
*uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location;
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index ef05dca..2668a05 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -986,7 +986,6 @@
mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
#if defined(MBEDTLS_SSL_EARLY_DATA)
- mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
/** TLS 1.3 transform for early data and handshake messages. */
mbedtls_ssl_transform *transform_earlydata;
#endif
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 4ebc8cb..9bedc25 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2090,7 +2090,7 @@
return ret;
}
- if ((size_t) ret > len || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) {
+ if ((size_t) ret > len) {
MBEDTLS_SSL_DEBUG_MSG(1,
("f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET
" were requested",
@@ -2142,7 +2142,7 @@
return ret;
}
- if ((size_t) ret > ssl->out_left || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) {
+ if ((size_t) ret > ssl->out_left) {
MBEDTLS_SSL_DEBUG_MSG(1,
("f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET
" bytes were sent",
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 2e34ee8..a95d2fd 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1127,10 +1127,10 @@
size_t transcript_len;
size_t key_len;
size_t iv_len;
+ mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
- mbedtls_ssl_tls13_early_secrets *tls13_early_secrets = &handshake->tls13_early_secrets;
MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_early_key"));
@@ -1158,7 +1158,7 @@
ret = mbedtls_ssl_tls13_derive_early_secrets(
hash_alg, handshake->tls13_master_secrets.early,
- transcript, transcript_len, tls13_early_secrets);
+ transcript, transcript_len, &tls13_early_secrets);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(
1, "mbedtls_ssl_tls13_derive_early_secrets", ret);
@@ -1167,7 +1167,7 @@
MBEDTLS_SSL_DEBUG_BUF(
4, "Client early traffic secret",
- tls13_early_secrets->client_early_traffic_secret, hash_len);
+ tls13_early_secrets.client_early_traffic_secret, hash_len);
/*
* Export client handshake traffic secret
@@ -1176,7 +1176,7 @@
ssl->f_export_keys(
ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET,
- tls13_early_secrets->client_early_traffic_secret,
+ tls13_early_secrets.client_early_traffic_secret,
hash_len,
handshake->randbytes,
handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
@@ -1185,7 +1185,7 @@
ret = ssl_tls13_make_traffic_key(
hash_alg,
- tls13_early_secrets->client_early_traffic_secret,
+ tls13_early_secrets.client_early_traffic_secret,
hash_len, traffic_keys->client_write_key, key_len,
traffic_keys->client_write_iv, iv_len);
if (ret != 0) {
@@ -1206,9 +1206,9 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_generate_early_key"));
cleanup:
- /* Erase secret and transcript */
+ /* Erase early secrets and transcript */
mbedtls_platform_zeroize(
- tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets));
+ &tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets));
mbedtls_platform_zeroize(transcript, sizeof(transcript));
return ret;
}
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index b4d7008..13423a1 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -337,6 +337,32 @@
void *pointer;
/*
+ * Check some basic platform requirements as specified in README.md
+ */
+ if (SIZE_MAX < INT_MAX || SIZE_MAX < UINT_MAX) {
+ mbedtls_printf("SIZE_MAX must be at least as big as INT_MAX and UINT_MAX\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ if (sizeof(int) < 4) {
+ mbedtls_printf("int must be at least 32 bits\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ if (sizeof(size_t) < 4) {
+ mbedtls_printf("size_t must be at least 32 bits\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ uint32_t endian_test = 0x12345678;
+ char *p = (char *) &endian_test;
+ if (!(p[0] == 0x12 && p[1] == 0x34 && p[2] == 0x56 && p[3] == 0x78) &&
+ !(p[3] == 0x12 && p[2] == 0x34 && p[1] == 0x56 && p[0] == 0x78)) {
+ mbedtls_printf("Mixed-endian platforms are not supported\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ /*
* The C standard doesn't guarantee that all-bits-0 is the representation
* of a NULL pointer. We do however use that in our code for initializing
* structures, which should work on every modern platform. Let's be sure.
