ssl-opt.sh: Replace MBEDTLS_ECP_DP_* dependencies
In preparation of the removal of MBEDTLS_ECP_DP_*
configuration options, replace them by their
PSA_WANT_ECC_* equivalent in dependencies.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d4e23b5..c667cd1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2201,8 +2201,7 @@
# - the expected parameters are selected
requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
requires_hash_alg SHA_512 # "signature_algorithm ext: 6"
-requires_any_configs_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED \
- PSA_WANT_ECC_MONTGOMERY_255
+requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255
run_test "Default, TLS 1.2" \
"$P_SRV debug_level=3" \
"$P_CLI force_version=tls12" \
@@ -2685,8 +2684,7 @@
-U "IV used"
# Test for correctness of sent single supported algorithm
-requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \
- PSA_WANT_ECC_SECP_R1_256
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C
@@ -2701,8 +2699,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \
- PSA_WANT_ECC_SECP_R1_256
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
requires_hash_alg SHA_256
run_test "Single supported algorithm sending: openssl client" \
"$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
@@ -9408,7 +9405,7 @@
# Force the use of a curve that supports restartable ECC (secp256r1).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, default" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9421,7 +9418,7 @@
-C "mbedtls_pk_sign.*\(4b00\|-248\)"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=0" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9434,7 +9431,7 @@
-C "mbedtls_pk_sign.*\(4b00\|-248\)"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=65535" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9461,7 +9458,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required" \
@@ -9477,7 +9474,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9492,7 +9489,7 @@
# This works the same with & without USE_PSA as we never get to ECDH:
# we abort as soon as we determined the cert is bad.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV groups=secp256r1 auth_mode=required \
crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -9511,7 +9508,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
@@ -9532,7 +9529,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -9551,7 +9548,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
@@ -9572,7 +9569,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -9591,7 +9588,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
@@ -9607,7 +9604,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9621,7 +9618,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
"$P_SRV groups=secp256r1" \
@@ -9637,7 +9634,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
"$P_SRV groups=secp256r1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9653,7 +9650,7 @@
# This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA,
# and all 4 assertions negated.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \