Merge pull request #6436 from yanrayw/ssl_client2-add-build-version
Add build version to the output of ssl_client2 and ssl_server2
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index c580443..94fb020 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,36 +1,19 @@
-Notes:
-* Pull requests cannot be accepted until the PR follows the [contributing guidelines](../CONTRIBUTING.md). In particular, each commit must have at least one `Signed-off-by:` line from the committer to certify that the contribution is made under the terms of the [Developer Certificate of Origin](../dco.txt).
-* This is just a template, so feel free to use/remove the unnecessary things
## Description
-A few sentences describing the overall goals of the pull request's commits.
+
+Please write a few sentences describing the overall goals of the pull request's commits.
-## Status
-**READY/IN DEVELOPMENT/HOLD**
-## Requires Backporting
-When there is a bug fix, it should be backported to all maintained and supported branches.
-Changes do not have to be backported if:
-- This PR is a new feature\enhancement
-- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch
+## Gatekeeper checklist
-Yes | NO
-Which branch?
-
-## Migrations
-If there is any API change, what's the incentive and logic for it.
-
-YES | NO
-
-## Additional comments
-Any additional information that could be of interest
-
-## Todos
-- [ ] Tests
-- [ ] Documentation
-- [ ] Changelog updated
-- [ ] Backported
+- [ ] **changelog** provided, or not required
+- [ ] **backport** done, or not required
+- [ ] **tests** provided, or not required
-## Steps to test or reproduce
-Outline the steps to test or reproduce the PR here.
+
+## Notes for the submitter
+
+Please refer to the [contributing guidelines](../CONTRIBUTING.md), especially the
+checklist for PR contributors.
+
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 66fe5f1..d19fe57 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,9 +1,16 @@
Contributing
============
-We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
+We gratefully accept bug reports and contributions from the community. All PRs are reviewed by the project team / community, and may need some modifications to
+be accepted.
- - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
- - The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
+Quick Checklist for PR contributors
+-----------------------------------
+More details on all of these points may be found in the sections below.
+
+- [Sign-off](#license-and-copyright): all commits must be signed off.
+- [Tests](#tests): please ensure the PR includes adequate tests.
+- [Changelog](#documentation): if needed, please provide a changelog entry.
+- [Backports](#long-term-support-branches): provide a backport if needed (it's fine to wait until the main PR is accepted).
Coding Standards
----------------
@@ -25,7 +32,7 @@
The project aims to minimise the impact on users upgrading to newer versions of the library and it should not be necessary for a user to make any changes to their own code to work with a newer version of the library. Unless the user has made an active decision to use newer features, a newer generation of the library or a change has been necessary due to a security issue or other significant software defect, no modifications to their own code should be necessary. To achieve this, API compatibility is maintained between different versions of Mbed TLS on the main development branch and in LTS (Long Term Support) branches, as described in [BRANCHES.md](BRANCHES.md).
-To minimise such disruption to users, where a change to the interface is required, all changes to the ABI or API, even on the main development branch where new features are added, need to be justifiable by either being a significant enhancement, new feature or bug fix which is best resolved by an interface change.
+To minimise such disruption to users, where a change to the interface is required, all changes to the ABI or API, even on the main development branch where new features are added, need to be justifiable by either being a significant enhancement, new feature or bug fix which is best resolved by an interface change. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
Where changes to an existing interface are necessary, functions in the public interface which need to be changed, are marked as 'deprecated'. This is done with the preprocessor symbols `MBEDTLS_DEPRECATED_WARNING` and `MBEDTLS_DEPRECATED_REMOVED`. Then, a new function with a new name but similar if not identical behaviour to the original function containing the necessary changes should be created alongside the existing deprecated function.
@@ -54,7 +61,7 @@
-----
As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist.
-Mbed TLS includes a comprehensive set of test suites in the `tests/` directory that are dynamically generated to produce the actual test source files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function.
+Mbed TLS includes a comprehensive set of test suites in the `tests/` directory that are dynamically generated to produce the actual test source files (e.g. `test_suite_rsa.c`). These files are generated from a `function file` (e.g. `suites/test_suite_rsa.function`) and a `data file` (e.g. `suites/test_suite_rsa.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function.
[A Knowledge Base article describing how to add additional tests is available on the Mbed TLS website](https://mbed-tls.readthedocs.io/en/latest/kb/development/test_suites/).
diff --git a/ChangeLog.d/cert_write-set-extended-key-usages.txt b/ChangeLog.d/cert_write-set-extended-key-usages.txt
new file mode 100644
index 0000000..18b7b04
--- /dev/null
+++ b/ChangeLog.d/cert_write-set-extended-key-usages.txt
@@ -0,0 +1,6 @@
+Features
+ * cert_write: support for setting extended key usage attributes. A
+ corresponding new public API call has been added in the library,
+ mbedtls_x509write_crt_set_ext_key_usage().
+ * cert_write: support for writing certificate files in either PEM
+ or DER format.
diff --git a/ChangeLog.d/ecdsa-verify-fixes.txt b/ChangeLog.d/ecdsa-verify-fixes.txt
new file mode 100644
index 0000000..b41b046
--- /dev/null
+++ b/ChangeLog.d/ecdsa-verify-fixes.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix ECDSA verification, where it was not always validating the
+ public key. This bug meant that it was possible to verify a
+ signature with an invalid public key, in some cases. Reported by
+ Guido Vranken using Cryptofuzz in #4420.
diff --git a/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt b/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt
new file mode 100644
index 0000000..5797f48
--- /dev/null
+++ b/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix TLS 1.3 session resumption fail. Fixes #6488.
+ * Add configuration check to exclude TLS 1.3 optional authentication of
+ client.
diff --git a/ChangeLog.d/fix_x509_get_name_mem_leak.txt b/ChangeLog.d/fix_x509_get_name_mem_leak.txt
new file mode 100644
index 0000000..358d1af
--- /dev/null
+++ b/ChangeLog.d/fix_x509_get_name_mem_leak.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix memory leak in ssl_parse_certificate_request() caused by
+ mbedtls_x509_get_name() not freeing allocated objects in case of error.
+ Change mbedtls_x509_get_name() to clean up allocated objects on error.
diff --git a/ChangeLog.d/fix_x509_info_hwmodulename.txt b/ChangeLog.d/fix_x509_info_hwmodulename.txt
new file mode 100644
index 0000000..8b227ce
--- /dev/null
+++ b/ChangeLog.d/fix_x509_info_hwmodulename.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
+ bytes when parsing certificates containing a binary RFC 4108
+ HardwareModuleName as a Subject Alternative Name extension. Hardware
+ serial numbers are now rendered in hex format. Fixes #6262.
diff --git a/ChangeLog.d/fix_zeroization.txt b/ChangeLog.d/fix_zeroization.txt
new file mode 100644
index 0000000..ad74d9c
--- /dev/null
+++ b/ChangeLog.d/fix_zeroization.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix possible crash in TLS PRF code, if a failure to allocate memory occurs.
+ Reported by Michael Madsen in #6516.
diff --git a/ChangeLog.d/mbedtls_asn1_type_free.txt b/ChangeLog.d/mbedtls_asn1_type_free.txt
new file mode 100644
index 0000000..81f3a20
--- /dev/null
+++ b/ChangeLog.d/mbedtls_asn1_type_free.txt
@@ -0,0 +1,6 @@
+Features
+ * Shared code to free x509 structs like mbedtls_x509_named_data
+New deprecations
+ * Deprecate mbedtls_asn1_free_named_data().
+ Use mbedtls_asn1_free_named_data_list()
+ or mbedtls_asn1_free_named_data_list_shallow()
diff --git a/ChangeLog.d/psa_crypto_code_gen_1_1.txt b/ChangeLog.d/psa_crypto_code_gen_1_1.txt
new file mode 100644
index 0000000..2c18e6f
--- /dev/null
+++ b/ChangeLog.d/psa_crypto_code_gen_1_1.txt
@@ -0,0 +1,6 @@
+Features
+ * Brought in PSA code geneneration JSON driver list.
+ Added auto generated templating support for key management.
+ Added Support for transparent and opaque keys (import/export/copy).
+ Included some general JSON validation for the given entry points.
+ Addresses version 1.1 of #5137.
diff --git a/ChangeLog.d/psa_rsa_needs_pk.txt b/ChangeLog.d/psa_rsa_needs_pk.txt
new file mode 100644
index 0000000..995963d
--- /dev/null
+++ b/ChangeLog.d/psa_rsa_needs_pk.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
+ MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408.
+ * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
+ MBEDTLS_PK_PARSE_C. Fixes #6409.
diff --git a/ChangeLog.d/tls13-misc.txt b/ChangeLog.d/tls13-misc.txt
new file mode 100644
index 0000000..497ed38
--- /dev/null
+++ b/ChangeLog.d/tls13-misc.txt
@@ -0,0 +1,9 @@
+Features
+ * Mbed TLS supports TLS 1.3 key establishment via pre-shared keys,
+ pre-shared keys provisioned externally or via the ticket mechanism
+ (session resumption).
+ The MBEDTLS_SSL_SESSION_TICKETS configuration option controls the support
+ for the ticket mechanism.
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED configuration options
+ have been introduced to control the support for the three possible
+ TLS 1.3 key exchange modes.
diff --git a/README.md b/README.md
index 9c9cf91..1a4edb0 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@
The main Mbed TLS documentation is available via [ReadTheDocs](https://mbed-tls.readthedocs.io/).
-Documentation for the PSA Cryptography API is available [on GitHub](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface).
+Documentation for the PSA Cryptography API is available [on GitHub](https://arm-software.github.io/psa-api/crypto/).
To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration:
@@ -242,7 +242,7 @@
- `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
- `tests/compat.sh` tests interoperability of every ciphersuite with other implementations.
- `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations.
-- `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled
+- `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on.
- `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `mbedtls_config.h`, etc).
Porting Mbed TLS
@@ -265,11 +265,11 @@
PSA cryptography API
--------------------
-### PSA API design
+### PSA API
Arm's [Platform Security Architecture (PSA)](https://developer.arm.com/architectures/security-architectures/platform-security-architecture) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level.
-The [PSA cryptography API](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform.
+The [PSA cryptography API](https://arm-software.github.io/psa-api/crypto/) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform.
The design goals of the PSA cryptography API include:
@@ -281,10 +281,6 @@
Arm welcomes feedback on the design of the API. If you think something could be improved, please open an issue on our Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at [`mbed-crypto@arm.com`](mailto:mbed-crypto@arm.com). All feedback received by email is treated confidentially.
-### PSA API documentation
-
-A browsable copy of the PSA Cryptography API documents is available on the [PSA cryptography interfaces documentation portal](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) in [PDF](https://armmbed.github.io/mbed-crypto/PSA_Cryptography_API_Specification.pdf) and [HTML](https://armmbed.github.io/mbed-crypto/html/index.html) formats.
-
### PSA implementation in Mbed TLS
Mbed TLS includes a reference implementation of the PSA Cryptography API.
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index fc0087f..f30590b 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -28,9 +28,12 @@
- Mbed TLS does not support DHE key establishment.
- - Mbed TLS does not support pre-shared keys, including any form of
- session resumption. This implies that it does not support sending early
- data (0-RTT data).
+ - Mbed TLS supports pre-shared keys for key establishment, pre-shared keys
+ provisioned externally as well as provisioned via the ticket mechanism.
+
+ - Mbed TLS supports session resumption via the ticket mechanism.
+
+ - Mbed TLS does not support sending or receiving early data (0-RTT data).
- Supported cipher suites: depends on the library configuration. Potentially
all of them:
@@ -54,8 +57,8 @@
| server_certificate_type | no |
| padding | no |
| key_share | YES |
- | pre_shared_key | no |
- | psk_key_exchange_modes | no |
+ | pre_shared_key | YES |
+ | psk_key_exchange_modes | YES |
| early_data | no |
| cookie | no |
| supported_versions | YES |
@@ -118,7 +121,7 @@
| MBEDTLS_SSL_RENEGOTIATION | n/a |
| MBEDTLS_SSL_MAX_FRAGMENT_LENGTH | no |
| | |
- | MBEDTLS_SSL_SESSION_TICKETS | no |
+ | MBEDTLS_SSL_SESSION_TICKETS | yes |
| MBEDTLS_SSL_SERVER_NAME_INDICATION | yes |
| MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH | no |
| | |
@@ -141,10 +144,33 @@
| MBEDTLS_USE_PSA_CRYPTO | yes |
(1) These options must remain in their default state of enabled.
- (2) Key exchange configuration options for TLS 1.3 will likely to be
- organized around the notion of key exchange mode along the line
- of the MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL
- runtime configuration macros.
+ (2) See the TLS 1.3 specific build options section below.
+
+- TLS 1.3 specific build options:
+
+ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE enables the support for middlebox
+ compatibility mode as defined in section D.4 of RFC 8446.
+
+ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED enables the support for
+ the PSK key exchange mode as defined by RFC 8446. If it is the only key
+ exchange mode enabled, the TLS 1.3 implementation does not contain any code
+ related to key exchange protocols, certificates and signatures.
+
+ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED enables the
+ support for the ephemeral key exchange mode. If it is the only key exchange
+ mode enabled, the TLS 1.3 implementation does not contain any code related
+ to PSK based key exchange. The ephemeral key exchange mode requires at least
+ one of the key exchange protocol allowed by the TLS 1.3 specification, the
+ parsing and validation of x509 certificates and at least one signature
+ algorithm allowed by the TLS 1.3 specification for signature computing and
+ verification.
+
+ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED enables the
+ support for the PSK ephemeral key exchange mode. If it is the only key
+ exchange mode enabled, the TLS 1.3 implementation does not contain any code
+ related to certificates and signatures. The PSK ephemeral key exchange
+ mode requires at least one of the key exchange protocol allowed by the
+ TLS 1.3 specification.
Prototype upstreaming status
@@ -152,8 +178,7 @@
The following parts of the TLS 1.3 prototype remain to be upstreamed:
-- Pre-shared keys, session resumption and 0-RTT data (both client and server
- side).
+- Sending (client) and receiving (server) early data (0-RTT data).
- New TLS Message Processing Stack (MPS)
diff --git a/docs/proposed/psa-driver-developer-guide.md b/docs/proposed/psa-driver-developer-guide.md
index 70cb9d3..b39f559 100644
--- a/docs/proposed/psa-driver-developer-guide.md
+++ b/docs/proposed/psa-driver-developer-guide.md
@@ -36,6 +36,12 @@
Mbed TLS calls driver entry points [as specified in the PSA Cryptography Driver Interface specification](psa-driver-interface.html#driver-entry-points) except as otherwise indicated in this section.
+## Mbed TLS extensions
+
+The driver description can include Mbed TLS extensions (marked by the namespace "mbedtls"). Mbed TLS extensions are meant to extend/help integrating the driver into the library's infrastructure.
+* `"mbedtls/h_condition"` (optional, string) can include complex preprocessor definitions to conditionally include header files for a given driver.
+* `"mbedtls/c_condition"` (optional, string) can include complex preprocessor definitions to conditionally enable dispatch capabilities for a driver.
+
## Building and testing your driver
<!-- TODO -->
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
index 6172159..6144aad 100644
--- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
+++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
@@ -13,20 +13,28 @@
## Prerequisites
-Python3 and Jinja2 rev 2.10.1
+Python3, Jinja2 rev 2.10.1 and jsonschema rev 3.2.0
## Feature Version
-1.0
+1.1
### What's critical for a migrating user
The Driver Wrapper auto generation project is designed to use a python templating library ( Jinja2 ) to render templates based on drivers that are defined using a Driver description JSON file(s).
-While that is the larger goal, for version 1.0 here's what's changed
+While that is the larger goal, for version 1.1 here's what's changed
#### What's changed
(1) psa_crypto_driver_wrappers.c will from this point on be auto generated.
-(2) The auto generation is based on the template file at scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja.
-(3) So while all driver wrapper templating support is yet to come in, the library user will need to patch into the template file as needed, this could be read as replacing the template file with the current psa_crypto_driver_wrappers.c file maintained by the library user.
+(2) The auto generation is based on the template file at **scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja**.
+(3) The driver JSONS to be used for generating the psa_crypto_driver_wrappers.c file can be found at **scripts/data_files/driver_jsons/** as their default location, this path includes the schemas against which the driver schemas will be validated (driver_opaque_schema.json, driver_transparent_schema.json) and a driverlist.json which specifies the drivers to be considered and the order in which they want to be called into. The default location for driverlist.json and driver JSONS can be overloaded by passing an argument --json-dir while running the script generate_driver_wrappers.py.
+(4) While the complete driver wrapper templating support is yet to come in, if the library user sees a need to patch psa_crypto_driver_wrappers.c file, the user will need to patch into the template file as needed (psa_crypto_driver_wrappers.c.jinja).
+
+#### How to set your driver up
+
+Please refer to psa-driver-interface.md for information on how a driver schema can be written.
+One can also refer to the example test drivers/ JSON schemas under **scripts/data_files/driver_jsons/**.
+
+The JSON file 'driverlist.json' is meant to be edited by the user to reflect the drivers one wants to use on a device. The order in which the drivers are passed is also essential if/when there are multiple transparent drivers on a given system to retain the same order in the templating.
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index be2cae7..8b66ee2 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -24,6 +24,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
#include <stddef.h>
@@ -606,25 +607,41 @@
const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
const char *oid, size_t len );
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Free a mbedtls_asn1_named_data entry
*
+ * \deprecated This function is deprecated and will be removed in a
+ * future version of the library.
+ * Please use mbedtls_asn1_free_named_data_list()
+ * or mbedtls_asn1_free_named_data_list_shallow().
+ *
* \param entry The named data entry to free.
* This function calls mbedtls_free() on
* `entry->oid.p` and `entry->val.p`.
*/
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+void MBEDTLS_DEPRECATED mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Free all entries in a mbedtls_asn1_named_data list.
*
* \param head Pointer to the head of the list of named data entries to free.
- * This function calls mbedtls_asn1_free_named_data() and
- * mbedtls_free() on each list element and
- * sets \c *head to \c NULL.
+ * This function calls mbedtls_free() on
+ * `entry->oid.p` and `entry->val.p` and then on `entry`
+ * for each list entry, and sets \c *head to \c NULL.
*/
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+/**
+ * \brief Free all shallow entries in a mbedtls_asn1_named_data list,
+ * but do not free internal pointer targets.
+ *
+ * \param name Head of the list of named data entries to free.
+ * This function calls mbedtls_free() on each list element.
+ */
+void mbedtls_asn1_free_named_data_list_shallow( mbedtls_asn1_named_data *name );
+
/** \} name Functions to parse ASN.1 data structures */
/** \} addtogroup asn1_module */
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index ee37430..9d15955 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -758,11 +758,11 @@
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
- * quotient is not needed.
+ * quotient is not needed. This must not alias A or B.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
- * remainder is not needed.
- * \param A The dividend. This must point to an initialized MPi.
+ * remainder is not needed. This must not alias A or B.
+ * \param A The dividend. This must point to an initialized MPI.
* \param B The divisor. This must point to an initialized MPI.
*
* \return \c 0 if successful.
@@ -779,10 +779,10 @@
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
- * quotient is not needed.
+ * quotient is not needed. This must not alias A.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
- * remainder is not needed.
+ * remainder is not needed. This must not alias A.
* \param A The dividend. This must point to an initialized MPi.
* \param b The divisor.
*
@@ -837,6 +837,7 @@
* \brief Perform a sliding-window exponentiation: X = A^E mod N
*
* \param X The destination MPI. This must point to an initialized MPI.
+ * This must not alias E or N.
* \param A The base of the exponentiation.
* This must point to an initialized MPI.
* \param E The exponent MPI. This must point to an initialized MPI.
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 6195ac9..170cbeb 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -74,8 +74,55 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
-#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
+/* The PK wrappers need pk_write functions to format RSA key objects
+ * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO,
+ * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext().
+ * PSA crypto also needs pk_write to export RSA keys (otherwise the build
+ * goes through but psa_export_key() and psa_export_public_key() fail on
+ * RSA keys), and pk_parse to work with RSA keys in almost any way.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
+#define MBEDTLS_PK_C
#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PK_PARSE_C
+#endif
+
+/* Under MBEDTLS_USE_PSA_CRYPTO, the pk module needs pk_write functions
+ * to pass ECC keys to PSA. */
+#if defined(MBEDTLS_PK_C) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PK_WRITE_C
+#endif
+
+#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+#endif
+
+#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+#undef MBEDTLS_SSL_EARLY_DATA
+#endif
+
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
+#endif
+
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED
#endif
/* Make sure all configuration symbols are set before including check_config.h,
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 0081ca3..d36db4a 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -806,6 +806,19 @@
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
+#if !( defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ ( defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_PKCS1_V21) ) )
+#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites"
+#endif
+#endif
+
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
+#if !( defined(MBEDTLS_ECDH_C) )
+#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
+#endif
+#endif
+
/*
* The current implementation of TLS 1.3 requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE.
*/
@@ -829,6 +842,13 @@
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
#endif
+/* Early data requires PSK related mode defined */
+#if defined(MBEDTLS_SSL_EARLY_DATA) && \
+ ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
+ !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED))
+#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h
index c5de57a..fb1f7e9 100644
--- a/include/mbedtls/constant_time.h
+++ b/include/mbedtls/constant_time.h
@@ -1,6 +1,7 @@
/**
* Constant-time functions
- *
+ */
+/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 71b73ee..967f07b 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -245,10 +245,8 @@
* This must be initialized.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
- * is invalid.
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- * error code on failure for any other reason.
+ * error code on failure.
*/
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen,
diff --git a/include/mbedtls/legacy_or_psa.h b/include/mbedtls/legacy_or_psa.h
index 2156be9..f872dda 100644
--- a/include/mbedtls/legacy_or_psa.h
+++ b/include/mbedtls/legacy_or_psa.h
@@ -1,7 +1,10 @@
/**
* Macros to express dependencies for code and tests that may use either the
- * legacy API or PSA in various builds; mostly for internal use.
- *
+ * legacy API or PSA in various builds. This whole header file is currently
+ * for internal use only and both the header file and the macros it defines
+ * may change or be removed without notice.
+ */
+/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
index 5e03d9b..fe87d40 100644
--- a/include/mbedtls/lms.h
+++ b/include/mbedtls/lms.h
@@ -30,6 +30,7 @@
#include <stdint.h>
#include <stddef.h>
+#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 61007d8..b4c8635 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1130,7 +1130,7 @@
*
* Enable support for PKCS#1 v1.5 encoding.
*
- * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
+ * Requires: MBEDTLS_RSA_C
*
* This enables support for PKCS#1 v1.5 operations.
*/
@@ -1553,6 +1553,47 @@
//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
/**
+ * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+ *
+ * Enable TLS 1.3 PSK key exchange mode.
+ *
+ * Comment to disable support for the PSK key exchange mode in TLS 1.3. If
+ * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
+ * effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+ *
+ * Enable TLS 1.3 ephemeral key exchange mode.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C, MBEDTLS_ECDSA_C or
+ * MBEDTLS_PKCS1_V21
+ *
+ * Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
+ * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
+ * effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+ *
+ * Enable TLS 1.3 PSK ephemeral key exchange mode.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * Comment to disable support for the PSK ephemeral key exchange mode in
+ * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
+ * have any effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+
+/**
* \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
*
* Maximum time difference in milliseconds tolerated between the age of a
@@ -1592,6 +1633,23 @@
#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
/**
+* \def MBEDTLS_SSL_EARLY_DATA
+*
+* Enable support for RFC 8446 TLS 1.3 early data.
+*
+* Requires: MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
+* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+*
+* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
+* is not enabled, this option does not have any effect on the build.
+*
+* This feature is experimental, not completed and thus not ready for
+* production.
+*
+*/
+//#define MBEDTLS_SSL_EARLY_DATA
+
+/**
* \def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS (all available versions).
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 219d820..01ede40 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -329,6 +329,9 @@
#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
+#define MBEDTLS_SSL_EARLY_DATA_DISABLED 0
+#define MBEDTLS_SSL_EARLY_DATA_ENABLED 1
+
#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
@@ -1393,7 +1396,7 @@
void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_SSL_SRV_C)
/** Callback to retrieve PSK key from identity */
int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
@@ -1444,13 +1447,13 @@
void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
-#endif
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
@@ -1463,7 +1466,7 @@
mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
@@ -1494,7 +1497,13 @@
* Its value is non-zero if and only if
* \c psk is not \c NULL or \c psk_opaque
* is not \c 0. */
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ int MBEDTLS_PRIVATE(early_data_enabled); /*!< Early data enablement:
+ * - MBEDTLS_SSL_EARLY_DATA_DISABLED,
+ * - MBEDTLS_SSL_EARLY_DATA_ENABLED */
+#endif /* MBEDTLS_SSL_EARLY_DATA */
#if defined(MBEDTLS_SSL_ALPN)
const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
@@ -1905,6 +1914,30 @@
*/
void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
+/**
+* \brief Set the early data mode
+* Default: disabled on server and client
+*
+* \param conf The SSL configuration to use.
+* \param early_data_enabled can be:
+*
+* MBEDTLS_SSL_EARLY_DATA_DISABLED: early data functionality is disabled
+* This is the default on client and server.
+*
+* MBEDTLS_SSL_EARLY_DATA_ENABLED: early data functionality is enabled and
+* may be negotiated in the handshake. Application using
+* early data functionality needs to be aware of the
+* lack of replay protection of the early data application
+* payloads.
+*
+* \warning This interface is experimental and may change without notice.
+*
+*/
+void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
+ int early_data_enabled );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Set the verification callback (Optional).
@@ -3296,7 +3329,7 @@
mbedtls_pk_context *pk_key );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
/**
* \brief Configure pre-shared keys (PSKs) and their
* identities to be used in PSK-based ciphersuites.
@@ -3465,7 +3498,7 @@
size_t),
void *p_psk );
#endif /* MBEDTLS_SSL_SRV_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
/**
@@ -3598,7 +3631,7 @@
void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
const uint16_t *groups );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
/**
* \brief Set the allowed hashes for signatures during the handshake.
@@ -3644,7 +3677,7 @@
*/
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
const uint16_t* sig_algs );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index cd6ccbc..b46116e 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -292,6 +292,11 @@
#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
+#define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
+#endif
+
/* Key exchanges allowing client certificate requests */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
@@ -341,6 +346,11 @@
#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
+#define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
+#endif
+
/* Key exchanges using DHE */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 6c09b3a..d2b7648 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -1146,6 +1146,19 @@
unsigned int key_usage );
/**
+ * \brief Set the Extended Key Usage Extension
+ * (e.g. MBEDTLS_OID_SERVER_AUTH)
+ *
+ * \param ctx CRT context to use
+ * \param exts extended key usage extensions to set, a sequence of
+ * MBEDTLS_ASN1_OID objects
+ *
+ * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_ext_key_usage( mbedtls_x509write_cert *ctx,
+ const mbedtls_asn1_sequence *exts );
+
+/**
* \brief Set the Netscape Cert Type flags
* (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
*
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 6c2e06e..4f65398 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -1765,9 +1765,9 @@
primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
PSA_ECC_FAMILY_SECP_R1, 256) ? \
( \
- output_step == PSA_PAKE_STEP_KEY_SHARE ? 69 : \
- output_step == PSA_PAKE_STEP_ZK_PUBLIC ? 66 : \
- 33 \
+ output_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
+ output_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
+ 32 \
) : \
0 )
@@ -1795,9 +1795,9 @@
primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
PSA_ECC_FAMILY_SECP_R1, 256) ? \
( \
- input_step == PSA_PAKE_STEP_KEY_SHARE ? 69 : \
- input_step == PSA_PAKE_STEP_ZK_PUBLIC ? 66 : \
- 33 \
+ input_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
+ input_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
+ 32 \
) : \
0 )
@@ -1808,7 +1808,7 @@
*
* See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p step).
*/
-#define PSA_PAKE_OUTPUT_MAX_SIZE 69
+#define PSA_PAKE_OUTPUT_MAX_SIZE 65
/** Input buffer size for psa_pake_input() for any of the supported PAKE
* algorithm and primitive suites and input step.
@@ -1817,7 +1817,7 @@
*
* See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p step).
*/
-#define PSA_PAKE_INPUT_MAX_SIZE 69
+#define PSA_PAKE_INPUT_MAX_SIZE 65
/** Returns a suitable initializer for a PAKE cipher suite object of type
* psa_pake_cipher_suite_t.
@@ -1906,7 +1906,10 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
#include <mbedtls/ecjpake.h>
-#define PSA_PAKE_BUFFER_SIZE ( ( 69 + 66 + 33 ) * 2 )
+/* Note: the format for mbedtls_ecjpake_read/write function has an extra
+ * length byte for each step, plus an extra 3 bytes for ECParameters in the
+ * server's 2nd round. */
+#define MBEDTLS_PSA_PAKE_BUFFER_SIZE ( ( 3 + 1 + 65 + 1 + 65 + 1 + 32 ) * 2 )
#endif
struct psa_pake_operation_s
@@ -1919,7 +1922,7 @@
unsigned int MBEDTLS_PRIVATE(output_step);
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(password);
psa_pake_role_t MBEDTLS_PRIVATE(role);
- uint8_t MBEDTLS_PRIVATE(buffer[PSA_PAKE_BUFFER_SIZE]);
+ uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_PAKE_BUFFER_SIZE]);
size_t MBEDTLS_PRIVATE(buffer_length);
size_t MBEDTLS_PRIVATE(buffer_offset);
#endif
diff --git a/library/aria.c b/library/aria.c
index f78d289..924f952 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -888,15 +888,17 @@
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
-#define ARIA_SELF_TEST_IF_FAIL \
- { \
- if( verbose ) \
- mbedtls_printf( "failed\n" ); \
- goto exit; \
- } else { \
- if( verbose ) \
- mbedtls_printf( "passed\n" ); \
- }
+#define ARIA_SELF_TEST_ASSERT( cond ) \
+ do { \
+ if( cond ) { \
+ if( verbose ) \
+ mbedtls_printf( "failed\n" ); \
+ goto exit; \
+ } else { \
+ if( verbose ) \
+ mbedtls_printf( "passed\n" ); \
+ } \
+ } while( 0 )
/*
* Checkup routine
@@ -930,16 +932,18 @@
mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk );
- if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 )
- ARIA_SELF_TEST_IF_FAIL;
+ ARIA_SELF_TEST_ASSERT(
+ memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE )
+ != 0 );
/* test ECB decryption */
if( verbose )
mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i );
mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk );
- if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 )
- ARIA_SELF_TEST_IF_FAIL;
+ ARIA_SELF_TEST_ASSERT(
+ memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE )
+ != 0 );
}
if( verbose )
mbedtls_printf( "\n" );
@@ -958,8 +962,8 @@
memset( buf, 0x55, sizeof( buf ) );
mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
aria_test2_pt, buf );
- if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 )
- ARIA_SELF_TEST_IF_FAIL;
+ ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 )
+ != 0 );
/* Test CBC decryption */
if( verbose )
@@ -969,8 +973,7 @@
memset( buf, 0xAA, sizeof( buf ) );
mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
aria_test2_cbc_ct[i], buf );
- if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
- ARIA_SELF_TEST_IF_FAIL;
+ ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
}
if( verbose )
mbedtls_printf( "\n" );
@@ -989,8 +992,7 @@
j = 0;
mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
aria_test2_pt, buf );
- if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 )
- ARIA_SELF_TEST_IF_FAIL;
+ ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 );
/* Test CFB decryption */
if( verbose )
@@ -1001,8 +1003,7 @@
j = 0;
mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
iv, aria_test2_cfb_ct[i], buf );
- if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
- ARIA_SELF_TEST_IF_FAIL;
+ ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
}
if( verbose )
mbedtls_printf( "\n" );
@@ -1020,8 +1021,7 @@
j = 0;
mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
aria_test2_pt, buf );
- if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 )
- ARIA_SELF_TEST_IF_FAIL;
+ ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 );
/* Test CTR decryption */
if( verbose )
@@ -1032,8 +1032,7 @@
j = 0;
mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
aria_test2_ctr_ct[i], buf );
- if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
- ARIA_SELF_TEST_IF_FAIL;
+ ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
}
if( verbose )
mbedtls_printf( "\n" );
diff --git a/library/asn1parse.c b/library/asn1parse.c
index d874fff..28a3b14 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -314,7 +314,6 @@
while( seq != NULL )
{
mbedtls_asn1_sequence *next = seq->next;
- mbedtls_platform_zeroize( seq, sizeof( *seq ) );
mbedtls_free( seq );
seq = next;
}
@@ -432,6 +431,7 @@
return( 0 );
}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
{
if( cur == NULL )
@@ -442,6 +442,7 @@
mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
{
@@ -450,11 +451,21 @@
while( ( cur = *head ) != NULL )
{
*head = cur->next;
- mbedtls_asn1_free_named_data( cur );
+ mbedtls_free( cur->oid.p );
+ mbedtls_free( cur->val.p );
mbedtls_free( cur );
}
}
+void mbedtls_asn1_free_named_data_list_shallow( mbedtls_asn1_named_data *name )
+{
+ for( mbedtls_asn1_named_data *next; name != NULL; name = next )
+ {
+ next = name->next;
+ mbedtls_free( name );
+ }
+}
+
const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
const char *oid, size_t len )
{
diff --git a/library/asn1write.c b/library/asn1write.c
index f1adcb5..98c591d 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -72,9 +72,11 @@
return( 4 );
}
+ int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF
- if( len <= 0xFFFFFFFF )
+ len_is_valid = ( len <= 0xFFFFFFFF );
#endif
+ if( len_is_valid )
{
if( *p - start < 5 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@@ -87,9 +89,7 @@
return( 5 );
}
-#if SIZE_MAX > 0xFFFFFFFF
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-#endif
}
int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start, unsigned char tag )
diff --git a/library/bignum.c b/library/bignum.c
index 1c7f919..521787d 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -771,42 +771,9 @@
*/
int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
{
- size_t i, v0, v1;
- mbedtls_mpi_uint r0 = 0, r1;
MPI_VALIDATE_RET( X != NULL );
-
- v0 = count / biL;
- v1 = count & (biL - 1);
-
- if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
- return mbedtls_mpi_lset( X, 0 );
-
- /*
- * shift by count / limb_size
- */
- if( v0 > 0 )
- {
- for( i = 0; i < X->n - v0; i++ )
- X->p[i] = X->p[i + v0];
-
- for( ; i < X->n; i++ )
- X->p[i] = 0;
- }
-
- /*
- * shift by count % limb_size
- */
- if( v1 > 0 )
- {
- for( i = X->n; i > 0; i-- )
- {
- r1 = X->p[i - 1] << (biL - v1);
- X->p[i - 1] >>= v1;
- X->p[i - 1] |= r0;
- r0 = r1;
- }
- }
-
+ if( X->n != 0 )
+ mbedtls_mpi_core_shift_r( X->p, X->n, count );
return( 0 );
}
@@ -900,8 +867,7 @@
int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i, j;
- mbedtls_mpi_uint *o, *p, c, tmp;
+ size_t j;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
@@ -915,7 +881,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
/*
- * X should always be positive as a result of unsigned additions.
+ * X must always be positive as a result of unsigned additions.
*/
X->s = 1;
@@ -925,27 +891,25 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
- o = B->p; p = X->p; c = 0;
+ /* j is the number of non-zero limbs of B. Add those to X. */
- /*
- * tmp is used because it might happen that p == o
- */
- for( i = 0; i < j; i++, o++, p++ )
- {
- tmp= *o;
- *p += c; c = ( *p < c );
- *p += tmp; c += ( *p < tmp );
- }
+ mbedtls_mpi_uint *p = X->p;
+
+ mbedtls_mpi_uint c = mbedtls_mpi_core_add( p, p, B->p, j );
+
+ p += j;
+
+ /* Now propagate any carry */
while( c != 0 )
{
- if( i >= X->n )
+ if( j >= X->n )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) );
- p = X->p + i;
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j + 1 ) );
+ p = X->p + j;
}
- *p += c; c = ( *p < c ); i++; p++;
+ *p += c; c = ( *p < c ); j++; p++;
}
cleanup:
@@ -1967,39 +1931,11 @@
return( ret );
}
-/* Fill X with n_bytes random bytes.
- * X must already have room for those bytes.
- * The ordering of the bytes returned from the RNG is suitable for
- * deterministic ECDSA (see RFC 6979 §3.3 and mbedtls_mpi_random()).
- * The size and sign of X are unchanged.
- * n_bytes must not be 0.
- */
-static int mpi_fill_random_internal(
- mbedtls_mpi *X, size_t n_bytes,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const size_t limbs = CHARS_TO_LIMBS( n_bytes );
- const size_t overhead = ( limbs * ciL ) - n_bytes;
-
- if( X->n < limbs )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
- memset( X->p, 0, overhead );
- memset( (unsigned char *) X->p + limbs * ciL, 0, ( X->n - limbs ) * ciL );
- MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X->p + overhead, n_bytes ) );
- mbedtls_mpi_core_bigendian_to_host( X->p, limbs );
-
-cleanup:
- return( ret );
-}
-
/*
* Fill X with size bytes of random.
- *
- * Use a temporary bytes representation to make sure the result is the same
- * regardless of the platform endianness (useful when f_rng is actually
- * deterministic, eg for tests).
+ * The bytes returned from the RNG are used in a specific order which
+ * is suitable for deterministic ECDSA (see the specification of
+ * mbedtls_mpi_random() and the implementation in mbedtls_mpi_fill_random()).
*/
int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -2016,7 +1952,7 @@
if( size == 0 )
return( 0 );
- ret = mpi_fill_random_internal( X, size, f_rng, p_rng );
+ ret = mbedtls_mpi_core_fill_random( X->p, X->n, size, f_rng, p_rng );
cleanup:
return( ret );
@@ -2078,7 +2014,9 @@
*/
do
{
- MBEDTLS_MPI_CHK( mpi_fill_random_internal( X, n_bytes, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_core_fill_random( X->p, X->n,
+ n_bytes,
+ f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, 8 * n_bytes - n_bits ) );
if( --count == 0 )
diff --git a/library/bignum_core.c b/library/bignum_core.c
index 89fd404..34aecda 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -316,6 +316,67 @@
return( 0 );
}
+void mbedtls_mpi_core_shift_r( mbedtls_mpi_uint *X, size_t limbs,
+ size_t count )
+{
+ size_t i, v0, v1;
+ mbedtls_mpi_uint r0 = 0, r1;
+
+ v0 = count / biL;
+ v1 = count & (biL - 1);
+
+ if( v0 > limbs || ( v0 == limbs && v1 > 0 ) )
+ {
+ memset( X, 0, limbs * ciL );
+ return;
+ }
+
+ /*
+ * shift by count / limb_size
+ */
+ if( v0 > 0 )
+ {
+ for( i = 0; i < limbs - v0; i++ )
+ X[i] = X[i + v0];
+
+ for( ; i < limbs; i++ )
+ X[i] = 0;
+ }
+
+ /*
+ * shift by count % limb_size
+ */
+ if( v1 > 0 )
+ {
+ for( i = limbs; i > 0; i-- )
+ {
+ r1 = X[i - 1] << (biL - v1);
+ X[i - 1] >>= v1;
+ X[i - 1] |= r0;
+ r0 = r1;
+ }
+ }
+}
+
+mbedtls_mpi_uint mbedtls_mpi_core_add( mbedtls_mpi_uint *X,
+ const mbedtls_mpi_uint *A,
+ const mbedtls_mpi_uint *B,
+ size_t limbs )
+{
+ mbedtls_mpi_uint c = 0;
+
+ for( size_t i = 0; i < limbs; i++ )
+ {
+ mbedtls_mpi_uint t = c + A[i];
+ c = ( t < A[i] );
+ t += B[i];
+ c += ( t < B[i] );
+ X[i] = t;
+ }
+
+ return( c );
+}
+
mbedtls_mpi_uint mbedtls_mpi_core_add_if( mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
size_t limbs,
@@ -465,4 +526,98 @@
mbedtls_ct_mpi_uint_cond_assign( AN_limbs, X, T, (unsigned char) ( carry ^ borrow ) );
}
+int mbedtls_mpi_core_get_mont_r2_unsafe( mbedtls_mpi *X,
+ const mbedtls_mpi *N )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, N->n * 2 * biL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( X, X, N ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( X, N->n ) );
+
+cleanup:
+ return( ret );
+}
+
+void mbedtls_mpi_core_ct_uint_table_lookup( mbedtls_mpi_uint *dest,
+ const mbedtls_mpi_uint *table,
+ size_t limbs,
+ size_t count,
+ size_t index )
+{
+ for( size_t i = 0; i < count; i++, table += limbs )
+ {
+ unsigned char assign = mbedtls_ct_size_bool_eq( i, index );
+ mbedtls_mpi_core_cond_assign( dest, table, limbs, assign );
+ }
+}
+
+/* Fill X with n_bytes random bytes.
+ * X must already have room for those bytes.
+ * The ordering of the bytes returned from the RNG is suitable for
+ * deterministic ECDSA (see RFC 6979 §3.3 and the specification of
+ * mbedtls_mpi_core_random()).
+ */
+int mbedtls_mpi_core_fill_random(
+ mbedtls_mpi_uint *X, size_t X_limbs,
+ size_t n_bytes,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const size_t limbs = CHARS_TO_LIMBS( n_bytes );
+ const size_t overhead = ( limbs * ciL ) - n_bytes;
+
+ if( X_limbs < limbs )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+ memset( X, 0, overhead );
+ memset( (unsigned char *) X + limbs * ciL, 0, ( X_limbs - limbs ) * ciL );
+ MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X + overhead, n_bytes ) );
+ mbedtls_mpi_core_bigendian_to_host( X, limbs );
+
+cleanup:
+ return( ret );
+}
+
+/* BEGIN MERGE SLOT 1 */
+
+/* END MERGE SLOT 1 */
+
+/* BEGIN MERGE SLOT 2 */
+
+/* END MERGE SLOT 2 */
+
+/* BEGIN MERGE SLOT 3 */
+
+/* END MERGE SLOT 3 */
+
+/* BEGIN MERGE SLOT 4 */
+
+/* END MERGE SLOT 4 */
+
+/* BEGIN MERGE SLOT 5 */
+
+/* END MERGE SLOT 5 */
+
+/* BEGIN MERGE SLOT 6 */
+
+/* END MERGE SLOT 6 */
+
+/* BEGIN MERGE SLOT 7 */
+
+/* END MERGE SLOT 7 */
+
+/* BEGIN MERGE SLOT 8 */
+
+/* END MERGE SLOT 8 */
+
+/* BEGIN MERGE SLOT 9 */
+
+/* END MERGE SLOT 9 */
+
+/* BEGIN MERGE SLOT 10 */
+
+/* END MERGE SLOT 10 */
+
#endif /* MBEDTLS_BIGNUM_C */
diff --git a/library/bignum_core.h b/library/bignum_core.h
index 196736d..ad04e08 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -262,6 +262,43 @@
unsigned char *output,
size_t output_length );
+/** \brief Shift an MPI right in place by a number of bits.
+ *
+ * Shifting by more bits than there are bit positions
+ * in \p X is valid and results in setting \p X to 0.
+ *
+ * This function's execution time depends on the value
+ * of \p count (and of course \p limbs).
+ *
+ * \param[in,out] X The number to shift.
+ * \param limbs The number of limbs of \p X. This must be at least 1.
+ * \param count The number of bits to shift by.
+ */
+void mbedtls_mpi_core_shift_r( mbedtls_mpi_uint *X, size_t limbs,
+ size_t count );
+
+/**
+ * \brief Add two fixed-size large unsigned integers, returning the carry.
+ *
+ * Calculates `A + B` where `A` and `B` have the same size.
+ *
+ * This function operates modulo `2^(biL*limbs)` and returns the carry
+ * (1 if there was a wraparound, and 0 otherwise).
+ *
+ * \p X may be aliased to \p A or \p B.
+ *
+ * \param[out] X The result of the addition.
+ * \param[in] A Little-endian presentation of the left operand.
+ * \param[in] B Little-endian presentation of the right operand.
+ * \param limbs Number of limbs of \p X, \p A and \p B.
+ *
+ * \return 1 if `A + B >= 2^(biL*limbs)`, 0 otherwise.
+ */
+mbedtls_mpi_uint mbedtls_mpi_core_add( mbedtls_mpi_uint *X,
+ const mbedtls_mpi_uint *A,
+ const mbedtls_mpi_uint *B,
+ size_t limbs );
+
/**
* \brief Conditional addition of two fixed-size large unsigned integers,
* returning the carry.
@@ -397,4 +434,104 @@
const mbedtls_mpi_uint *N, size_t AN_limbs,
mbedtls_mpi_uint mm, mbedtls_mpi_uint *T );
+/**
+ * \brief Calculate the square of the Montgomery constant. (Needed
+ * for conversion and operations in Montgomery form.)
+ *
+ * \param[out] X A pointer to the result of the calculation of
+ * the square of the Montgomery constant:
+ * 2^{2*n*biL} mod N.
+ * \param[in] N Little-endian presentation of the modulus, which must be odd.
+ *
+ * \return 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if there is not enough space
+ * to store the value of Montgomery constant squared.
+ * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p N modulus is zero.
+ * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p N modulus is negative.
+ */
+int mbedtls_mpi_core_get_mont_r2_unsafe( mbedtls_mpi *X,
+ const mbedtls_mpi *N );
+
+/**
+ * Copy an MPI from a table without leaking the index.
+ *
+ * \param dest The destination buffer. This must point to a writable
+ * buffer of at least \p limbs limbs.
+ * \param table The address of the table. This must point to a readable
+ * array of \p count elements of \p limbs limbs each.
+ * \param limbs The number of limbs in each table entry.
+ * \param count The number of entries in \p table.
+ * \param index The (secret) table index to look up. This must be in the
+ * range `0 .. count-1`.
+ */
+void mbedtls_mpi_core_ct_uint_table_lookup( mbedtls_mpi_uint *dest,
+ const mbedtls_mpi_uint *table,
+ size_t limbs,
+ size_t count,
+ size_t index );
+
+/**
+ * \brief Fill an integer with a number of random bytes.
+ *
+ * \param X The destination MPI.
+ * \param X_limbs The number of limbs of \p X.
+ * \param bytes The number of random bytes to generate.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng doesn't need a context argument.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X does not have
+ * enough room for \p bytes bytes.
+ * \return A negative error code on RNG failure.
+ *
+ * \note The bytes obtained from the RNG are interpreted
+ * as a big-endian representation of an MPI; this can
+ * be relevant in applications like deterministic ECDSA.
+ */
+int mbedtls_mpi_core_fill_random( mbedtls_mpi_uint *X, size_t X_limbs,
+ size_t bytes,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+/* BEGIN MERGE SLOT 1 */
+
+/* END MERGE SLOT 1 */
+
+/* BEGIN MERGE SLOT 2 */
+
+/* END MERGE SLOT 2 */
+
+/* BEGIN MERGE SLOT 3 */
+
+/* END MERGE SLOT 3 */
+
+/* BEGIN MERGE SLOT 4 */
+
+/* END MERGE SLOT 4 */
+
+/* BEGIN MERGE SLOT 5 */
+
+/* END MERGE SLOT 5 */
+
+/* BEGIN MERGE SLOT 6 */
+
+/* END MERGE SLOT 6 */
+
+/* BEGIN MERGE SLOT 7 */
+
+/* END MERGE SLOT 7 */
+
+/* BEGIN MERGE SLOT 8 */
+
+/* END MERGE SLOT 8 */
+
+/* BEGIN MERGE SLOT 9 */
+
+/* END MERGE SLOT 9 */
+
+/* BEGIN MERGE SLOT 10 */
+
+/* END MERGE SLOT 10 */
+
#endif /* MBEDTLS_BIGNUM_CORE_H */
diff --git a/library/bignum_mod.c b/library/bignum_mod.c
index f2c11a5..13108c5 100644
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@@ -77,7 +77,14 @@
switch( m->int_rep )
{
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
- mbedtls_free( m->rep.mont );
+ if (m->rep.mont.rr != NULL)
+ {
+ mbedtls_platform_zeroize( (mbedtls_mpi_uint *) m->rep.mont.rr,
+ m->limbs );
+ mbedtls_free( (mbedtls_mpi_uint *)m->rep.mont.rr );
+ m->rep.mont.rr = NULL;
+ }
+ m->rep.mont.mm = 0;
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
mbedtls_free( m->rep.ored );
@@ -93,6 +100,41 @@
m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
}
+static int set_mont_const_square( const mbedtls_mpi_uint **X,
+ const mbedtls_mpi_uint *A,
+ size_t limbs )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi N;
+ mbedtls_mpi RR;
+ *X = NULL;
+
+ mbedtls_mpi_init( &N );
+ mbedtls_mpi_init( &RR );
+
+ if ( A == NULL || limbs == 0 || limbs >= ( MBEDTLS_MPI_MAX_LIMBS / 2 ) - 2 )
+ goto cleanup;
+
+ if ( mbedtls_mpi_grow( &N, limbs ) )
+ goto cleanup;
+
+ memcpy( N.p, A, sizeof(mbedtls_mpi_uint) * limbs );
+
+ ret = mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N);
+
+ if ( ret == 0 )
+ {
+ *X = RR.p;
+ RR.p = NULL;
+ }
+
+cleanup:
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&RR);
+ ret = ( ret != 0 ) ? MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED : 0;
+ return( ret );
+}
+
int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m,
const mbedtls_mpi_uint *p,
size_t p_limbs,
@@ -120,7 +162,8 @@
{
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
m->int_rep = int_rep;
- m->rep.mont = NULL;
+ m->rep.mont.mm = mbedtls_mpi_core_montmul_init( m->p );
+ ret = set_mont_const_square( &m->rep.mont.rr, m->p, m->limbs );
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
m->int_rep = int_rep;
@@ -141,4 +184,44 @@
return( ret );
}
+/* BEGIN MERGE SLOT 1 */
+
+/* END MERGE SLOT 1 */
+
+/* BEGIN MERGE SLOT 2 */
+
+/* END MERGE SLOT 2 */
+
+/* BEGIN MERGE SLOT 3 */
+
+/* END MERGE SLOT 3 */
+
+/* BEGIN MERGE SLOT 4 */
+
+/* END MERGE SLOT 4 */
+
+/* BEGIN MERGE SLOT 5 */
+
+/* END MERGE SLOT 5 */
+
+/* BEGIN MERGE SLOT 6 */
+
+/* END MERGE SLOT 6 */
+
+/* BEGIN MERGE SLOT 7 */
+
+/* END MERGE SLOT 7 */
+
+/* BEGIN MERGE SLOT 8 */
+
+/* END MERGE SLOT 8 */
+
+/* BEGIN MERGE SLOT 9 */
+
+/* END MERGE SLOT 9 */
+
+/* BEGIN MERGE SLOT 10 */
+
+/* END MERGE SLOT 10 */
+
#endif /* MBEDTLS_BIGNUM_C */
diff --git a/library/bignum_mod.h b/library/bignum_mod.h
index c25eb87..29c26f2 100644
--- a/library/bignum_mod.h
+++ b/library/bignum_mod.h
@@ -53,7 +53,11 @@
size_t limbs;
} mbedtls_mpi_mod_residue;
-typedef void *mbedtls_mpi_mont_struct;
+typedef struct {
+ mbedtls_mpi_uint const *rr; /* The residue for 2^{2*n*biL} mod N */
+ mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */
+} mbedtls_mpi_mont_struct;
+
typedef void *mbedtls_mpi_opt_red_struct;
typedef struct {
@@ -144,4 +148,44 @@
*/
void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m );
+/* BEGIN MERGE SLOT 1 */
+
+/* END MERGE SLOT 1 */
+
+/* BEGIN MERGE SLOT 2 */
+
+/* END MERGE SLOT 2 */
+
+/* BEGIN MERGE SLOT 3 */
+
+/* END MERGE SLOT 3 */
+
+/* BEGIN MERGE SLOT 4 */
+
+/* END MERGE SLOT 4 */
+
+/* BEGIN MERGE SLOT 5 */
+
+/* END MERGE SLOT 5 */
+
+/* BEGIN MERGE SLOT 6 */
+
+/* END MERGE SLOT 6 */
+
+/* BEGIN MERGE SLOT 7 */
+
+/* END MERGE SLOT 7 */
+
+/* BEGIN MERGE SLOT 8 */
+
+/* END MERGE SLOT 8 */
+
+/* BEGIN MERGE SLOT 9 */
+
+/* END MERGE SLOT 9 */
+
+/* BEGIN MERGE SLOT 10 */
+
+/* END MERGE SLOT 10 */
+
#endif /* MBEDTLS_BIGNUM_MOD_H */
diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c
index 4b8a698..a329e86 100644
--- a/library/bignum_mod_raw.c
+++ b/library/bignum_mod_raw.c
@@ -102,4 +102,44 @@
}
}
+/* BEGIN MERGE SLOT 1 */
+
+/* END MERGE SLOT 1 */
+
+/* BEGIN MERGE SLOT 2 */
+
+/* END MERGE SLOT 2 */
+
+/* BEGIN MERGE SLOT 3 */
+
+/* END MERGE SLOT 3 */
+
+/* BEGIN MERGE SLOT 4 */
+
+/* END MERGE SLOT 4 */
+
+/* BEGIN MERGE SLOT 5 */
+
+/* END MERGE SLOT 5 */
+
+/* BEGIN MERGE SLOT 6 */
+
+/* END MERGE SLOT 6 */
+
+/* BEGIN MERGE SLOT 7 */
+
+/* END MERGE SLOT 7 */
+
+/* BEGIN MERGE SLOT 8 */
+
+/* END MERGE SLOT 8 */
+
+/* BEGIN MERGE SLOT 9 */
+
+/* END MERGE SLOT 9 */
+
+/* BEGIN MERGE SLOT 10 */
+
+/* END MERGE SLOT 10 */
+
#endif /* MBEDTLS_BIGNUM_C */
diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h
index 6f8f155..30648d3 100644
--- a/library/bignum_mod_raw.h
+++ b/library/bignum_mod_raw.h
@@ -138,4 +138,44 @@
unsigned char *output,
size_t output_length );
+/* BEGIN MERGE SLOT 1 */
+
+/* END MERGE SLOT 1 */
+
+/* BEGIN MERGE SLOT 2 */
+
+/* END MERGE SLOT 2 */
+
+/* BEGIN MERGE SLOT 3 */
+
+/* END MERGE SLOT 3 */
+
+/* BEGIN MERGE SLOT 4 */
+
+/* END MERGE SLOT 4 */
+
+/* BEGIN MERGE SLOT 5 */
+
+/* END MERGE SLOT 5 */
+
+/* BEGIN MERGE SLOT 6 */
+
+/* END MERGE SLOT 6 */
+
+/* BEGIN MERGE SLOT 7 */
+
+/* END MERGE SLOT 7 */
+
+/* BEGIN MERGE SLOT 8 */
+
+/* END MERGE SLOT 8 */
+
+/* BEGIN MERGE SLOT 9 */
+
+/* END MERGE SLOT 9 */
+
+/* BEGIN MERGE SLOT 10 */
+
+/* END MERGE SLOT 10 */
+
#endif /* MBEDTLS_BIGNUM_MOD_RAW_H */
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index 9cc63c2..1e4a3ab 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -138,6 +138,7 @@
* \param B The right-hand MPI. This must point to an array of limbs
* with the same allocated length as \p A.
* \param limbs The number of limbs in \p A and \p B.
+ * This must not be 0.
*
* \return The result of the comparison:
* \c 1 if \p A is less than \p B.
diff --git a/library/ecdh.c b/library/ecdh.c
index 35ab1b7..c9c2e06 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -71,10 +71,12 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- /* If multiplication is in progress, we already generated a privkey */
+ int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx == NULL || rs_ctx->rsm == NULL )
+ restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
#endif
+ /* If multiplication is in progress, we already generated a privkey */
+ if( !restarting )
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G,
diff --git a/library/ecp.c b/library/ecp.c
index ee6c24a..37f6090 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2279,12 +2279,14 @@
mbedtls_free( T );
}
- /* don't free R while in progress in case R == P */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
-#endif
/* prevent caller from using invalid value */
- if( ret != 0 )
+ int should_free_R = ( ret != 0 );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ /* don't free R while in progress in case R == P */
+ if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ should_free_R = 0;
+#endif
+ if( should_free_R )
mbedtls_ecp_point_free( R );
ECP_RS_LEAVE( rsm );
@@ -2459,7 +2461,7 @@
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
/* Loop invariant: R = result so far, RP = R + P */
- i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */
+ i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */
while( i-- > 0 )
{
b = mbedtls_mpi_get_bit( m, i );
@@ -2529,10 +2531,12 @@
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+ int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE)
- /* skip argument check when restarting */
- if( rs_ctx == NULL || rs_ctx->rsm == NULL )
+ restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
#endif
+ /* skip argument check when restarting */
+ if( !restarting )
{
/* check_privkey is free */
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK );
@@ -2658,14 +2662,17 @@
if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
{
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
}
else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
{
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
}
else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
{
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
MPI_ECP_NEG( &R->Y );
}
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 48969b3..730ef95 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -24,6 +24,7 @@
#include "psa_crypto_aead.h"
#include "psa_crypto_core.h"
+#include "psa_crypto_cipher.h"
#include <string.h>
#include "mbedtls/platform.h"
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index fae9847..3bd5360 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -1,5 +1,5 @@
/*
- * PSA cipher driver entry points
+ * PSA cipher driver entry points and associated auxiliary functions
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 8c91b04..9863848 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -246,22 +246,6 @@
*/
psa_status_t mbedtls_to_psa_error( int ret );
-/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
- * as well as the PSA type and size of the key to be used with the cipher
- * algorithm.
- *
- * \param alg PSA cipher algorithm identifier
- * \param key_type PSA key type
- * \param key_bits Size of the key in bits
- * \param[out] cipher_id Mbed TLS cipher algorithm identifier
- *
- * \return The Mbed TLS cipher information of the cipher algorithm.
- * \c NULL if the PSA cipher algorithm is not supported.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
- psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
- mbedtls_cipher_id_t *cipher_id );
-
/** Import a key in binary format.
*
* \note The signature of this function is that of a PSA driver
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index dcf065a..d771e23 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -24,6 +24,7 @@
#include <psa/crypto.h>
#include "psa_crypto_core.h"
+#include "psa_crypto_cipher.h"
#include "psa_crypto_mac.h"
#include <mbedtls/md.h>
diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
index 10d3e4a..870b5b5 100644
--- a/library/psa_crypto_pake.c
+++ b/library/psa_crypto_pake.c
@@ -230,7 +230,7 @@
operation->input_step = PSA_PAKE_STEP_X1_X2;
operation->output_step = PSA_PAKE_STEP_X1_X2;
- mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
operation->buffer_length = 0;
operation->buffer_offset = 0;
@@ -385,7 +385,8 @@
}
#endif
-psa_status_t psa_pake_output( psa_pake_operation_t *operation,
+static psa_status_t psa_pake_output_internal(
+ psa_pake_operation_t *operation,
psa_pake_step_t step,
uint8_t *output,
size_t output_size,
@@ -427,10 +428,7 @@
if( operation->state == PSA_PAKE_STATE_SETUP ) {
status = psa_pake_ecjpake_setup( operation );
if( status != PSA_SUCCESS )
- {
- psa_pake_abort( operation );
return( status );
- }
}
if( operation->state != PSA_PAKE_STATE_READY &&
@@ -491,15 +489,12 @@
{
ret = mbedtls_ecjpake_write_round_one( &operation->ctx.ecjpake,
operation->buffer,
- PSA_PAKE_BUFFER_SIZE,
+ MBEDTLS_PSA_PAKE_BUFFER_SIZE,
&operation->buffer_length,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE );
if( ret != 0 )
- {
- psa_pake_abort( operation );
return( mbedtls_ecjpake_to_psa_error( ret ) );
- }
operation->buffer_offset = 0;
}
@@ -508,68 +503,47 @@
{
ret = mbedtls_ecjpake_write_round_two( &operation->ctx.ecjpake,
operation->buffer,
- PSA_PAKE_BUFFER_SIZE,
+ MBEDTLS_PSA_PAKE_BUFFER_SIZE,
&operation->buffer_length,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE );
if( ret != 0 )
- {
- psa_pake_abort( operation );
return( mbedtls_ecjpake_to_psa_error( ret ) );
- }
operation->buffer_offset = 0;
}
/*
- * Steps sequences are stored as:
- * struct {
- * opaque point <1..2^8-1>;
- * } ECPoint;
+ * mbedtls_ecjpake_write_round_xxx() outputs thing in the format
+ * defined by draft-cragie-tls-ecjpake-01 section 7. The summary is
+ * that the data for each step is prepended with a length byte, and
+ * then they're concatenated. Additionally, the server's second round
+ * output is prepended with a 3-bytes ECParameters structure.
*
- * Where byte 0 stores the ECPoint curve point length.
- *
- * The sequence length is equal to:
- * - data length extracted from byte 0
- * - byte 0 size (1)
+ * In PSA, we output each step separately, and don't prepend the
+ * output with a length byte, even less a curve identifier, as that
+ * information is already available.
*/
if( operation->state == PSA_PAKE_OUTPUT_X2S &&
- operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE )
+ operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE &&
+ operation->role == PSA_PAKE_ROLE_SERVER )
{
- if( operation->role == PSA_PAKE_ROLE_SERVER )
- /*
- * The X2S KEY SHARE Server steps sequence is stored as:
- * struct {
- * ECPoint X;
- * opaque r <1..2^8-1>;
- * } ECSchnorrZKP;
- *
- * And MbedTLS uses a 3 bytes Ephemeral public key ECPoint,
- * so byte 3 stores the r Schnorr signature length.
- *
- * The sequence length is equal to:
- * - curve storage size (3)
- * - data length extracted from byte 3
- * - byte 3 size (1)
- */
- length = 3 + operation->buffer[3] + 1;
- else
- length = operation->buffer[0] + 1;
+ /* Skip ECParameters, with is 3 bytes (RFC 8422) */
+ operation->buffer_offset += 3;
}
- else
- length = operation->buffer[operation->buffer_offset] + 1;
- if( length > operation->buffer_length )
+ /* Read the length byte then move past it to the data */
+ length = operation->buffer[operation->buffer_offset];
+ operation->buffer_offset += 1;
+
+ if( operation->buffer_offset + length > operation->buffer_length )
return( PSA_ERROR_DATA_CORRUPT );
if( output_size < length )
- {
- psa_pake_abort( operation );
return( PSA_ERROR_BUFFER_TOO_SMALL );
- }
memcpy( output,
- operation->buffer + operation->buffer_offset,
+ operation->buffer + operation->buffer_offset,
length );
*output_length = length;
@@ -581,7 +555,7 @@
( operation->state == PSA_PAKE_OUTPUT_X2S &&
operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF ) )
{
- mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
operation->buffer_length = 0;
operation->buffer_offset = 0;
@@ -599,14 +573,29 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t psa_pake_input( psa_pake_operation_t *operation,
+psa_status_t psa_pake_output( psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = psa_pake_output_internal(
+ operation, step, output, output_size, output_length );
+
+ if( status != PSA_SUCCESS )
+ psa_pake_abort( operation );
+
+ return( status );
+}
+
+static psa_status_t psa_pake_input_internal(
+ psa_pake_operation_t *operation,
psa_pake_step_t step,
const uint8_t *input,
size_t input_length )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t buffer_remain;
if( operation->alg == PSA_ALG_NONE ||
operation->state == PSA_PAKE_STATE_INVALID )
@@ -638,14 +627,16 @@
step != PSA_PAKE_STEP_ZK_PROOF )
return( PSA_ERROR_INVALID_ARGUMENT );
+ const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE(
+ PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256 );
+ if( input_length > (size_t) PSA_PAKE_INPUT_SIZE( PSA_ALG_JPAKE, prim, step ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
if( operation->state == PSA_PAKE_STATE_SETUP )
{
status = psa_pake_ecjpake_setup( operation );
if( status != PSA_SUCCESS )
- {
- psa_pake_abort( operation );
return( status );
- }
}
if( operation->state != PSA_PAKE_STATE_READY &&
@@ -675,15 +666,6 @@
operation->sequence = PSA_PAKE_X1_STEP_KEY_SHARE;
}
- buffer_remain = PSA_PAKE_BUFFER_SIZE - operation->buffer_length;
-
- if( input_length == 0 ||
- input_length > buffer_remain )
- {
- psa_pake_abort( operation );
- return( PSA_ERROR_INSUFFICIENT_MEMORY );
- }
-
/* Check if step matches current sequence */
switch( operation->sequence )
{
@@ -709,7 +691,35 @@
return( PSA_ERROR_BAD_STATE );
}
- /* Copy input to local buffer */
+ /*
+ * Copy input to local buffer and format it as the Mbed TLS API
+ * expects, i.e. as defined by draft-cragie-tls-ecjpake-01 section 7.
+ * The summary is that the data for each step is prepended with a
+ * length byte, and then they're concatenated. Additionally, the
+ * server's second round output is prepended with a 3-bytes
+ * ECParameters structure - which means we have to prepend that when
+ * we're a client.
+ */
+ if( operation->state == PSA_PAKE_INPUT_X4S &&
+ operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE &&
+ operation->role == PSA_PAKE_ROLE_CLIENT )
+ {
+ /* We only support secp256r1. */
+ /* This is the ECParameters structure defined by RFC 8422. */
+ unsigned char ecparameters[3] = {
+ 3, /* named_curve */
+ 0, 23 /* secp256r1 */
+ };
+ memcpy( operation->buffer + operation->buffer_length,
+ ecparameters, sizeof( ecparameters ) );
+ operation->buffer_length += sizeof( ecparameters );
+ }
+
+ /* Write the length byte */
+ operation->buffer[operation->buffer_length] = (uint8_t) input_length;
+ operation->buffer_length += 1;
+
+ /* Finally copy the data */
memcpy( operation->buffer + operation->buffer_length,
input, input_length );
operation->buffer_length += input_length;
@@ -722,14 +732,11 @@
operation->buffer,
operation->buffer_length );
- mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
operation->buffer_length = 0;
if( ret != 0 )
- {
- psa_pake_abort( operation );
return( mbedtls_ecjpake_to_psa_error( ret ) );
- }
}
else if( operation->state == PSA_PAKE_INPUT_X4S &&
operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF )
@@ -738,14 +745,11 @@
operation->buffer,
operation->buffer_length );
- mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
operation->buffer_length = 0;
if( ret != 0 )
- {
- psa_pake_abort( operation );
return( mbedtls_ecjpake_to_psa_error( ret ) );
- }
}
if( ( operation->state == PSA_PAKE_INPUT_X1_X2 &&
@@ -767,6 +771,20 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
+psa_status_t psa_pake_input( psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ const uint8_t *input,
+ size_t input_length )
+{
+ psa_status_t status = psa_pake_input_internal(
+ operation, step, input, input_length );
+
+ if( status != PSA_SUCCESS )
+ psa_pake_abort( operation );
+
+ return( status );
+}
+
psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation,
psa_key_derivation_operation_t *output)
{
@@ -784,7 +802,7 @@
{
ret = mbedtls_ecjpake_write_shared_key( &operation->ctx.ecjpake,
operation->buffer,
- PSA_PAKE_BUFFER_SIZE,
+ MBEDTLS_PSA_PAKE_BUFFER_SIZE,
&operation->buffer_length,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE );
@@ -799,7 +817,7 @@
operation->buffer,
operation->buffer_length );
- mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
psa_pake_abort( operation );
@@ -824,7 +842,7 @@
operation->output_step = PSA_PAKE_STEP_INVALID;
operation->password = MBEDTLS_SVC_KEY_ID_INIT;
operation->role = PSA_PAKE_ROLE_NONE;
- mbedtls_platform_zeroize( operation->buffer, PSA_PAKE_BUFFER_SIZE );
+ mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
operation->buffer_length = 0;
operation->buffer_offset = 0;
mbedtls_ecjpake_free( &operation->ctx.ecjpake );
diff --git a/library/sha256.c b/library/sha256.c
index 0e9c1a1..1a9a855 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -655,9 +655,11 @@
MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 );
MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 );
+ int truncated = 0;
#if defined(MBEDTLS_SHA224_C)
- if( ctx->is224 == 0 )
+ truncated = ctx->is224;
#endif
+ if( !truncated )
MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 );
return( 0 );
diff --git a/library/sha512.c b/library/sha512.c
index aa6f06a..92ada8c 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -810,9 +810,11 @@
sha512_put_uint64_be( ctx->state[4], output, 32 );
sha512_put_uint64_be( ctx->state[5], output, 40 );
+ int truncated = 0;
#if defined(MBEDTLS_SHA384_C)
- if( ctx->is384 == 0 )
+ truncated = ctx->is384;
#endif
+ if( !truncated )
{
sha512_put_uint64_be( ctx->state[6], output, 48 );
sha512_put_uint64_be( ctx->state[7], output, 56 );
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 90ec252..d9c6781 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -370,9 +370,11 @@
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
+ int renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ renegotiating = ( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE );
#endif
+ if( !renegotiating )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
@@ -608,7 +610,7 @@
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if(
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
( propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) ) ||
@@ -623,7 +625,7 @@
return( ret );
p += output_len;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( propose_tls12 )
@@ -637,8 +639,7 @@
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* The "pre_shared_key" extension (RFC 8446 Section 4.2.11)
* MUST be the last extension in the ClientHello.
*/
@@ -650,7 +651,7 @@
return( ret );
p += output_len;
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
/* Write the length of the list of extensions. */
extensions_len = p - p_extensions_len - 2;
@@ -812,9 +813,12 @@
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello."
*/
+ int renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ renegotiating = 1;
#endif
+ if( !renegotiating )
{
if( ( session_negotiate->ticket != NULL ) &&
( session_negotiate->ticket_len != 0 ) )
@@ -957,8 +961,7 @@
mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
msg_len );
ssl->handshake->update_checksum( ssl, buf, msg_len - binders_len );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if( binders_len > 0 )
{
MBEDTLS_SSL_PROC_CHK(
@@ -967,7 +970,7 @@
ssl->handshake->update_checksum( ssl, buf + msg_len - binders_len,
binders_len );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,
buf_len,
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 828937c..41bb9c5 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -245,7 +245,7 @@
#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE
@@ -255,7 +255,7 @@
#define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8)
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
/*
* Check that we obey the standard's message size bounds
@@ -600,8 +600,6 @@
size_t ecrs_n; /*!< place for saving a length */
#endif
- size_t pmslen; /*!< premaster length */
-
mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
@@ -621,7 +619,7 @@
#if defined(MBEDTLS_SSL_SRV_C)
/** selected_group of key_share extension in HelloRetryRequest message. */
uint16_t hrr_selected_group;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -631,7 +629,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE];
#endif
@@ -677,7 +675,7 @@
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
uint8_t psk_opaque_is_internal;
@@ -686,7 +684,7 @@
size_t psk_len; /*!< Length of PSK from callback */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
uint16_t selected_identity;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
@@ -853,15 +851,18 @@
unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
MBEDTLS_SERVER_HELLO_RANDOM_LEN];
/*!< random bytes */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
/*!< premaster secret */
+ size_t pmslen; /*!< premaster length */
+#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int extensions_present; /*!< extension presence; Each bitfield
represents an extension and defined
as \c MBEDTLS_SSL_EXT_XXX */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
unsigned char certificate_request_context_len;
unsigned char *certificate_request_context;
#endif
@@ -1365,11 +1366,13 @@
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
mbedtls_key_exchange_type_t key_ex );
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_CLI_C)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
#endif
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* Get the first defined opaque PSK by order of precedence:
@@ -1422,7 +1425,7 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_PK_C)
unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
@@ -1784,7 +1787,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/**
* Given a list of key exchange modes, check if at least one of them is
* supported.
@@ -1831,7 +1835,8 @@
return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_SRV_C &&
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
/*
* Helper functions to check the selected key exchange mode.
@@ -1871,7 +1876,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
/*
* Handler of TLS 1.3 write Certificate message
*/
@@ -1884,7 +1889,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
/*
* Generic handler of Certificate Verify
@@ -1914,7 +1919,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
* Parse TLS Signature Algorithm extension
*/
@@ -1922,7 +1927,7 @@
int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
/* Get handshake transcript */
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -2042,7 +2047,7 @@
static inline const void *mbedtls_ssl_get_sig_algs(
const mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
if( ssl->handshake != NULL &&
@@ -2054,17 +2059,14 @@
#endif
return( ssl->conf->sig_algs );
-#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
((void) ssl);
return( NULL );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl,
uint16_t own_sig_alg )
{
@@ -2079,61 +2081,7 @@
}
return( 0 );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
- uint16_t proposed_sig_alg )
-{
- const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
- if( sig_alg == NULL )
- return( 0 );
-
- for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
- {
- if( *sig_alg == proposed_sig_alg )
- return( 1 );
- }
- return( 0 );
-}
-
-static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
- uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
-{
- *pk_type = mbedtls_ssl_pk_alg_from_sig( sig_alg & 0xff );
- *md_alg = mbedtls_ssl_md_alg_from_hash( ( sig_alg >> 8 ) & 0xff );
-
- if( *pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE )
- return( 0 );
-
- switch( sig_alg )
- {
-#if defined(MBEDTLS_PKCS1_V21)
-#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
- *md_alg = MBEDTLS_MD_SHA256;
- *pk_type = MBEDTLS_PK_RSASSA_PSS;
- break;
-#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
-#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
- *md_alg = MBEDTLS_MD_SHA384;
- *pk_type = MBEDTLS_PK_RSASSA_PSS;
- break;
-#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
-#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
- *md_alg = MBEDTLS_MD_SHA512;
- *pk_type = MBEDTLS_PK_RSASSA_PSS;
- break;
-#endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
-#endif /* MBEDTLS_PKCS1_V21 */
- default:
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
- return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
const uint16_t sig_alg )
{
@@ -2201,7 +2149,63 @@
return( 1 );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
+ mbedtls_pk_context *key );
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
+ uint16_t proposed_sig_alg )
+{
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( 0 );
+
+ for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
+ {
+ if( *sig_alg == proposed_sig_alg )
+ return( 1 );
+ }
+ return( 0 );
+}
+
+static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
+ uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
+{
+ *pk_type = mbedtls_ssl_pk_alg_from_sig( sig_alg & 0xff );
+ *md_alg = mbedtls_ssl_md_alg_from_hash( ( sig_alg >> 8 ) & 0xff );
+
+ if( *pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE )
+ return( 0 );
+
+ switch( sig_alg )
+ {
+#if defined(MBEDTLS_PKCS1_V21)
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
+ *md_alg = MBEDTLS_MD_SHA256;
+ *pk_type = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+ *md_alg = MBEDTLS_MD_SHA384;
+ *pk_type = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+ *md_alg = MBEDTLS_MD_SHA512;
+ *pk_type = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#endif /* MBEDTLS_PKCS1_V21 */
+ default:
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+ return( 0 );
+}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
@@ -2279,26 +2283,17 @@
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
return( mbedtls_ssl_tls13_sig_alg_is_supported( sig_alg ) );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif
((void) ssl);
((void) sig_alg);
return( 0 );
}
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
- mbedtls_pk_context *key );
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
@@ -2459,7 +2454,7 @@
unsigned char *obuf, size_t buf_len, size_t *olen );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/**
* \brief Given an SSL context and its associated configuration, write the TLS
* 1.3 specific Pre-Shared key extension.
@@ -2492,7 +2487,7 @@
int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *end );
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 4f998b4..dbc6391 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1797,8 +1797,7 @@
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
- "or mbedtls_ssl_set_bio()" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -2013,8 +2012,7 @@
if( ssl->f_send == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
- "or mbedtls_ssl_set_bio()" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -3847,8 +3845,8 @@
if( ssl_record_is_in_progress( ssl ) == 0 )
{
+ int dtls_have_buffered = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- int have_buffered = 0;
/* We only check for buffered messages if the
* current datagram is fully consumed. */
@@ -3856,11 +3854,11 @@
ssl_next_record_is_in_datagram( ssl ) == 0 )
{
if( ssl_load_buffered_message( ssl ) == 0 )
- have_buffered = 1;
+ dtls_have_buffered = 1;
}
- if( have_buffered == 0 )
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+ if( dtls_have_buffered == 0 )
{
ret = ssl_get_next_record( ssl );
if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4678f53..dbbd6f2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -843,7 +843,7 @@
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* Heap allocate and translate sig_hashes from internal hash identifiers to
@@ -909,7 +909,7 @@
ssl->handshake->sig_algs_heap_allocated = 0;
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
return( 0 );
}
@@ -1012,6 +1012,30 @@
if( ret != 0 )
return( ret );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ /* RFC 8446 section 4.4.3
+ *
+ * If the verification fails, the receiver MUST terminate the handshake with
+ * a "decrypt_error" alert.
+ *
+ * If the client is configured as TLS 1.3 only with optional verify, return
+ * bad config.