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 070f538..97b26dc 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -911,6 +911,70 @@
$(OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8param.pem
+ec_prv.sec1.comp.pem: ec_prv.sec1.pem
+ $(OPENSSL) ec -in $< -out $@ -conv_form compressed
+all_final += ec_prv.sec1.comp.pem
+
+ec_224_prv.comp.pem: ec_224_prv.pem
+ $(OPENSSL) ec -in $< -out $@ -conv_form compressed
+all_final += ec_224_prv.comp.pem
+
+ec_256_prv.comp.pem: ec_256_prv.pem
+ $(OPENSSL) ec -in $< -out $@ -conv_form compressed
+all_final += ec_256_prv.comp.pem
+
+ec_384_prv.comp.pem: ec_384_prv.pem
+ $(OPENSSL) ec -in $< -out $@ -conv_form compressed
+all_final += ec_384_prv.comp.pem
+
+ec_521_prv.comp.pem: ec_521_prv.pem
+ $(OPENSSL) ec -in $< -out $@ -conv_form compressed
+all_final += ec_521_prv.comp.pem
+
+ec_bp256_prv.comp.pem: ec_bp256_prv.pem
+ $(OPENSSL) ec -in $< -out $@ -conv_form compressed
+all_final += ec_bp256_prv.comp.pem
+
+ec_bp384_prv.comp.pem: ec_bp384_prv.pem
+ $(OPENSSL) ec -in $< -out $@ -conv_form compressed
+all_final += ec_bp384_prv.comp.pem
+
+ec_bp512_prv.comp.pem: ec_bp512_prv.pem
+ $(OPENSSL) ec -in $< -out $@ -conv_form compressed
+all_final += ec_bp512_prv.comp.pem
+
+ec_pub.comp.pem: ec_pub.pem
+ $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
+all_final += ec_pub.comp.pem
+
+ec_224_pub.comp.pem: ec_224_pub.pem
+ $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
+all_final += ec_224_pub.comp.pem
+
+ec_256_pub.comp.pem: ec_256_pub.pem
+ $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
+all_final += ec_256_pub.comp.pem
+
+ec_384_pub.comp.pem: ec_384_pub.pem
+ $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
+all_final += ec_384_pub.comp.pem
+
+ec_521_pub.comp.pem: ec_521_pub.pem
+ $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
+all_final += ec_521_pub.comp.pem
+
+ec_bp256_pub.comp.pem: ec_bp256_pub.pem
+ $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
+all_final += ec_bp256_pub.comp.pem
+
+ec_bp384_pub.comp.pem: ec_bp384_pub.pem
+ $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
+all_final += ec_bp384_pub.comp.pem
+
+ec_bp512_pub.comp.pem: ec_bp512_pub.pem
+ $(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
+all_final += ec_bp512_pub.comp.pem
+
################################################################
### Generate CSRs for X.509 write test suite
################################################################
diff --git a/tests/data_files/ec_224_prv.comp.pem b/tests/data_files/ec_224_prv.comp.pem
new file mode 100644
index 0000000..e7ed538
--- /dev/null
+++ b/tests/data_files/ec_224_prv.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN EC PRIVATE KEY-----
+MEwCAQEEHGhJ+X0QZvaZd1ljfH44mUZM7j7HrJcGU6C+B0KgBwYFK4EEACGhIAMe
+AAMWk6KQ9/C1cf4rQdXYSwEydjH0qGD5lfozLAl/
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_224_pub.comp.pem b/tests/data_files/ec_224_pub.comp.pem
new file mode 100644
index 0000000..159366c
--- /dev/null
+++ b/tests/data_files/ec_224_pub.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDIwEAYHKoZIzj0CAQYFK4EEACEDHgADFpOikPfwtXH+K0HV2EsBMnYx9Khg+ZX6
+MywJfw==
+-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_256_prv.comp.pem b/tests/data_files/ec_256_prv.comp.pem
new file mode 100644
index 0000000..9ef8c97
--- /dev/null
+++ b/tests/data_files/ec_256_prv.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN EC PRIVATE KEY-----
+MFcCAQEEIEnJqMGMS4hWOMQxzx3xyZQTFgm1gNT9Q6DKsX2y8T7uoAoGCCqGSM49
+AwEHoSQDIgADd3Jlb4FLOZJ51eHxeB+sbwmaPFyhsONTUYNLCLZeC1c=
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_256_pub.comp.pem b/tests/data_files/ec_256_pub.comp.pem
new file mode 100644
index 0000000..bf9655d
--- /dev/null
+++ b/tests/data_files/ec_256_pub.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADd3Jlb4FLOZJ51eHxeB+sbwmaPFyh
+sONTUYNLCLZeC1c=
+-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_384_prv.comp.pem b/tests/data_files/ec_384_prv.comp.pem
new file mode 100644
index 0000000..3125b41
--- /dev/null
+++ b/tests/data_files/ec_384_prv.comp.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHQCAQEEMD9djZvigLVpbMXMn5TPivfmth3WWSsqsrOkxgdFBBfsMn3Nyu18EAU9
+cZoFdPCnaqAHBgUrgQQAIqE0AzIAA9nGYrULopykeZBFDgQ66vTwxpsVZ20RL2Iq
+cckwWa+ZlpHFaA0rRNERV52xL0pBOg==
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_384_pub.comp.pem b/tests/data_files/ec_384_pub.comp.pem
new file mode 100644
index 0000000..ccb6702
--- /dev/null
+++ b/tests/data_files/ec_384_pub.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEYwEAYHKoZIzj0CAQYFK4EEACIDMgAD2cZitQuinKR5kEUOBDrq9PDGmxVnbREv
+YipxyTBZr5mWkcVoDStE0RFXnbEvSkE6
+-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_521_prv.comp.pem b/tests/data_files/ec_521_prv.comp.pem
new file mode 100644
index 0000000..314c393
--- /dev/null
+++ b/tests/data_files/ec_521_prv.comp.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGYAgEBBEIBsbatB7t55zINpZhg6ijgVShPYFjyed5mbgbUNdKve9oo2Z+ke33Q
+lj4WsAcweO6LijjZZqWC9G0Z/5XfOtloWq6gBwYFK4EEACOhRgNEAAMAHeFC1U9p
+6wOO5LevnTygdzb9nPcZ6zVNaYee5/PBNvsPv58I+Gvl+hKOwaBR0+bGQ+ha2o/6
+zzZjwmC9LIRLb1Y=
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_521_pub.comp.pem b/tests/data_files/ec_521_pub.comp.pem
new file mode 100644
index 0000000..4bb8c2b
--- /dev/null
+++ b/tests/data_files/ec_521_pub.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFgwEAYHKoZIzj0CAQYFK4EEACMDRAADAB3hQtVPaesDjuS3r508oHc2/Zz3Ges1
+TWmHnufzwTb7D7+fCPhr5foSjsGgUdPmxkPoWtqP+s82Y8JgvSyES29W
+-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_bp256_prv.comp.pem b/tests/data_files/ec_bp256_prv.comp.pem
new file mode 100644
index 0000000..198d21d
--- /dev/null
+++ b/tests/data_files/ec_bp256_prv.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN EC PRIVATE KEY-----
+MFgCAQEEICFh1vLbdlJvpiwW81aoDwHzL3dnhLNqqZeZqLdmIID/oAsGCSskAwMC
+CAEBB6EkAyIAA3aMjK5KvKYwbbDtgbDEpiFcN4Bm7G1hbBRuE/HH34Cb
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_bp256_pub.comp.pem b/tests/data_files/ec_bp256_pub.comp.pem
new file mode 100644
index 0000000..ecd07bc
--- /dev/null
+++ b/tests/data_files/ec_bp256_pub.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDowFAYHKoZIzj0CAQYJKyQDAwIIAQEHAyIAA3aMjK5KvKYwbbDtgbDEpiFcN4Bm
+7G1hbBRuE/HH34Cb
+-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_bp384_prv.comp.pem b/tests/data_files/ec_bp384_prv.comp.pem
new file mode 100644
index 0000000..c0e2393
--- /dev/null
+++ b/tests/data_files/ec_bp384_prv.comp.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHgCAQEEMD3ZLnUNkNfTn8GIXNitEuqUQfIrkzS02WUgKtsUSM4kxYCKhd2a/CKa
+8KMST3Vby6ALBgkrJAMDAggBAQuhNAMyAAJxn50JOmJ+DTUDhcZhzr8AxhkjVm/p
+AGoxB68dhxvGu2iYX9ci6jK+MW+OeDt80ZU=
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_bp384_pub.comp.pem b/tests/data_files/ec_bp384_pub.comp.pem
new file mode 100644
index 0000000..638666d
--- /dev/null
+++ b/tests/data_files/ec_bp384_pub.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEowFAYHKoZIzj0CAQYJKyQDAwIIAQELAzIAAnGfnQk6Yn4NNQOFxmHOvwDGGSNW
+b+kAajEHrx2HG8a7aJhf1yLqMr4xb454O3zRlQ==
+-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_bp512_prv.comp.pem b/tests/data_files/ec_bp512_prv.comp.pem
new file mode 100644
index 0000000..73b1c07
--- /dev/null
+++ b/tests/data_files/ec_bp512_prv.comp.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGYAgEBBEA3LJd49p9ybLyj9KJo8WtNYX0QKA15pqApzVGHn+EBKTTf5TlUVTN9
+9pBtx9bS7qTbsgZcAij3Oz7XFkgOfXHSoAsGCSskAwMCCAEBDaFEA0IAAji37JK2
+HFxsf7wopOx1nUj81OLjdN79XElopU2+91EOUXiG+/w46jmqUpNZ1wpxVsNdPLrH
+zndr2yUd1kvOcSM=
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_bp512_pub.comp.pem b/tests/data_files/ec_bp512_pub.comp.pem
new file mode 100644
index 0000000..c2fbdca
--- /dev/null
+++ b/tests/data_files/ec_bp512_pub.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFowFAYHKoZIzj0CAQYJKyQDAwIIAQENA0IAAji37JK2HFxsf7wopOx1nUj81OLj
+dN79XElopU2+91EOUXiG+/w46jmqUpNZ1wpxVsNdPLrHzndr2yUd1kvOcSM=
+-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_prv.sec1.comp.pem b/tests/data_files/ec_prv.sec1.comp.pem
new file mode 100644
index 0000000..ada14c2
--- /dev/null
+++ b/tests/data_files/ec_prv.sec1.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN EC PRIVATE KEY-----
+MEcCAQEEGDOOhqiB4jj1Sb1vBVNJS3Pj1hEw/cbJbaAKBggqhkjOPQMBAaEcAxoA
