commit ff3b8211ffb9c4231e21bd452dd0426a248587a5
author Gilles Peskine <Gilles.Peskine@arm.com> Tue Apr 30 14:25:30 2024 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Tue Apr 30 16:20:20 2024 +0200
tree e947963ca30864a0a6af05e68edcf6f124dc1854
parent 6191f4aeb567beb356eee03c984950f0cb10a559

Driver-only FFDH is not good enough for DHE support in TLS 1.2

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/scripts/analyze_outcomes.py

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 5b4deb6..5193a3b 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -468,6 +468,12 @@
                 'bignum.generated', 'bignum.misc',
             ],
             'ignored_tests': {
+                'ssl-opt': [
+                    # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C
+                    # (because it needs custom groups, which PSA does not
+                    # provide), even with MBEDTLS_USE_PSA_CRYPTO.
+                    re.compile(r'PSK callback:.*\bdhe-psk\b.*'),
+                ],
                 'test_suite_platform': [
                     # Incompatible with sanitizers (e.g. ASan). If the driver
                     # component uses a sanitizer but the reference component