+ *
+ */
+ if( mbedtls_ssl_conf_tls13_ephemeral_enabled(
+ (mbedtls_ssl_context *)ssl ) &&
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ ssl->conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
+ ssl->conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
+ ssl->conf->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ( "Optional verify auth mode "
+ "is not available for TLS 1.3 client" ) );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
/* Space for further checks */
return( 0 );
@@ -1224,9 +1248,11 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+ int free_cli_id = 1;
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
- if( partial == 0 )
+ free_cli_id = ( partial == 0 );
#endif
+ if( free_cli_id )
{
mbedtls_free( ssl->cli_id );
ssl->cli_id = NULL;
@@ -1425,6 +1451,14 @@
{
conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
}
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
+ int early_data_enabled )
+{
+ conf->early_data_enabled = early_data_enabled;
+}
+#endif /* MBEDTLS_SSL_EARLY_DATA */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1599,16 +1633,21 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_psk_is_configured( mbedtls_ssl_config const *conf )
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
{
+ if( conf->psk_identity == NULL ||
+ conf->psk_identity_len == 0 )
+ {
+ return( 0 );
+ }
+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( !mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
+ if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
return( 1 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( conf->psk != NULL )
+
+ if( conf->psk != NULL && conf->psk_len != 0 )
return( 1 );
return( 0 );
@@ -1654,6 +1693,7 @@
{
/* Identity len will be encoded on two bytes */
if( psk_identity == NULL ||
+ psk_identity_len == 0 ||
( psk_identity_len >> 16 ) != 0 ||
psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
@@ -1677,7 +1717,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* We currently only support one PSK, raw or opaque. */
- if( ssl_conf_psk_is_configured( conf ) )
+ if( mbedtls_ssl_conf_has_static_psk( conf ) )
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
/* Check and set raw PSK */
@@ -1795,7 +1835,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* We currently only support one PSK, raw or opaque. */
- if( ssl_conf_psk_is_configured( conf ) )
+ if( mbedtls_ssl_conf_has_static_psk( conf ) )
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
/* Check and set opaque PSK */
@@ -1836,7 +1876,7 @@
}
#endif /* MBEDTLS_SSL_SRV_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
@@ -2389,7 +2429,7 @@
}
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Set allowed/preferred hashes for handshake signatures
@@ -2410,7 +2450,7 @@
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
conf->sig_algs = sig_algs;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -3336,6 +3376,10 @@
if( ret != 0 )
goto cleanup;
+ /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or
+ * MBEDTLS_SSL_IS_SERVER, this is the return code we give */
+ ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+
#if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
@@ -3346,6 +3390,7 @@
{
case MBEDTLS_SSL_HELLO_REQUEST:
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+ ret = 0;
break;
case MBEDTLS_SSL_CLIENT_HELLO:
@@ -3581,7 +3626,7 @@
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECP_C */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
if ( ssl->handshake->sig_algs_heap_allocated )
mbedtls_free( (void*) handshake->sig_algs );
@@ -3593,7 +3638,7 @@
mbedtls_free( (void*) handshake->certificate_request_context );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
@@ -3639,7 +3684,7 @@
mbedtls_free( (void *) handshake->curves );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
{
@@ -3659,7 +3704,7 @@
mbedtls_free( handshake->psk );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -4459,7 +4504,7 @@
0
};
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/* NOTICE:
* For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the following
@@ -4604,7 +4649,7 @@
};
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
static uint16_t ssl_preset_suiteb_groups[] = {
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
@@ -4616,7 +4661,7 @@
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
-#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs`
* to make sure there are no duplicated signature algorithm entries. */
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -4640,7 +4685,7 @@
return( ret );
}
-#endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
/*
* Load default in mbedtls_ssl_config
@@ -4652,7 +4697,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#endif
-#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( ssl_check_no_sig_alg_duplication( ssl_preset_suiteb_sig_algs ) )
{
mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" );
@@ -4678,7 +4723,7 @@
return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
/* Use the functions here so that they are covered in tests,
* but otherwise access member directly for efficiency */
@@ -4809,14 +4854,14 @@
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs;
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
conf->sig_algs = ssl_preset_suiteb_sig_algs;
-#endif
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->curve_list = NULL;
@@ -4835,14 +4880,14 @@
conf->cert_profile = &mbedtls_x509_crt_profile_default;
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( conf ) )
conf->sig_algs = ssl_tls12_preset_default_sig_algs;
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
conf->sig_algs = ssl_preset_default_sig_algs;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->curve_list = NULL;
@@ -4867,7 +4912,7 @@
mbedtls_mpi_free( &conf->dhm_G );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
{
@@ -4889,7 +4934,7 @@
conf->psk_identity = NULL;
conf->psk_identity_len = 0;
}
-#endif
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
ssl_key_cert_free( conf->key_cert );
@@ -5261,6 +5306,13 @@
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
default:
+#if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+ !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+ (void) ssl;
+ (void) dst;
+ (void) dst_len;
+ (void) olen;
+#endif
break;
}
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -5268,7 +5320,7 @@
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/* mbedtls_ssl_parse_sig_alg_ext()
*
* The `extension_data` field of signature algorithm contains a `SignatureSchemeList`
@@ -5376,7 +5428,7 @@
return( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -5447,8 +5499,8 @@
return( PSA_SUCCESS );
}
-#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
- defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(PSA_WANT_ALG_SHA_384) || \
+ defined(PSA_WANT_ALG_SHA_256)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_generic( mbedtls_md_type_t md_type,
const unsigned char *secret, size_t slen,
@@ -5523,9 +5575,12 @@
return( 0 );
}
-#endif
+#endif /* PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 */
#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_MD_C) && \
+ ( defined(MBEDTLS_SHA256_C) || \
+ defined(MBEDTLS_SHA384_C) )
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_generic( mbedtls_md_type_t md_type,
const unsigned char *secret, size_t slen,
@@ -5609,13 +5664,16 @@
exit:
mbedtls_md_free( &md_ctx );
- mbedtls_platform_zeroize( tmp, tmp_len );
+ if ( tmp != NULL )
+ mbedtls_platform_zeroize( tmp, tmp_len );
+
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
mbedtls_free( tmp );
return( ret );
}
+#endif /* MBEDTLS_MD_C && ( MBEDTLS_SHA256_C || MBEDTLS_SHA384_C ) */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
@@ -7708,11 +7766,16 @@
* sequence number).
*/
transform->ivlen = 12;
+
+ int is_chachapoly = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( key_type == PSA_KEY_TYPE_CHACHA20 )
+ is_chachapoly = ( key_type == PSA_KEY_TYPE_CHACHA20 );
#else
- if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
+ is_chachapoly = ( mbedtls_cipher_info_get_mode( cipher_info )
+ == MBEDTLS_MODE_CHACHAPOLY );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if( is_chachapoly )
transform->fixed_ivlen = 12;
else
transform->fixed_ivlen = 4;
@@ -8582,7 +8645,7 @@
return( 0 );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
* Function for writing a signature algorithm extension.
*
@@ -8685,7 +8748,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
return( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/*
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 7b62e71..1c53a09 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -49,27 +49,6 @@
#include "hash_info.h"
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
-{
- if( conf->psk_identity == NULL ||
- conf->psk_identity_len == 0 )
- {
- return( 0 );
- }
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
- return( 1 );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
- if( conf->psk != NULL && conf->psk_len != 0 )
- return( 1 );
-
- return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
#if defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
@@ -1771,10 +1750,10 @@
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
unsigned char **p,
@@ -1839,7 +1818,15 @@
return( 0 );
}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#else
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
{
@@ -1869,6 +1856,15 @@
return( 0 );
}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
unsigned char **p,
@@ -1904,11 +1900,10 @@
return( ret );
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
@@ -2465,9 +2460,11 @@
if( ret != 0 )
{
+ int send_alert_msg = 1;
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+ send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS );
#endif
+ if( send_alert_msg )
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -2683,7 +2680,6 @@
{
unsigned char *p = dn + i + 2;
mbedtls_x509_name name;
- mbedtls_x509_name *name_cur, *name_prv;
size_t asn1_len;
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE];
memset( &name, 0, sizeof( name ) );
@@ -2703,14 +2699,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3,
( "DN hint: %.*s",
mbedtls_x509_dn_gets( s, sizeof(s), &name ), s ) );
- name_cur = name.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( name.next );
}
#endif
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 66c61a3..71f703c 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -708,11 +708,13 @@
#endif
list = ssl->conf->key_cert;
+ int pk_alg_is_none = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( pk_alg == PSA_ALG_NONE )
+ pk_alg_is_none = ( pk_alg == PSA_ALG_NONE );
#else
- if( pk_alg == MBEDTLS_PK_NONE )
+ pk_alg_is_none = ( pk_alg == MBEDTLS_PK_NONE );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( pk_alg_is_none )
return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
@@ -729,18 +731,21 @@
MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
cur->cert );
+ int key_type_matches = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
- if( ( ssl->conf->f_async_sign_start == NULL &&
- ssl->conf->f_async_decrypt_start == NULL &&
- ! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) ||
- ! mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) )
+ key_type_matches = ( ( ssl->conf->f_async_sign_start != NULL ||
+ ssl->conf->f_async_decrypt_start != NULL ||
+ mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) &&
+ mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) );
#else
- if( ! mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) )
+ key_type_matches = (
+ mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#else
- if( ! mbedtls_pk_can_do( &cur->cert->pk, pk_alg ) )
+ key_type_matches = mbedtls_pk_can_do( &cur->cert->pk, pk_alg );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( !key_type_matches )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
continue;
@@ -917,6 +922,8 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
+ int renegotiating;
+
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
read_record_header:
#endif
@@ -925,9 +932,11 @@
* otherwise read it ourselves manually in order to support SSLv2
* ClientHello, which doesn't use the same record layer format.
*/
+ renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ renegotiating = ( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE );
#endif
+ if( !renegotiating )
{
if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
{
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8510d8f..ac19f63 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -210,6 +210,7 @@
/*
* Functions for writing key_share extension.
*/
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
uint16_t *group_id )
@@ -364,7 +365,7 @@
return( ret );
}
-
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
/*
* ssl_tls13_parse_hrr_key_share_ext()
@@ -602,7 +603,7 @@
return( 0 );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/*
* ssl_tls13_write_psk_key_exchange_modes_ext() structure:
*
@@ -647,14 +648,6 @@
*/
p += 5;
- if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
- {
- *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
- ke_modes_len++;
-
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
- }
-
if( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) )
{
*p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE;
@@ -663,6 +656,14 @@
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding PSK-ECDHE key exchange mode" ) );
}
+ if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
+ {
+ *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
+ ke_modes_len++;
+
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
+ }
+
/* Now write the extension and ke_modes length */
MBEDTLS_PUT_UINT16_BE( ke_modes_len + 1, buf, 2 );
buf[4] = ke_modes_len;
@@ -728,11 +729,6 @@
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-static int ssl_tls13_has_configured_psk( const mbedtls_ssl_config *conf )
-{
- return( conf->psk != NULL && conf->psk_identity != NULL );
-}
-
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl,
psa_algorithm_t *hash_alg,
@@ -740,7 +736,7 @@
size_t *identity_len )
{
- if( !ssl_tls13_has_configured_psk( ssl->conf ) )
+ if( ! mbedtls_ssl_conf_has_static_psk( ssl->conf ) )
return( -1 );
*hash_alg = PSA_ALG_SHA_256;
@@ -756,7 +752,7 @@
size_t *psk_len )
{
- if( !ssl_tls13_has_configured_psk( ssl->conf ) )
+ if( ! mbedtls_ssl_conf_has_static_psk( ssl->conf ) )
return( -1 );
*hash_alg = PSA_ALG_SHA_256;
@@ -775,7 +771,7 @@
configured_psk_count++;
}
#endif
- if( ssl_tls13_has_configured_psk( ssl->conf ) )
+ if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK is configured" ) );
configured_psk_count++;
@@ -1094,7 +1090,7 @@
}
else
#endif
- if( ssl_tls13_has_configured_psk( ssl->conf ) )
+ if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) )
{
ret = ssl_tls13_psk_get_psk( ssl, &hash_alg, &psk, &psk_len );
}
@@ -1117,8 +1113,7 @@
return( 0 );
}
-
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -1148,6 +1143,7 @@
return( ret );
p += ext_len;
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
{
ret = ssl_tls13_write_key_share_ext( ssl, p, end, &ext_len );
@@ -1155,8 +1151,9 @@
return( ret );
p += ext_len;
}
+#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* For PSK-based key exchange we need the pre_shared_key extension
* and the psk_key_exchange_modes extension.
*
@@ -1170,7 +1167,7 @@
if( ret != 0 )
return( ret );
p += ext_len;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif
*out_len = p - buf;
@@ -1686,7 +1683,7 @@
goto cleanup;
break;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
if( is_hrr )
@@ -1703,7 +1700,7 @@
return( ret );
}
break;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif
case MBEDTLS_TLS_EXT_KEY_SHARE:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) );
@@ -2070,7 +2067,7 @@
mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
buf, buf_len );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
else
@@ -2087,7 +2084,7 @@
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
/*
* STATE HANDLING: CertificateRequest
*
@@ -2324,7 +2321,7 @@
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
return( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
@@ -2370,7 +2367,7 @@
( "Switch to handshake traffic keys for outbound traffic" ) );
mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
if( ssl->handshake->client_auth )
{
int ret = mbedtls_ssl_tls13_write_certificate( ssl );
@@ -2400,7 +2397,7 @@
return( 0 );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
*/
@@ -2414,7 +2411,7 @@
return( ret );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
/*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
@@ -2727,7 +2724,7 @@
ret = ssl_tls13_process_encrypted_extensions( ssl );
break;
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
ret = ssl_tls13_process_certificate_request( ssl );
break;
@@ -2739,7 +2736,7 @@
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
ret = ssl_tls13_process_certificate_verify( ssl );
break;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
case MBEDTLS_SSL_SERVER_FINISHED:
ret = ssl_tls13_process_server_finished( ssl );
@@ -2749,11 +2746,11 @@
ret = ssl_tls13_write_client_certificate( ssl );
break;
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
ret = ssl_tls13_write_client_certificate_verify( ssl );
break;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
case MBEDTLS_SSL_CLIENT_FINISHED:
ret = ssl_tls13_write_client_finished( ssl );
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index abb7a14..48e3675 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -83,7 +83,7 @@
return( ret );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
/*
* STATE HANDLING: Read CertificateVerify
*/
@@ -285,12 +285,12 @@
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE];
size_t verify_buffer_len;
@@ -348,7 +348,7 @@
((void) ssl);
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
}
/*
@@ -357,7 +357,7 @@
*
*/
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/*
* Structure of Certificate message:
@@ -534,9 +534,9 @@
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* Validate certificate chain sent by the server. */
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -727,14 +727,14 @@
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
unsigned char *buf;
size_t buf_len;
@@ -752,12 +752,12 @@
buf, buf_len );
cleanup:
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
return( ret );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
/*
* enum {
* X509(0),
@@ -1078,7 +1078,7 @@
return( ret );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
/*
*
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 730e50c..ec84a99 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -38,9 +38,6 @@
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
.name = string,
-#define TLS1_3_EVOLVE_INPUT_SIZE ( PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ) ? \
- PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
-
struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels =
{
/* This seems to work in C, despite the string literal being one
@@ -334,9 +331,12 @@
int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t hlen, ilen;
+ size_t hlen;
unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
- unsigned char tmp_input [ TLS1_3_EVOLVE_INPUT_SIZE ] = { 0 };
+ const unsigned char all_zeroes_input[ MBEDTLS_TLS1_3_MD_MAX_SIZE ] = { 0 };
+ const unsigned char *l_input = NULL;
+ size_t l_input_len;
+
psa_key_derivation_operation_t operation =
PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -364,12 +364,13 @@
if( input != NULL && input_len != 0 )
{
- memcpy( tmp_input, input, input_len );
- ilen = input_len;
+ l_input = input;
+ l_input_len = input_len;
}
else
{
- ilen = hlen;
+ l_input = all_zeroes_input;
+ l_input_len = hlen;
}
status = psa_key_derivation_setup( &operation,
@@ -388,8 +389,7 @@
status = psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
- tmp_input,
- ilen );
+ l_input, l_input_len );
if( status != PSA_SUCCESS )
goto cleanup;
@@ -406,7 +406,6 @@
status = ( status == PSA_SUCCESS ? abort_status : status );
ret = ( ret == 0 ? psa_ssl_status_to_mbedtls ( status ) : ret );
mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) );
- mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) );
return( ret );
}
@@ -1068,7 +1067,7 @@
}
hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
{
ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
@@ -1084,7 +1083,7 @@
ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len,
handshake->tls13_master_secrets.early );
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
mbedtls_free( (void*)psk );
#endif
if( ret != 0 )
@@ -1251,14 +1250,13 @@
int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) && defined(MBEDTLS_ECDH_C)
- psa_status_t status = PSA_ERROR_GENERIC_ERROR;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED && MBEDTLS_ECDH_C */
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md(
handshake->ciphersuite_info->mac );
+ unsigned char *shared_secret = NULL;
+ size_t shared_secret_len = 0;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
/*
* Compute ECDHE secret used to compute the handshake secret from which
* client_handshake_traffic_secret and server_handshake_traffic_secret
@@ -1270,60 +1268,75 @@
{
#if defined(MBEDTLS_ECDH_C)
/* Compute ECDH shared secret. */
- status = psa_raw_key_agreement(
- PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
- handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
- handshake->premaster, sizeof( handshake->premaster ),
- &handshake->pmslen );
- if( status != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
- return( ret );
- }
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
- status = psa_destroy_key( handshake->ecdh_psa_privkey );
- if( status != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
- return( ret );
- }
+ status = psa_get_key_attributes( handshake->ecdh_psa_privkey,
+ &key_attributes );
+ if( status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
- handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+ shared_secret_len = PSA_BITS_TO_BYTES(
+ psa_get_key_bits( &key_attributes ) );
+ shared_secret = mbedtls_calloc( 1, shared_secret_len );
+ if( shared_secret == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ status = psa_raw_key_agreement(
+ PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
+ handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
+ shared_secret, shared_secret_len, &shared_secret_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
+ goto cleanup;
+ }
+
+ status = psa_destroy_key( handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
+ goto cleanup;
+ }
+
+ handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
#endif /* MBEDTLS_ECDH_C */
}
- else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) )
+ else
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHE not supported." ) );
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Group not supported." ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
}
-#else
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
/*
* Compute the Handshake Secret
*/
ret = mbedtls_ssl_tls13_evolve_secret( hash_alg,
handshake->tls13_master_secrets.early,
- handshake->premaster, handshake->pmslen,
+ shared_secret, shared_secret_len,
handshake->tls13_master_secrets.handshake );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
- return( ret );
+ goto cleanup;
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret",
handshake->tls13_master_secrets.handshake,
PSA_HASH_LENGTH( hash_alg ) );
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
- mbedtls_platform_zeroize( handshake->premaster, sizeof( handshake->premaster ) );
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
- return( 0 );
+cleanup:
+ if( shared_secret != NULL )
+ {
+ mbedtls_platform_zeroize( shared_secret, shared_secret_len );
+ mbedtls_free( shared_secret );
+ }
+
+ return( ret );
}
/* Generate application traffic keys since any records following a 1-RTT Finished message
@@ -1601,7 +1614,7 @@
return( ret );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl,
unsigned char **psk,
size_t *psk_len )
@@ -1642,7 +1655,7 @@
return( 0 );
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index f3bdf37..966b5c5 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -691,7 +691,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl );
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/**
* \brief Export TLS 1.3 PSK from handshake context
*
@@ -707,7 +707,7 @@
int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl,
unsigned char **psk,
size_t *psk_len );
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 3e54f38..3762393 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -59,7 +59,7 @@
return( ciphersuite_info );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* From RFC 8446:
*
* enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode;
@@ -674,11 +674,13 @@
*olen = 0;
+ int not_using_psk = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
+ not_using_psk = ( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) );
#else
- if( ssl->handshake->psk == NULL )
+ not_using_psk = ( ssl->handshake->psk == NULL );
#endif
+ if( not_using_psk )
{
/* We shouldn't have called this extension writer unless we've
* chosen to use a PSK. */
@@ -701,7 +703,7 @@
return( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
/* From RFC 8446:
* struct {
@@ -993,7 +995,7 @@
MBEDTLS_SSL_EXT_SIG_ALG ) );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange(
mbedtls_ssl_context *ssl )
@@ -1015,7 +1017,7 @@
MBEDTLS_SSL_EXT_PRE_SHARED_KEY |
MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
@@ -1027,7 +1029,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
return( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) &&
mbedtls_ssl_tls13_psk_enabled( ssl ) &&
ssl_tls13_client_hello_has_exts_for_psk_key_exchange( ssl ) );
@@ -1040,7 +1042,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
return( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) &&
mbedtls_ssl_tls13_psk_ephemeral_enabled( ssl ) &&
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( ssl ) );
@@ -1104,7 +1106,7 @@
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg( uint16_t sig_alg )
@@ -1229,7 +1231,7 @@
return( -1 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C &&
- MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
/*
*
@@ -1289,11 +1291,11 @@
const unsigned char *extensions_end;
int hrr_required = 0;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
const unsigned char *cipher_suites;
const unsigned char *pre_shared_key_ext = NULL;
const unsigned char *pre_shared_key_ext_end = NULL;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
@@ -1400,7 +1402,7 @@
* with CipherSuite defined as:
* uint8 CipherSuite[2];
*/
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
cipher_suites = p;
#endif
cipher_suites_end = p + cipher_suites_len;
@@ -1581,7 +1583,7 @@
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS;
break;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found psk key exchange modes extension" ) );
@@ -1596,7 +1598,7 @@
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES;
break;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
@@ -1608,14 +1610,14 @@
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* Delay processing of the PSK identity once we have
* found out which algorithms to use. We keep a pointer
* to the buffer and the size for later processing.
*/
pre_shared_key_ext = p;
pre_shared_key_ext_end = extension_data_end;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
break;
@@ -1634,7 +1636,7 @@
break;
#endif /* MBEDTLS_SSL_ALPN */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
case MBEDTLS_TLS_EXT_SIG_ALG:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
@@ -1649,7 +1651,7 @@
}
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
break;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
default:
MBEDTLS_SSL_DEBUG_MSG( 3,
@@ -1669,7 +1671,7 @@
MBEDTLS_SSL_HS_CLIENT_HELLO,
p - buf );
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* Update checksum with either
* - The entire content of the CH message, if no PSK extension is present
* - The content up to but excluding the PSK extension, if present.
@@ -1698,7 +1700,7 @@
}
}
else
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
{
ssl->handshake->update_checksum( ssl, buf, p - buf );
}
@@ -2154,7 +2156,7 @@
p += output_len;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if( !is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
{
ret = ssl_tls13_write_server_pre_shared_key_ext( ssl, p, end, &output_len );
@@ -2166,7 +2168,7 @@
}
p += output_len;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif
MBEDTLS_PUT_UINT16_BE( p - p_extensions_len - 2, p_extensions_len, 0 );
@@ -2390,7 +2392,7 @@
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len ) );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
else
@@ -2405,7 +2407,7 @@
return( ret );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#define SSL_CERTIFICATE_REQUEST_SEND_REQUEST 0
#define SSL_CERTIFICATE_REQUEST_SKIP 1
/* Coordination:
@@ -2429,7 +2431,10 @@
authmode = ssl->conf->authmode;
if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+ {
+ ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
return( SSL_CERTIFICATE_REQUEST_SKIP );
+ }
ssl->handshake->certificate_request_sent = 1;
@@ -2573,7 +2578,7 @@
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
return( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
@@ -2984,7 +2989,7 @@
}
break;
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
ret = ssl_tls13_write_certificate_request( ssl );
break;
@@ -2996,7 +3001,7 @@
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
ret = ssl_tls13_write_certificate_verify( ssl );
break;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
/*
* Injection of dummy-CCS's for middlebox compatibility
@@ -3027,6 +3032,7 @@
ret = ssl_tls13_handshake_wrapup( ssl );
break;
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
ret = mbedtls_ssl_tls13_process_certificate( ssl );
if( ret == 0 )
@@ -3053,6 +3059,7 @@
ssl, MBEDTLS_SSL_CLIENT_FINISHED );
}
break;
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
case MBEDTLS_SSL_NEW_SESSION_TICKET:
diff --git a/library/x509.c b/library/x509.c
index ca2e907..362e036 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -459,6 +459,11 @@
* For the general case we still use a flat list, but we mark elements of the
* same set so that they are "merged" together in the functions that consume
* this list, eg mbedtls_x509_dn_gets().
+ *
+ * On success, this function may allocate a linked list starting at cur->next
+ * that must later be free'd by the caller using mbedtls_free(). In error
+ * cases, this function frees all allocated memory internally and the caller
+ * has no freeing responsibilities.
*/
int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
mbedtls_x509_name *cur )
@@ -466,6 +471,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t set_len;
const unsigned char *end_set;
+ mbedtls_x509_name *head = cur;
/* don't use recursion, we'd risk stack overflow if not optimized */
while( 1 )
@@ -475,14 +481,17 @@
*/
if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
+ {
+ ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret );
+ goto error;
+ }
end_set = *p + set_len;
while( 1 )
{
if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
- return( ret );
+ goto error;
if( *p == end_set )
break;
@@ -493,7 +502,10 @@
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
if( cur->next == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ {
+ ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+ goto error;
+ }
cur = cur->next;
}
@@ -507,10 +519,20 @@
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
if( cur->next == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+ {
+ ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
+ goto error;
+ }
cur = cur->next;
}
+
+error:
+ /* Skip the first element as we did not allocate it */
+ mbedtls_asn1_free_named_data_list_shallow( head->next );
+ head->next = NULL;
+
+ return( ret );
}
static int x509_parse_int( unsigned char **p, size_t n, int *res )
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 2a3fac7..d830fcd 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -705,28 +705,16 @@
{
mbedtls_x509_crl *crl_cur = crl;
mbedtls_x509_crl *crl_prv;
- mbedtls_x509_name *name_cur;
- mbedtls_x509_name *name_prv;
mbedtls_x509_crl_entry *entry_cur;
mbedtls_x509_crl_entry *entry_prv;
- if( crl == NULL )
- return;
-
- do
+ while( crl_cur != NULL )
{
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
mbedtls_free( crl_cur->sig_opts );
#endif
- name_cur = crl_cur->issuer.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( crl_cur->issuer.next );
entry_cur = crl_cur->entry.next;
while( entry_cur != NULL )
@@ -744,13 +732,6 @@
mbedtls_free( crl_cur->raw.p );
}
- crl_cur = crl_cur->next;
- }
- while( crl_cur != NULL );
-
- crl_cur = crl;
- do
- {
crl_prv = crl_cur;
crl_cur = crl_cur->next;
@@ -758,7 +739,6 @@
if( crl_prv != crl )
mbedtls_free( crl_prv );
}
- while( crl_cur != NULL );
}
#endif /* MBEDTLS_X509_CRL_PARSE_C */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c4f97bb..0eee97c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -685,16 +685,7 @@
*/
if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
{
- mbedtls_x509_sequence *seq_cur = subject_alt_name->next;
- mbedtls_x509_sequence *seq_prv;
- while( seq_cur != NULL )
- {
- seq_prv = seq_cur;
- seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
- }
+ mbedtls_asn1_sequence_free( subject_alt_name->next );
subject_alt_name->next = NULL;
return( ret );
}
@@ -1846,6 +1837,7 @@
const char *prefix )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t i;
size_t n = *size;
char *p = *buf;
const mbedtls_x509_sequence *cur = subject_alt_name;
@@ -1898,18 +1890,11 @@
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
- if( other_name->value.hardware_module_name.val.len >= n )
+ for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
{
- *p = '\0';
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
+ MBEDTLS_X509_SAFE_SNPRINTF;
}
-
- memcpy( p, other_name->value.hardware_module_name.val.p,
- other_name->value.hardware_module_name.val.len );
- p += other_name->value.hardware_module_name.val.len;
-
- n -= other_name->value.hardware_module_name.val.len;
-
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */
}
break;
@@ -3300,15 +3285,8 @@
{
mbedtls_x509_crt *cert_cur = crt;
mbedtls_x509_crt *cert_prv;
- mbedtls_x509_name *name_cur;
- mbedtls_x509_name *name_prv;
- mbedtls_x509_sequence *seq_cur;
- mbedtls_x509_sequence *seq_prv;
- if( crt == NULL )
- return;
-
- do
+ while( cert_cur != NULL )
{
mbedtls_pk_free( &cert_cur->pk );
@@ -3316,53 +3294,11 @@
mbedtls_free( cert_cur->sig_opts );
#endif
- name_cur = cert_cur->issuer.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
-
- name_cur = cert_cur->subject.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
-
- seq_cur = cert_cur->ext_key_usage.next;
- while( seq_cur != NULL )
- {
- seq_prv = seq_cur;
- seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
- }
-
- seq_cur = cert_cur->subject_alt_names.next;
- while( seq_cur != NULL )
- {
- seq_prv = seq_cur;
- seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
- }
-
- seq_cur = cert_cur->certificate_policies.next;
- while( seq_cur != NULL )
- {
- seq_prv = seq_cur;
- seq_cur = seq_cur->next;
- mbedtls_platform_zeroize( seq_prv,
- sizeof( mbedtls_x509_sequence ) );
- mbedtls_free( seq_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( cert_cur->issuer.next );
+ mbedtls_asn1_free_named_data_list_shallow( cert_cur->subject.next );
+ mbedtls_asn1_sequence_free( cert_cur->ext_key_usage.next );
+ mbedtls_asn1_sequence_free( cert_cur->subject_alt_names.next );
+ mbedtls_asn1_sequence_free( cert_cur->certificate_policies.next );
if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
{
@@ -3370,13 +3306,6 @@
mbedtls_free( cert_cur->raw.p );
}
- cert_cur = cert_cur->next;
- }
- while( cert_cur != NULL );
-
- cert_cur = crt;
- do
- {
cert_prv = cert_cur;
cert_cur = cert_cur->next;
@@ -3384,7 +3313,6 @@
if( cert_prv != crt )
mbedtls_free( cert_prv );
}
- while( cert_cur != NULL );
}
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
diff --git a/library/x509_csr.c b/library/x509_csr.c
index dee0ea6..f9462ad 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -375,9 +375,6 @@
*/
void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
{
- mbedtls_x509_name *name_cur;
- mbedtls_x509_name *name_prv;
-
if( csr == NULL )
return;
@@ -387,14 +384,7 @@
mbedtls_free( csr->sig_opts );
#endif
- name_cur = csr->subject.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
- mbedtls_free( name_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( csr->subject.next );
if( csr->raw.p != NULL )
{
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 52942a9..254c4b2 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -296,6 +296,43 @@
return( 0 );
}
+int mbedtls_x509write_crt_set_ext_key_usage( mbedtls_x509write_cert *ctx,
+ const mbedtls_asn1_sequence *exts )
+{
+ unsigned char buf[256];
+ unsigned char *c = buf + sizeof(buf);
+ int ret;
+ size_t len = 0;
+ const mbedtls_asn1_sequence *last_ext = NULL;
+ const mbedtls_asn1_sequence *ext;
+
+ memset( buf, 0, sizeof(buf) );
+
+ /* We need at least one extension: SEQUENCE SIZE (1..MAX) OF KeyPurposeId */
+ if( exts == NULL )
+ return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+ /* Iterate over exts backwards, so we write them out in the requested order */
+ while( last_ext != exts )
+ {
+ for( ext = exts; ext->next != last_ext; ext = ext->next ) {}
+ if( ext->buf.tag != MBEDTLS_ASN1_OID )
+ return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( &c, buf, ext->buf.p, ext->buf.len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, ext->buf.len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OID ) );
+ last_ext = ext;
+ }
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+ return mbedtls_x509write_crt_set_extension( ctx,
+ MBEDTLS_OID_EXTENDED_KEY_USAGE,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_EXTENDED_KEY_USAGE ),
+ 1, c, len );
+}
+
int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
unsigned char ns_cert_type )
{
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index e3fdb1f..56efb3c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -83,6 +83,7 @@
#define DFL_RECSPLIT -1
#define DFL_DHMLEN -1
#define DFL_RECONNECT 0
+#define DFL_RECO_SERVER_NAME NULL
#define DFL_RECO_DELAY 0
#define DFL_RECO_MODE 1
#define DFL_CID_ENABLED 0
@@ -120,7 +121,7 @@
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#define USAGE_CONTEXT_CRT_CB \
" context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
" to the SSL configuration of the SSL context.\n" \
@@ -129,8 +130,8 @@
" - 1: Use CRT callback bound to SSL context\n"
#else
#define USAGE_CONTEXT_CRT_CB ""
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_FS_IO)
#define USAGE_IO \
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
@@ -148,10 +149,10 @@
#define USAGE_IO \
" No file operations available (MBEDTLS_FS_IO not defined)\n"
#endif /* MBEDTLS_FS_IO */
-#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#define USAGE_IO ""
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#define USAGE_KEY_OPAQUE \
" key_opaque=%%d Handle your private key as if it were opaque\n" \
" default: 0 (disabled)\n"
@@ -173,7 +174,7 @@
#define USAGE_CID ""
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#define USAGE_PSK_RAW \
" psk=%%s default: \"\" (disabled)\n" \
" The PSK values are in hex, without 0x.\n" \
@@ -195,7 +196,7 @@
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
#else
#define USAGE_PSK ""
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
#define USAGE_CA_CALLBACK \
@@ -269,8 +270,7 @@
#define USAGE_CURVES ""
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#define USAGE_SIG_ALGS \
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
@@ -406,8 +406,8 @@
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
" reconnect=%%d number of reconnections using session resumption\n" \
- " default: 0 (disabled)\n" \
- " reco_server_name=%%s default: localhost\n" \
+ " default: 0 (disabled)\n" \
+ " reco_server_name=%%s default: NULL\n" \
" reco_delay=%%d default: 0 seconds\n" \
" reco_mode=%%d 0: copy session, 1: serialize session\n" \
" default: 1\n" \
@@ -543,7 +543,7 @@
#include "ssl_test_common_source.c"
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
static unsigned char peer_crt_info[1024];
/*
@@ -581,7 +581,7 @@
return( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
int report_cid_usage( mbedtls_ssl_context *ssl,
@@ -721,14 +721,13 @@
mbedtls_net_context server_fd;
io_ctx_t io_ctx;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif
unsigned char buf[MAX_REQUEST_SIZE + 1];
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
#endif
@@ -760,7 +759,7 @@
const char *pers = "ssl_client2";
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = 0;
psa_key_attributes_t key_attributes;
@@ -779,7 +778,7 @@
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer;
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
uint32_t flags;
mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert;
@@ -788,7 +787,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
char *p, *q;
const int *list;
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -829,7 +828,7 @@
mbedtls_ssl_config_init( &conf );
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
rng_init( &rng );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &clicert );
mbedtls_pk_init( &pkey );
@@ -925,7 +924,7 @@
opt.recsplit = DFL_RECSPLIT;
opt.dhmlen = DFL_DHMLEN;
opt.reconnect = DFL_RECONNECT;
- opt.reco_server_name = DFL_SERVER_NAME;
+ opt.reco_server_name = DFL_RECO_SERVER_NAME;
opt.reco_delay = DFL_RECO_DELAY;
opt.reco_mode = DFL_RECO_MODE;
opt.reconnect_hard = DFL_RECONNECT_HARD;
@@ -1039,7 +1038,7 @@
opt.key_file = q;
else if( strcmp( p, "key_pwd" ) == 0 )
opt.key_pwd = q;
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
else if( strcmp( p, "key_opaque" ) == 0 )
opt.key_opaque = atoi( q );
#endif
@@ -1132,7 +1131,7 @@
if( opt.reconnect < 0 || opt.reconnect > 2 )
goto usage;
}
- else if( strcmp( p, "rec_server_name" ) == 0 )
+ else if( strcmp( p, "reco_server_name" ) == 0 )
opt.reco_server_name = q;
else if( strcmp( p, "reco_delay" ) == 0 )
{
@@ -1177,11 +1176,10 @@
}
else if( strcmp( p, "curves" ) == 0 )
opt.curves = q;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
else if( strcmp( p, "sig_algs" ) == 0 )
opt.sig_algs = q;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif
else if( strcmp( p, "etm" ) == 0 )
{
switch( atoi( q ) )
@@ -1418,7 +1416,7 @@
mbedtls_debug_set_threshold( opt.debug_level );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
/*
* Unhexify the pre-shared key if any is given
*/
@@ -1431,7 +1429,7 @@
goto exit;
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 )
@@ -1490,7 +1488,7 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined (MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if( opt.psk_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
@@ -1501,7 +1499,7 @@
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
@@ -1584,8 +1582,7 @@
}
#endif /* MBEDTLS_ECP_C */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( opt.sig_algs != NULL )
{
p = (char *) opt.sig_algs;
@@ -1684,7 +1681,7 @@
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
@@ -1720,7 +1717,7 @@
goto exit;
mbedtls_printf( " ok\n" );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
* 1.1. Load the trusted CA
*/
@@ -1750,15 +1747,17 @@
if( ret != 0 )
break;
}
- if( ret == 0 )
#endif /* MBEDTLS_PEM_PARSE_C */
- for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
+ if( ret == 0 )
{
- ret = mbedtls_x509_crt_parse_der( &cacert,
- (const unsigned char *) mbedtls_test_cas_der[i],
- mbedtls_test_cas_der_len[i] );
- if( ret != 0 )
- break;
+ for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
+ {
+ ret = mbedtls_x509_crt_parse_der( &cacert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i] );
+ if( ret != 0 )
+ break;
+ }
}
}
if( ret < 0 )
@@ -1842,7 +1841,7 @@
mbedtls_printf( " ok (key type: %s)\n",
strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ?
mbedtls_pk_get_name( &pkey ) : "none" );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
/*
* 2. Setup stuff
@@ -1860,7 +1859,7 @@
goto exit;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/* The default algorithms profile disables SHA-1, but our tests still
rely on it heavily. */
if( opt.allow_sha1 > 0 )
@@ -1873,7 +1872,7 @@
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
@@ -2010,7 +2009,7 @@
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 )
{
@@ -2031,7 +2030,7 @@
goto exit;
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C)
if( opt.curves != NULL &&
@@ -2041,13 +2040,12 @@
}
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( opt.sig_algs != NULL )
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 )
{
@@ -2085,7 +2083,7 @@
goto exit;
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
if( opt.min_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version );
@@ -2119,7 +2117,7 @@
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
@@ -2142,10 +2140,10 @@
}
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( opt.context_crt_cb == 1 )
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
io_ctx.ssl = &ssl;
io_ctx.net = &server_fd;
@@ -2257,7 +2255,10 @@
" or you didn't set ca_file or ca_path "
"to an appropriate value.\n"
" Alternatively, you may want to use "
- "auth_mode=optional for testing purposes.\n" );
+ "auth_mode=optional for testing purposes if "
+ "not using TLS 1.3.\n"
+ " For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`"
+ "or other folder that has root certificates\n" );
mbedtls_printf( "\n" );
goto exit;
}
@@ -2466,7 +2467,7 @@
}
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
* 5. Verify the server certificate
*/
@@ -2489,7 +2490,7 @@
mbedtls_printf( " . Peer certificate information ...\n" );
mbedtls_printf( "%s\n", peer_crt_info );
#endif /* !MBEDTLS_X509_REMOVE_INFO */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ret = report_cid_usage( &ssl, "initial handshake" );
@@ -2864,9 +2865,9 @@
mbedtls_printf( " . Restarting connection from same port..." );
fflush( stdout );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
@@ -3100,9 +3101,9 @@
mbedtls_printf( " . Reconnecting with saved session..." );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
@@ -3131,7 +3132,8 @@
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( ( ret = mbedtls_ssl_set_hostname( &ssl,
+ if( opt.reco_server_name != NULL &&
+ ( ret = mbedtls_ssl_set_hostname( &ssl,
opt.reco_server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
@@ -3206,16 +3208,16 @@
mbedtls_free( context_buf );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
mbedtls_x509_crt_free( &clicert );
mbedtls_x509_crt_free( &cacert );
mbedtls_pk_free( &pkey );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key( key_slot );
#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 )
{
@@ -3234,7 +3236,7 @@
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7aead3a..1b4a94a 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -175,7 +175,7 @@
*/
#define DFL_IO_BUF_LEN 200
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_FS_IO)
#define USAGE_IO \
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
@@ -206,8 +206,8 @@
#endif /* MBEDTLS_FS_IO */
#else
#define USAGE_IO ""
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#define USAGE_KEY_OPAQUE \
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
" default: 0 (disabled)\n"
@@ -241,7 +241,7 @@
#define USAGE_CID ""
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#define USAGE_PSK_RAW \
" psk=%%s default: \"\" (disabled)\n" \
" The PSK values are in hex, without 0x.\n" \
@@ -276,7 +276,7 @@
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
#else
#define USAGE_PSK ""
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
#define USAGE_CA_CALLBACK \
" ca_callback=%%d default: 0 (disabled)\n" \
@@ -435,8 +435,7 @@
#define USAGE_CURVES ""
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#define USAGE_SIG_ALGS \
" sig_algs=a,b,c,d default: \"default\" (library default)\n" \
" example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
@@ -910,7 +909,7 @@
#endif /* SNI_OPTION */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
typedef struct _psk_entry psk_entry;
@@ -1023,7 +1022,7 @@
return( -1 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
static mbedtls_net_context listen_fd, client_fd;
@@ -1116,7 +1115,7 @@
unsigned remaining_delay;
} ssl_async_operation_context_t;
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/* Note that ssl_async_operation_type_t and the array below need to be kept in sync!
* `ssl_async_operation_names[op]` is the name of op for each value `op`
@@ -1279,11 +1278,11 @@
mbedtls_printf( "Async cancel callback.\n" );
mbedtls_free( ctx );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
static psa_status_t psa_setup_psk_key_slot( mbedtls_svc_key_id_t *slot,
psa_algorithm_t alg,
unsigned char *psk,
@@ -1306,7 +1305,7 @@
return( PSA_SUCCESS );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1434,7 +1433,7 @@
int query_config_ret = 0;
io_ctx_t io_ctx;
unsigned char* buf = 0;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg = 0;
mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
@@ -1458,7 +1457,7 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned char renego_period[8] = { 0 };
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
uint32_t flags;
mbedtls_x509_crt cacert;
mbedtls_x509_crt srvcert;
@@ -1471,7 +1470,7 @@
mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
#endif
int key_cert_init = 0, key_cert_init2 = 0;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
ssl_async_key_context_t ssl_async_keys;
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
@@ -1508,10 +1507,9 @@
size_t context_buf_len = 0;
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif
int i;
char *p, *q;
@@ -1556,7 +1554,7 @@
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
rng_init( &rng );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
@@ -1795,7 +1793,7 @@
opt.key_file = q;
else if( strcmp( p, "key_pwd" ) == 0 )
opt.key_pwd = q;
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
else if( strcmp( p, "key_opaque" ) == 0 )
opt.key_opaque = atoi( q );
#endif
@@ -1879,11 +1877,10 @@
}
else if( strcmp( p, "curves" ) == 0 )
opt.curves = q;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
else if( strcmp( p, "sig_algs" ) == 0 )
opt.sig_algs = q;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif
else if( strcmp( p, "renegotiation" ) == 0 )
{
opt.renegotiation = (atoi( q )) ?