+A1F1vN8wo3DznVOT5hJyiNgBZ7X0tLd2xg==
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/ec_pub.comp.pem b/tests/data_files/ec_pub.comp.pem
new file mode 100644
index 0000000..a3742a3
--- /dev/null
+++ b/tests/data_files/ec_pub.comp.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDEwEwYHKoZIzj0CAQYIKoZIzj0DAQEDGgACvHl9s65/COw9SWtPtBGz9iClWKUB
+4CIt
+-----END PUBLIC KEY-----
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 30748e7..44c62f7 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -175,10 +175,6 @@
'component_driver': 'test_psa_crypto_config_accel_ecdsa_use_psa',
'ignored_suites': [
'ecdsa', # the software implementation that's excluded
- # the following lines should not be needed,
- # they will be removed by upcoming work
- 'debug', # #6860
- 'ssl', # #6860
],
'ignored_tests': {
'test_suite_random': [
diff --git a/tests/src/certs.c b/tests/src/certs.c
index 1fcdc42..bd5c49e 100644
--- a/tests/src/certs.c
+++ b/tests/src/certs.c
@@ -25,6 +25,8 @@
#include "mbedtls/legacy_or_psa.h"
+#include "mbedtls/pk.h"
+
/*
* Test CA Certificates
*
@@ -1678,7 +1680,7 @@
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
mbedtls_test_ca_crt_rsa_sha256,
#endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
mbedtls_test_ca_crt_ec,
#endif
NULL
@@ -1690,7 +1692,7 @@
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
sizeof(mbedtls_test_ca_crt_rsa_sha256),
#endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
sizeof(mbedtls_test_ca_crt_ec),
#endif
0
@@ -1706,9 +1708,9 @@
mbedtls_test_ca_crt_rsa_sha1_der,
#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
mbedtls_test_ca_crt_ec_der,
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
NULL
};
@@ -1721,9 +1723,9 @@
sizeof(mbedtls_test_ca_crt_rsa_sha1_der),
#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
sizeof(mbedtls_test_ca_crt_ec_der),
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
0
};
@@ -1738,9 +1740,9 @@
TEST_CA_CRT_RSA_SHA1_PEM
#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
TEST_CA_CRT_EC_PEM
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
"";
const size_t mbedtls_test_cas_pem_len = sizeof(mbedtls_test_cas_pem);
#endif /* MBEDTLS_PEM_PARSE_C */
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index 47612d6..60e96a4 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -63,5 +63,5 @@
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA:!MBEDTLS_X509_REMOVE_INFO
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 6a3ca33..8117c79 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -2,6 +2,7 @@
#include "mbedtls/debug.h"
#include "string.h"
#include "mbedtls/legacy_or_psa.h"
+#include "mbedtls/pk.h"
struct buffer_data {
char buf[2000];
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index d8a8f86..a99b6c0 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -1064,10 +1064,6 @@
size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
unsigned char hash[50], sig[100];
- if (SIZE_MAX <= UINT_MAX) {
- return;
- }
-
memset(hash, 0x2a, sizeof(hash));
memset(sig, 0, sizeof(sig));
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index a493325..317a6c9 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -912,34 +912,68 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0
+Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0
+
Parse Public EC Key #3 (RFC 5480, secp224r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
+# Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and
+# MBEDTLS_ECP_DP_SECP224K1. Therefore a failure is expected in this case
+Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
Parse Public EC Key #4 (RFC 5480, secp256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
+Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0
+
Parse Public EC Key #5 (RFC 5480, secp384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
+Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0
+
Parse Public EC Key #6 (RFC 5480, secp521r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0
+Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0
+
Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0
+Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0
+
Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0
+Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0
+
Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
+Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0
+
Parse EC Key #1 (SEC1 DER)
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
@@ -948,6 +982,10 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
+Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0
+
Parse EC Key #3 (SEC1 PEM encrypted)
depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
@@ -988,30 +1026,58 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
+Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0
+
Parse EC Key #9 (SEC1 PEM, secp256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
+Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0
+
Parse EC Key #10 (SEC1 PEM, secp384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
+Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0
+
Parse EC Key #11 (SEC1 PEM, secp521r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
+Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0
+
Parse EC Key #12 (SEC1 PEM, bp256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0
+Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0
+
Parse EC Key #13 (SEC1 PEM, bp384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0
+Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0
+
Parse EC Key #14 (SEC1 PEM, bp512r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
+Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_bp512_prv.comp.pem":"NULL":0
+
Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index ff19981..0856f3f 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -2,6 +2,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
+#include "mbedtls/ecp.h"
#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 5e46ca0..c414b65 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -5968,8 +5968,10 @@
}
psa_aead_abort(&operation);
+#endif
/* Test for calling set lengths with a plaintext length of SIZE_MAX, after setting nonce */
+#if SIZE_MAX > UINT32_MAX
PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg));
PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len));
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 1848c17..928a7ce 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -440,19 +440,19 @@
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
-depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
-depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
-depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
-depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
@@ -3234,15 +3234,15 @@
ssl_serialize_session_save_load:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, save-load: no ticket
@@ -3274,15 +3274,15 @@
ssl_serialize_session_load_save:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: small ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
ssl_serialize_session_load_save:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: large ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
ssl_serialize_session_load_save:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, load-save: no ticket
@@ -3314,15 +3314,15 @@
ssl_serialize_session_save_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: small ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: large ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, save buffer size: no ticket
@@ -3354,15 +3354,15 @@
ssl_serialize_session_load_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: no ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: small ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: large ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, load buffer size: no ticket
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 1d182e0..15246cb 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3,6 +3,7 @@
#include <ssl_misc.h>
#include <mbedtls/timing.h>
#include <mbedtls/debug.h>
+#include <mbedtls/pk.h>
#include <ssl_tls13_keys.h>
#include <ssl_tls13_invasive.h>
#include "test/certs.h"