@@ -2351,7 +2348,7 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
@@ -2362,7 +2359,7 @@
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
@@ -2389,7 +2386,7 @@
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
/*
* Unhexify the pre-shared key and parse the list if any given
*/
@@ -2408,7 +2405,7 @@
goto exit;
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_ECP_C)
if( opt.curves != NULL )
@@ -2466,8 +2463,7 @@
}
#endif /* MBEDTLS_ECP_C */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( opt.sig_algs != NULL )
{
p = (char *) opt.sig_algs;
@@ -2566,7 +2562,7 @@
sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
@@ -2602,7 +2598,7 @@
goto exit;
mbedtls_printf( " ok\n" );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
* 1.1. Load the trusted CA
*/
@@ -2632,15 +2628,17 @@
if( ret != 0 )
break;
}
- if( ret == 0 )
#endif /* MBEDTLS_PEM_PARSE_C */
- for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
+ if( ret == 0 )
{
- ret = mbedtls_x509_crt_parse_der( &cacert,
- (const unsigned char *) mbedtls_test_cas_der[i],
- mbedtls_test_cas_der_len[i] );
- if( ret != 0 )
- break;
+ for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
+ {
+ ret = mbedtls_x509_crt_parse_der( &cacert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i] );
+ if( ret != 0 )
+ break;
+ }
}
}
if( ret < 0 )
@@ -2810,7 +2808,7 @@
mbedtls_printf( " ok (key types: %s, %s)\n",
key_cert_init ? mbedtls_pk_get_name( &pkey ) : "none",
key_cert_init2 ? mbedtls_pk_get_name( &pkey2 ) : "none" );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
if( opt.dhm_file != NULL )
@@ -2860,7 +2858,7 @@
goto exit;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/* The default algorithms profile disables SHA-1, but our tests still
rely on it heavily. Hence we allow it here. A real-world server
should use the default profile unless there is a good reason not to. */
@@ -2870,7 +2868,7 @@
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
@@ -3121,7 +3119,7 @@
}
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 )
{
@@ -3210,7 +3208,7 @@
&ssl_async_keys );
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(SNI_OPTION)
if( opt.sni != NULL )
@@ -3247,13 +3245,12 @@
}
#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( opt.sig_algs != NULL )
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
{
@@ -3562,7 +3559,7 @@
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
{
char vrfy_buf[512];
@@ -3617,7 +3614,7 @@
}
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
* 5. Verify the client certificate
*/
@@ -3646,7 +3643,7 @@
mbedtls_printf( "%s\n", crt_buf );
}
#endif /* MBEDTLS_X509_REMOVE_INFO */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
if( opt.eap_tls != 0 )
{
@@ -4334,13 +4331,13 @@
sni_free( sni_info );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
ret = psk_free( psk_info );
if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) )
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
@@ -4368,7 +4365,7 @@
}
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 )
{
@@ -4385,7 +4382,7 @@
(int) status );
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index c93ff1e..f9366fe 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -38,6 +38,7 @@
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
+#include "mbedtls/oid.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/md.h"
@@ -47,6 +48,9 @@
#include <stdlib.h>
#include <string.h>
+#define SET_OID(x, oid) \
+ do { x.len = MBEDTLS_OID_SIZE(oid); x.p = (unsigned char*)oid; } while( 0 )
+
#if defined(MBEDTLS_X509_CSR_PARSE_C)
#define USAGE_CSR \
" request_file=%%s default: (empty)\n" \
@@ -56,6 +60,9 @@
#define USAGE_CSR ""
#endif /* MBEDTLS_X509_CSR_PARSE_C */
+#define FORMAT_PEM 0
+#define FORMAT_DER 1
+
#define DFL_ISSUER_CRT ""
#define DFL_REQUEST_FILE ""
#define DFL_SUBJECT_KEY "subject.key"
@@ -71,13 +78,16 @@
#define DFL_SELFSIGN 0
#define DFL_IS_CA 0
#define DFL_MAX_PATHLEN -1
+#define DFL_SIG_ALG MBEDTLS_MD_SHA256
#define DFL_KEY_USAGE 0
+#define DFL_EXT_KEY_USAGE NULL
#define DFL_NS_CERT_TYPE 0
#define DFL_VERSION 3
#define DFL_AUTH_IDENT 1
#define DFL_SUBJ_IDENT 1
#define DFL_CONSTRAINTS 1
#define DFL_DIGEST MBEDTLS_MD_SHA256
+#define DFL_FORMAT FORMAT_PEM
#define USAGE \
"\n usage: cert_write param=<>...\n" \
@@ -129,6 +139,14 @@
" key_cert_sign\n" \
" crl_sign\n" \
" (Considered for v3 only)\n"\
+ " ext_key_usage=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " serverAuth\n" \
+ " clientAuth\n" \
+ " codeSigning\n" \
+ " emailProtection\n" \
+ " timeStamping\n" \
+ " OCSPSigning\n" \
" ns_cert_type=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \
" ssl_client\n" \
@@ -138,6 +156,7 @@
" ssl_ca\n" \
" email_ca\n" \
" object_signing_ca\n" \
+ " format=pem|der default: pem\n" \
"\n"
@@ -167,7 +186,9 @@
int version; /* CRT version */
mbedtls_md_type_t md; /* Hash used for signing */
unsigned char key_usage; /* key usage flags */
+ mbedtls_asn1_sequence *ext_key_usage; /* extended key usages */
unsigned char ns_cert_type; /* NS cert type */
+ int format; /* format */
} opt;
int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
@@ -177,19 +198,33 @@
int ret;
FILE *f;
unsigned char output_buf[4096];
+ unsigned char *output_start;
size_t len = 0;
memset( output_buf, 0, 4096 );
- if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096,
- f_rng, p_rng ) ) < 0 )
- return( ret );
+ if ( opt.format == FORMAT_DER )
+ {
+ ret = mbedtls_x509write_crt_der( crt, output_buf, 4096,
+ f_rng, p_rng );
+ if( ret < 0 )
+ return( ret );
- len = strlen( (char *) output_buf );
+ len = ret;
+ output_start = output_buf + 4096 - len;
+ } else {
+ ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096,
+ f_rng, p_rng );
+ if( ret < 0 )
+ return( ret );
+
+ len = strlen( (char *) output_buf );
+ output_start = output_buf;
+ }
if( ( f = fopen( output_file, "w" ) ) == NULL )
return( -1 );
- if( fwrite( output_buf, 1, len, f ) != len )
+ if( fwrite( output_start, 1, len, f ) != len )
{
fclose( f );
return( -1 );
@@ -218,6 +253,7 @@
#endif
mbedtls_x509write_cert crt;
mbedtls_mpi serial;
+ mbedtls_asn1_sequence *ext_key_usage;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "crt example app";
@@ -235,7 +271,7 @@
mbedtls_x509_csr_init( &csr );
#endif
mbedtls_x509_crt_init( &issuer_crt );
- memset( buf, 0, 1024 );
+ memset( buf, 0, sizeof(buf) );
if( argc == 0 )
{
@@ -260,12 +296,14 @@
opt.is_ca = DFL_IS_CA;
opt.max_pathlen = DFL_MAX_PATHLEN;
opt.key_usage = DFL_KEY_USAGE;
+ opt.ext_key_usage = DFL_EXT_KEY_USAGE;
opt.ns_cert_type = DFL_NS_CERT_TYPE;
opt.version = DFL_VERSION - 1;
opt.md = DFL_DIGEST;
opt.subject_identifier = DFL_SUBJ_IDENT;
opt.authority_identifier = DFL_AUTH_IDENT;
opt.basic_constraints = DFL_CONSTRAINTS;
+ opt.format = DFL_FORMAT;
for( i = 1; i < argc; i++ )
{
@@ -417,6 +455,41 @@
q = r;
}
}
+ else if( strcmp( p, "ext_key_usage" ) == 0 )
+ {
+ mbedtls_asn1_sequence **tail = &opt.ext_key_usage;
+
+ while( q != NULL )
+ {
+ if( ( r = strchr( q, ',' ) ) != NULL )
+ *r++ = '\0';
+
+ ext_key_usage = mbedtls_calloc( 1, sizeof(mbedtls_asn1_sequence) );
+ ext_key_usage->buf.tag = MBEDTLS_ASN1_OID;
+ if( strcmp( q, "serverAuth" ) == 0 )
+ SET_OID( ext_key_usage->buf, MBEDTLS_OID_SERVER_AUTH );
+ else if( strcmp( q, "clientAuth" ) == 0 )
+ SET_OID( ext_key_usage->buf, MBEDTLS_OID_CLIENT_AUTH );
+ else if( strcmp( q, "codeSigning" ) == 0 )
+ SET_OID( ext_key_usage->buf, MBEDTLS_OID_CODE_SIGNING );
+ else if( strcmp( q, "emailProtection" ) == 0 )
+ SET_OID( ext_key_usage->buf, MBEDTLS_OID_EMAIL_PROTECTION );
+ else if( strcmp( q, "timeStamping" ) == 0 )
+ SET_OID( ext_key_usage->buf, MBEDTLS_OID_TIME_STAMPING );
+ else if( strcmp( q, "OCSPSigning" ) == 0 )
+ SET_OID( ext_key_usage->buf, MBEDTLS_OID_OCSP_SIGNING );
+ else
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
+ goto usage;
+ }
+
+ *tail = ext_key_usage;
+ tail = &ext_key_usage->next;
+
+ q = r;
+ }
+ }
else if( strcmp( p, "ns_cert_type" ) == 0 )
{
while( q != NULL )
@@ -447,6 +520,16 @@
q = r;
}
}
+ else if( strcmp( p, "format" ) == 0 )
+ {
+ if ( strcmp(q, "der" ) == 0 ) opt.format = FORMAT_DER;
+ else if ( strcmp(q, "pem" ) == 0 ) opt.format = FORMAT_PEM;
+ else
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
+ goto usage;
+ }
+ }
else
goto usage;
}
@@ -463,7 +546,7 @@
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n",
ret, buf );
goto exit;
@@ -478,7 +561,7 @@
if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_mpi_read_string "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -498,7 +581,7 @@
if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -508,7 +591,7 @@
&issuer_crt.subject );
if( ret < 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -532,7 +615,7 @@
if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -542,7 +625,7 @@
&csr.subject );
if( ret < 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -567,7 +650,7 @@
opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -583,7 +666,7 @@
opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
"returned -x%02x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -618,7 +701,7 @@
*/
if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -626,7 +709,7 @@
if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -641,7 +724,7 @@
ret = mbedtls_x509write_crt_set_serial( &crt, &serial );
if( ret != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -650,7 +733,7 @@
ret = mbedtls_x509write_crt_set_validity( &crt, opt.not_before, opt.not_after );
if( ret != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -668,7 +751,7 @@
opt.max_pathlen );
if( ret != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -687,7 +770,7 @@
ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt );
if( ret != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject"
"_key_identifier returned -0x%04x - %s\n\n",
(unsigned int) -ret, buf );
@@ -706,7 +789,7 @@
ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt );
if( ret != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_"
"key_identifier returned -0x%04x - %s\n\n",
(unsigned int) -ret, buf );
@@ -726,7 +809,7 @@
ret = mbedtls_x509write_crt_set_key_usage( &crt, opt.key_usage );
if( ret != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -735,6 +818,22 @@
mbedtls_printf( " ok\n" );
}
+ if( opt.ext_key_usage )
+ {
+ mbedtls_printf( " . Adding the Extended Key Usage extension ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509write_crt_set_ext_key_usage( &crt, opt.ext_key_usage );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, sizeof(buf) );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ext_key_usage returned -0x%02x - %s\n\n", (unsigned int) -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
+
if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
opt.ns_cert_type != 0 )
{
@@ -744,7 +843,7 @@
ret = mbedtls_x509write_crt_set_ns_cert_type( &crt, opt.ns_cert_type );
if( ret != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
@@ -762,7 +861,7 @@
if( ( ret = write_certificate( &crt, opt.output_file,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_strerror( ret, buf, sizeof(buf) );
mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n",
(unsigned int) -ret, buf );
goto exit;
diff --git a/scripts/data_files/driver_jsons/driver_opaque_schema.json b/scripts/data_files/driver_jsons/driver_opaque_schema.json
new file mode 100644
index 0000000..933eb07
--- /dev/null
+++ b/scripts/data_files/driver_jsons/driver_opaque_schema.json
@@ -0,0 +1,71 @@
+{
+ "$schema": "http://json-schema.org/draft-04/schema#",
+ "type": "object",
+ "properties": {
+ "_comment": {
+ "type": "string"
+ },
+ "prefix": {
+ "type": "string",
+ "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$"
+ },
+ "type": {
+ "type": "string",
+ "const": ["opaque"]
+ },
+ "location": {
+ "type": ["integer","string"],
+ "pattern": "^(0x|0X)?[a-fA-F0-9]+$"
+ },
+ "mbedtls/h_condition": {
+ "type": "string"
+ },
+ "headers": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "default": []
+ },
+ "capabilities": {
+ "type": "array",
+ "items": [
+ {
+ "type": "object",
+ "properties": {
+ "_comment": {
+ "type": "string"
+ },
+ "mbedtls/c_condition": {
+ "type": "string"
+ },
+ "entry_points": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "names": {
+ "type": "object",
+ "patternProperties": {
+ "^[A-Z_a-z][0-9A-Z_a-z]*$": {
+ "type": "string",
+ "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$"
+ }
+ }
+ }
+ },
+ "required": [
+ "entry_points"
+ ]
+ }
+ ]
+ }
+ },
+ "required": [
+ "prefix",
+ "type",
+ "location",
+ "capabilities"
+ ]
+}
diff --git a/scripts/data_files/driver_jsons/driver_transparent_schema.json b/scripts/data_files/driver_jsons/driver_transparent_schema.json
new file mode 100644
index 0000000..f5d91eb
--- /dev/null
+++ b/scripts/data_files/driver_jsons/driver_transparent_schema.json
@@ -0,0 +1,70 @@
+{
+ "$schema": "http://json-schema.org/draft-04/schema#",
+ "type": "object",
+ "properties": {
+ "_comment": {
+ "type": "string"
+ },
+ "prefix": {
+ "type": "string",
+ "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$"
+ },
+ "type": {
+ "type": "string",
+ "const": ["transparent"]
+ },
+ "mbedtls/h_condition": {
+ "type": "string"
+ },
+ "headers": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "default": []
+ },
+ "capabilities": {
+ "type": "array",
+ "items": [
+ {
+ "type": "object",
+ "properties": {
+ "_comment": {
+ "type": "string"
+ },
+ "mbedtls/c_condition": {
+ "type": "string"
+ },
+ "entry_points": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "names": {
+ "type": "object",
+ "patternProperties": {
+ "^[A-Z_a-z][0-9A-Z_a-z]*$": {
+ "type": "string",
+ "pattern": "^[A-Z_a-z][0-9A-Z_a-z]*$"
+ }
+ }
+ },
+ "fallback": {
+ "type": "boolean",
+ "default": "false"
+ }
+ },
+ "required": [
+ "entry_points"
+ ]
+ }
+ ]
+ }
+ },
+ "required": [
+ "prefix",
+ "type",
+ "capabilities"
+ ]
+}
diff --git a/scripts/data_files/driver_jsons/driverlist.json b/scripts/data_files/driver_jsons/driverlist.json
new file mode 100644
index 0000000..50ad816
--- /dev/null
+++ b/scripts/data_files/driver_jsons/driverlist.json
@@ -0,0 +1 @@
+["mbedtls_test_opaque_driver.json","mbedtls_test_transparent_driver.json"]
diff --git a/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json
new file mode 100644
index 0000000..41c74f2
--- /dev/null
+++ b/scripts/data_files/driver_jsons/mbedtls_test_opaque_driver.json
@@ -0,0 +1,20 @@
+{
+ "prefix": "mbedtls_test",
+ "type": "opaque",
+ "location": "0x7fffff",
+ "mbedtls/h_condition": "defined(PSA_CRYPTO_DRIVER_TEST)",
+ "headers": ["test/drivers/test_driver.h"],
+ "capabilities": [
+ {
+ "_comment": "The Mbed TLS opaque driver supports import key/export key/export_public key",
+ "mbedtls/c_condition": "defined(PSA_CRYPTO_DRIVER_TEST)",
+ "entry_points": ["import_key", "export_key", "export_public_key"]
+ },
+ {
+ "_comment": "The Mbed TLS opaque driver supports copy key/ get builtin key",
+ "mbedtls/c_condition": "defined(PSA_CRYPTO_DRIVER_TEST)",
+ "entry_points": ["copy_key", "get_builtin_key"],
+ "names": {"copy_key":"mbedtls_test_opaque_copy_key", "get_builtin_key":"mbedtls_test_opaque_get_builtin_key"}
+ }
+ ]
+}
diff --git a/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json
new file mode 100644
index 0000000..9eb259f
--- /dev/null
+++ b/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json
@@ -0,0 +1,22 @@
+{
+ "prefix": "mbedtls_test",
+ "type": "transparent",
+ "mbedtls/h_condition": "defined(PSA_CRYPTO_DRIVER_TEST)",
+ "headers": ["test/drivers/test_driver.h"],
+ "capabilities": [
+ {
+ "_comment": "The Mbed TLS transparent driver supports import key/export key",
+ "mbedtls/c_condition": "defined(PSA_CRYPTO_DRIVER_TEST)",
+ "entry_points": ["import_key", "export_key"],
+ "fallback": true
+ },
+ {
+ "_comment": "The Mbed TLS transparent driver supports export_public key",
+ "mbedtls/c_condition": "defined(PSA_CRYPTO_DRIVER_TEST)",
+ "entry_points": ["export_public_key"],
+ "fallback": true,
+ "names": {"export_public_key":"mbedtls_test_transparent_export_public_key"}
+ }
+
+ ]
+}
diff --git a/scripts/data_files/driver_templates/OS-template-opaque.jinja b/scripts/data_files/driver_templates/OS-template-opaque.jinja
new file mode 100644
index 0000000..a25d1c3
--- /dev/null
+++ b/scripts/data_files/driver_templates/OS-template-opaque.jinja
@@ -0,0 +1,17 @@
+{# One Shot function's dispatch code for opaque drivers.
+Expected inputs:
+* drivers: the list of driver descriptions.
+* entry_point: the name of the entry point that this function dispatches to.
+* entry_point_param(driver): the parameters to pass to the entry point.
+* nest_indent: number of extra spaces to indent the code to.
+-#}
+{% for driver in drivers if driver.type == "opaque" -%}
+{% for capability in driver.capabilities if entry_point in capability.entry_points -%}
+#if ({% if capability['mbedtls/c_condition'] is defined -%}{{ capability['mbedtls/c_condition'] }} {% else -%} {{ 1 }} {% endif %})
+{%- filter indent(width = nest_indent) %}
+case {{ driver.location }}:
+ return( {{ entry_point_name(capability, entry_point, driver) }}({{entry_point_param(driver) | indent(20)}}));
+{% endfilter -%}
+#endif
+{% endfor %}
+{% endfor %}
diff --git a/scripts/data_files/driver_templates/OS-template-transparent.jinja b/scripts/data_files/driver_templates/OS-template-transparent.jinja
new file mode 100644
index 0000000..a6b7d69
--- /dev/null
+++ b/scripts/data_files/driver_templates/OS-template-transparent.jinja
@@ -0,0 +1,19 @@
+{# One Shot function's dispatch code for transparent drivers.
+Expected inputs:
+* drivers: the list of driver descriptions.
+* entry_point: the name of the entry point that this function dispatches to.
+* entry_point_param(driver): the parameters to pass to the entry point.
+* nest_indent: number of extra spaces to indent the code to.
+-#}
+{% for driver in drivers if driver.type == "transparent" -%}
+{% for capability in driver.capabilities if entry_point in capability.entry_points -%}
+#if ({% if capability['mbedtls/c_condition'] is defined -%}{{ capability['mbedtls/c_condition'] }} {% else -%} {{ 1 }} {% endif %})
+{%- filter indent(width = nest_indent) %}
+status = {{ entry_point_name(capability, entry_point, driver) }}({{entry_point_param(driver) | indent(20)}});
+
+if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+{% endfilter -%}
+#endif
+{% endfor %}
+{% endfor %}
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
index 8ef2e6d..a491b07 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
@@ -1,7 +1,7 @@
/*
* Functions to delegate cryptographic operations to an available
* and appropriate accelerator.
- * Warning: This file will be auto-generated in the future.
+ * Warning: This file is now auto-generated.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
@@ -19,6 +19,8 @@
* limitations under the License.
*/
+
+/* BEGIN-common headers */
#include "common.h"
#include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h"
@@ -29,34 +31,46 @@
#include "psa_crypto_rsa.h"
#include "mbedtls/platform.h"
+/* END-common headers */
#if defined(MBEDTLS_PSA_CRYPTO_C)
+/* BEGIN-driver headers */
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
-
-/* Include test driver definition when running tests */
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#ifndef PSA_CRYPTO_DRIVER_PRESENT
-#define PSA_CRYPTO_DRIVER_PRESENT
+{% for driver in drivers -%}
+/* Headers for {{driver.prefix}} {{driver.type}} driver */
+{% if driver['mbedtls/h_condition'] is defined -%}
+#if {{ driver['mbedtls/h_condition'] }}
+{% endif -%}
+{% for header in driver.headers -%}
+#include "{{ header }}"
+{% endfor %}
+{% if driver['mbedtls/h_condition'] is defined -%}
#endif
-#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
-#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
-#endif
-#include "test/drivers/test_driver.h"
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-
-/* Repeat above block for each JSON-declared driver during autogeneration */
+{% endif -%}
+{% endfor %}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
+/* END-driver headers */
/* Auto-generated values depending on which drivers are registered.
* ID 0 is reserved for unallocated operations.
* ID 1 is reserved for the Mbed TLS software driver. */
+/* BEGIN-driver id definition */
#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
+{% for driver in drivers -%}
+#define {{(driver.prefix + "_" + driver.type + "_driver_id").upper()}} ({{ loop.index + 1 }})
+{% endfor %}
+/* END-driver id */
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
-#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
-#endif /* PSA_CRYPTO_DRIVER_TEST */
+/* BEGIN-Common Macro definitions */
+{% macro entry_point_name(capability, entry_point, driver) -%}
+ {% if capability.name is defined and entry_point in capability.names.keys() -%}
+ {{ capability.names[entry_point]}}
+ {% else -%}
+ {{driver.prefix}}_{{driver.type}}_{{entry_point}}
+ {% endif -%}
+{% endmacro %}
+/* END-Common Macro definitions */
/* Support the 'old' SE interface when asked to */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -592,6 +606,16 @@
size_t *key_buffer_length,
size_t *bits )
{
+{% with entry_point = "import_key" -%}
+{% macro entry_point_param(driver) -%}
+attributes,
+data,
+data_length,
+key_buffer,
+key_buffer_size,
+key_buffer_length,
+bits
+{% endmacro %}
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
psa_get_key_lifetime( attributes ) );
@@ -631,17 +655,11 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits );
- /* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
+{% with nest_indent=12 %}
+{% include "OS-template-transparent.jinja" -%}
+{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
/* Fell through, meaning no accelerator supports this operation */
return( psa_import_key_into_slot( attributes,
data, data_length,
@@ -649,20 +667,15 @@
key_buffer_length, bits ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
+{% with nest_indent=8 %}
+{% include "OS-template-opaque.jinja" -%}
+{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
-
+{% endwith %}
}
psa_status_t psa_driver_wrapper_export_key(
@@ -671,6 +684,15 @@
uint8_t *data, size_t data_size, size_t *data_length )
{
+{% with entry_point = "export_key" -%}
+{% macro entry_point_param(driver) -%}
+attributes,
+key_buffer,
+key_buffer_size,
+data,
+data_size,
+data_length
+{% endmacro %}
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
psa_get_key_lifetime( attributes ) );
@@ -707,20 +729,15 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_export_key( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
+{% with nest_indent=8 %}
+{% include "OS-template-opaque.jinja" -%}
+{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
}
+{% endwith %}
}
psa_status_t psa_driver_wrapper_export_public_key(
@@ -729,6 +746,15 @@
uint8_t *data, size_t data_size, size_t *data_length )
{
+{% with entry_point = "export_public_key" -%}
+{% macro entry_point_param(driver) -%}
+attributes,
+key_buffer,
+key_buffer_size,
+data,
+data_size,
+data_length
+{% endmacro %}
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
psa_get_key_lifetime( attributes ) );
@@ -759,18 +785,9 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_test_transparent_export_public_key(
- attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length );
- /* Declared with fallback == true */
- if( status != PSA_ERROR_NOT_SUPPORTED )
- return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
+{% with nest_indent=12 %}
+{% include "OS-template-transparent.jinja" -%}
+{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_export_public_key_internal( attributes,
@@ -782,20 +799,15 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_export_public_key( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
+{% with nest_indent=8 %}
+{% include "OS-template-opaque.jinja" -%}
+{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
}
+{% endwith %}
}
psa_status_t psa_driver_wrapper_get_builtin_key(
@@ -803,15 +815,21 @@
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
+{% with entry_point = "get_builtin_key" -%}
+{% macro entry_point_param(driver) -%}
+slot_number,
+attributes,
+key_buffer,
+key_buffer_size,
+key_buffer_length
+{% endmacro %}
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_get_builtin_key(
- slot_number,
- attributes,
- key_buffer, key_buffer_size, key_buffer_length ) );
+{% with nest_indent=8 %}
+{% include "OS-template-opaque.jinja" -%}
+{% endwith -%}
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
(void) slot_number;
@@ -820,6 +838,7 @@
(void) key_buffer_length;
return( PSA_ERROR_DOES_NOT_EXIST );
}
+{% endwith %}
}
psa_status_t psa_driver_wrapper_copy_key(
@@ -828,6 +847,15 @@
uint8_t *target_key_buffer, size_t target_key_buffer_size,
size_t *target_key_buffer_length )
{
+{% with entry_point = "copy_key" -%}
+{% macro entry_point_param(driver) -%}
+attributes,
+source_key,
+source_key_length,
+target_key_buffer,
+target_key_buffer_size,
+target_key_buffer_length
+{% endmacro %}
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
@@ -846,14 +874,9 @@
switch( location )
{
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_copy_key( attributes, source_key,
- source_key_length,
- target_key_buffer,
- target_key_buffer_size,
- target_key_buffer_length) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
+{% with nest_indent=8 %}
+{% include "OS-template-opaque.jinja" -%}
+{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
(void)source_key;
@@ -864,6 +887,7 @@
status = PSA_ERROR_INVALID_ARGUMENT;
}
return( status );
+{% endwith %}
}
/*
@@ -1068,7 +1092,7 @@
alg );
/* Declared with fallback == true */
if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -1100,7 +1124,7 @@
alg );
if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1141,7 +1165,7 @@
alg );
/* Declared with fallback == true */
if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -1172,7 +1196,7 @@
alg );
if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1204,12 +1228,12 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_cipher_set_iv(
&operation->ctx.transparent_test_driver_ctx,
iv, iv_length ) );
- case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_cipher_set_iv(
&operation->ctx.opaque_test_driver_ctx,
iv, iv_length ) );
@@ -1245,13 +1269,13 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_cipher_update(
&operation->ctx.transparent_test_driver_ctx,
input, input_length,
output, output_size, output_length ) );
- case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_cipher_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length,
@@ -1287,12 +1311,12 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_cipher_finish(
&operation->ctx.transparent_test_driver_ctx,
output, output_size, output_length ) );
- case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_cipher_finish(
&operation->ctx.opaque_test_driver_ctx,
output, output_size, output_length ) );
@@ -1321,7 +1345,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
status = mbedtls_test_transparent_cipher_abort(
&operation->ctx.transparent_test_driver_ctx );
mbedtls_platform_zeroize(
@@ -1329,7 +1353,7 @@
sizeof( operation->ctx.transparent_test_driver_ctx ) );
return( status );
- case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
status = mbedtls_test_opaque_cipher_abort(
&operation->ctx.opaque_test_driver_ctx );
mbedtls_platform_zeroize(
@@ -1394,7 +1418,7 @@
status = mbedtls_test_transparent_hash_setup(
&operation->ctx.test_driver_ctx, alg );
if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -1429,8 +1453,8 @@
&target_operation->ctx.mbedtls_ctx ) );
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
+ target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
return( mbedtls_test_transparent_hash_clone(
&source_operation->ctx.test_driver_ctx,
&target_operation->ctx.test_driver_ctx ) );
@@ -1454,7 +1478,7 @@
input, input_length ) );
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_hash_update(
&operation->ctx.test_driver_ctx,
input, input_length ) );
@@ -1480,7 +1504,7 @@
hash, hash_size, hash_length ) );
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_hash_finish(
&operation->ctx.test_driver_ctx,
hash, hash_size, hash_length ) );
@@ -1503,7 +1527,7 @@
return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_hash_abort(
&operation->ctx.test_driver_ctx ) );
#endif
@@ -1634,7 +1658,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
status = mbedtls_test_transparent_aead_encrypt_setup(
&operation->ctx.transparent_test_driver_ctx,
attributes, key_buffer, key_buffer_size,
@@ -1682,7 +1706,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
status = mbedtls_test_transparent_aead_decrypt_setup(
&operation->ctx.transparent_test_driver_ctx,
attributes,
@@ -1731,7 +1755,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_aead_set_nonce(
&operation->ctx.transparent_test_driver_ctx,
nonce, nonce_length ) );
@@ -1765,7 +1789,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_aead_set_lengths(
&operation->ctx.transparent_test_driver_ctx,
ad_length, plaintext_length ) );
@@ -1799,7 +1823,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_aead_update_ad(
&operation->ctx.transparent_test_driver_ctx,
input, input_length ) );
@@ -1837,7 +1861,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_aead_update(
&operation->ctx.transparent_test_driver_ctx,
input, input_length, output, output_size,
@@ -1881,7 +1905,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_aead_finish(
&operation->ctx.transparent_test_driver_ctx,
ciphertext, ciphertext_size,
@@ -1945,7 +1969,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_aead_verify(
&operation->ctx.transparent_test_driver_ctx,
plaintext, plaintext_size,
@@ -1979,7 +2003,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_aead_abort(
&operation->ctx.transparent_test_driver_ctx ) );
@@ -2088,7 +2112,7 @@
alg );
/* Declared with fallback == true */
if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -2119,7 +2143,7 @@
alg );
if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -2160,7 +2184,7 @@
alg );
/* Declared with fallback == true */
if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -2191,7 +2215,7 @@
alg );
if( status == PSA_SUCCESS )
- operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -2222,12 +2246,12 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_mac_update(
&operation->ctx.transparent_test_driver_ctx,
input, input_length ) );
- case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_mac_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length ) );
@@ -2256,12 +2280,12 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_mac_sign_finish(
&operation->ctx.transparent_test_driver_ctx,
mac, mac_size, mac_length ) );
- case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_mac_sign_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_size, mac_length ) );
@@ -2290,12 +2314,12 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_mac_verify_finish(
&operation->ctx.transparent_test_driver_ctx,
mac, mac_length ) );
- case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_mac_verify_finish(
&operation->ctx.opaque_test_driver_ctx,
mac, mac_length ) );
@@ -2320,10 +2344,10 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
return( mbedtls_test_transparent_mac_abort(
&operation->ctx.transparent_test_driver_ctx ) );
- case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
return( mbedtls_test_opaque_mac_abort(
&operation->ctx.opaque_test_driver_ctx ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt
index 5364d8e..9e26b3c 100644
--- a/scripts/driver.requirements.txt
+++ b/scripts/driver.requirements.txt
@@ -15,4 +15,5 @@
Jinja2 >= 2.10.3; python_version >= '3.10'
# Jinja2 >=2.10, <3.0 needs a separate package for type annotations
types-Jinja2
-
+jsonschema >= 3.2.0
+types-jsonschema
diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py
index 71b881e..e0c4793 100755
--- a/scripts/generate_driver_wrappers.py
+++ b/scripts/generate_driver_wrappers.py
@@ -22,54 +22,194 @@
import sys
import os
+import json
+from typing import NewType, Dict, Any
+from traceback import format_tb
import argparse
+import jsonschema
import jinja2
from mbedtls_dev import build_tree
-def render(template_path: str) -> str:
+JSONSchema = NewType('JSONSchema', object)
+# The Driver is an Object, but practically it's indexable and can called a dictionary to
+# keep MyPy happy till MyPy comes with a more composite type for JsonObjects.
+Driver = NewType('Driver', dict)
+
+
+class JsonValidationException(Exception):
+ def __init__(self, message="Json Validation Failed"):
+ self.message = message
+ super().__init__(self.message)
+
+
+class DriverReaderException(Exception):
+ def __init__(self, message="Driver Reader Failed"):
+ self.message = message
+ super().__init__(self.message)
+
+
+def render(template_path: str, driver_jsoncontext: list) -> str:
"""
- Render template from the input file.
+ Render template from the input file and driver JSON.
"""
environment = jinja2.Environment(
loader=jinja2.FileSystemLoader(os.path.dirname(template_path)),
keep_trailing_newline=True)
template = environment.get_template(os.path.basename(template_path))
- return template.render()
+ return template.render(drivers=driver_jsoncontext)
-def generate_driver_wrapper_file(mbedtls_root: str, output_dir: str) -> None:
+
+def generate_driver_wrapper_file(template_dir: str,
+ output_dir: str,
+ driver_jsoncontext: list) -> None:
"""
Generate the file psa_crypto_driver_wrapper.c.
"""
driver_wrapper_template_filename = \
- os.path.join(mbedtls_root, \
- "scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja")
+ os.path.join(template_dir, "psa_crypto_driver_wrappers.c.jinja")
- result = render(driver_wrapper_template_filename)
+ result = render(driver_wrapper_template_filename, driver_jsoncontext)
- with open(os.path.join(output_dir, "psa_crypto_driver_wrappers.c"), 'w') as out_file:
+ with open(file=os.path.join(output_dir, "psa_crypto_driver_wrappers.c"),
+ mode='w',
+ encoding='UTF-8') as out_file:
out_file.write(result)
+
+def validate_json(driverjson_data: Driver, driverschema_list: dict) -> None:
+ """
+ Validate the Driver JSON against an appropriate schema
+ the schema passed could be that matching an opaque/ transparent driver.
+ """
+ driver_type = driverjson_data["type"]
+ driver_prefix = driverjson_data["prefix"]
+ try:
+ _schema = driverschema_list[driver_type]
+ jsonschema.validate(instance=driverjson_data, schema=_schema)
+ except KeyError as err:
+ # This could happen if the driverjson_data.type does not exist in the provided schema list
+ # schemas = {'transparent': transparent_driver_schema, 'opaque': opaque_driver_schema}
+ # Print onto stdout and stderr.
+ print("Unknown Driver type " + driver_type +
+ " for driver " + driver_prefix, str(err))
+ print("Unknown Driver type " + driver_type +
+ " for driver " + driver_prefix, str(err), file=sys.stderr)
+ raise JsonValidationException() from err
+
+ except jsonschema.exceptions.ValidationError as err:
+ # Print onto stdout and stderr.
+ print("Error: Failed to validate data file: {} using schema: {}."
+ "\n Exception Message: \"{}\""
+ " ".format(driverjson_data, _schema, str(err)))
+ print("Error: Failed to validate data file: {} using schema: {}."
+ "\n Exception Message: \"{}\""
+ " ".format(driverjson_data, _schema, str(err)), file=sys.stderr)
+ raise JsonValidationException() from err
+
+
+def load_driver(schemas: Dict[str, Any], driver_file: str) -> Any:
+ """loads validated json driver"""
+ with open(file=driver_file, mode='r', encoding='UTF-8') as f:
+ json_data = json.load(f)
+ try:
+ validate_json(json_data, schemas)
+ except JsonValidationException as e:
+ raise DriverReaderException from e
+ return json_data
+
+
+def load_schemas(mbedtls_root: str) -> Dict[str, Any]:
+ """
+ Load schemas map
+ """
+ schema_file_paths = {
+ 'transparent': os.path.join(mbedtls_root,
+ 'scripts',
+ 'data_files',
+ 'driver_jsons',
+ 'driver_transparent_schema.json'),
+ 'opaque': os.path.join(mbedtls_root,
+ 'scripts',
+ 'data_files',
+ 'driver_jsons',
+ 'driver_opaque_schema.json')
+ }
+ driver_schema = {}
+ for key, file_path in schema_file_paths.items():
+ with open(file=file_path, mode='r', encoding='UTF-8') as file:
+ driver_schema[key] = json.load(file)
+ return driver_schema
+
+
+def read_driver_descriptions(mbedtls_root: str,
+ json_directory: str,
+ jsondriver_list: str) -> list:
+ """
+ Merge driver JSON files into a single ordered JSON after validation.
+ """
+ driver_schema = load_schemas(mbedtls_root)
+
+ with open(file=os.path.join(json_directory, jsondriver_list),
+ mode='r',
+ encoding='UTF-8') as driver_list_file:
+ driver_list = json.load(driver_list_file)
+
+ return [load_driver(schemas=driver_schema,
+ driver_file=os.path.join(json_directory, driver_file_name))
+ for driver_file_name in driver_list]
+
+
+def trace_exception(e: Exception, file=sys.stderr) -> None:
+ """Prints exception trace to the given TextIO handle"""
+ print("Exception: type: %s, message: %s, trace: %s" % (
+ e.__class__, str(e), format_tb(e.__traceback__)
+ ), file)
+
+
def main() -> int:
"""
Main with command line arguments.
"""
def_arg_mbedtls_root = build_tree.guess_mbedtls_root()
- def_arg_output_dir = os.path.join(def_arg_mbedtls_root, 'library')
parser = argparse.ArgumentParser()
- parser.add_argument('--mbedtls-root', nargs='?', default=def_arg_mbedtls_root,
+ parser.add_argument('--mbedtls-root', default=def_arg_mbedtls_root,
help='root directory of mbedtls source code')
+ parser.add_argument('--template-dir',
+ help='directory holding the driver templates')
+ parser.add_argument('--json-dir',
+ help='directory holding the driver JSONs')
parser.add_argument('output_directory', nargs='?',
- default=def_arg_output_dir, help='output file\'s location')
+ help='output file\'s location')
args = parser.parse_args()
mbedtls_root = os.path.abspath(args.mbedtls_root)
- output_directory = args.output_directory
- generate_driver_wrapper_file(mbedtls_root, output_directory)
+ output_directory = args.output_directory if args.output_directory is not None else \
+ os.path.join(mbedtls_root, 'library')
+ template_directory = args.template_dir if args.template_dir is not None else \
+ os.path.join(mbedtls_root,
+ 'scripts',
+ 'data_files',
+ 'driver_templates')
+ json_directory = args.json_dir if args.json_dir is not None else \
+ os.path.join(mbedtls_root,
+ 'scripts',
+ 'data_files',
+ 'driver_jsons')
+ try:
+ # Read and validate list of driver jsons from driverlist.json
+ merged_driver_json = read_driver_descriptions(mbedtls_root,
+ json_directory,
+ 'driverlist.json')
+ except DriverReaderException as e:
+ trace_exception(e)
+ return 1
+ generate_driver_wrapper_file(template_directory, output_directory, merged_driver_json)
return 0
+
if __name__ == '__main__':
sys.exit(main())
diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py
index c81770e..279668f 100644
--- a/scripts/mbedtls_dev/bignum_common.py
+++ b/scripts/mbedtls_dev/bignum_common.py
@@ -124,3 +124,43 @@
for b in cls.input_values
)
yield from cls.input_cases
+
+# BEGIN MERGE SLOT 1
+
+# END MERGE SLOT 1
+
+# BEGIN MERGE SLOT 2
+
+# END MERGE SLOT 2
+
+# BEGIN MERGE SLOT 3
+
+# END MERGE SLOT 3
+
+# BEGIN MERGE SLOT 4
+
+# END MERGE SLOT 4
+
+# BEGIN MERGE SLOT 5
+
+# END MERGE SLOT 5
+
+# BEGIN MERGE SLOT 6
+
+# END MERGE SLOT 6
+
+# BEGIN MERGE SLOT 7
+
+# END MERGE SLOT 7
+
+# BEGIN MERGE SLOT 8
+
+# END MERGE SLOT 8
+
+# BEGIN MERGE SLOT 9
+
+# END MERGE SLOT 9
+
+# BEGIN MERGE SLOT 10
+
+# END MERGE SLOT 10
diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py
index 2e64195..0cc86b8 100644
--- a/scripts/mbedtls_dev/bignum_core.py
+++ b/scripts/mbedtls_dev/bignum_core.py
@@ -29,6 +29,84 @@
target_basename = 'test_suite_bignum_core.generated'
+class BignumCoreShiftR(BignumCoreTarget, metaclass=ABCMeta):
+ """Test cases for mbedtls_bignum_core_shift_r()."""
+ count = 0
+ test_function = "mpi_core_shift_r"
+ test_name = "Core shift right"
+
+ DATA = [
+ ('00', '0', [0, 1, 8]),
+ ('01', '1', [0, 1, 2, 8, 64]),
+ ('dee5ca1a7ef10a75', '64-bit',
+ list(range(11)) + [31, 32, 33, 63, 64, 65, 71, 72]),
+ ('002e7ab0070ad57001', '[leading 0 limb]',
+ [0, 1, 8, 63, 64]),
+ ('a1055eb0bb1efa1150ff', '80-bit',
+ [0, 1, 8, 63, 64, 65, 72, 79, 80, 81, 88, 128, 129, 136]),
+ ('020100000000000000001011121314151617', '138-bit',
+ [0, 1, 8, 9, 16, 72, 73, 136, 137, 138, 144]),
+ ]
+
+ def __init__(self, input_hex: str, descr: str, count: int) -> None:
+ self.input_hex = input_hex
+ self.number_description = descr
+ self.shift_count = count
+ self.result = bignum_common.hex_to_int(input_hex) >> count
+
+ def arguments(self) -> List[str]:
+ return ['"{}"'.format(self.input_hex),
+ str(self.shift_count),
+ '"{:0{}x}"'.format(self.result, len(self.input_hex))]
+
+ def description(self) -> str:
+ return 'Core shift {} >> {}'.format(self.number_description,
+ self.shift_count)
+
+ @classmethod
+ def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
+ for input_hex, descr, counts in cls.DATA:
+ for count in counts:
+ yield cls(input_hex, descr, count).create_test_case()
+
+class BignumCoreCTLookup(BignumCoreTarget, metaclass=ABCMeta):
+ """Test cases for mbedtls_mpi_core_ct_uint_table_lookup()."""
+ test_function = "mpi_core_ct_uint_table_lookup"
+ test_name = "Constant time MPI table lookup"
+
+ bitsizes = [
+ (32, "One limb"),
+ (192, "Smallest curve sized"),
+ (512, "Largest curve sized"),
+ (2048, "Small FF/RSA sized"),
+ (4096, "Large FF/RSA sized"),
+ ]
+
+ window_sizes = [0, 1, 2, 3, 4, 5, 6]
+
+ def __init__(self,
+ bitsize: int, descr: str, window_size: int) -> None:
+ self.bitsize = bitsize
+ self.bitsize_description = descr
+ self.window_size = window_size
+
+ def arguments(self) -> List[str]:
+ return [str(self.bitsize), str(self.window_size)]
+
+ def description(self) -> str:
+ return '{} - {} MPI with {} bit window'.format(
+ BignumCoreCTLookup.test_name,
+ self.bitsize_description,
+ self.window_size
+ )
+
+ @classmethod
+ def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
+ for bitsize, bitsize_description in cls.bitsizes:
+ for window_size in cls.window_sizes:
+ yield (cls(bitsize, bitsize_description, window_size)
+ .create_test_case())
+
class BignumCoreOperation(bignum_common.OperationCommon, BignumCoreTarget, metaclass=ABCMeta):
#pylint: disable=abstract-method
"""Common features for bignum core operations."""
@@ -103,12 +181,12 @@
yield cls(a_value, b_value, 32).create_test_case()
yield cls(a_value, b_value, 64).create_test_case()
-class BignumCoreAddIf(BignumCoreOperationArchSplit):
- """Test cases for bignum core add if."""
+class BignumCoreAddAndAddIf(BignumCoreOperationArchSplit):
+ """Test cases for bignum core add and add-if."""
count = 0
symbol = "+"
- test_function = "mpi_core_add_if"
- test_name = "mbedtls_mpi_core_add_if"
+ test_function = "mpi_core_add_and_add_if"
+ test_name = "mpi_core_add_and_add_if"
def result(self) -> List[str]:
result = self.int_a + self.int_b
@@ -737,3 +815,43 @@
)
i += 1
print(generated_inputs)
+
+# BEGIN MERGE SLOT 1
+
+# END MERGE SLOT 1
+
+# BEGIN MERGE SLOT 2
+
+# END MERGE SLOT 2
+
+# BEGIN MERGE SLOT 3
+
+# END MERGE SLOT 3
+
+# BEGIN MERGE SLOT 4
+
+# END MERGE SLOT 4
+
+# BEGIN MERGE SLOT 5
+
+# END MERGE SLOT 5
+
+# BEGIN MERGE SLOT 6
+
+# END MERGE SLOT 6
+
+# BEGIN MERGE SLOT 7
+
+# END MERGE SLOT 7
+
+# BEGIN MERGE SLOT 8
+
+# END MERGE SLOT 8
+
+# BEGIN MERGE SLOT 9
+
+# END MERGE SLOT 9
+
+# BEGIN MERGE SLOT 10
+
+# END MERGE SLOT 10
diff --git a/scripts/mbedtls_dev/bignum_mod.py b/scripts/mbedtls_dev/bignum_mod.py
new file mode 100644
index 0000000..2bd7fbb
--- /dev/null
+++ b/scripts/mbedtls_dev/bignum_mod.py
@@ -0,0 +1,64 @@
+"""Framework classes for generation of bignum mod test cases."""
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from abc import ABCMeta
+
+from . import test_data_generation
+
+class BignumModTarget(test_data_generation.BaseTarget, metaclass=ABCMeta):
+ #pylint: disable=abstract-method
+ """Target for bignum mod test case generation."""
+ target_basename = 'test_suite_bignum_mod.generated'
+
+# BEGIN MERGE SLOT 1
+
+# END MERGE SLOT 1
+
+# BEGIN MERGE SLOT 2
+
+# END MERGE SLOT 2
+
+# BEGIN MERGE SLOT 3
+
+# END MERGE SLOT 3
+
+# BEGIN MERGE SLOT 4
+
+# END MERGE SLOT 4
+
+# BEGIN MERGE SLOT 5
+
+# END MERGE SLOT 5
+
+# BEGIN MERGE SLOT 6
+
+# END MERGE SLOT 6
+
+# BEGIN MERGE SLOT 7
+
+# END MERGE SLOT 7
+
+# BEGIN MERGE SLOT 8
+
+# END MERGE SLOT 8
+
+# BEGIN MERGE SLOT 9
+
+# END MERGE SLOT 9
+
+# BEGIN MERGE SLOT 10
+
+# END MERGE SLOT 10
diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py
new file mode 100644
index 0000000..2e059b2
--- /dev/null
+++ b/scripts/mbedtls_dev/bignum_mod_raw.py
@@ -0,0 +1,64 @@
+"""Framework classes for generation of bignum mod_raw test cases."""
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from abc import ABCMeta
+
+from . import test_data_generation
+
+class BignumModRawTarget(test_data_generation.BaseTarget, metaclass=ABCMeta):
+ #pylint: disable=abstract-method
+ """Target for bignum mod_raw test case generation."""
+ target_basename = 'test_suite_bignum_mod_raw.generated'
+
+# BEGIN MERGE SLOT 1
+
+# END MERGE SLOT 1
+
+# BEGIN MERGE SLOT 2
+
+# END MERGE SLOT 2
+
+# BEGIN MERGE SLOT 3
+
+# END MERGE SLOT 3
+
+# BEGIN MERGE SLOT 4
+
+# END MERGE SLOT 4
+
+# BEGIN MERGE SLOT 5
+
+# END MERGE SLOT 5
+
+# BEGIN MERGE SLOT 6
+
+# END MERGE SLOT 6
+
+# BEGIN MERGE SLOT 7
+
+# END MERGE SLOT 7
+
+# BEGIN MERGE SLOT 8
+
+# END MERGE SLOT 8
+
+# BEGIN MERGE SLOT 9
+
+# END MERGE SLOT 9
+
+# BEGIN MERGE SLOT 10
+
+# END MERGE SLOT 10
diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h
index 0a22c54..7483f1c 100644
--- a/tests/configs/tls13-only.h
+++ b/tests/configs/tls13-only.h
@@ -22,9 +22,11 @@
* limitations under the License.
*/
+/* Enable TLS 1.3 and core 1.3 features */
#define MBEDTLS_SSL_PROTO_TLS1_3
#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+/* Disable TLS 1.2 and 1.2-specific features */
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#undef MBEDTLS_SSL_PROTO_TLS1_2
@@ -32,3 +34,6 @@
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/* Enable some invasive tests */
+#define MBEDTLS_TEST_HOOKS
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 6187d17..09a0689 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -276,6 +276,9 @@
server5-othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
+server5-nonprintable_othername.crt: server5.key
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
+
server5-unsupported_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
diff --git a/tests/data_files/dh.optlen.der b/tests/data_files/dh.optlen.der
new file mode 100644
index 0000000..3c3bf17
--- /dev/null
+++ b/tests/data_files/dh.optlen.der
Binary files differ
diff --git a/tests/data_files/server1.key_ext_usage.crt b/tests/data_files/server1.key_ext_usage.crt
new file mode 100644
index 0000000..bbe2c35
--- /dev/null
+++ b/tests/data_files/server1.key_ext_usage.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVzCCAj+gAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o2UwYzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAWBgNVHSUBAf8EDDAKBggr
+BgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAegtCN4EObE69RjW1hKUEQ/InrIsf
+poKIgJCh3sck+FYKjcsMhRPBztnZaqjvkLnmCcq0Yv7uUDThHsNuu+NbeVr4flZL
+gUoSSdHXYrJ8qDYez6oGoxttoZ33sqD3LQfzWZhDoTyjGUHTiWaA6KidCsWzkhKY
+aNXF7O8dHO7k06I2UWt7SKbBm1dPj8OM4285kkQ7KCpG27ABtHePkp9aG66O/ktD
+GbZs0AaYpeVnB9v1vSp6xInDCWydDFbmEE0mzAQr285UU07QEpnU1W/2qZHfLxnQ
+GiDpR5pxoKXkskj2VuHPZPqbIkv9v2+bjeyXHDRSL7Rj087xhD5uXKb9fw==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.key_ext_usages.crt b/tests/data_files/server1.key_ext_usages.crt
new file mode 100644
index 0000000..0c3d963
--- /dev/null
+++ b/tests/data_files/server1.key_ext_usages.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o28wbTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAgBgNVHSUBAf8EFjAUBggr
+BgEFBQcDAwYIKwYBBQUHAwgwDQYJKoZIhvcNAQEFBQADggEBADIT9M10vT5yzMSR
+GaaImXjyTRIBK683Vxnq5jqAJ75KzNUC52aiCOfd9/hAMkq3Pj+r6tIsH+jsl5PL
+E4iv8GVDlbjA57icTD30XbolL4YPUvZYclxVopfRhTiDa5KJ1lYkUwWAE/Glj66Q
+WO7Hihl+GYXap2e7dBZ7hGHdv6J1gRfA1OW6iB23Wl4xb0Y1CGc16yJZwuFbtbwM
+w8z8a0XNd2UQTYesYlIvVpVcx2atgkbZwehPWGNCLGngz60fultj7JdLuUHi+r0z
+DtjbSPsHDZDAer6ZxjaA4hkcnppacFttC+deD8bQ8+2JjHF6Gb/MBnaYIbOZOBgC
+8CPIBjk=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-nonprintable_othername.crt b/tests/data_files/server5-nonprintable_othername.crt
new file mode 100644
index 0000000..9470bbe
--- /dev/null
+++ b/tests/data_files/server5-nonprintable_othername.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg
+b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x
+CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU
+TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
+6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF
+BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC
+IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT
+3vnWdvcHRIAdXA0kh+mcBMaXk9B0
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 64347de..3bb2379 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -15,6 +15,9 @@
[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
+[nonprintable_othername_san]
+subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
+
[unsupoported_othername_san]
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
@@ -34,6 +37,10 @@
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456
+[nonprintable_hw_module_name]
+hwtype = OID:1.3.6.1.4.1.17.3
+hwserial = FORMAT:HEX, OCT:3132338081008180333231
+
[v3_any_policy_ca]
basicConstraints = CA:true
certificatePolicies = 2.5.29.32.0
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
index 098b21a..b3c29e4 100644
--- a/tests/include/test/drivers/test_driver.h
+++ b/tests/include/test/drivers/test_driver.h
@@ -20,6 +20,14 @@
#ifndef PSA_CRYPTO_TEST_DRIVER_H
#define PSA_CRYPTO_TEST_DRIVER_H
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#ifndef PSA_CRYPTO_DRIVER_PRESENT
+#define PSA_CRYPTO_DRIVER_PRESENT
+#endif
+#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#endif
+
#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff
#include "test/drivers/aead.h"
@@ -30,4 +38,5 @@
#include "test/drivers/signature.h"
#include "test/drivers/asymmetric_encryption.h"
+#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh
index 5a71d1c..7f9d46f 100755
--- a/tests/opt-testcases/tls13-compat.sh
+++ b/tests/opt-testcases/tls13-compat.sh
@@ -20,14 +20,14 @@
# Purpose
#
# List TLS1.3 compat test cases. They are generated by
-# `./tests/scripts/generate_tls13_compat_tests.py -a -o tests/opt-testcases/tls13-compat.sh`.
+# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
#
# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
# AND REGENERATE THIS FILE.
#
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
@@ -38,12 +38,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
@@ -54,12 +54,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
@@ -70,12 +70,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -87,12 +87,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
@@ -103,12 +103,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
@@ -119,12 +119,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
@@ -135,12 +135,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -152,12 +152,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
@@ -168,12 +168,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
@@ -184,12 +184,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
@@ -200,12 +200,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -217,12 +217,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
@@ -233,12 +233,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
@@ -249,12 +249,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
@@ -265,12 +265,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -282,12 +282,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
@@ -298,12 +298,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
@@ -314,12 +314,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
@@ -330,12 +330,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -347,12 +347,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
@@ -363,12 +363,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
@@ -379,12 +379,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
@@ -395,12 +395,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -412,12 +412,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
@@ -428,12 +428,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
@@ -444,12 +444,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
@@ -460,12 +460,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -477,12 +477,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
@@ -493,12 +493,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
@@ -509,12 +509,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
@@ -525,12 +525,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -542,12 +542,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
@@ -558,12 +558,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
@@ -574,12 +574,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
@@ -590,12 +590,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -607,12 +607,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
@@ -623,12 +623,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
@@ -639,12 +639,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
@@ -655,12 +655,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -672,12 +672,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
@@ -688,12 +688,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
@@ -704,12 +704,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
@@ -720,12 +720,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -737,12 +737,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
@@ -753,12 +753,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
@@ -769,12 +769,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
@@ -785,12 +785,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -802,12 +802,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
@@ -818,12 +818,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
@@ -834,12 +834,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
@@ -850,12 +850,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -867,12 +867,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
@@ -883,12 +883,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
@@ -899,12 +899,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
@@ -915,12 +915,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -932,12 +932,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
@@ -948,12 +948,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
@@ -964,12 +964,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
@@ -980,12 +980,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -997,12 +997,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
@@ -1013,12 +1013,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
@@ -1029,12 +1029,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
@@ -1045,12 +1045,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1062,12 +1062,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
@@ -1078,12 +1078,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
@@ -1094,12 +1094,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
@@ -1110,12 +1110,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1127,12 +1127,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
@@ -1143,12 +1143,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
@@ -1159,12 +1159,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
@@ -1175,12 +1175,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1192,12 +1192,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
@@ -1208,12 +1208,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
@@ -1224,12 +1224,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
@@ -1240,12 +1240,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1257,12 +1257,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
@@ -1273,12 +1273,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
@@ -1289,12 +1289,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
@@ -1305,12 +1305,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1322,12 +1322,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
@@ -1338,12 +1338,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
@@ -1354,12 +1354,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
@@ -1370,12 +1370,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1387,12 +1387,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
@@ -1403,12 +1403,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
@@ -1419,12 +1419,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
@@ -1435,12 +1435,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1452,12 +1452,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
@@ -1468,12 +1468,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
@@ -1484,12 +1484,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
@@ -1500,12 +1500,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1517,12 +1517,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
@@ -1533,12 +1533,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
@@ -1549,12 +1549,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
@@ -1565,12 +1565,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1582,12 +1582,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
@@ -1598,12 +1598,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
@@ -1614,12 +1614,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
@@ -1630,12 +1630,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_openssl_tls1_3
@@ -1647,12 +1647,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1665,12 +1665,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1683,12 +1683,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1701,12 +1701,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -1720,12 +1720,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1738,12 +1738,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1756,12 +1756,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1774,12 +1774,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -1793,12 +1793,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1811,12 +1811,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1829,12 +1829,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1847,12 +1847,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -1866,12 +1866,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1884,12 +1884,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1902,12 +1902,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1920,12 +1920,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -1939,12 +1939,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1957,12 +1957,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1975,12 +1975,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1993,12 +1993,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2012,12 +2012,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2030,12 +2030,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2048,12 +2048,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2066,12 +2066,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2085,12 +2085,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2103,12 +2103,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2121,12 +2121,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2139,12 +2139,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2158,12 +2158,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2176,12 +2176,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2194,12 +2194,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2212,12 +2212,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2231,12 +2231,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2249,12 +2249,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2267,12 +2267,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2285,12 +2285,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2304,12 +2304,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2322,12 +2322,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2340,12 +2340,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2358,12 +2358,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2377,12 +2377,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2395,12 +2395,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2413,12 +2413,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2431,12 +2431,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2450,12 +2450,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2468,12 +2468,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2486,12 +2486,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2504,12 +2504,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2523,12 +2523,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2541,12 +2541,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2559,12 +2559,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2577,12 +2577,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2596,12 +2596,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2614,12 +2614,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2632,12 +2632,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2650,12 +2650,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2669,12 +2669,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2687,12 +2687,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2705,12 +2705,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2723,12 +2723,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2742,12 +2742,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2760,12 +2760,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2778,12 +2778,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2796,12 +2796,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2815,12 +2815,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2833,12 +2833,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2851,12 +2851,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2869,12 +2869,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2888,12 +2888,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2906,12 +2906,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2924,12 +2924,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2942,12 +2942,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -2961,12 +2961,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2979,12 +2979,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2997,12 +2997,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3015,12 +3015,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -3034,12 +3034,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3052,12 +3052,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3070,12 +3070,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3088,12 +3088,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -3107,12 +3107,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3125,12 +3125,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3143,12 +3143,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3161,12 +3161,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -3180,12 +3180,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3198,12 +3198,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3216,12 +3216,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3234,12 +3234,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -3253,12 +3253,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3271,12 +3271,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3289,12 +3289,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3307,12 +3307,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -3326,12 +3326,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3344,12 +3344,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3362,12 +3362,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3380,12 +3380,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -3399,12 +3399,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3417,12 +3417,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3435,12 +3435,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3453,12 +3453,12 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_gnutls_tls1_3
@@ -3472,13 +3472,13 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3495,7 +3495,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3512,7 +3512,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3529,7 +3529,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -3547,7 +3547,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3564,7 +3564,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3581,7 +3581,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3598,7 +3598,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -3616,7 +3616,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3633,7 +3633,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3650,7 +3650,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3667,7 +3667,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -3685,7 +3685,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3702,7 +3702,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3719,7 +3719,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3736,7 +3736,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -3754,7 +3754,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3771,7 +3771,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3788,7 +3788,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3805,7 +3805,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -3823,7 +3823,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3840,7 +3840,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3857,7 +3857,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3874,7 +3874,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
@@ -3892,7 +3892,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3909,7 +3909,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3926,7 +3926,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3943,7 +3943,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
@@ -3961,7 +3961,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3978,7 +3978,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -3995,7 +3995,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4012,7 +4012,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
@@ -4030,7 +4030,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4047,7 +4047,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4064,7 +4064,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4081,7 +4081,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
@@ -4099,7 +4099,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4116,7 +4116,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4133,7 +4133,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4150,7 +4150,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
@@ -4168,7 +4168,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4185,7 +4185,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4202,7 +4202,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4219,7 +4219,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -4237,7 +4237,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4254,7 +4254,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4271,7 +4271,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4288,7 +4288,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -4306,7 +4306,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4323,7 +4323,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4340,7 +4340,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4357,7 +4357,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -4375,7 +4375,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4392,7 +4392,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4409,7 +4409,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4426,7 +4426,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -4444,7 +4444,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4461,7 +4461,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4478,7 +4478,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4495,7 +4495,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -4513,7 +4513,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4530,7 +4530,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4547,7 +4547,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4564,7 +4564,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -4582,7 +4582,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4599,7 +4599,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4616,7 +4616,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4633,7 +4633,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -4651,7 +4651,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4668,7 +4668,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4685,7 +4685,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4702,7 +4702,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -4720,7 +4720,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4737,7 +4737,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4754,7 +4754,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4771,7 +4771,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -4789,7 +4789,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4806,7 +4806,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4823,7 +4823,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4840,7 +4840,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -4858,7 +4858,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4875,7 +4875,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4892,7 +4892,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4909,7 +4909,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -4927,7 +4927,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4944,7 +4944,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4961,7 +4961,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -4978,7 +4978,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -4996,7 +4996,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -5013,7 +5013,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -5030,7 +5030,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -5047,7 +5047,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -5065,7 +5065,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -5082,7 +5082,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -5099,7 +5099,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -5116,7 +5116,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -5134,7 +5134,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -5151,7 +5151,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -5168,7 +5168,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -5185,7 +5185,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -5205,7 +5205,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5224,7 +5224,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5243,7 +5243,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5262,7 +5262,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -5282,7 +5282,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5301,7 +5301,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5320,7 +5320,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5339,7 +5339,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -5359,7 +5359,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5378,7 +5378,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5397,7 +5397,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5416,7 +5416,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -5436,7 +5436,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5455,7 +5455,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5474,7 +5474,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5493,7 +5493,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -5513,7 +5513,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5532,7 +5532,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5551,7 +5551,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5570,7 +5570,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -5590,7 +5590,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5609,7 +5609,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5628,7 +5628,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5647,7 +5647,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
@@ -5667,7 +5667,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5686,7 +5686,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5705,7 +5705,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5724,7 +5724,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
@@ -5744,7 +5744,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5763,7 +5763,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5782,7 +5782,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5801,7 +5801,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
@@ -5821,7 +5821,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5840,7 +5840,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5859,7 +5859,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5878,7 +5878,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
@@ -5898,7 +5898,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5917,7 +5917,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5936,7 +5936,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5955,7 +5955,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
@@ -5975,7 +5975,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -5994,7 +5994,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6013,7 +6013,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6032,7 +6032,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -6052,7 +6052,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6071,7 +6071,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6090,7 +6090,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6109,7 +6109,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -6129,7 +6129,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6148,7 +6148,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6167,7 +6167,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6186,7 +6186,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -6206,7 +6206,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6225,7 +6225,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6244,7 +6244,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6263,7 +6263,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -6283,7 +6283,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6302,7 +6302,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6321,7 +6321,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6340,7 +6340,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -6360,7 +6360,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6379,7 +6379,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6398,7 +6398,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6417,7 +6417,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -6437,7 +6437,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6456,7 +6456,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6475,7 +6475,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6494,7 +6494,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -6514,7 +6514,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6533,7 +6533,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6552,7 +6552,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6571,7 +6571,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -6591,7 +6591,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6610,7 +6610,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6629,7 +6629,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6648,7 +6648,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -6668,7 +6668,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6687,7 +6687,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6706,7 +6706,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6725,7 +6725,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -6745,7 +6745,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6764,7 +6764,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6783,7 +6783,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6802,7 +6802,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -6822,7 +6822,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6841,7 +6841,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6860,7 +6860,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6879,7 +6879,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -6899,7 +6899,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6918,7 +6918,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6937,7 +6937,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6956,7 +6956,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -6976,7 +6976,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -6995,7 +6995,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -7014,7 +7014,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -7033,7 +7033,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -7053,7 +7053,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -7072,7 +7072,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -7091,7 +7091,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -7110,7 +7110,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -7127,11 +7127,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7141,7 +7141,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -7151,11 +7151,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7165,7 +7165,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -7175,11 +7175,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7189,7 +7189,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -7199,12 +7199,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -7215,7 +7215,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -7225,11 +7225,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7239,7 +7239,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -7249,11 +7249,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7263,7 +7263,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -7273,11 +7273,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7287,7 +7287,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -7297,12 +7297,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -7313,7 +7313,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -7323,11 +7323,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7337,7 +7337,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -7347,11 +7347,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7361,7 +7361,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -7371,11 +7371,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7385,7 +7385,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -7395,12 +7395,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -7411,7 +7411,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -7421,11 +7421,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7435,7 +7435,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -7445,11 +7445,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7459,7 +7459,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -7469,11 +7469,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7483,7 +7483,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -7493,12 +7493,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -7509,7 +7509,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -7519,11 +7519,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7533,7 +7533,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -7543,11 +7543,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7557,7 +7557,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -7567,11 +7567,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7581,7 +7581,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -7591,12 +7591,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -7607,7 +7607,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -7617,11 +7617,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7631,7 +7631,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -7641,11 +7641,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7655,7 +7655,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -7665,11 +7665,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7679,7 +7679,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -7689,12 +7689,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
@@ -7705,7 +7705,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -7715,11 +7715,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7729,7 +7729,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -7739,11 +7739,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7753,7 +7753,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -7763,11 +7763,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7777,7 +7777,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -7787,12 +7787,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
@@ -7803,7 +7803,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -7813,11 +7813,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7827,7 +7827,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -7837,11 +7837,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7851,7 +7851,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -7861,11 +7861,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7875,7 +7875,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -7885,12 +7885,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
@@ -7901,7 +7901,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -7911,11 +7911,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7925,7 +7925,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -7935,11 +7935,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7949,7 +7949,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -7959,11 +7959,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -7973,7 +7973,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -7983,12 +7983,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
@@ -7999,7 +7999,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8009,11 +8009,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8023,7 +8023,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8033,11 +8033,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8047,7 +8047,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8057,11 +8057,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8071,7 +8071,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8081,12 +8081,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
@@ -8097,7 +8097,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8107,11 +8107,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8121,7 +8121,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8131,11 +8131,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8145,7 +8145,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8155,11 +8155,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8169,7 +8169,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8179,12 +8179,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -8195,7 +8195,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8205,11 +8205,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8219,7 +8219,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8229,11 +8229,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8243,7 +8243,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8253,11 +8253,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8267,7 +8267,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8277,12 +8277,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -8293,7 +8293,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8303,11 +8303,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8317,7 +8317,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8327,11 +8327,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8341,7 +8341,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8351,11 +8351,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8365,7 +8365,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8375,12 +8375,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -8391,7 +8391,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8401,11 +8401,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8415,7 +8415,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8425,11 +8425,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8439,7 +8439,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8449,11 +8449,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8463,7 +8463,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8473,12 +8473,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -8489,7 +8489,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8499,11 +8499,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8513,7 +8513,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8523,11 +8523,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8537,7 +8537,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8547,11 +8547,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8561,7 +8561,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8571,12 +8571,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -8587,7 +8587,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8597,11 +8597,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8611,7 +8611,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8621,11 +8621,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8635,7 +8635,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8645,11 +8645,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8659,7 +8659,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8669,12 +8669,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -8685,7 +8685,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8695,11 +8695,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8709,7 +8709,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8719,11 +8719,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8733,7 +8733,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8743,11 +8743,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8757,7 +8757,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8767,12 +8767,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -8783,7 +8783,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8793,11 +8793,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8807,7 +8807,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8817,11 +8817,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8831,7 +8831,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8841,11 +8841,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8855,7 +8855,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8865,12 +8865,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -8881,7 +8881,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8891,11 +8891,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8905,7 +8905,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -8915,11 +8915,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8929,7 +8929,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -8939,11 +8939,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -8953,7 +8953,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -8963,12 +8963,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -8979,7 +8979,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -8989,11 +8989,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9003,7 +9003,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -9013,11 +9013,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9027,7 +9027,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -9037,11 +9037,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9051,7 +9051,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -9061,12 +9061,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -9077,7 +9077,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -9087,11 +9087,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9101,7 +9101,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -9111,11 +9111,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9125,7 +9125,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -9135,11 +9135,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9149,7 +9149,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -9159,12 +9159,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
@@ -9175,7 +9175,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -9185,11 +9185,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9199,7 +9199,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -9209,11 +9209,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9223,7 +9223,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -9233,11 +9233,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9247,7 +9247,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -9257,12 +9257,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
@@ -9273,7 +9273,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -9283,11 +9283,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9297,7 +9297,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -9307,11 +9307,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9321,7 +9321,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -9331,11 +9331,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9345,7 +9345,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -9355,12 +9355,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
@@ -9371,7 +9371,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -9381,11 +9381,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9395,7 +9395,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -9405,11 +9405,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9419,7 +9419,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -9429,11 +9429,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9443,7 +9443,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -9453,12 +9453,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
@@ -9469,7 +9469,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -9479,11 +9479,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9493,7 +9493,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x403" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
@@ -9503,11 +9503,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9517,7 +9517,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x503" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
@@ -9527,11 +9527,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -9541,7 +9541,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x603" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
@@ -9551,12 +9551,12 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
@@ -9567,7 +9567,7 @@
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
-s "received signature algorithm: 0x804" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
@@ -9577,7 +9577,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
@@ -9586,12 +9586,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp384r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
@@ -9600,12 +9600,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp521r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
@@ -9614,12 +9614,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x25519"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
@@ -9628,12 +9628,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x448"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
@@ -9642,12 +9642,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp256r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
@@ -9656,12 +9656,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp521r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
@@ -9670,12 +9670,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x25519"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
@@ -9684,12 +9684,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x448"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
@@ -9698,12 +9698,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp256r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
@@ -9712,12 +9712,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp384r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
@@ -9726,12 +9726,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x25519"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
@@ -9740,12 +9740,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x448"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
@@ -9754,12 +9754,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp256r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
@@ -9768,12 +9768,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp384r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
@@ -9782,12 +9782,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp521r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
@@ -9796,12 +9796,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x448"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
@@ -9810,12 +9810,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp256r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
@@ -9824,12 +9824,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp384r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
@@ -9838,12 +9838,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp521r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_openssl_tls1_3
run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
@@ -9852,12 +9852,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x25519"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -9868,12 +9868,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp384r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -9884,12 +9884,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp521r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -9900,12 +9900,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x25519"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -9916,12 +9916,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x448"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -9932,12 +9932,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp256r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -9948,12 +9948,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp521r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -9964,12 +9964,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x25519"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -9980,12 +9980,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x448"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -9996,12 +9996,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp256r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10012,12 +10012,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp384r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10028,12 +10028,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x25519"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10044,12 +10044,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x448"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10060,12 +10060,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp256r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10076,12 +10076,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp384r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10092,12 +10092,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp521r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10108,12 +10108,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x448"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10124,12 +10124,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp256r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10140,12 +10140,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp384r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10156,12 +10156,12 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: secp521r1"
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10172,13 +10172,13 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-s "HRR selected_group: x25519"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10195,7 +10195,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10212,7 +10212,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10229,7 +10229,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10246,7 +10246,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10263,7 +10263,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10280,7 +10280,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10297,7 +10297,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10314,7 +10314,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10331,7 +10331,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10348,7 +10348,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10365,7 +10365,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10382,7 +10382,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10399,7 +10399,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10416,7 +10416,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10433,7 +10433,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10450,7 +10450,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10467,7 +10467,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10484,7 +10484,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10501,7 +10501,7 @@
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
@@ -10520,7 +10520,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10539,7 +10539,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10558,7 +10558,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10577,7 +10577,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10596,7 +10596,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10615,7 +10615,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10634,7 +10634,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10653,7 +10653,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10672,7 +10672,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10691,7 +10691,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10710,7 +10710,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10729,7 +10729,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10748,7 +10748,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10767,7 +10767,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10786,7 +10786,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10805,7 +10805,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10824,7 +10824,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10843,7 +10843,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10862,7 +10862,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10881,7 +10881,7 @@
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
@@ -10897,11 +10897,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -10909,7 +10909,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: secp384r1 ( 18 )" \
@@ -10920,11 +10920,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -10932,7 +10932,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: secp521r1 ( 19 )" \
@@ -10943,11 +10943,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -10955,7 +10955,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: x25519 ( 1d )" \
@@ -10966,11 +10966,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -10978,7 +10978,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp256r1 ( 17 )" \
-c "NamedGroup: x448 ( 1e )" \
@@ -10989,11 +10989,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11001,7 +11001,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: secp256r1 ( 17 )" \
@@ -11012,11 +11012,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11024,7 +11024,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: secp521r1 ( 19 )" \
@@ -11035,11 +11035,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11047,7 +11047,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: x25519 ( 1d )" \
@@ -11058,11 +11058,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11070,7 +11070,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp384r1 ( 18 )" \
-c "NamedGroup: x448 ( 1e )" \
@@ -11081,11 +11081,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11093,7 +11093,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: secp256r1 ( 17 )" \
@@ -11104,11 +11104,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11116,7 +11116,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: secp384r1 ( 18 )" \
@@ -11127,11 +11127,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11139,7 +11139,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: x25519 ( 1d )" \
@@ -11150,11 +11150,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11162,7 +11162,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: secp521r1 ( 19 )" \
-c "NamedGroup: x448 ( 1e )" \
@@ -11173,11 +11173,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11185,7 +11185,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: secp256r1 ( 17 )" \
@@ -11196,11 +11196,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11208,7 +11208,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: secp384r1 ( 18 )" \
@@ -11219,11 +11219,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11231,7 +11231,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: secp521r1 ( 19 )" \
@@ -11242,11 +11242,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11254,7 +11254,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x448(001e)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: x25519 ( 1d )" \
-c "NamedGroup: x448 ( 1e )" \
@@ -11265,11 +11265,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11277,7 +11277,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp256r1(0017)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: secp256r1 ( 17 )" \
@@ -11288,11 +11288,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11300,7 +11300,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp384r1(0018)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: secp384r1 ( 18 )" \
@@ -11311,11 +11311,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11323,7 +11323,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: secp521r1(0019)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: secp521r1 ( 19 )" \
@@ -11334,11 +11334,11 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -11346,7 +11346,7 @@
0 \
-s "Protocol is TLSv1.3" \
-s "got named group: x25519(001d)" \
- -s "Verifying peer X.509 certificate... ok" \
+ -s "Certificate verification was skipped" \
-c "Protocol is TLSv1.3" \
-c "NamedGroup: x448 ( 1e )" \
-c "NamedGroup: x25519 ( 1d )" \
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index c8586d2..4f62ed6 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -32,9 +32,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-# SOME_ECDHE_ENABLED?
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+
run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -52,9 +51,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-# SOME_ECDHE_ENABLED?
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+
run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
@@ -228,7 +226,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -245,7 +243,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: all/psk, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -264,7 +262,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -282,7 +280,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -300,7 +298,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -319,7 +317,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -337,7 +335,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -355,8 +353,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -375,8 +372,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -394,8 +390,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -413,8 +408,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -433,8 +427,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -452,8 +445,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -471,8 +463,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -489,8 +480,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -509,8 +500,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -528,8 +519,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -547,8 +538,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -567,8 +558,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -586,8 +577,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -605,8 +596,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -625,8 +616,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -644,8 +635,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -663,8 +654,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -683,8 +674,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -702,8 +693,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -721,8 +712,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -741,8 +732,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -760,8 +751,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -779,8 +770,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -799,8 +790,9 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -819,8 +811,9 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -838,8 +831,9 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -857,8 +851,9 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -877,8 +872,9 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -896,8 +892,9 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -915,8 +912,9 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -935,8 +933,9 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -954,8 +953,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
@@ -974,8 +973,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -994,8 +993,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -1013,8 +1012,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -1033,8 +1032,8 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \
@@ -1052,8 +1051,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \
@@ -1067,8 +1065,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \
@@ -1082,8 +1079,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \
@@ -1097,8 +1093,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \
@@ -1112,8 +1107,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \
@@ -1127,7 +1121,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1143,7 +1137,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: all/psk, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1161,7 +1155,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1178,7 +1172,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1195,8 +1189,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1214,8 +1207,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1232,8 +1224,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1250,8 +1241,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1269,8 +1259,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1287,8 +1276,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1305,8 +1293,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1324,8 +1312,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1342,8 +1330,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1360,8 +1348,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1379,8 +1367,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1397,8 +1385,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1415,8 +1403,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1434,8 +1422,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1452,8 +1440,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1470,8 +1458,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1489,8 +1477,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1507,8 +1495,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1525,8 +1513,9 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1544,8 +1533,9 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1562,8 +1552,9 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1580,8 +1571,9 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/all, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1599,8 +1591,9 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1617,8 +1610,9 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1635,8 +1629,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg \
@@ -1654,8 +1648,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1673,8 +1667,8 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \
@@ -1691,8 +1685,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \
@@ -1705,8 +1698,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \
@@ -1719,8 +1711,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \
@@ -1733,8 +1724,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \
@@ -1747,8 +1737,7 @@
requires_openssl_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \
@@ -1760,9 +1749,8 @@
-S "key exchange mode: ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
"$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
@@ -1774,11 +1762,10 @@
-S "key exchange mode: ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
@@ -1797,6 +1784,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: m->m: psk/psk, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
@@ -1810,6 +1798,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
@@ -1822,6 +1811,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
@@ -1834,6 +1824,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
@@ -1846,6 +1838,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
@@ -1858,6 +1852,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
@@ -1870,6 +1867,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk/psk_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
@@ -1883,6 +1882,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
@@ -1896,6 +1897,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
@@ -1908,6 +1911,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk/all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
@@ -1921,6 +1927,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \
@@ -1934,6 +1943,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \
@@ -1947,6 +1959,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
@@ -1959,6 +1973,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
@@ -1972,6 +1987,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
@@ -1985,6 +2001,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
@@ -1998,8 +2015,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
@@ -2011,6 +2028,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
@@ -2025,8 +2044,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
@@ -2039,6 +2058,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \
@@ -2051,6 +2072,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
@@ -2064,6 +2087,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
@@ -2077,6 +2102,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
@@ -2089,6 +2116,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
@@ -2102,6 +2132,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \
@@ -2114,6 +2147,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
@@ -2127,6 +2163,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
@@ -2136,6 +2174,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
@@ -2145,6 +2185,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
@@ -2155,6 +2196,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
@@ -2165,6 +2208,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
@@ -2174,6 +2220,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral/all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
@@ -2185,6 +2234,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2197,6 +2249,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2210,6 +2264,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
@@ -2222,6 +2278,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2234,6 +2292,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2248,6 +2308,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2261,6 +2323,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
@@ -2274,6 +2338,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2286,6 +2352,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2299,6 +2368,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
@@ -2312,6 +2384,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2324,6 +2399,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2337,6 +2415,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \
@@ -2350,6 +2431,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2363,6 +2447,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/psk, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2376,6 +2462,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
@@ -2388,6 +2476,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2400,6 +2490,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2413,6 +2505,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
@@ -2426,6 +2520,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2438,6 +2534,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2449,6 +2548,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2462,6 +2564,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
@@ -2474,6 +2579,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2486,6 +2594,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/psk_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2499,6 +2609,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
@@ -2512,6 +2624,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2524,6 +2638,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2537,6 +2654,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \
@@ -2549,6 +2669,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2562,6 +2685,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/psk, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2575,6 +2701,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
@@ -2588,6 +2717,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2600,6 +2732,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2613,6 +2748,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
@@ -2626,6 +2764,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2638,6 +2779,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/ephemeral, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2651,6 +2795,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/ephemeral_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2664,6 +2811,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
@@ -2678,6 +2828,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2690,6 +2843,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/psk_all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2703,6 +2859,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
@@ -2716,6 +2875,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2728,6 +2890,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/all, good" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2741,6 +2906,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \
@@ -2754,6 +2922,9 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \
"$P_SRV nbio=2 debug_level=5 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
"$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2769,8 +2940,7 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: m->O: psk/all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
@@ -2788,11 +2958,10 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
- "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
+ "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
@@ -2807,8 +2976,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: psk_all/all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
@@ -2826,11 +2995,11 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
- "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
+ "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
0 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
@@ -2846,8 +3015,7 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
@@ -2865,11 +3033,10 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
- "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
+ "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
0 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
@@ -2885,16 +3052,11 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: ephemeral/all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
0 \
- -c "=> write client hello" \
- -c "skip psk_key_exchange_modes extension" \
- -c "<= write client hello" \
- -c "found key_shares extension" \
-c "Selected key exchange mode: ephemeral" \
-c "HTTP/1.0 200 ok"
@@ -2903,16 +3065,11 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
"$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
0 \
- -c "=> write client hello" \
- -c "skip psk_key_exchange_modes extension" \
- -c "<= write client hello" \
- -c "found key_shares extension" \
-c "Selected key exchange mode: ephemeral" \
-c "HTTP/1.0 200 ok"
@@ -2922,8 +3079,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: ephemeral_all/all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2941,8 +3098,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
"$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
@@ -2961,8 +3118,9 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: all/all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -2980,8 +3138,9 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->O: all/ephemeral_all, good" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \
"$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
@@ -3000,8 +3159,9 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: m->G: psk/all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
0 \
-c "=> write client hello" \
@@ -3019,8 +3179,9 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \
1 \
-c "=> write client hello" \
@@ -3038,8 +3199,10 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: psk_all/all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
0 \
-c "=> write client hello" \
@@ -3049,7 +3212,7 @@
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
- -c "Selected key exchange mode: psk$" \
+ -c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -3057,10 +3220,12 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: m->G: psk_all/ephemeral_all, fail - no fallback" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \
- 1 \
+ 0 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
@@ -3068,7 +3233,8 @@
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
- -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
+ -c "Selected key exchange mode: psk_ephemeral" \
+ -c "HTTP/1.0 200 OK"
#GNUTLS-SERVER psk_ephemeral mode
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -3076,8 +3242,9 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
0 \
-c "=> write client hello" \
@@ -3095,8 +3262,9 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \
0 \
-c "=> write client hello" \
@@ -3115,14 +3283,11 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: ephemeral/all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
0 \
- -c "=> write client hello" \
- -c "skip psk_key_exchange_modes extension" \
- -s "Not sending extension (PSK Key Exchange Modes/45)" \
- -c "<= write client hello" \
-c "Selected key exchange mode: ephemeral" \
-c "HTTP/1.0 200 OK"
@@ -3131,14 +3296,11 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \
0 \
- -c "=> write client hello" \
- -c "skip psk_key_exchange_modes extension" \
- -s "Not sending extension (PSK Key Exchange Modes/45)" \
- -c "<= write client hello" \
-c "Selected key exchange mode: ephemeral" \
-c "HTTP/1.0 200 OK"
@@ -3148,8 +3310,10 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: ephemeral_all/all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
0 \
-c "=> write client hello" \
@@ -3167,8 +3331,10 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \
0 \
-c "=> write client hello" \
@@ -3187,8 +3353,11 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: all/all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
0 \
-c "=> write client hello" \
@@ -3198,7 +3367,7 @@
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
- -c "Selected key exchange mode: psk$" \
+ -c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -3206,8 +3375,11 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: m->G: all/ephemeral_all, good" \
- "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+CIPHER-ALL --pskpasswd=data_files/simplepass.psk" \
+ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \
"$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
0 \
-c "=> write client hello" \
@@ -3217,5 +3389,5 @@
-s "Parsing extension 'PSK Key Exchange Modes/45'" \
-s "Parsing extension 'Pre Shared Key/41'" \
-c "<= write client hello" \
- -c "Selected key exchange mode: ephemeral" \
+ -c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 OK"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 61d675f..9295c9d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1542,12 +1542,15 @@
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
scripts/config.py full
- CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On .
+ CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 .
make
msg "test: main suites (full config, clang)" # ~ 5s
make test
+ msg "test: cpp_dummy_build (full config, clang)" # ~ 1s
+ programs/test/cpp_dummy_build
+
msg "test: psa_constant_names (full config, clang)" # ~ 1s
tests/scripts/test_psa_constant_names.py
@@ -1717,6 +1720,37 @@
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
+component_test_crypto_for_psa_service () {
+ msg "build: make, config for PSA crypto service"
+ scripts/config.py crypto
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ # Disable things that are not needed for just cryptography, to
+ # reach a configuration that would be typical for a PSA cryptography
+ # service providing all implemented PSA algorithms.
+ # System stuff
+ scripts/config.py unset MBEDTLS_ERROR_C
+ scripts/config.py unset MBEDTLS_TIMING_C
+ scripts/config.py unset MBEDTLS_VERSION_FEATURES
+ # Crypto stuff with no PSA interface
+ scripts/config.py unset MBEDTLS_BASE64_C
+ # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it.
+ scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent
+ # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG.
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+ scripts/config.py unset MBEDTLS_PEM_PARSE_C
+ scripts/config.py unset MBEDTLS_PEM_WRITE_C
+ scripts/config.py unset MBEDTLS_PKCS12_C
+ scripts/config.py unset MBEDTLS_PKCS5_C
+ # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed
+ # in PSA code to work with RSA keys. We don't require users to set those:
+ # they will be reenabled in build_info.h.
+ scripts/config.py unset MBEDTLS_PK_C
+ scripts/config.py unset MBEDTLS_PK_PARSE_C
+ scripts/config.py unset MBEDTLS_PK_WRITE_C
+ make CFLAGS='-O1 -Werror' all test
+ are_empty_libraries library/libmbedx509.* library/libmbedtls.*
+}
+
component_build_crypto_baremetal () {
msg "build: make, crypto only, baremetal config"
scripts/config.py crypto_baremetal
@@ -1739,86 +1773,76 @@
! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h
}
-component_test_depends_curves () {
- msg "test/build: curves.pl (gcc)" # ~ 4 min
- tests/scripts/curves.pl
-}
-
-component_test_depends_curves_psa () {
- msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
- scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
- tests/scripts/curves.pl
-}
-
-component_test_depends_hashes () {
- msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min
- tests/scripts/depends-hashes.pl
-}
-
-component_test_depends_hashes_psa () {
- msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
- scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
- tests/scripts/depends-hashes.pl
-}
-
-component_test_depends_pkalgs () {
- msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min
- tests/scripts/depends-pkalgs.pl
-}
-
-component_test_depends_pkalgs_psa () {
- msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
- scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
- tests/scripts/depends-pkalgs.pl
-}
-
-component_build_key_exchanges () {
- msg "test/build: key-exchanges (gcc)" # ~ 1 min
- tests/scripts/key-exchanges.pl
-}
-
+# depends.py family of tests
component_test_depends_py_cipher_id () {
msg "test/build: depends.py cipher_id (gcc)"
- tests/scripts/depends.py cipher_id
+ tests/scripts/depends.py cipher_id --unset-use-psa
}
component_test_depends_py_cipher_chaining () {
msg "test/build: depends.py cipher_chaining (gcc)"
- tests/scripts/depends.py cipher_chaining
+ tests/scripts/depends.py cipher_chaining --unset-use-psa
}
component_test_depends_py_cipher_padding () {
msg "test/build: depends.py cipher_padding (gcc)"
- tests/scripts/depends.py cipher_padding
+ tests/scripts/depends.py cipher_padding --unset-use-psa
}
component_test_depends_py_curves () {
msg "test/build: depends.py curves (gcc)"
- tests/scripts/depends.py curves
+ tests/scripts/depends.py curves --unset-use-psa
}
component_test_depends_py_hashes () {
msg "test/build: depends.py hashes (gcc)"
- tests/scripts/depends.py hashes
+ tests/scripts/depends.py hashes --unset-use-psa
}
component_test_depends_py_kex () {
msg "test/build: depends.py kex (gcc)"
- tests/scripts/depends.py kex
+ tests/scripts/depends.py kex --unset-use-psa
}
component_test_depends_py_pkalgs () {
msg "test/build: depends.py pkalgs (gcc)"
- tests/scripts/depends.py pkalgs
+ tests/scripts/depends.py pkalgs --unset-use-psa
}
-component_test_make_cxx () {
- msg "build: Unix make, full, gcc + g++"
- scripts/config.py full
- make TEST_CPP=1 lib programs
+# PSA equivalents of the depends.py tests
+component_test_depends_py_cipher_id_psa () {
+ msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+ tests/scripts/depends.py cipher_id
+}
- msg "test: cpp_dummy_build"
- programs/test/cpp_dummy_build
+component_test_depends_py_cipher_chaining_psa () {
+ msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+ tests/scripts/depends.py cipher_chaining
+}
+
+component_test_depends_py_cipher_padding_psa () {
+ msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+ tests/scripts/depends.py cipher_padding
+}
+
+component_test_depends_py_curves_psa () {
+ msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+ tests/scripts/depends.py curves
+}
+
+component_test_depends_py_hashes_psa () {
+ msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+ tests/scripts/depends.py hashes
+}
+
+component_test_depends_py_kex_psa () {
+ msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+ tests/scripts/depends.py kex
+}
+
+component_test_depends_py_pkalgs_psa () {
+ msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
+ tests/scripts/depends.py pkalgs
}
component_build_module_alt () {
@@ -2208,25 +2232,6 @@
make test
}
-# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test.
-component_build_psa_accel_alg_ecdsa() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA
- # without MBEDTLS_ECDSA_C
- # PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already
- # set in include/psa/crypto_config.h
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C"
- scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py unset MBEDTLS_ECDSA_C
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
-}
-
# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
component_build_psa_accel_alg_ecdh() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH
@@ -3218,23 +3223,90 @@
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2"
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
- msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without MBEDTLS_SSL_PROTO_TLS1_2"
- if_build_succeeded make test
+ msg "test: TLS 1.3 only, all key exchange modes enabled"
+ make test
- msg "ssl-opt.sh (TLS 1.3)"
- if_build_succeeded tests/ssl-opt.sh
+ msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled"
+ tests/ssl-opt.sh
}
-component_test_tls13_only_with_hooks () {
- msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 and MBEDTLS_TEST_HOOKS, without MBEDTLS_SSL_PROTO_TLS1_2"
- scripts/config.py set MBEDTLS_TEST_HOOKS
+component_test_tls13_only_psk () {
+ msg "build: TLS 1.3 only from default, only PSK key exchange mode"
+ scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+ scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+ scripts/config.py unset MBEDTLS_ECDH_C
+ scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
+ scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py unset MBEDTLS_PKCS1_V21
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
- msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without MBEDTLS_SSL_PROTO_TLS1_2"
- if_build_succeeded make test
+ msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled"
+ cd tests; ./test_suite_ssl; cd ..
- msg "ssl-opt.sh (TLS 1.3)"
- if_build_succeeded tests/ssl-opt.sh
+ msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled"
+ tests/ssl-opt.sh
+}
+
+component_test_tls13_only_ephemeral () {
+ msg "build: TLS 1.3 only from default, only ephemeral key exchange mode"
+ scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+ make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
+
+ msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode"
+ cd tests; ./test_suite_ssl; cd ..
+
+ msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode"
+ tests/ssl-opt.sh
+}
+
+component_test_tls13_only_psk_ephemeral () {
+ msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode"
+ scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+ scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
+ scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py unset MBEDTLS_PKCS1_V21
+ make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
+
+ msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode"
+ cd tests; ./test_suite_ssl; cd ..
+
+ msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode"
+ tests/ssl-opt.sh
+}
+
+component_test_tls13_only_psk_all () {
+ msg "build: TLS 1.3 only from default, without ephemeral key exchange mode"
+ scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+ scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
+ scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py unset MBEDTLS_PKCS1_V21
+ make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
+
+ msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
+ cd tests; ./test_suite_ssl; cd ..
+
+ msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes"
+ tests/ssl-opt.sh
+}
+
+component_test_tls13_only_ephemeral_all () {
+ msg "build: TLS 1.3 only from default, without PSK key exchange mode"
+ scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+ make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
+
+ msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
+ cd tests; ./test_suite_ssl; cd ..
+
+ msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
+ tests/ssl-opt.sh
}
component_test_tls13 () {
@@ -3263,46 +3335,6 @@
tests/ssl-opt.sh
}
-component_test_tls13_with_padding () {
- msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding"
- scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
- scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
- msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding"
- make test
- msg "ssl-opt.sh (TLS 1.3 with padding)"
- tests/ssl-opt.sh
-}
-
-component_test_tls13_with_ecp_restartable () {
- msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable"
- scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
- scripts/config.py set MBEDTLS_ECP_RESTARTABLE
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
- msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable"
- make test
- msg "ssl-opt.sh (TLS 1.3 with ecp_restartable)"
- tests/ssl-opt.sh
-}
-
-component_test_tls13_with_everest () {
- msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest"
- scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
- scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
- scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
- msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest"
- make test
- msg "ssl-opt.sh (TLS 1.3 with everest)"
- tests/ssl-opt.sh
-}
-
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh
index 50bcb05..1f65710 100755
--- a/tests/scripts/basic-in-docker.sh
+++ b/tests/scripts/basic-in-docker.sh
@@ -40,6 +40,6 @@
run_in_docker -e OSSL_NO_DTLS=1 tests/compat.sh
run_in_docker tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
run_in_docker tests/scripts/test-ref-configs.pl
- run_in_docker tests/scripts/curves.pl
- run_in_docker tests/scripts/key-exchanges.pl
+ run_in_docker tests/scripts/depends.py curves
+ run_in_docker tests/scripts/depends.py kex
done
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index aece1ef..396ab74 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -278,7 +278,7 @@
"library/*.c",
"3rdparty/everest/library/everest.c",
"3rdparty/everest/library/x25519.c"
- ])
+ ], ["library/psa_crypto_driver_wrappers.c"])
symbols = self.parse_symbols()
# Remove identifier macros like mbedtls_printf or mbedtls_calloc
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
deleted file mode 100755
index fcaca91..0000000
--- a/tests/scripts/curves.pl
+++ /dev/null
@@ -1,126 +0,0 @@
-#!/usr/bin/env perl
-
-# curves.pl
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# The purpose of this test script is to validate that the library works
-# when only a single curve is enabled. In particular, this validates that
-# curve-specific code is guarded by the proper preprocessor conditionals,
-# both in the library and in tests.
-#
-# Since this script only tests builds with a single curve, it can't detect
-# bugs that are only triggered when multiple curves are present. We do
-# also test in many configurations where all curves are enabled, as well
-# as a few configurations in configs/*.h with a restricted subset of curves.
-#
-# Here are some known test gaps that could be addressed by testing all
-# 2^n combinations of support for n curves, which is impractical:
-# * There could be product bugs when curves A and B are enabled but not C.
-# For example, a MAX_SIZE calculation that forgets B, where
-# size(A) < size(B) < size(C).
-# * For test cases that require three or more curves, validate that they're
-# not missing dependencies. This is extremely rare. (For test cases that
-# require curves A and B but are missing a dependency on B, this is
-# detected in the A-only build.)
-# Usage: tests/scripts/curves.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# Only curves that are enabled in mbedtls_config.h will be tested.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $sed_cmd = 's/^#define \(MBEDTLS_ECP_DP.*_ENABLED\)/\1/p';
-my $config_h = 'include/mbedtls/mbedtls_config.h';
-my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
-
-# Determine which curves support ECDSA by checking the dependencies of
-# ECDSA in check_config.h.
-my %curve_supports_ecdsa = ();
-{
- local $/ = "";
- local *CHECK_CONFIG;
- open(CHECK_CONFIG, '<', 'include/mbedtls/check_config.h')
- or die "open include/mbedtls/check_config.h: $!";
- while (my $stanza = <CHECK_CONFIG>) {
- if ($stanza =~ /\A#if defined\(MBEDTLS_ECDSA_C\)/) {
- for my $curve ($stanza =~ /(?<=\()MBEDTLS_ECP_DP_\w+_ENABLED(?=\))/g) {
- $curve_supports_ecdsa{$curve} = 1;
- }
- last;
- }
- }
- close(CHECK_CONFIG);
-}
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
- system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- # use an exit code between 1 and 124 for git bisect (die returns 255)
- warn $_[0];
- exit 1;
-}
-
-# Disable all the curves. We'll then re-enable them one by one.
-for my $curve (@curves) {
- system( "scripts/config.pl unset $curve" )
- and abort "Failed to disable $curve\n";
-}
-# Depends on a specific curve. Also, ignore error if it wasn't enabled.
-system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
-system( "scripts/config.pl unset MBEDTLS_ECJPAKE_C" );
-
-# Test with only $curve enabled, for each $curve.
-for my $curve (@curves) {
- system( "make clean" ) and die;
-
- print "\n******************************************\n";
- print "* Testing with only curve: $curve\n";
- print "******************************************\n";
- $ENV{MBEDTLS_TEST_CONFIGURATION} = "$curve";
-
- system( "scripts/config.pl set $curve" )
- and abort "Failed to enable $curve\n";
-
- my $ecdsa = $curve_supports_ecdsa{$curve} ? "set" : "unset";
- for my $dep (qw(MBEDTLS_ECDSA_C
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)) {
- system( "scripts/config.pl $ecdsa $dep" )
- and abort "Failed to $ecdsa $dep\n";
- }
-
- system( "CFLAGS='-Werror -Wall -Wextra' make" )
- and abort "Failed to build: only $curve\n";
- system( "make test" )
- and abort "Failed test suite: only $curve\n";
-
- system( "scripts/config.pl unset $curve" )
- and abort "Failed to disable $curve\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
deleted file mode 100755
index db18a92..0000000
--- a/tests/scripts/depends-hashes.pl
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/usr/bin/env perl
-
-# depends-hashes.pl
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# To test the code dependencies on individual hashes in each test suite. This
-# is a verification step to ensure we don't ship test suites that do not work
-# for some build options.
-#
-# The process is:
-# for each possible hash
-# build the library and test suites with the hash disabled
-# execute the test suites
-#
-# And any test suite with the wrong dependencies will fail.
-#
-# Usage: tests/scripts/depends-hashes.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $config_h = 'include/mbedtls/mbedtls_config.h';
-
-# as many SSL options depend on specific hashes,
-# and SSL is not in the test suites anyways,
-# disable it to avoid dependency issues
-my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
-my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
-
-# Each element of this array holds list of configuration options that
-# should be tested together. Certain options depend on each other and
-# separating them would generate invalid configurations.
-my @hash_configs = (
- ['unset MBEDTLS_MD5_C'],
- ['unset MBEDTLS_SHA512_C', 'unset MBEDTLS_SHA384_C '],
- ['unset MBEDTLS_SHA384_C'],
- ['unset MBEDTLS_SHA256_C', 'unset MBEDTLS_SHA224_C', 'unset MBEDTLS_LMS_C', 'unset MBEDTLS_LMS_PRIVATE'],
- ['unset MBEDTLS_SHA1_C'],
-);
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
- system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- # use an exit code between 1 and 124 for git bisect (die returns 255)
- warn $_[0];
- exit 1;
-}
-
-for my $hash_config (@hash_configs) {
- system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
- system( "make clean" ) and die;
-
- my $hash_config_string = join(', ', @$hash_config);
-
- print "\n******************************************\n";
- print "* Testing hash options: $hash_config_string\n";
- print "******************************************\n";
- $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$hash_config_string";
-
- for my $hash (@$hash_config) {
- system( "scripts/config.py $hash" )
- and abort "Failed to $hash\n";
- }
-
- for my $opt (@ssl) {
- system( "scripts/config.py unset $opt" )
- and abort "Failed to disable $opt\n";
- }
-
- system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
- and abort "Failed to build lib: $hash_config_string\n";
- system( "cd tests && make" ) and abort "Failed to build tests: $hash_config_string\n";
- system( "make test" ) and abort "Failed test suite: $hash_config_string\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
deleted file mode 100755
index 6eb7269..0000000
--- a/tests/scripts/depends-pkalgs.pl
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/usr/bin/env perl
-
-# depends-pkalgs.pl
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# To test the code dependencies on individual PK algs (those that can be used
-# from the PK layer, so currently signature and encryption but not key
-# exchange) in each test suite. This is a verification step to ensure we don't
-# ship test suites that do not work for some build options.
-#
-# The process is:
-# for each possible PK alg
-# build the library and test suites with that alg disabled
-# execute the test suites
-#
-# And any test suite with the wrong dependencies will fail.
-#
-# Usage: tests/scripts/depends-pkalgs.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $config_h = 'include/mbedtls/mbedtls_config.h';
-
-# Some algorithms can't be disabled on their own as others depend on them, so
-# we list those reverse-dependencies here to keep check_config.h happy.
-my %algs = (
- 'MBEDTLS_ECDSA_C' => ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED'],
- 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C',
- 'MBEDTLS_ECDH_C',
- 'MBEDTLS_ECJPAKE_C',
- 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
- 'MBEDTLS_X509_RSASSA_PSS_SUPPORT' => [],
- 'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
- 'MBEDTLS_PKCS1_V15' => ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
- 'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT',
- 'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
-);
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
- system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- # use an exit code between 1 and 124 for git bisect (die returns 255)
- warn $_[0];
- exit 1;
-}
-
-while( my ($alg, $extras) = each %algs ) {
- system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
- system( "make clean" ) and die;
-
- print "\n******************************************\n";
- print "* Testing without alg: $alg\n";
- print "******************************************\n";
- $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$alg";
-
- system( "scripts/config.py unset $alg" )
- and abort "Failed to disable $alg\n";
- for my $opt (@$extras) {
- system( "scripts/config.py unset $opt" )
- and abort "Failed to disable $opt\n";
- }
-
- system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
- and abort "Failed to build lib: $alg\n";
- system( "cd tests && make" ) and abort "Failed to build tests: $alg\n";
- system( "make test" ) and abort "Failed test suite: $alg\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index ce7fee6..0d6ec94 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -146,6 +146,8 @@
# Turn off options that are not relevant to the tests and slow them down.
run_config_py(options, ['full'])
run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS'])
+ if options.unset_use_psa:
+ run_config_py(options, ['unset', 'MBEDTLS_USE_PSA_CRYPTO'])
def collect_config_symbols(options):
"""Read the list of settings from mbedtls_config.h.
@@ -237,7 +239,9 @@
'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
+ 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
+ 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED',
+ 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED'],
'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
@@ -534,6 +538,9 @@
parser.add_argument('--make-command', metavar='CMD',
help='Command to run instead of make (e.g. gmake)',
action='store', default='make')
+ parser.add_argument('--unset-use-psa',
+ help='Unset MBEDTLS_USE_PSA_CRYPTO before any test',
+ action='store_true', dest='unset_use_psa')
parser.add_argument('tasks', metavar='TASKS', nargs='*',
help='The domain(s) or job(s) to test (default: all).',
default=True)
diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index 7c9f432..a640b56 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -6,7 +6,7 @@
#
# Usage: generate-afl-tests.sh <test data file path>
# <test data file path> - should be the path to one of the test suite files
-# such as 'test_suite_mpi.data'
+# such as 'test_suite_rsa.data'
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
index 4935829..4ac9210 100755
--- a/tests/scripts/generate_bignum_tests.py
+++ b/tests/scripts/generate_bignum_tests.py
@@ -70,8 +70,8 @@
class BignumTarget(test_data_generation.BaseTarget, metaclass=ABCMeta):
#pylint: disable=abstract-method
- """Target for bignum (mpi) test case generation."""
- target_basename = 'test_suite_mpi.generated'
+ """Target for bignum (legacy) test case generation."""
+ target_basename = 'test_suite_bignum.generated'
class BignumOperation(bignum_common.OperationCommon, BignumTarget, metaclass=ABCMeta):
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index f5750aa..938f24c 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -126,33 +126,39 @@
This script replaces following fields in the template and generates
the test source file:
-$test_common_helpers <-- All common code from helpers.function
- is substituted here.
-$functions_code <-- Test functions are substituted here
- from the input test_suit_xyz.function
- file. C preprocessor checks are generated
- for the build dependencies specified
- in the input file. This script also
- generates wrappers for the test
- functions with code to expand the
- string parameters read from the data
- file.
-$expression_code <-- This script enumerates the
- expressions in the .data file and
- generates code to handle enumerated
- expression Ids and return the values.
-$dep_check_code <-- This script enumerates all
- build dependencies and generate
- code to handle enumerated build
- dependency Id and return status: if
- the dependency is defined or not.
-$dispatch_code <-- This script enumerates the functions
- specified in the input test data file
- and generates the initializer for the
- function table in the template
- file.
-$platform_code <-- Platform specific setup and test
- dispatch code.
+__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
+ All common code from helpers.function
+ is substituted here.
+__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
+ Test functions are substituted here
+ from the input test_suit_xyz.function
+ file. C preprocessor checks are generated
+ for the build dependencies specified
+ in the input file. This script also
+ generates wrappers for the test
+ functions with code to expand the
+ string parameters read from the data
+ file.
+__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
+ This script enumerates the
+ expressions in the .data file and
+ generates code to handle enumerated
+ expression Ids and return the values.
+__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
+ This script enumerates all
+ build dependencies and generate
+ code to handle enumerated build
+ dependency Id and return status: if
+ the dependency is defined or not.
+__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
+ This script enumerates the functions
+ specified in the input test data file
+ and generates the initializer for the
+ function table in the template
+ file.
+__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
+ Platform specific setup and test
+ dispatch code.
"""
@@ -974,11 +980,27 @@
:param snippets: Generated and code snippets
:return:
"""
+
+ # Create a placeholder pattern with the correct named capture groups
+ # to override the default provided with Template.
+ # Match nothing (no way of escaping placeholders).
+ escaped = "(?P<escaped>(?!))"
+ # Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern.
+ named = "__MBEDTLS_TEST_TEMPLATE__(?P<named>[A-Z][_A-Z0-9]*)"
+ # Match nothing (no braced placeholder syntax).
+ braced = "(?P<braced>(?!))"
+ # If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid.
+ invalid = "(?P<invalid>__MBEDTLS_TEST_TEMPLATE__)"
+ placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid]))
+
with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
for line_no, line in enumerate(template_f.readlines(), 1):
# Update line number. +1 as #line directive sets next line number
snippets['line_no'] = line_no + 1
- code = string.Template(line).substitute(**snippets)
+ template = string.Template(line)
+ template.pattern = placeholder_pattern
+ snippets = {k.upper():v for (k, v) in snippets.items()}
+ code = template.substitute(**snippets)
c_f.write(code)
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index 7819a87..1d665e0 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -357,7 +357,7 @@
def pre_checks(self):
ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
- 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3']
+ 'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED']
if self._compat_mode:
ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
@@ -398,7 +398,7 @@
named_group=named_group,
iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
- check_strings.append("Verifying peer X.509 certificate... ok")
+ check_strings.append("Certificate verification was skipped")
return ['-s "{}"'.format(i) for i in check_strings]
def pre_cmd(self):
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
deleted file mode 100755
index 46f1b97..0000000
--- a/tests/scripts/key-exchanges.pl
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/bin/env perl
-
-# key-exchanges.pl
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# To test the code dependencies on individual key exchanges in the SSL module.
-# is a verification step to ensure we don't ship SSL code that do not work
-# for some build options.
-#
-# The process is:
-# for each possible key exchange
-# build the library with all but that key exchange disabled
-#
-# Usage: tests/scripts/key-exchanges.pl
-#
-# This script should be executed from the root of the project directory.
-#
-# For best effect, run either with cmake disabled, or cmake enabled in a mode
-# that includes -Werror.
-
-use warnings;
-use strict;
-
--d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-
-my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
-my $config_h = 'include/mbedtls/mbedtls_config.h';
-my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
-
-system( "cp $config_h $config_h.bak" ) and die;
-sub abort {
- system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- # use an exit code between 1 and 124 for git bisect (die returns 255)
- warn $_[0];
- exit 1;
-}
-
-for my $kex (@kexes) {
- system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
- system( "make clean" ) and die;
-
- print "\n******************************************\n";
- print "* Testing with key exchange: $kex\n";
- print "******************************************\n";
- $ENV{MBEDTLS_TEST_CONFIGURATION} = $kex;
-
- # full config with all key exchanges disabled except one
- system( "scripts/config.py full" ) and abort "Failed config full\n";
- for my $k (@kexes) {
- next if $k eq $kex;
- system( "scripts/config.py unset $k" )
- and abort "Failed to disable $k\n";
- }
-
- system( "make lib CFLAGS='-Os -Werror'" ) and abort "Failed to build lib: $kex\n";
-}
-
-system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
-system( "make clean" ) and die;
-exit 0;
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 22eadd1..8a5bb93 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -50,11 +50,13 @@
'verbose|v:1' => \$verbose,
) or die;
-# All test suites = executable files, excluding source files, debug
-# and profiling information, etc. We can't just grep {! /\./} because
-# some of our test cases' base names contain a dot.
-my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*';
-@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites;
+# All test suites = executable files derived from a .data file.
+my @suites = ();
+for my $data_file (glob 'suites/test_suite_*.data') {
+ (my $base = $data_file) =~ s#^suites/(.*)\.data$#$1#;
+ push @suites, $base if -x $base;
+ push @suites, "$base.exe" if -e "$base.exe";
+}
die "$0: no test suite found\n" unless @suites;
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index b7c8364..cc23fd7 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -357,8 +357,12 @@
size_t hex_len = strlen( input );
size_t byte_len = ( hex_len + 1 ) / 2;
*plimbs = CHARS_TO_LIMBS( byte_len );
+
+ /* A core bignum is not allowed to be empty. Forbid it as test data,
+ * this way static analyzers have a chance of knowing we don't expect
+ * the bignum functions to support empty inputs. */
if( *plimbs == 0 )
- return( 0 );
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
*pX = mbedtls_calloc( *plimbs, sizeof( **pX ) );
if( *pX == NULL )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f6437f5..fc892a1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -251,6 +251,24 @@
fi
}
+TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
+ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
+
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() {
+ if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2
+ then
+ requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+ elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+ then
+ SKIP_NEXT="YES"
+ fi
+}
+
get_config_value_or_default() {
# This function uses the query_config command line option to query the
# required Mbed TLS compile time configuration from the ssl_server2
@@ -5158,6 +5176,7 @@
# Tests for auth_mode, there are duplicated tests using ca callback for authentication
# When updating these tests, modify the matching authentication tests accordingly
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -5169,6 +5188,7 @@
-c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -5180,6 +5200,7 @@
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server goodcert, client optional, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
@@ -5191,6 +5212,7 @@
-C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server goodcert, client required, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
@@ -5210,6 +5232,7 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5221,6 +5244,7 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5231,6 +5255,7 @@
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server badcert, client none" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -5242,6 +5267,7 @@
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: client SHA256, server required" \
"$P_SRV auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -5252,6 +5278,7 @@
-c "Supported Signature Algorithm found: 5,"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: client SHA384, server required" \
"$P_SRV auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -5261,6 +5288,7 @@
-c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5,"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client has no cert, server required (TLS)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=none \
@@ -5276,6 +5304,7 @@
-s "! mbedtls_ssl_handshake returned" \
-s "No client certification received from the client, but required by the authentication mode"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client badcert, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -5296,6 +5325,7 @@
# detect that its write end of the connection is closed and abort
# before reading the alert message.
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client cert self-signed and trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required ca_file=data_files/server5-selfsigned.crt" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -5311,6 +5341,7 @@
-S "! The certificate is not correctly signed" \
-S "X509 - Certificate verification failed"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client cert not trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -5327,6 +5358,7 @@
-s "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client badcert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -5344,6 +5376,7 @@
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client badcert, server none" \
"$P_SRV debug_level=3 auth_mode=none" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -5361,6 +5394,7 @@
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -5378,6 +5412,7 @@
-S "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: openssl client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI" \
@@ -5389,6 +5424,7 @@
-S "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: client no cert, openssl server optional" \
"$O_SRV -verify 10 -tls1_2" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -5400,6 +5436,7 @@
-C "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: client no cert, openssl server required" \
"$O_SRV -Verify 10 -tls1_2" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -5422,6 +5459,7 @@
# are in place so that the semantics are consistent with the test description.
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@@ -5431,6 +5469,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -5441,6 +5480,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -5452,6 +5492,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server max_int+1 chain, client none" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -5462,6 +5503,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client max_int+1 chain, server default" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -5471,6 +5513,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client max_int+1 chain, server optional" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -5480,6 +5523,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client max_int+1 chain, server required" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -5489,6 +5533,7 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client max_int chain, server required" \
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
@@ -5499,6 +5544,7 @@
# Tests for CA list in CertificateRequest messages
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send CA list in CertificateRequest (default)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI crt_file=data_files/server6.crt \
@@ -5507,6 +5553,7 @@
-s "requested DN"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: do not send CA list in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
"$P_CLI crt_file=data_files/server6.crt \
@@ -5515,6 +5562,7 @@
-S "requested DN"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send CA list in CertificateRequest, client self signed" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -5528,6 +5576,7 @@
-s "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send alt conf DN hints in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \
crt_file2=data_files/server1.crt \
@@ -5539,6 +5588,7 @@
-c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \
"$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \
crt_file2=data_files/server2.crt \
@@ -5550,6 +5600,7 @@
-c "DN hint: C=NL, O=PolarSSL, CN=localhost"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send alt hs DN hints in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \
crt_file2=data_files/server1.crt \
@@ -5565,6 +5616,7 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -5578,6 +5630,7 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -5599,6 +5652,7 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5612,6 +5666,7 @@
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5624,6 +5679,7 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -5636,6 +5692,7 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -5648,6 +5705,7 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -5672,6 +5730,7 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -5692,6 +5751,7 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -5714,6 +5774,7 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@@ -5726,6 +5787,7 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -5738,6 +5800,7 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -5751,6 +5814,7 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -5763,6 +5827,7 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -5775,6 +5840,7 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client max_int chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
@@ -5799,6 +5865,7 @@
# tests for SNI
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: no SNI callback" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
@@ -5808,6 +5875,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: matching cert 1" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5819,6 +5887,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: matching cert 2" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5830,6 +5899,7 @@
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: no matching cert" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5842,6 +5912,7 @@
-c "mbedtls_ssl_handshake returned" \
-c "SSL - A fatal alert message was received from our peer"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: client auth no override: optional" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5855,6 +5926,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5868,6 +5940,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5879,6 +5952,7 @@
-c "got no certificate request" \
-c "skip write certificate"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: CA no override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5897,6 +5971,7 @@
-s "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: CA override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5915,6 +5990,7 @@
-S "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -6083,6 +6159,7 @@
# Tests for non-blocking I/O: exercise a variety of handshake flows
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Non-blocking I/O: basic handshake" \
"$P_SRV nbio=2 tickets=0 auth_mode=none" \
"$P_CLI nbio=2 tickets=0" \
@@ -6091,6 +6168,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Non-blocking I/O: client auth" \
"$P_SRV nbio=2 tickets=0 auth_mode=required" \
"$P_CLI nbio=2 tickets=0" \
@@ -6100,6 +6178,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Non-blocking I/O: ticket" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1" \
@@ -6109,6 +6188,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Non-blocking I/O: ticket + client auth" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1" \
@@ -6118,6 +6198,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Non-blocking I/O: ticket + client auth + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
@@ -6127,6 +6208,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Non-blocking I/O: ticket + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
@@ -6136,6 +6218,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Non-blocking I/O: session-id resume" \
"$P_SRV nbio=2 tickets=0 auth_mode=none" \
"$P_CLI nbio=2 tickets=0 reconnect=1" \
@@ -6146,6 +6229,7 @@
# Tests for event-driven I/O: exercise a variety of handshake flows
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Event-driven I/O: basic handshake" \
"$P_SRV event=1 tickets=0 auth_mode=none" \
"$P_CLI event=1 tickets=0" \
@@ -6154,6 +6238,7 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Event-driven I/O: client auth" \
"$P_SRV event=1 tickets=0 auth_mode=required" \
"$P_CLI event=1 tickets=0" \
@@ -6163,6 +6248,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Event-driven I/O: ticket" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
"$P_CLI event=1 tickets=1" \
@@ -6172,6 +6258,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Event-driven I/O: ticket + client auth" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
"$P_CLI event=1 tickets=1" \
@@ -6181,6 +6268,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Event-driven I/O: ticket + client auth + resume" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
"$P_CLI event=1 tickets=1 reconnect=1" \
@@ -6190,6 +6278,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Event-driven I/O: ticket + resume" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
"$P_CLI event=1 tickets=1 reconnect=1" \
@@ -6199,6 +6288,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Event-driven I/O: session-id resume" \
"$P_SRV event=1 tickets=0 auth_mode=none" \
"$P_CLI event=1 tickets=0 reconnect=1" \
@@ -6323,6 +6413,7 @@
# Tests for ALPN extension
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "ALPN: none" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
@@ -6335,6 +6426,7 @@
-C "Application Layer Protocol is" \
-S "Application Layer Protocol is"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "ALPN: client only" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 alpn=abc,1234" \
@@ -6347,6 +6439,7 @@
-c "Application Layer Protocol is (none)" \
-S "Application Layer Protocol is"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "ALPN: server only" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3" \
@@ -6359,6 +6452,7 @@
-C "Application Layer Protocol is" \
-s "Application Layer Protocol is (none)"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "ALPN: both, common cli1-srv1" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=abc,1234" \
@@ -6371,6 +6465,7 @@
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "ALPN: both, common cli2-srv1" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=1234,abc" \
@@ -6383,6 +6478,7 @@
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "ALPN: both, common cli1-srv2" \
"$P_SRV debug_level=3 alpn=abc,1234" \
"$P_CLI debug_level=3 alpn=1234,abcde" \
@@ -6395,6 +6491,7 @@
-c "Application Layer Protocol is 1234" \
-s "Application Layer Protocol is 1234"
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "ALPN: both, no common" \
"$P_SRV debug_level=3 alpn=abc,123" \
"$P_CLI debug_level=3 alpn=1234,abcde" \
@@ -6553,9 +6650,9 @@
-c "Ciphersuite is TLS-" \
-c "! Usage does not match the keyUsage extension"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
-cert data_files/server2.ku-ds_ke.crt" \
@@ -6565,9 +6662,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
@@ -6577,9 +6674,9 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
-cert data_files/server2.ku-ka.crt" \
@@ -6589,9 +6686,9 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.ku-ds.crt" \
@@ -6601,9 +6698,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.ku-ke.crt" \
@@ -6613,9 +6710,9 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.ku-ka.crt" \
@@ -6675,11 +6772,11 @@
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
0 \
@@ -6687,22 +6784,22 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.ku-ds.crt" \
0 \
@@ -6710,11 +6807,11 @@
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.ku-ka.crt" \
0 \
@@ -6793,9 +6890,9 @@
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.eku-srv.crt" \
@@ -6805,9 +6902,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.eku-srv_cli.crt" \
@@ -6817,9 +6914,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.eku-cs_any.crt" \
@@ -6829,9 +6926,9 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign -> fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
@@ -6888,44 +6985,44 @@
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.eku-cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.eku-srv_cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.eku-cs_any.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
-requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
0 \
@@ -7988,6 +8085,7 @@
0 \
-s "Read from client: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Small client packet TLS 1.3 AEAD" \
"$P_SRV force_version=tls13" \
"$P_CLI request_size=1 \
@@ -7995,6 +8093,7 @@
0 \
-s "Read from client: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Small client packet TLS 1.3 AEAD shorter tag" \
"$P_SRV force_version=tls13" \
"$P_CLI request_size=1 \
@@ -8052,12 +8151,14 @@
0 \
-c "Read from server: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Small server packet TLS 1.3 AEAD" \
"$P_SRV response_size=1 force_version=tls13" \
"$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \
0 \
-c "Read from server: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Small server packet TLS 1.3 AEAD shorter tag" \
"$P_SRV response_size=1 force_version=tls13" \
"$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \
@@ -8128,6 +8229,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Large client packet TLS 1.3 AEAD" \
"$P_SRV force_version=tls13" \
"$P_CLI request_size=16384 \
@@ -8136,6 +8238,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Large client packet TLS 1.3 AEAD shorter tag" \
"$P_SRV force_version=tls13" \
"$P_CLI request_size=16384 \
@@ -8183,12 +8286,14 @@
0 \
-c "Read from server: 16384 bytes read"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Large server packet TLS 1.3 AEAD" \
"$P_SRV response_size=16384 force_version=tls13" \
"$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \
0 \
-c "Read from server: 16384 bytes read"
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Large server packet TLS 1.3 AEAD shorter tag" \
"$P_SRV response_size=16384 force_version=tls13" \
"$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \
@@ -11059,10 +11164,10 @@
# TLS1.3 test cases
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: minimal feature sets - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=3" \
@@ -11092,10 +11197,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: minimal feature sets - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=3" \
@@ -11125,11 +11230,11 @@
-c "HTTP/1.0 200 OK"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: alpn - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \
"$P_CLI debug_level=3 alpn=h2" \
@@ -11160,11 +11265,11 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: alpn - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \
"$P_CLI debug_level=3 alpn=h2" \
@@ -11195,10 +11300,10 @@
-c "Application Layer Protocol is h2"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_ALPN
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: server alpn - openssl" \
"$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \
"$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \
@@ -11210,10 +11315,10 @@
-s "Application Layer Protocol is h2"
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_ALPN
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: server alpn - gnutls" \
"$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \
@@ -11307,10 +11412,10 @@
-C "Protocol : TLSv1.2"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no client certificate - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
@@ -11323,10 +11428,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@@ -11339,9 +11444,9 @@
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
"$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key" \
@@ -11353,9 +11458,9 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$P_CLI debug_level=3 crt_file=data_files/cli2.crt \
@@ -11367,10 +11472,10 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \
@@ -11383,10 +11488,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \
@@ -11398,10 +11503,10 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \
@@ -11414,10 +11519,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \
@@ -11429,10 +11534,10 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \
@@ -11445,10 +11550,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
@@ -11460,11 +11565,11 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
@@ -11477,11 +11582,11 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
@@ -11493,11 +11598,11 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
@@ -11510,11 +11615,11 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
@@ -11526,11 +11631,11 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
@@ -11543,11 +11648,11 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
@@ -11559,11 +11664,11 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
@@ -11578,11 +11683,11 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
@@ -11596,10 +11701,10 @@
# Test using an opaque private key for client authentication
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
"$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key key_opaque=1" \
@@ -11611,10 +11716,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$P_CLI debug_level=3 crt_file=data_files/cli2.crt \
@@ -11626,11 +11731,11 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \
@@ -11643,11 +11748,11 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \
@@ -11659,11 +11764,11 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \
@@ -11676,11 +11781,11 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \
@@ -11692,11 +11797,11 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \
@@ -11709,11 +11814,11 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
@@ -11725,12 +11830,12 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
@@ -11743,12 +11848,12 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
@@ -11760,12 +11865,12 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
@@ -11778,12 +11883,12 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
@@ -11795,12 +11900,12 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
@@ -11813,12 +11918,12 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
@@ -11830,12 +11935,12 @@
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
@@ -11850,12 +11955,12 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
"$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
@@ -11867,11 +11972,11 @@
-c "no suitable signature algorithm" \
-C "unkown pk type"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \
"$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -11882,11 +11987,11 @@
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 ok"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_openssl_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
"$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -11897,12 +12002,12 @@
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 ok"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -11913,12 +12018,12 @@
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 OK"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -11930,9 +12035,9 @@
-c "HTTP/1.0 200 OK"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \
@@ -11946,10 +12051,10 @@
-s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \
-s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl with client authentication" \
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$O_NEXT_CLI -msg -debug -cert data_files/server5.crt -key data_files/server5.key -tls1_3 -no_middlebox" \
@@ -11967,9 +12072,9 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -11986,9 +12091,9 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls with client authentication" \
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI localhost -d 4 --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -12004,10 +12109,10 @@
-s "=> parse client hello" \
-s "<= parse client hello"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$P_CLI debug_level=4 force_version=tls13" \
@@ -12023,10 +12128,10 @@
-s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
-c "HTTP/1.0 200 OK"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with client authentication" \
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \
@@ -12040,10 +12145,10 @@
-s "=> parse client hello" \
-s "<= parse client hello"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$P_CLI debug_level=4 crt_file=none key_file=none force_version=tls13" \
@@ -12058,10 +12163,10 @@
-s "=> parse client hello" \
-s "<= parse client hello"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \
"$P_SRV debug_level=4 auth_mode=optional crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$P_CLI debug_level=4 force_version=tls13 crt_file=none key_file=none" \
@@ -12078,7 +12183,7 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: server: HRR check - mbedtls" \
"$P_SRV debug_level=4 force_version=tls13 curves=secp384r1" \
"$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \
@@ -12092,10 +12197,10 @@
-s "=> write hello retry request" \
-s "<= write hello retry request"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check, no server certificate available" \
"$P_SRV debug_level=4 crt_file=none key_file=none force_version=tls13" \
"$P_CLI debug_level=4 force_version=tls13" \
@@ -12104,10 +12209,10 @@
-s "No certificate available."
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl with sni" \
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \
sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
@@ -12117,10 +12222,10 @@
-s "HTTP/1.0 200 OK"
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls with sni" \
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \
sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
@@ -12129,11 +12234,11 @@
-s "parse ServerName extension" \
-s "HTTP/1.0 200 OK"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with sni" \
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
@@ -12152,11 +12257,11 @@
unset TEST_SUITE_NAME
# Test 1.3 compatibility mode
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \
"$P_SRV debug_level=4 force_version=tls13 tickets=0" \
"$P_CLI debug_level=4" \
@@ -12166,11 +12271,11 @@
-S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
-C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m both with middlebox compat support" \
"$P_SRV debug_level=4 force_version=tls13 tickets=0" \
"$P_CLI debug_level=4" \
@@ -12181,10 +12286,10 @@
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \
"$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -12194,10 +12299,10 @@
-C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -12205,10 +12310,10 @@
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O both with middlebox compat support" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4" \
@@ -12219,10 +12324,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -12233,10 +12338,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -12245,10 +12350,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G both with middlebox compat support" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4" \
@@ -12257,10 +12362,10 @@
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$O_NEXT_CLI -msg -debug -no_middlebox" \
@@ -12270,10 +12375,10 @@
-C "14 03 03 00 01"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$O_NEXT_CLI -msg -debug -no_middlebox" \
@@ -12282,10 +12387,10 @@
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$O_NEXT_CLI -msg -debug" \
@@ -12297,10 +12402,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -12312,10 +12417,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -12328,10 +12433,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -12340,11 +12445,11 @@
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
-c "SSL 3.3 ChangeCipherSpec packet received"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \
"$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
@@ -12355,11 +12460,11 @@
-S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
-C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 force_version=tls13 curves=secp384r1 tickets=0" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
@@ -12371,10 +12476,10 @@
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
@@ -12385,10 +12490,10 @@
-C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
@@ -12397,10 +12502,10 @@
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->O HRR both with middlebox compat support" \
"$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
@@ -12411,10 +12516,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
@@ -12426,10 +12531,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
@@ -12439,10 +12544,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 m->G HRR both with middlebox compat support" \
"$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
"$P_CLI debug_level=4 curves=secp256r1,secp384r1" \
@@ -12451,10 +12556,10 @@
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
@@ -12464,10 +12569,10 @@
-C "14 03 03 00 01"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
@@ -12476,10 +12581,10 @@
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384" \
@@ -12491,10 +12596,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -12506,10 +12611,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -12522,10 +12627,10 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
@@ -12535,10 +12640,10 @@
-c "SSL 3.3 ChangeCipherSpec packet received"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->O" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
@@ -12551,10 +12656,10 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->G" \
"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key
-d 4
@@ -12566,11 +12671,11 @@
-c "CertificateVerify signature with rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->m" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required
crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
@@ -12586,10 +12691,10 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, O->m" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required
crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
@@ -12604,10 +12709,10 @@
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, G->m" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required
crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
@@ -12623,10 +12728,10 @@
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required
crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
@@ -12639,10 +12744,10 @@
-S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required
crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
@@ -12654,11 +12759,11 @@
1 \
-S "ssl_tls13_pick_key_cert:check signature algorithm"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required
crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
@@ -12670,10 +12775,10 @@
-S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, G->m" \
"$P_SRV debug_level=4 force_version=tls13
crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key
@@ -12684,10 +12789,10 @@
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, O->m" \
"$P_SRV debug_level=4 force_version=tls13
crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key
@@ -12697,11 +12802,11 @@
1 \
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, m->m" \
"$P_SRV debug_level=4 force_version=tls13
crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key
@@ -12712,10 +12817,10 @@
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->O" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
@@ -12726,10 +12831,10 @@
-c "no suitable signature algorithm"
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->G" \
"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key
-d 4
@@ -12739,11 +12844,11 @@
1 \
-c "no suitable signature algorithm"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->m" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required
crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
@@ -12755,10 +12860,11 @@
-c "no suitable signature algorithm"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \
"$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 4" \
"$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
@@ -12770,12 +12876,13 @@
-c "HTTP/1.0 200 ok"
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
- "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --disable-client-cert" \
+ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
"$P_CLI debug_level=1 reco_mode=1 reconnect=1" \
0 \
-c "Protocol is TLSv1.3" \
@@ -12786,11 +12893,12 @@
-s "This is a resumed session"
requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
# https://github.com/openssl/openssl/issues/10714
# Until now, OpenSSL client does not support reconnect.
skip_next_test
@@ -12803,11 +12911,12 @@
-s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH"
requires_gnutls_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
@@ -12821,11 +12930,13 @@
-s "key exchange mode: psk_ephemeral" \
-s "found pre_shared_key extension"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
"$P_CLI debug_level=4 reco_mode=1 reconnect=1" \
@@ -12873,11 +12984,13 @@
-c "Protocol is TLSv1.2" \
-c "HTTP/1.0 200 [Oo][Kk]"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4 \
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
@@ -12895,15 +13008,17 @@
-s "key exchange mode: psk_ephemeral" \
-s "found pre_shared_key extension"
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_DEBUG_C
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4 \
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI debug_level=4 server_name=localhost rec_server_name=remote reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \
1 \
-c "Protocol is TLSv1.3" \
-c "got new session ticket." \
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index e016865..48003d4 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -3,17 +3,17 @@
* *** THIS FILE HAS BEEN MACHINE GENERATED ***
*
* This file has been machine generated using the script:
- * $generator_script
+ * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
- * Test file : $test_file
+ * Test file : __MBEDTLS_TEST_TEMPLATE__TEST_FILE
*
* The following files were used to create this file.
*
- * Main code file : $test_main_file
- * Platform code file : $test_platform_file
- * Helper file : $test_common_helper_file
- * Test suite file : $test_case_file
- * Test suite data : $test_case_data_file
+ * Main code file : __MBEDTLS_TEST_TEMPLATE__TEST_MAIN_FILE
+ * Platform code file : __MBEDTLS_TEST_TEMPLATE__TEST_PLATFORM_FILE
+ * Helper file : __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPER_FILE
+ * Test suite file : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_FILE
+ * Test suite data : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_DATA_FILE
*
*/
@@ -37,9 +37,9 @@
/*----------------------------------------------------------------------------*/
/* Common helper code */
-$test_common_helpers
+__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
-#line $line_no "suites/main_test.function"
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
@@ -48,9 +48,9 @@
#define TEST_SUITE_ACTIVE
-$functions_code
+__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
-#line $line_no "suites/main_test.function"
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
@@ -62,7 +62,7 @@
* For optimizing space for embedded targets each expression/macro
* is identified by a unique identifier instead of string literals.
* Identifiers and evaluation code is generated by script:
- * $generator_script
+ * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* \param exp_id Expression identifier.
* \param out_value Pointer to int to hold the integer.
@@ -78,8 +78,8 @@
switch( exp_id )
{
-$expression_code
-#line $line_no "suites/main_test.function"
+__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
{
ret = KEY_VALUE_MAPPING_NOT_FOUND;
@@ -95,7 +95,7 @@
* For optimizing space for embedded targets each dependency
* is identified by a unique identifier instead of string literals.
* Identifiers and check code is generated by script:
- * $generator_script
+ * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* \param dep_id Dependency identifier.
*
@@ -109,8 +109,8 @@
switch( dep_id )
{
-$dep_check_code
-#line $line_no "suites/main_test.function"
+__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
break;
}
@@ -137,13 +137,13 @@
/**
* \brief Table of test function wrappers. Used by dispatch_test().
* This table is populated by script:
- * $generator_script
+ * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
*/
TestWrapper_t test_funcs[] =
{
-$dispatch_code
-#line $line_no "suites/main_test.function"
+__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
};
/**
@@ -219,9 +219,9 @@
}
-$platform_code
+__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
-#line $line_no "suites/main_test.function"
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
/* Main Test code */
diff --git a/tests/suites/test_suite_asn1parse.data b/tests/suites/test_suite_asn1parse.data
index 36ab1e4..c129e3c 100644
--- a/tests/suites/test_suite_asn1parse.data
+++ b/tests/suites/test_suite_asn1parse.data
@@ -608,18 +608,23 @@
find_named_data:"414141":"414141":"434343":"444444":"414141":0:0
Free named data: null pointer
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data_null:
Free named data: all null
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data:0:0:0
Free named data: with oid
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data:1:0:0
Free named data: with val
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data:0:1:0
Free named data: with next
+depends_on:MBEDTLS_TEST_DEPRECATED
free_named_data:0:0:1
Free named data list (empty)
diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function
index 002d8c4..62669b3 100644
--- a/tests/suites/test_suite_asn1parse.function
+++ b/tests/suites/test_suite_asn1parse.function
@@ -735,7 +735,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING */
void free_named_data_null( )
{
mbedtls_asn1_free_named_data( NULL );
@@ -743,7 +743,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING */
void free_named_data( int with_oid, int with_val, int with_next )
{
mbedtls_asn1_named_data next =
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_bignum.function
similarity index 100%
rename from tests/suites/test_suite_mpi.function
rename to tests/suites/test_suite_bignum.function
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_bignum.misc.data
similarity index 99%
rename from tests/suites/test_suite_mpi.data
rename to tests/suites/test_suite_bignum.misc.data
index 78afcb6..29ba4ab 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_bignum.misc.data
@@ -1766,16 +1766,16 @@
mpi_random_many:1:"0c":1000
MPI random in range: 1..255
-mpi_random_many:1:"ff":100
+mpi_random_many:1:"ff":200
MPI random in range: 1..256
-mpi_random_many:1:"0100":100
+mpi_random_many:1:"0100":200
MPI random in range: 1..257
-mpi_random_many:1:"0101":100
+mpi_random_many:1:"0101":200
MPI random in range: 1..272
-mpi_random_many:1:"0110":100
+mpi_random_many:1:"0110":200
MPI random in range: 1..2^64-1
mpi_random_many:1:"ffffffffffffffff":100
diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function
index 9803587..612a7c6 100644
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@@ -5,6 +5,154 @@
#include "constant_time_internal.h"
#include "test/constant_flow.h"
+/** Verifies mbedtls_mpi_core_add().
+ *
+ * \param[in] A Little-endian presentation of the left operand.
+ * \param[in] B Little-endian presentation of the right operand.
+ * \param limbs Number of limbs in each MPI (\p A, \p B, \p S and \p X).
+ * \param[in] S Little-endian presentation of the expected sum.
+ * \param carry Expected carry from the addition.
+ * \param[in,out] X Temporary storage to be used for results.
+ *
+ * \return 1 if mbedtls_mpi_core_add() passes this test, otherwise 0.
+ */
+static int mpi_core_verify_add( mbedtls_mpi_uint *A,
+ mbedtls_mpi_uint *B,
+ size_t limbs,
+ mbedtls_mpi_uint *S,
+ int carry,
+ mbedtls_mpi_uint *X )
+{
+ int ret = 0;
+
+ size_t bytes = limbs * sizeof( *A );
+
+ /* The test cases have A <= B to avoid repetition, so we test A + B then,
+ * if A != B, B + A. If A == B, we can test when A and B are aliased */
+
+ /* A + B */
+
+ /* A + B => correct result and carry */
+ TEST_EQUAL( carry, mbedtls_mpi_core_add( X, A, B, limbs ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+
+ /* A + B; alias output and first operand => correct result and carry */
+ memcpy( X, A, bytes );
+ TEST_EQUAL( carry, mbedtls_mpi_core_add( X, X, B, limbs ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+
+ /* A + B; alias output and second operand => correct result and carry */
+ memcpy( X, B, bytes );
+ TEST_EQUAL( carry, mbedtls_mpi_core_add( X, A, X, limbs ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+
+ if ( memcmp( A, B, bytes ) == 0 )
+ {
+ /* A == B, so test where A and B are aliased */
+
+ /* A + A => correct result and carry */
+ TEST_EQUAL( carry, mbedtls_mpi_core_add( X, A, A, limbs ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+
+ /* A + A, output aliased to both operands => correct result and carry */
+ memcpy( X, A, bytes );
+ TEST_EQUAL( carry, mbedtls_mpi_core_add( X, X, X, limbs ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+ }
+ else
+ {
+ /* A != B, so test B + A */
+
+ /* B + A => correct result and carry */
+ TEST_EQUAL( carry, mbedtls_mpi_core_add( X, B, A, limbs ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+
+ /* B + A; alias output and first operand => correct result and carry */
+ memcpy( X, B, bytes );
+ TEST_EQUAL( carry, mbedtls_mpi_core_add( X, X, A, limbs ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+
+ /* B + A; alias output and second operand => correct result and carry */
+ memcpy( X, A, bytes );
+ TEST_EQUAL( carry, mbedtls_mpi_core_add( X, B, X, limbs ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+ }
+
+ ret = 1;
+
+exit:
+ return ret;
+}
+
+/** Verifies mbedtls_mpi_core_add_if().
+ *
+ * \param[in] A Little-endian presentation of the left operand.
+ * \param[in] B Little-endian presentation of the right operand.
+ * \param limbs Number of limbs in each MPI (\p A, \p B, \p S and \p X).
+ * \param[in] S Little-endian presentation of the expected sum.
+ * \param carry Expected carry from the addition.
+ * \param[in,out] X Temporary storage to be used for results.
+ *
+ * \return 1 if mbedtls_mpi_core_add_if() passes this test, otherwise 0.
+ */
+static int mpi_core_verify_add_if( mbedtls_mpi_uint *A,
+ mbedtls_mpi_uint *B,
+ size_t limbs,
+ mbedtls_mpi_uint *S,
+ int carry,
+ mbedtls_mpi_uint *X )
+{
+ int ret = 0;
+
+ size_t bytes = limbs * sizeof( *A );
+
+ /* The test cases have A <= B to avoid repetition, so we test A + B then,
+ * if A != B, B + A. If A == B, we can test when A and B are aliased */
+
+ /* A + B */
+
+ /* cond = 0 => X unchanged, no carry */
+ memcpy( X, A, bytes );
+ TEST_EQUAL( 0, mbedtls_mpi_core_add_if( X, B, limbs, 0 ) );
+ ASSERT_COMPARE( X, bytes, A, bytes );
+
+ /* cond = 1 => correct result and carry */
+ TEST_EQUAL( carry, mbedtls_mpi_core_add_if( X, B, limbs, 1 ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+
+ if ( memcmp( A, B, bytes ) == 0 )
+ {
+ /* A == B, so test where A and B are aliased */
+
+ /* cond = 0 => X unchanged, no carry */
+ memcpy( X, B, bytes );
+ TEST_EQUAL( 0, mbedtls_mpi_core_add_if( X, X, limbs, 0 ) );
+ ASSERT_COMPARE( X, bytes, B, bytes );
+
+ /* cond = 1 => correct result and carry */
+ TEST_EQUAL( carry, mbedtls_mpi_core_add_if( X, X, limbs, 1 ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+ }
+ else
+ {
+ /* A != B, so test B + A */
+
+ /* cond = 0 => d unchanged, no carry */
+ memcpy( X, B, bytes );
+ TEST_EQUAL( 0, mbedtls_mpi_core_add_if( X, A, limbs, 0 ) );
+ ASSERT_COMPARE( X, bytes, B, bytes );
+
+ /* cond = 1 => correct result and carry */
+ TEST_EQUAL( carry, mbedtls_mpi_core_add_if( X, A, limbs, 1 ) );
+ ASSERT_COMPARE( X, bytes, S, bytes );
+ }
+
+ ret = 1;
+
+exit:
+ return ret;
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -197,14 +345,18 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_core_cond_assign( data_t * input_X,
- data_t * input_Y,
+void mpi_core_cond_assign( char * input_X,
+ char * input_Y,
int input_bytes )
{
mbedtls_mpi_uint *X = NULL;
mbedtls_mpi_uint *Y = NULL;
- size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
- size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
+ size_t limbs_X;
+ size_t limbs_Y;
+
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &X, &limbs_X, input_X ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &Y, &limbs_Y, input_Y ), 0 );
+
size_t limbs = limbs_X;
size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
@@ -213,15 +365,6 @@
TEST_EQUAL( limbs_X, limbs_Y );
TEST_ASSERT( copy_limbs <= limbs );
- ASSERT_ALLOC( X, limbs );
- ASSERT_ALLOC( Y, limbs );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs, input_X->x, input_X->len )
- == 0 );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs, input_Y->x, input_Y->len )
- == 0 );
-
/* condition is false */
TEST_CF_SECRET( X, bytes );
TEST_CF_SECRET( Y, bytes );
@@ -246,6 +389,9 @@
than the length of the given MPIs. */
if( copy_limbs < limbs )
{
+ TEST_CF_PUBLIC( X, bytes );
+ TEST_CF_PUBLIC( Y, bytes );
+
ASSERT_COMPARE( X, copy_bytes, Y, copy_bytes );
TEST_ASSERT( memcmp( X, Y, bytes ) != 0 );
}
@@ -259,16 +405,20 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_core_cond_swap( data_t * input_X,
- data_t * input_Y,
+void mpi_core_cond_swap( char * input_X,
+ char * input_Y,
int input_bytes )
{
mbedtls_mpi_uint *tmp_X = NULL;
mbedtls_mpi_uint *tmp_Y = NULL;
mbedtls_mpi_uint *X = NULL;
mbedtls_mpi_uint *Y = NULL;
- size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
- size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
+ size_t limbs_X;
+ size_t limbs_Y;
+
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &tmp_X, &limbs_X, input_X ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &tmp_Y, &limbs_Y, input_Y ), 0 );
+
size_t limbs = limbs_X;
size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
@@ -277,18 +427,9 @@
TEST_EQUAL( limbs_X, limbs_Y );
TEST_ASSERT( copy_limbs <= limbs );
- ASSERT_ALLOC( tmp_X, limbs );
- ASSERT_ALLOC( tmp_Y, limbs );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs,
- input_X->x, input_X->len )
- == 0 );
ASSERT_ALLOC( X, limbs );
memcpy( X, tmp_X, bytes );
- TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs,
- input_Y->x, input_Y->len )
- == 0 );
ASSERT_ALLOC( Y, limbs );
memcpy( Y, tmp_Y, bytes );
@@ -339,70 +480,48 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_core_add_if( char * input_A, char * input_B,
- char * input_S, int carry )
+void mpi_core_shift_r( char *input, int count, char *result )
+{
+ mbedtls_mpi_uint *X = NULL;
+ mbedtls_mpi_uint *Y = NULL;
+ size_t limbs, n;
+
+ TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &X, &limbs, input ) );
+ TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &Y, &n, result ) );
+ TEST_EQUAL( limbs, n );
+
+ mbedtls_mpi_core_shift_r( X, limbs, count );
+ ASSERT_COMPARE( X, limbs * ciL, Y, limbs * ciL );
+
+exit:
+ mbedtls_free( X );
+ mbedtls_free( Y );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_core_add_and_add_if( char * input_A, char * input_B,
+ char * input_S, int carry )
{
mbedtls_mpi_uint *A = NULL; /* first value to add */
- size_t A_limbs;
mbedtls_mpi_uint *B = NULL; /* second value to add */
- size_t B_limbs;
mbedtls_mpi_uint *S = NULL; /* expected result */
- size_t S_limbs;
mbedtls_mpi_uint *X = NULL; /* destination - the in/out first operand */
- size_t X_limbs;
+ size_t A_limbs, B_limbs, S_limbs;
TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &A, &A_limbs, input_A ) );
TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &B, &B_limbs, input_B ) );
TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &S, &S_limbs, input_S ) );
- X_limbs = S_limbs;
- ASSERT_ALLOC( X, X_limbs );
- /* add_if expects all operands to be the same length */
+ /* add and add_if expect all operands to be the same length */
TEST_EQUAL( A_limbs, B_limbs );
TEST_EQUAL( A_limbs, S_limbs );
+
size_t limbs = A_limbs;
- size_t bytes = limbs * sizeof( *A );
+ ASSERT_ALLOC( X, limbs );
- /* The test cases have A <= B to avoid repetition, so we test A + B then,
- * if A != B, B + A. If A == B, we can test when A and B are aliased */
-
- /* A + B */
-
- /* cond = 0 => X unchanged, no carry */
- memcpy( X, A, bytes );
- TEST_EQUAL( 0, mbedtls_mpi_core_add_if( X, B, limbs, 0 ) );
- ASSERT_COMPARE( X, bytes, A, bytes );
-
- /* cond = 1 => correct result and carry */
- TEST_EQUAL( carry, mbedtls_mpi_core_add_if( X, B, limbs, 1 ) );
- ASSERT_COMPARE( X, bytes, S, bytes );
-
- if ( memcmp( A, B, bytes ) == 0 )
- {
- /* A == B, so test where A and B are aliased */
-
- /* cond = 0 => X unchanged, no carry */
- memcpy( X, B, bytes );
- TEST_EQUAL( 0, mbedtls_mpi_core_add_if( X, X, limbs, 0 ) );
- ASSERT_COMPARE( X, bytes, B, bytes );
-
- /* cond = 1 => correct result and carry */
- TEST_EQUAL( carry, mbedtls_mpi_core_add_if( X, X, limbs, 1 ) );
- ASSERT_COMPARE( X, bytes, S, bytes );
- }
- else
- {
- /* A != B, so test B + A */
-
- /* cond = 0 => d unchanged, no carry */
- memcpy( X, B, bytes );
- TEST_EQUAL( 0, mbedtls_mpi_core_add_if( X, A, limbs, 0 ) );
- ASSERT_COMPARE( X, bytes, B, bytes );
-
- /* cond = 1 => correct result and carry */
- TEST_EQUAL( carry, mbedtls_mpi_core_add_if( X, A, limbs, 1 ) );
- ASSERT_COMPARE( X, bytes, S, bytes );
- }
+ TEST_ASSERT( mpi_core_verify_add( A, B, limbs, S, carry, X ) );
+ TEST_ASSERT( mpi_core_verify_add_if( A, B, limbs, S, carry, X ) );
exit:
mbedtls_free( A );
@@ -746,3 +865,216 @@
mbedtls_mpi_free( &R );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_core_get_mont_r2_unsafe_neg( )
+{
+ mbedtls_mpi N, RR;
+ mbedtls_mpi_init( &N );
+ mbedtls_mpi_init( &RR );
+ const char * n = "7ffffffffffffff1";
+
+ /* Test for zero divisor */
+ TEST_EQUAL( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO,
+ mbedtls_mpi_core_get_mont_r2_unsafe( &RR, &N ) );
+
+ /* Test for negative input */
+ TEST_EQUAL( 0, mbedtls_test_read_mpi( &N, n ) );
+ N.s = -1;
+ TEST_EQUAL( MBEDTLS_ERR_MPI_NEGATIVE_VALUE,
+ mbedtls_mpi_core_get_mont_r2_unsafe( &RR, &N ) );
+ N.s = 1;
+
+exit:
+ mbedtls_mpi_free( &N );
+ mbedtls_mpi_free( &RR );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_core_get_mont_r2_unsafe( char * input_N,
+ char * input_RR_X4,
+ char * input_RR_X8 )
+{
+ mbedtls_mpi N, RR, RR_REF;
+
+ /* Select the appropriate output */
+ char * input_rr = ( sizeof(mbedtls_mpi_uint) == 4 ) ? input_RR_X4: input_RR_X8;
+
+ mbedtls_mpi_init( &N );
+ mbedtls_mpi_init( &RR );
+ mbedtls_mpi_init( &RR_REF );
+
+ /* Read inputs */
+ TEST_EQUAL( 0, mbedtls_test_read_mpi( &N, input_N ) );
+ TEST_EQUAL( 0, mbedtls_test_read_mpi( &RR_REF, input_rr ) );
+
+ /* All of the inputs are +ve (or zero) */
+ TEST_EQUAL( 1, N.s );
+ TEST_EQUAL( 1, RR_REF.s );
+
+ /* Test valid input */
+ TEST_EQUAL( 0, mbedtls_mpi_core_get_mont_r2_unsafe( &RR, &N ) );
+
+ /* Test that the moduli is odd */
+ TEST_EQUAL( N.p[0] ^ 1, N.p[0] - 1 );
+
+ /* Output is +ve (or zero) */
+ TEST_EQUAL( 1, RR_REF.s );
+
+ /* rr is updated to a valid pointer */
+ TEST_ASSERT( RR.p != NULL );
+
+ /* Calculated rr matches expected value */
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &RR, &RR_REF ) == 0 );
+
+exit:
+ mbedtls_mpi_free( &N );
+ mbedtls_mpi_free( &RR );
+ mbedtls_mpi_free( &RR_REF );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_core_ct_uint_table_lookup( int bitlen, int window_size )
+{
+ size_t limbs = BITS_TO_LIMBS( bitlen );
+ size_t count = ( (size_t) 1 ) << window_size;
+
+ mbedtls_mpi_uint *table = NULL;
+ mbedtls_mpi_uint *dest = NULL;
+
+ ASSERT_ALLOC( table, limbs * count );
+ ASSERT_ALLOC( dest, limbs );
+
+ /*
+ * Fill the table with a unique counter so that differences are easily
+ * detected. (And have their relationship to the index relatively non-trivial just
+ * to be sure.)
+ */
+ for( size_t i = 0; i < count * limbs; i++ )
+ {
+ table[i] = ~i - 1;
+ }
+
+ for( size_t i = 0; i < count; i++ )
+ {
+ mbedtls_mpi_uint *current = table + i * limbs;
+ memset( dest, 0x00, limbs * sizeof( *dest ) );
+
+ /*
+ * We shouldn't leak anything through timing.
+ * We need to set these in every loop as we need to make the loop
+ * variable public for the loop head and the buffers for comparison.
+ */
+ TEST_CF_SECRET( &i, sizeof( i ) );
+ TEST_CF_SECRET( dest, limbs * sizeof( *dest ) );
+ TEST_CF_SECRET( table, count * limbs * sizeof( *table ) );
+
+ mbedtls_mpi_core_ct_uint_table_lookup( dest, table, limbs, count, i );
+
+ TEST_CF_PUBLIC( dest, limbs * sizeof( *dest ) );
+ TEST_CF_PUBLIC( table, count * limbs * sizeof( *table ) );
+ ASSERT_COMPARE( dest, limbs * sizeof( *dest ),
+ current, limbs * sizeof( *current ) );
+ TEST_CF_PUBLIC( &i, sizeof( i ) );
+ }
+
+exit:
+ mbedtls_free(table);
+ mbedtls_free(dest);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_core_fill_random( int wanted_bytes_arg, int extra_rng_bytes,
+ int extra_limbs, int before, int expected_ret )
+{
+ size_t wanted_bytes = wanted_bytes_arg;
+ mbedtls_mpi_uint *X = NULL;
+ size_t X_limbs = CHARS_TO_LIMBS( wanted_bytes ) + extra_limbs;
+ size_t rng_bytes = wanted_bytes + extra_rng_bytes;
+ unsigned char *rnd_data = NULL;
+ mbedtls_test_rnd_buf_info rnd_info = {NULL, rng_bytes, NULL, NULL};
+ int ret;
+
+ /* Prepare an RNG with known output, limited to rng_bytes. */
+ ASSERT_ALLOC( rnd_data, rng_bytes );
+ TEST_EQUAL( 0, mbedtls_test_rnd_std_rand( NULL, rnd_data, rng_bytes ) );
+ rnd_info.buf = rnd_data;
+
+ /* Allocate an MPI with room for wanted_bytes plus extra_limbs.
+ * extra_limbs may be negative but the total limb count must be positive.
+ * Fill the MPI with the byte value in before. */
+ TEST_LE_U( 1, X_limbs );
+ ASSERT_ALLOC( X, X_limbs );
+ memset( X, before, X_limbs * sizeof( *X ) );
+
+ ret = mbedtls_mpi_core_fill_random( X, X_limbs, wanted_bytes,
+ mbedtls_test_rnd_buffer_rand,
+ &rnd_info );
+ TEST_EQUAL( expected_ret, ret );
+
+ if( expected_ret == 0 )
+ {
+ /* mbedtls_mpi_core_fill_random is documented to use bytes from the
+ * RNG as a big-endian representation of the number. We used an RNG
+ * with known output, so check that the output contains the
+ * expected value. Bytes above wanted_bytes must be zero. */
+ for( size_t i = 0; i < wanted_bytes; i++ )
+ {
+ mbedtls_test_set_step( i );
+ TEST_EQUAL( GET_BYTE( X, i ), rnd_data[wanted_bytes - 1 - i] );
+ }
+ for( size_t i = wanted_bytes; i < X_limbs * ciL; i++ )
+ {
+ mbedtls_test_set_step( i );
+ TEST_EQUAL( GET_BYTE( X, i ), 0 );
+ }
+ }
+
+exit:
+ mbedtls_free( rnd_data );
+ mbedtls_free( X );
+}
+/* END_CASE */
+
+/* BEGIN MERGE SLOT 1 */
+
+/* END MERGE SLOT 1 */
+
+/* BEGIN MERGE SLOT 2 */
+
+/* END MERGE SLOT 2 */
+
+/* BEGIN MERGE SLOT 3 */
+
+/* END MERGE SLOT 3 */
+
+/* BEGIN MERGE SLOT 4 */
+
+/* END MERGE SLOT 4 */
+
+/* BEGIN MERGE SLOT 5 */
+
+/* END MERGE SLOT 5 */
+
+/* BEGIN MERGE SLOT 6 */
+
+/* END MERGE SLOT 6 */
+
+/* BEGIN MERGE SLOT 7 */
+
+/* END MERGE SLOT 7 */
+
+/* BEGIN MERGE SLOT 8 */
+
+/* END MERGE SLOT 8 */
+
+/* BEGIN MERGE SLOT 9 */
+
+/* END MERGE SLOT 9 */
+
+/* BEGIN MERGE SLOT 10 */
+
+/* END MERGE SLOT 10 */
diff --git a/tests/suites/test_suite_bignum_core.data b/tests/suites/test_suite_bignum_core.misc.data
similarity index 79%
rename from tests/suites/test_suite_bignum_core.data
rename to tests/suites/test_suite_bignum_core.misc.data
index cb6fe42..62480e4 100644
--- a/tests/suites/test_suite_bignum_core.data
+++ b/tests/suites/test_suite_bignum_core.misc.data
@@ -167,9 +167,6 @@
mbedtls_mpi_core_lt_ct: x<y (1 limb)
mpi_core_lt_ct:"2B5":"2B6":1
-mbedtls_mpi_core_lt_ct: x=y (0 limbs)
-mpi_core_lt_ct:"":"":0
-
mbedtls_mpi_core_lt_ct: x>y (63 bit x, y first byte greater)
mpi_core_lt_ct:"7FFFFFFFFFFFFFFF":"00000000000000FF":0
@@ -328,3 +325,145 @@
mbedtls_mpi_montg_init #15
mpi_montg_init:"bf741f75e28a44e271cf43e68dbadd23c72d2f2e1fc78a6d6aaaadf2ccbf26c9a232aff5b3f3f29323b114f3018144ed9438943e07820e222137d3bb229b61671e61f75f6021a26436df9e669929fa392df021f105d2fce0717468a522018721ccde541b9a7b558128419f457ef33a5753f00c20c2d709727eef6278c55b278b10abe1d13e538514128b5dcb7bfd015e0fdcb081555071813974135d5ab5000630a94f5b0f4021a504ab4f3df2403e6140b9939f8bbe714635f5cff10744be03":"aab901da57bba355"
+
+mbedtls_mpi_core_get_mont_r2_unsafe_neg
+mpi_core_get_mont_r2_unsafe_neg:
+
+mbedtls_mpi_core_get_mont_r2_unsafe #1
+mpi_core_get_mont_r2_unsafe:"f":"1":"1"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #2
+mpi_core_get_mont_r2_unsafe:"fd":"ec":"24"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #3
+mpi_core_get_mont_r2_unsafe:"eeff99aa37":"a23bd6a686":"a23bd6a686"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #4
+mpi_core_get_mont_r2_unsafe:"eeff99aa11":"3308cb71":"3308cb71"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #5
+mpi_core_get_mont_r2_unsafe:"800000000005":"6400000000":"6400000000"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #6
+mpi_core_get_mont_r2_unsafe:"7fffffffffffffff":"4":"4"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #7
+mpi_core_get_mont_r2_unsafe:"80fe000a10000001":"5dbc6e833bad575a":"5dbc6e833bad575a"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #8
+mpi_core_get_mont_r2_unsafe:"25a55a46e5da99c71c7":"11637ce1347edeaf669":"1e455bf7451c05bc711"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #9
+mpi_core_get_mont_r2_unsafe:"314dc643fb763f2b8c0e2de00879":"1058ad82120c3a10196bb36229c1":"1058ad82120c3a10196bb36229c1"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #10
+mpi_core_get_mont_r2_unsafe:"8335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63":"5d96a26447dca0cb7209c048f9e63e8dc623d67c8f44396":"5d96a26447dca0cb7209c048f9e63e8dc623d67c8f44396"
+
+mbedtls_mpi_core_get_mont_r2_unsafe #11
+mpi_core_get_mont_r2_unsafe:"d1cece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a64d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a07e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d3898c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3ad4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181db8896f33bb12e6ef73f12ec5c5ea7a8a337":"12d7243d92ebc8338221f6dcec8ad8a2ec64c10a98339c8721beb1cb79e629253a7aa35e25d5421e6c2b43ddc4310cf4443875c070a7a5a5cc2c4c3eefa8a133af2e477fb7bb5b5058c6120946a7f9f08f2fab51e2f243b9ba206d2bfd62e4ef647dda49100d7004794f28172be2d715905fbd2e9ab8588c774523c0e096b49b6855a10e5ce0d8498370949a29d71d293788bf10a71e2447d4b2f11959a72f7290e2950772d14c83f15532468745fa58a83fca8883b0b6169a27ec0cf922c4f39d283bb20fca5ff1de01d9c66b8a710108b951af634d56c843d9505bf2edd5a7b8f0b72a5c95672151e60075a78084e83fbe284617a90c74c8335cce38bb012e":"12d7243d92ebc8338221f6dcec8ad8a2ec64c10a98339c8721beb1cb79e629253a7aa35e25d5421e6c2b43ddc4310cf4443875c070a7a5a5cc2c4c3eefa8a133af2e477fb7bb5b5058c6120946a7f9f08f2fab51e2f243b9ba206d2bfd62e4ef647dda49100d7004794f28172be2d715905fbd2e9ab8588c774523c0e096b49b6855a10e5ce0d8498370949a29d71d293788bf10a71e2447d4b2f11959a72f7290e2950772d14c83f15532468745fa58a83fca8883b0b6169a27ec0cf922c4f39d283bb20fca5ff1de01d9c66b8a710108b951af634d56c843d9505bf2edd5a7b8f0b72a5c95672151e60075a78084e83fbe284617a90c74c8335cce38bb012e"
+
+Fill random core: 0 bytes
+mpi_core_fill_random:0:0:1:0:0
+
+Fill random core: 1 byte, RNG stops at 0
+mpi_core_fill_random:1:-1:0:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+
+Fill random core: 1 byte, RNG just sufficient
+mpi_core_fill_random:1:0:0:0:0
+
+Fill random core: 1 byte, RNG not exhausted
+mpi_core_fill_random:1:1:0:0:0
+
+Fill random core: 1 byte, prior content nonzero
+mpi_core_fill_random:1:0:0:0xba:0
+
+Fill random core: 1 byte, 1 extra limb
+mpi_core_fill_random:1:0:1:0:0
+
+Fill random core: 1 byte, 1 extra limb, prior content nonzero
+mpi_core_fill_random:1:0:1:0xba:0
+
+Fill random core: 8 bytes, RNG stops before
+mpi_core_fill_random:8:-1:0:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+
+Fill random core: 8 bytes, RNG just sufficient
+mpi_core_fill_random:8:0:0:0:0
+
+Fill random core: 8 bytes, RNG not exhausted
+mpi_core_fill_random:8:1:0:0:0
+
+Fill random core: 8 bytes, prior content nonzero
+mpi_core_fill_random:8:0:0:0xba:0
+
+Fill random core: 8 bytes, 1 extra limb
+mpi_core_fill_random:8:0:1:0:0
+
+Fill random core: 8 bytes, 1 extra limb, prior content nonzero
+mpi_core_fill_random:8:0:1:0xba:0
+
+Fill random core: 9 bytes, 1 missing limb
+mpi_core_fill_random:9:0:-1:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+Fill random core: 42 bytes, RNG stops before
+mpi_core_fill_random:42:-1:0:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+
+Fill random core: 42 bytes, RNG just sufficient
+mpi_core_fill_random:42:0:0:0:0
+
+Fill random core: 42 bytes, RNG not exhausted
+mpi_core_fill_random:42:1:0:0:0
+
+Fill random core: 42 bytes, prior content nonzero
+mpi_core_fill_random:42:0:0:0xba:0
+
+Fill random core: 42 bytes, 1 extra limb
+mpi_core_fill_random:42:0:1:0:0
+
+Fill random core: 42 bytes, 1 extra limb, prior content nonzero
+mpi_core_fill_random:42:0:1:0xba:0
+
+Fill random core: 42 bytes, 1 missing limb
+mpi_core_fill_random:42:0:-1:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+Fill random core: 42 bytes, 5 missing limbs
+mpi_core_fill_random:42:0:-5:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+# BEGIN MERGE SLOT 1
+
+# END MERGE SLOT 1
+
+# BEGIN MERGE SLOT 2
+
+# END MERGE SLOT 2
+
+# BEGIN MERGE SLOT 3
+
+# END MERGE SLOT 3
+
+# BEGIN MERGE SLOT 4
+
+# END MERGE SLOT 4
+
+# BEGIN MERGE SLOT 5
+
+# END MERGE SLOT 5
+
+# BEGIN MERGE SLOT 6
+
+# END MERGE SLOT 6
+
+# BEGIN MERGE SLOT 7
+
+# END MERGE SLOT 7
+
+# BEGIN MERGE SLOT 8
+
+# END MERGE SLOT 8
+
+# BEGIN MERGE SLOT 9
+
+# END MERGE SLOT 9
+
+# BEGIN MERGE SLOT 10
+
+# END MERGE SLOT 10
diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data
index cb78140..95faa53 100644
--- a/tests/suites/test_suite_bignum_mod.data
+++ b/tests/suites/test_suite_bignum_mod.data
@@ -24,3 +24,43 @@
Test mbedtls_mpi_mod_setup #9 (Both representations valid)
mpi_mod_setup:MBEDTLS_MPI_MOD_EXT_REP_LE:MBEDTLS_MPI_MOD_REP_MONTGOMERY:0
+
+# BEGIN MERGE SLOT 1
+
+# END MERGE SLOT 1
+
+# BEGIN MERGE SLOT 2
+
+# END MERGE SLOT 2
+
+# BEGIN MERGE SLOT 3
+
+# END MERGE SLOT 3
+
+# BEGIN MERGE SLOT 4
+
+# END MERGE SLOT 4
+
+# BEGIN MERGE SLOT 5
+
+# END MERGE SLOT 5
+
+# BEGIN MERGE SLOT 6
+
+# END MERGE SLOT 6
+
+# BEGIN MERGE SLOT 7
+
+# END MERGE SLOT 7
+
+# BEGIN MERGE SLOT 8
+
+# END MERGE SLOT 8
+
+# BEGIN MERGE SLOT 9
+
+# END MERGE SLOT 9
+
+# BEGIN MERGE SLOT 10
+
+# END MERGE SLOT 10
diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function
index 9f73209..1a2d0c1 100644
--- a/tests/suites/test_suite_bignum_mod.function
+++ b/tests/suites/test_suite_bignum_mod.function
@@ -25,12 +25,28 @@
ret = mbedtls_mpi_mod_modulus_setup( &m, mp, MLIMBS, ext_rep, int_rep );
TEST_EQUAL( ret, iret );
+ /* Only test if the constants have been set-up */
+ if ( ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
+ {
+ /* Test that the consts have been calculated */
+ TEST_ASSERT( m.rep.mont.rr != NULL );
+ TEST_ASSERT( m.rep.mont.mm != 0 );
+
+ }
+
/* Address sanitiser should catch if we try to free mp */
mbedtls_mpi_mod_modulus_free( &m );
/* Make sure that the modulus doesn't have reference to mp anymore */
TEST_ASSERT( m.p != mp );
+ /* Only test if the constants have been set-up */
+ if ( ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
+ {
+ /* Verify the data and pointers allocated have been properly wiped */
+ TEST_ASSERT( m.rep.mont.rr == NULL );
+ TEST_ASSERT( m.rep.mont.mm == 0 );
+ }
exit:
/* It should be safe to call an mbedtls free several times */
mbedtls_mpi_mod_modulus_free( &m );
@@ -38,3 +54,43 @@
#undef MLIMBS
}
/* END_CASE */
+
+/* BEGIN MERGE SLOT 1 */
+
+/* END MERGE SLOT 1 */
+
+/* BEGIN MERGE SLOT 2 */
+
+/* END MERGE SLOT 2 */
+
+/* BEGIN MERGE SLOT 3 */
+
+/* END MERGE SLOT 3 */
+
+/* BEGIN MERGE SLOT 4 */
+
+/* END MERGE SLOT 4 */
+
+/* BEGIN MERGE SLOT 5 */
+
+/* END MERGE SLOT 5 */
+
+/* BEGIN MERGE SLOT 6 */
+
+/* END MERGE SLOT 6 */
+
+/* BEGIN MERGE SLOT 7 */
+
+/* END MERGE SLOT 7 */
+
+/* BEGIN MERGE SLOT 8 */
+
+/* END MERGE SLOT 8 */
+
+/* BEGIN MERGE SLOT 9 */
+
+/* END MERGE SLOT 9 */
+
+/* BEGIN MERGE SLOT 10 */
+
+/* END MERGE SLOT 10 */
diff --git a/tests/suites/test_suite_bignum_mod_raw.data b/tests/suites/test_suite_bignum_mod_raw.data
index 788165d..8cbd918 100644
--- a/tests/suites/test_suite_bignum_mod_raw.data
+++ b/tests/suites/test_suite_bignum_mod_raw.data
@@ -178,3 +178,43 @@
mbedtls_mpi_mod_raw_cond_swap: copy half of the limbs
mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA9876543210":8
+
+# BEGIN MERGE SLOT 1
+
+# END MERGE SLOT 1
+
+# BEGIN MERGE SLOT 2
+
+# END MERGE SLOT 2
+
+# BEGIN MERGE SLOT 3
+
+# END MERGE SLOT 3
+
+# BEGIN MERGE SLOT 4
+
+# END MERGE SLOT 4
+
+# BEGIN MERGE SLOT 5
+
+# END MERGE SLOT 5
+
+# BEGIN MERGE SLOT 6
+
+# END MERGE SLOT 6
+
+# BEGIN MERGE SLOT 7
+
+# END MERGE SLOT 7
+
+# BEGIN MERGE SLOT 8
+
+# END MERGE SLOT 8
+
+# BEGIN MERGE SLOT 9
+
+# END MERGE SLOT 9
+
+# BEGIN MERGE SLOT 10
+
+# END MERGE SLOT 10
diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function
index 18ac97f..4b90675 100644
--- a/tests/suites/test_suite_bignum_mod_raw.function
+++ b/tests/suites/test_suite_bignum_mod_raw.function
@@ -17,6 +17,9 @@
void mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int,
int iendian, int iret, int oret )
{
+ mbedtls_mpi_mod_modulus m;
+ mbedtls_mpi_mod_modulus_init( &m );
+
if( iret != 0 )
TEST_ASSERT( oret == 0 );
@@ -44,8 +47,6 @@
else
endian = iendian;
- mbedtls_mpi_mod_modulus m;
- mbedtls_mpi_mod_modulus_init( &m );
mbedtls_mpi_uint init[sizeof( X ) / sizeof( X[0] )];
memset( init, 0xFF, sizeof( init ) );
int ret = mbedtls_mpi_mod_modulus_setup( &m, init, nx, endian,
@@ -109,42 +110,36 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_mod_raw_cond_assign( data_t * input_X,
- data_t * input_Y,
+void mpi_mod_raw_cond_assign( char * input_X,
+ char * input_Y,
int input_bytes )
{
mbedtls_mpi_uint *X = NULL;
mbedtls_mpi_uint *Y = NULL;
mbedtls_mpi_uint *buff_m = NULL;
mbedtls_mpi_mod_modulus m;
- size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
- size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
+ size_t limbs_X;
+ size_t limbs_Y;
+
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &X, &limbs_X, input_X ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &Y, &limbs_Y, input_Y ), 0 );
+
size_t limbs = limbs_X;
size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint );
+ mbedtls_mpi_mod_modulus_init( &m );
+
TEST_EQUAL( limbs_X, limbs_Y );
TEST_ASSERT( copy_limbs <= limbs );
- ASSERT_ALLOC( X, limbs );
- ASSERT_ALLOC( Y, limbs );
-
- ASSERT_ALLOC( buff_m, limbs );
- mbedtls_mpi_mod_modulus_init( &m );
- TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
+ ASSERT_ALLOC( buff_m, copy_limbs );
+ memset( buff_m, 0xFF, copy_limbs );
+ TEST_EQUAL( mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs,
MBEDTLS_MPI_MOD_EXT_REP_BE,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY )
- == 0 );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs,
- input_X->x, input_X->len )
- == 0 );
-
- TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs,
- input_Y->x, input_Y->len )
- == 0 );
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 );
/* condition is false */
TEST_CF_SECRET( X, bytes );
@@ -186,8 +181,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_mod_raw_cond_swap( data_t * input_X,
- data_t * input_Y,
+void mpi_mod_raw_cond_swap( char * input_X,
+ char * input_Y,
int input_bytes )
{
mbedtls_mpi_uint *tmp_X = NULL;
@@ -196,34 +191,32 @@
mbedtls_mpi_uint *Y = NULL;
mbedtls_mpi_uint *buff_m = NULL;
mbedtls_mpi_mod_modulus m;
- size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
- size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
+ size_t limbs_X;
+ size_t limbs_Y;
+
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &tmp_X, &limbs_X, input_X ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi_core( &tmp_Y, &limbs_Y, input_Y ), 0 );
+
size_t limbs = limbs_X;
size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint );
+ mbedtls_mpi_mod_modulus_init( &m );
+
TEST_EQUAL( limbs_X, limbs_Y );
TEST_ASSERT( copy_limbs <= limbs );
- ASSERT_ALLOC( tmp_X, limbs );
- ASSERT_ALLOC( tmp_Y, limbs );
-
ASSERT_ALLOC( buff_m, copy_limbs );
- mbedtls_mpi_mod_modulus_init( &m );
- TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
+ memset( buff_m, 0xFF, copy_limbs );
+ TEST_EQUAL( mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs,
MBEDTLS_MPI_MOD_EXT_REP_BE,
- MBEDTLS_MPI_MOD_REP_MONTGOMERY )
- == 0 );
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 );
- TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs, input_X->x, input_X->len )
- == 0 );
ASSERT_ALLOC( X, limbs );
memcpy( X, tmp_X, bytes );
- TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs, input_Y->x, input_Y->len )
- == 0 );
ASSERT_ALLOC( Y, bytes );
memcpy( Y, tmp_Y, bytes );
@@ -275,3 +268,43 @@
mbedtls_free( buff_m );
}
/* END_CASE */
+
+/* BEGIN MERGE SLOT 1 */
+
+/* END MERGE SLOT 1 */
+
+/* BEGIN MERGE SLOT 2 */
+
+/* END MERGE SLOT 2 */
+
+/* BEGIN MERGE SLOT 3 */
+
+/* END MERGE SLOT 3 */
+
+/* BEGIN MERGE SLOT 4 */
+
+/* END MERGE SLOT 4 */
+
+/* BEGIN MERGE SLOT 5 */
+
+/* END MERGE SLOT 5 */
+
+/* BEGIN MERGE SLOT 6 */
+
+/* END MERGE SLOT 6 */
+
+/* BEGIN MERGE SLOT 7 */
+
+/* END MERGE SLOT 7 */
+
+/* BEGIN MERGE SLOT 8 */
+
+/* END MERGE SLOT 8 */
+
+/* BEGIN MERGE SLOT 9 */
+
+/* END MERGE SLOT 9 */
+
+/* BEGIN MERGE SLOT 10 */
+
+/* END MERGE SLOT 10 */
diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index 8220e8d..aabd861 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -2015,195 +2015,195 @@
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:0
AES-128-CBC crypt Encrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0:1
AES-128-CBC crypt Encrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0:1
AES-128-CBC crypt Encrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0:1
AES-128-CBC crypt Encrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1
AES-128-CBC crypt Decrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1
AES-128-CBC crypt Decrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1
AES-128-CBC crypt Decrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1
AES-128-CBC crypt Decrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1
AES-192-CBC crypt Encrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0:1
AES-192-CBC crypt Encrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0:1
AES-192-CBC crypt Encrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0:1
AES-192-CBC crypt Encrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1
AES-192-CBC crypt Decrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1
AES-192-CBC crypt Decrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1
AES-192-CBC crypt Decrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1
AES-192-CBC crypt Decrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1
AES-256-CBC crypt Encrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0:1
AES-256-CBC crypt Encrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0:1
AES-256-CBC crypt Encrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0:1
AES-256-CBC crypt Encrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1
AES-256-CBC crypt Decrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1
AES-256-CBC crypt Decrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1
AES-256-CBC crypt Decrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1
AES-256-CBC crypt Decrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
AES-128-ECB crypt Encrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0:1
AES-128-ECB crypt Encrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0:1
AES-128-ECB crypt Encrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0:1
AES-128-ECB crypt Encrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1
AES-128-ECB crypt Decrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1
AES-128-ECB crypt Decrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1
AES-128-ECB crypt Decrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1
AES-128-ECB crypt Decrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1
AES-192-ECB crypt Encrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0:1
AES-192-ECB crypt Encrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0:1
AES-192-ECB crypt Encrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0:1
AES-192-ECB crypt Encrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1
AES-192-ECB crypt Decrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1
AES-192-ECB crypt Decrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1
AES-192-ECB crypt Decrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1
AES-192-ECB crypt Decrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1
AES-256-ECB crypt Encrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0:1
AES-256-ECB crypt Encrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0:1
AES-256-ECB crypt Encrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0:1
AES-256-ECB crypt Encrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1
AES-256-ECB crypt Decrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1
AES-256-ECB crypt Decrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1
AES-256-ECB crypt Decrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1
AES-256-ECB crypt Decrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15
@@ -2231,27 +2231,27 @@
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0:0
AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM_STAR_NO_TAG
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"7301c907b9d2aaac355c5416ff25c59b":"7304b65b6dab466273862c88b9":"484300aa3a506afcd313b49ead8d":"928ca58b0d373dc50c52afac787c":0:1
AES-128-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-128 #15 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM_STAR_NO_TAG
test_vec_crypt:MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:1
AES-192-CCM*-NO-TAG crypt Encrypt NIST VTT AES-192 #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM_STAR_NO_TAG
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"11fd45743d946e6d37341fec49947e8c70482494a8f07fcc":"c6aeebcb146cfafaae66f78aab":"ee7e6075ba52846de5d6254959a18affc4faf59c8ef63489":"137d9da59baf5cbfd46620c5f298fc766de10ac68e774edf":0:1
AES-192-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-192 #15 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM_STAR_NO_TAG
test_vec_crypt:MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0:1
AES-256-CCM*-NO-TAG crypt Encrypt NIST VADT AES-256 #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM_STAR_NO_TAG
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_ENCRYPT:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886df3ba3e6da3a1389":"72a60f345a1978fb40f28a2fa4":"30d56ff2a25b83fee791110fcaea48e41db7c7f098a81000":"55f068c0bbba8b598013dd1841fd740fda2902322148ab5e":0:1
AES-256-CCM*-NO-TAG crypt Decrypt NIST DVPT AES-256 #13 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM_STAR_NO_TAG
test_vec_crypt:MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0:1
Cipher Corner Case behaviours
diff --git a/tests/suites/test_suite_cipher.ccm.data b/tests/suites/test_suite_cipher.ccm.data
index 44c05ec..3ea44be 100644
--- a/tests/suites/test_suite_cipher.ccm.data
+++ b/tests/suites/test_suite_cipher.ccm.data
@@ -479,385 +479,385 @@
auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966":"945F1FCEA7E11BEE6A2F":"":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D":0
AES-128-CCM test vector NIST #1 PSA (P=0, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"5a8aa485c316e9":"":"":"02209f55":"":"":1
AES-128-CCM test vector NIST #2 PSA (P=0, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"3796cf51b87266":"":"":"9a04c241":"FAIL":"":1
AES-128-CCM test vector NIST #3 PSA (P=0, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9":"":"":"75d582db43ce9b13ab4b6f7f14341330":"":"":1
AES-128-CCM test vector NIST #4 PSA (P=0, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3796cf51b87266":"":"":"3a65e03af37b81d05acc7ec1bc39deb0":"FAIL":"":1
AES-128-CCM test vector NIST #5 PSA (P=0, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9403aff859fbb":"":"":"90156f3f":"":"":1
AES-128-CCM test vector NIST #6 PSA (P=0, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"a16a2e741f1cd9717285b6d882":"":"":"88909016":"FAIL":"":1
AES-128-CCM test vector NIST #7 PSA (P=0, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9403aff859fbb":"":"":"fb04dc5a44c6bb000f2440f5154364b4":"":"":1
AES-128-CCM test vector NIST #8 PSA (P=0, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"a16a2e741f1cd9717285b6d882":"":"":"5447075bf42a59b91f08064738b015ab":"FAIL":"":1
AES-128-CCM test vector NIST #9 PSA (P=24, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb7":"03e1fa6b":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":1
AES-128-CCM test vector NIST #10 PSA (P=24, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"31f8fa25827d48":"":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f":"23e5d81c":"FAIL":"":1
AES-128-CCM test vector NIST #11 PSA (P=24, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9":"":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f":"2d9a3fbc210595b7b8b1b41523111a8e":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":1
AES-128-CCM test vector NIST #12 PSA (P=24, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"31f8fa25827d48":"":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd24":"63af747cc88a001fa94e060290f209c4":"FAIL":"":1
AES-128-CCM test vector NIST #13 PSA (P=24, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":"a3e138b9":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":1
AES-128-CCM test vector NIST #14 PSA (P=24, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"49004912fdd7269279b1f06a89":"":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654":"091a5ae9":"FAIL":"":1
AES-128-CCM test vector NIST #15 PSA (P=24, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"6a9a970b9beb2ac1bd4fd62168f8378a":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":1
AES-128-CCM test vector NIST #16 PSA (P=24, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"49004912fdd7269279b1f06a89":"":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065":"a65666144994bad0c8195bcb4ade1337":"FAIL":"":1
AES-128-CCM test vector NIST #17 PSA (P=0, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"782e4318":"":"":1
AES-128-CCM test vector NIST #18 PSA (P=0, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"a04f270a":"FAIL":"":1
AES-128-CCM test vector NIST #19 PSA (P=0, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"41b476013f45e4a781f253a6f3b1e530":"":"":1
AES-128-CCM test vector NIST #20 PSA (P=0, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"f9f018fcd125822616083fffebc4c8e6":"FAIL":"":1
AES-128-CCM test vector NIST #21 PSA (P=0, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"9f69f24f":"":"":1
AES-128-CCM test vector NIST #22 PSA (P=0, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"e17afaa4":"FAIL":"":1
AES-128-CCM test vector NIST #23 PSA (P=0, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"1859ac36a40a6b28b34266253627797a":"":"":1
AES-128-CCM test vector NIST #24 PSA (P=0, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"edf8b46eb69ac0044116019dec183072":"FAIL":"":1
AES-128-CCM test vector NIST #25 PSA (P=24, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b3":"38f125fa":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":1
AES-128-CCM test vector NIST #26 PSA (P=24, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c7":"28a66b69":"FAIL":"":1
AES-128-CCM test vector NIST #27 PSA (P=24, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b51":"2cf3a20b7fd7c49e6e79bef475c2906f":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":1
AES-128-CCM test vector NIST #28 PSA (P=24, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a30":"81d18ca149d6766bfaccec88f194eb5b":"FAIL":"":1
AES-128-CCM test vector NIST #29 PSA (P=24, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"934f893824e880f743d196b22d1f340a52608155087bd28a":"c25e5329":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":1
AES-128-CCM test vector NIST #30 PSA (P=24, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a65":"59b3b3ee":"FAIL":"":1
AES-128-CCM test vector NIST #31 PSA (P=24, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375":"c0a458bfcafa3b2609afe0f825cbf503":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":1
AES-128-CCM test vector NIST #32 PSA (P=24, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c":"390042ba8bb5f6798dab01c5afad7306":"FAIL":"":1
AES-192-CCM test vector NIST #1 PSA (P=0, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"5a8aa485c316e9":"":"":"9d4b7f3b":"":"":1
AES-192-CCM test vector NIST #2 PSA (P=0, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"3796cf51b87266":"":"":"80745de9":"FAIL":"":1
AES-192-CCM test vector NIST #3 PSA (P=0, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9":"":"":"17223038fa99d53681ca1beabe78d1b4":"":"":1
AES-192-CCM test vector NIST #4 PSA (P=0, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"3796cf51b87266":"":"":"d0e1eeef4d2a264536bb1c2c1bde7c35":"FAIL":"":1
AES-192-CCM test vector NIST #5 PSA (P=0, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9403aff859fbb":"":"":"fe69ed84":"":"":1
AES-192-CCM test vector NIST #6 PSA (P=0, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"a16a2e741f1cd9717285b6d882":"":"":"db7ffc82":"FAIL":"":1
AES-192-CCM test vector NIST #7 PSA (P=0, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9403aff859fbb":"":"":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"":"":1
AES-192-CCM test vector NIST #8 PSA (P=0, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"a16a2e741f1cd9717285b6d882":"":"":"38757b3a61a4dc97ca3ab88bf1240695":"FAIL":"":1
AES-192-CCM test vector NIST #9 PSA (P=24, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9":"":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"ddc93a54":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":1
AES-192-CCM test vector NIST #10 PSA (P=24, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"31f8fa25827d48":"":"32b649ab56162e55d4148a1292d6a225a988eb1308298273":"b6889036":"FAIL":"":1
AES-192-CCM test vector NIST #11 PSA (P=24, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9":"":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8":"c5a5ebecf7ac8607fe412189e83d9d20":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":1
AES-192-CCM test vector NIST #12 PSA (P=24, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"31f8fa25827d48":"":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6":"e699f15f14d34dcaf9ba8ed4b877c97d":"FAIL":"":1
AES-192-CCM test vector NIST #13 PSA (P=24, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9403aff859fbb":"":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a":"34fad277":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":1
AES-192-CCM test vector NIST #14 PSA (P=24, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"49004912fdd7269279b1f06a89":"":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5":"a35df775":"FAIL":"":1
AES-192-CCM test vector NIST #15 PSA (P=24, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a7ade30a07d185692ab0ebdf4c78cf7a":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":1
AES-192-CCM test vector NIST #16 PSA (P=24, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"49004912fdd7269279b1f06a89":"":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312e":"f042c86363cc05afb98c66e16be8a445":"FAIL":"":1
AES-192-CCM test vector NIST #17 PSA (P=0, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"1d089a5f":"":"":1
AES-192-CCM test vector NIST #18 PSA (P=0, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"2f46022a":"FAIL":"":1
AES-192-CCM test vector NIST #19 PSA (P=0, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"5280a2137fee3deefcfe9b63a1199fb3":"":"":1
AES-192-CCM test vector NIST #20 PSA (P=0, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"d40a7318c5f2d82f838c0beeefe0d598":"FAIL":"":1
AES-192-CCM test vector NIST #21 PSA (P=0, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"5e0eaebd":"":"":1
AES-192-CCM test vector NIST #22 PSA (P=0, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"71b7fc33":"FAIL":"":1
AES-192-CCM test vector NIST #23 PSA (P=0, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"d07ccf9fdc3d33aa94cda3d230da707c":"":"":1
AES-192-CCM test vector NIST #24 PSA (P=0, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"65fe32b649dc328c9f531584897e85b3":"FAIL":"":1
AES-192-CCM test vector NIST #25 PSA (P=24, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"9f6ca4af9b159148c889a6584d1183ea26e2614874b05045":"75dea8d1":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":1
AES-192-CCM test vector NIST #26 PSA (P=24, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1eb":"d7965825":"FAIL":"":1
AES-192-CCM test vector NIST #27 PSA (P=24, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd1":"4d1d980d6fe0fb44b421992662b97975":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":1
AES-192-CCM test vector NIST #28 PSA (P=24, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa20660":"3c51d36c826f01384100886198a7f6a3":"FAIL":"":1
AES-192-CCM test vector NIST #29 PSA (P=24, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854ccc":"c25e9fce":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":1
AES-192-CCM test vector NIST #30 PSA (P=24, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae9":"8ecedb3e":"FAIL":"":1
AES-192-CCM test vector NIST #31 PSA (P=24, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f317":"8464a6f7fa2b76744e8e8d95691cecb8":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":1
AES-192-CCM test vector NIST #32 PSA (P=24, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c":"06bd6dc2e6bcc3436cffb969ae900388":"FAIL":"":1
AES-256-CCM test vector NIST #1 PSA (P=0, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"a544218dadd3c1":"":"":"469c90bb":"":"":1
AES-256-CCM test vector NIST #2 PSA (P=0, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"d3d5424e20fbec":"":"":"46a908ed":"FAIL":"":1
AES-256-CCM test vector NIST #3 PSA (P=0, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c1":"":"":"8207eb14d33855a52acceed17dbcbf6e":"":"":1
AES-256-CCM test vector NIST #4 PSA (P=0, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"d3d5424e20fbec":"":"":"60f8e127cb4d30db6df0622158cd931d":"FAIL":"":1
AES-256-CCM test vector NIST #5 PSA (P=0, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c10583db49cf39":"":"":"8a19a133":"":"":1
AES-256-CCM test vector NIST #6 PSA (P=0, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"3c0e2815d37d844f7ac240ba9d":"":"":"2e317f1b":"FAIL":"":1
AES-256-CCM test vector NIST #7 PSA (P=0, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c10583db49cf39":"":"":"97e1a8dd4259ccd2e431e057b0397fcf":"":"":1
AES-256-CCM test vector NIST #8 PSA (P=0, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"3c0e2815d37d844f7ac240ba9d":"":"":"5a9596c511ea6a8671adefc4f2157d8b":"FAIL":"":1
AES-256-CCM test vector NIST #9 PSA (P=24, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c1":"":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b7":"22aa8d59":"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98":1
AES-256-CCM test vector NIST #10 PSA (P=24, N=7, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"bfcda8b5a2d0d2":"":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a202":"77d00a75":"FAIL":"":1
AES-256-CCM test vector NIST #11 PSA (P=24, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c1":"":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd":"374f3bb6db8377ebfc79674858c4f305":"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98":1
AES-256-CCM test vector NIST #12 PSA (P=24, N=7, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bfcda8b5a2d0d2":"":"afa1fa8e8a70e26b02161150556d604101fdf423f332c336":"3275f2a4907d51b734fe7238cebbd48f":"FAIL":"":1
AES-256-CCM test vector NIST #13 PSA (P=24, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3d14fb3f":"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":1
AES-256-CCM test vector NIST #14 PSA (P=24, N=13, A=0, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"894dcaa61008eb8fb052c60d41":"":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d":"8d0c0099":"FAIL":"":1
AES-256-CCM test vector NIST #15 PSA (P=24, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c10583db49cf39":"":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c42":"3a578d179902f912f9ea1afbce1120b3":"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":1
AES-256-CCM test vector NIST #16 PSA (P=24, N=13, A=0, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"894dcaa61008eb8fb052c60d41":"":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae76":"9084607b83bd06e6442eac8dacf583cc":"FAIL":"":1
AES-256-CCM test vector NIST #17 PSA (P=0, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"92d00fbe":"":"":1
AES-256-CCM test vector NIST #18 PSA (P=0, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"9143e5c4":"FAIL":"":1
AES-256-CCM test vector NIST #19 PSA (P=0, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"93af11a08379eb37a16aa2837f09d69d":"":"":1
AES-256-CCM test vector NIST #20 PSA (P=0, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"d19b0c14ec686a7961ca7c386d125a65":"FAIL":"":1
AES-256-CCM test vector NIST #21 PSA (P=0, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"866d4227":"":"":1
AES-256-CCM test vector NIST #22 PSA (P=0, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"94cb1127":"FAIL":"":1
AES-256-CCM test vector NIST #23 PSA (P=0, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"867b0d87cf6e0f718200a97b4f6d5ad5":"":"":1
AES-256-CCM test vector NIST #24 PSA (P=0, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"677a040d46ee3f2b7838273bdad14f16":"FAIL":"":1
AES-256-CCM test vector NIST #25 PSA (P=24, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc5608":"3ebc7720":"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3":1
AES-256-CCM test vector NIST #26 PSA (P=24, N=7, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81":"c44db2c9":"FAIL":"":1
AES-256-CCM test vector NIST #27 PSA (P=24, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce":"1ac68bd42f5ec7fa7e068cc0ecd79c2a":"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3":1
AES-256-CCM test vector NIST #28 PSA (P=24, N=7, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"d543acda712b898cbb27b8f598b2e4438ce587a836e27851":"47c3338a2400809e739b63ba8227d2f9":"FAIL":"":1
AES-256-CCM test vector NIST #29 PSA (P=24, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69":"ef891339":"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3":1
AES-256-CCM test vector NIST #30 PSA (P=24, N=13, A=32, T=4)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f6":"3d488623":"FAIL":"":1
AES-256-CCM test vector NIST #31 PSA (P=24, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781":"367f30f2eaad8c063ca50795acd90203":"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3":1
AES-256-CCM test vector NIST #32 PSA (P=24, N=13, A=32, T=16)
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc":"4b41096dfdbe9cc1ab610f8f3e038d16":"FAIL":"":1
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index af617fc..b7c3b51 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -116,7 +116,7 @@
mbedtls_cipher_free( ctx );
mbedtls_cipher_init( ctx );
-#if !defined(MBEDTLS_USE_PSA_CRYPO) || !defined(MBEDTLS_TEST_DEPRECATED)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED)
(void) use_psa;
(void) tag_len;
#else
@@ -1067,7 +1067,7 @@
memset( output, 0x00, sizeof( output ) );
/* Prepare context */
-#if !defined(MBEDTLS_USE_PSA_CRYPO) || !defined(MBEDTLS_TEST_DEPRECATED)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED)
(void) use_psa;
#else
if( use_psa == 1 )
@@ -1095,9 +1095,9 @@
exit:
mbedtls_cipher_free( &ctx );
-#if defined(MBEDTLS_USE_PSA_CRYPO) && defined(MBEDTLS_TEST_DEPRECATED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED)
PSA_DONE( );
-#endif /* MBEDTLS_USE_PSA_CRYPTO && defined(MBEDTLS_TEST_DEPRECATED */
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */
}
/* END_CASE */
diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data
index 1ec2e44..7b63635 100644
--- a/tests/suites/test_suite_cipher.gcm.data
+++ b/tests/suites/test_suite_cipher.gcm.data
@@ -2731,2017 +2731,2017 @@
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"3105dddb":"FAIL":"":0
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d785dafea3e966731ef6fc6202262584":"d91a46205ee94058b3b8403997592dd2":"":"":"3b92a17c1b9c3578a68cffea5a5b6245":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"aec963833b9098de1ababc853ab74d96":"4e0ffd93beffd732c6f7d6ad606a2d24":"":"":"e9fcedc176dfe587dc61b2011010cdf1":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c4fb9e3393681da9cec5ec96f87c5c31":"845e910bc055d895879f62101d08b4c7":"":"":"99fb783c497416e4b6e2a5de7c782057":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2a930f2e09beceacd9919cb76f2ac8d3":"340d9af44f6370eff534c653033a785a":"":"":"0c1e5e9c8fe5edfd11f114f3503d63":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe71177e02073b1c407b5724e2263a5e":"83c23d20d2a9d4b8f92da96587c96b18":"":"":"43b2ca795420f35f6cb39f5dfa47a2":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b02392fd7f228888c281e59d1eaa15fb":"2726344ba8912c737e195424e1e6679e":"":"":"a10b601ca8053536a2af2cc255d2b6":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"21895cbafc16b7b8bf5867e88e0853d4":"f987ce1005d9bbd31d2452fb80957753":"":"":"952a7e265830d58a6778d68b9450":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9bb9742bf47f68caf64963d7c10a97b0":"34a85669de64e1cd44731905fddbcbc5":"":"":"e9b6be928aa77b2de28b480ae74c":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"4e9708e4b37e2e1b5feaf4f5ab54e2a6":"1c53a9fdd23919b036d99560619a9939":"":"":"6611b50d6fbca83047f9f5fe1768":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"82fede79db25f00be96eb050a22cea87":"e9c50b517ab26c89b83c1f0cac50162c":"":"":"d0c0ce9db60b77b0e31d05e048":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1d98566fca5201abb12914311a8bd532":"590aef4b46a9023405d075edab7e6849":"":"":"a1cfd1a27b341f49eda2ca8305":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3038771820c2e1319f02a74b8a7a0c08":"e556d9f07fb69d7e9a644261c80fac92":"":"":"4d2f005d662b6a8787f231c5e1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0fb7eef50de598d7d8b508d019a30d5a":"a2a2617040116c2c7e4236d2d8278213":"":"":"68413c58df7bb5f067197ca0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8cc58b609204215c8ab4908286e56e5c":"fb83ea637279332677b5f68081173e99":"":"":"a2a9160d82739a55d8cd419f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"81a5fd184742a478432963f6477e8f92":"da297cbb53b11d7c379e0566299b4d5a":"":"":"200bee49466fdda2f21f0062":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"f604ac66d626959e595cbb7b4128e096":"269d2a49d533c6bb38008711f38e0b39":"":"":"468200fa4683e8be":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2e308ba7903e925f768c1d00ff3eb623":"335acd2aa48a47a37cfe21e491f1b141":"":"":"4872bfd5e2ff55f6":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1304e2a5a3520454a5109df61a67da7a":"dbe8b452acf4fa1444c3668e9ee72d26":"":"":"83a0d3440200ca95":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ecf1ec2c9a8f2e9cc799f9b9fddb3232":"ddf0b695aef5df2b594fcaae72b7e41c":"":"":"2819aedf":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9ab5c8ca905b5fe50461f4a68941144b":"96dd3927a96e16123f2e9d6b367d303f":"":"":"6e0c53ef":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b5fc7af605721a9cfe61c1ee6a4b3e22":"6b757d4055823d1035d01077666037d6":"":"":"e8c09ddd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"03c0b4a6e508a8490db0d086a82c9db7":"ac52f6c1a05030321fa39f87e89fdb5e":"33316ca79d10a79f4fd038593e8eef09625089dc4e0ffe4bc1f2871554fa6666ab3e7fe7885edef694b410456f3ec0e513bb25f1b48d95e4820c5972c1aabb25c84c08566002dadc36df334c1ce86847964a122016d389ac873bca8c335a7a99bcef91e1b985ae5d488a2d7f78b4bf14e0c2dc715e814f4e24276057cf668172":"":"756292d8b4653887edef51679b161812":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b228d3d15219ea9ad5651fce02c8374d":"5c7eafaead029c3fe3cf3835fe758d0e":"8c35dd805c08686b9b4d460f81b4dcb8c46c6d57842dc3e72ba90952e2bebf17fe7184445b02f801800a944486d662a127d01d3b7f42679052cdc73ce533129af8d13957415c5495142157d6ce8a68aa977e56f562fed98e468e42522767656ce50369471060381bb752dd5e77c79677a4cadffa39e518e30a789e793b07ea21":"":"a4dde1ab93c84937c3bbc3ad5237818d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"776afcbabedd5577fe660a60f920b536":"5bbb7f1b14084e520408dd87b97705e9":"44631fc9d4a07416b0dfb4e2b42071e3e2be45502c9ddf72b3e61810eeda31a7d685ebb2ee43a2c06af374569f439ee1668c550067de2dece9ec46ee72b260858d6033f814e85275c5ae669b60803a8c516de32804fa34d3a213ccfaf6689046e25eeb30b9e1608e689f4d31cc664b83a468a51165f5625f12f098a6bf7ddab2":"":"a5347d41d93b587240651bcd5230264f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"20abeafa25fc4ea7d0592cb3e9b4d5fe":"3aba79a58c5aa664856b41d552c7a8d3":"98cfecaae9eb9a7c3b17e6bc5f80d8a4bf7a9f4fa5e01b74cae15ee6af14633205aafe3b28fb7b7918e12322ea27352056a603746d728a61361134a561619400ff2bf679045bac2e0fbc2c1d41f8faba4b27c7827bceda4e9bf505df4185515dd3a5e26f7639c8ad5a38bc5906a44be062f02cc53862678ae36fa3de3c02c982":"":"2a67ad1471a520fe09a304f0975f31":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2bc73fba942ff105823b5dccf6befb1c":"902c3e3b69b1ef8395d7281ff74cce38":"4adec0b4ac00325a860044d9f9519daa4f7c163229a75819b0fd7d8e23319f030e61dfa8eadabff42ea27bc36bdb6cad249e801ca631b656836448b7172c11126bad2781e6a1aa4f62c4eda53409408b008c057e0b81215cc13ddabbb8f1915f4bbab854f8b00763a530ad5055d265778cd3080d0bd35b76a329bdd5b5a2d268":"":"ebdd7c8e87fe733138a433543542d1":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"356a4c245868243d61756cabe86da887":"b442f2ec6d45a17144c258fd59fe5b3b":"12cccc3c60474b0a1579c5006c2134850724fa6c9da3a7022d4f65fd238b052bdf34ea34aa7dbadad64996065acee588ab6bd29726d07ed24ffae2d33aadf3e66ebb87f57e689fd85128be1c9e3d8362fad1f8096ee391f75b576fb213d394cef6f091fc5488d9aa152be69475b9167abd6dd4fd93bbbc7b8ca316c952eb19c6":"":"ed26080dcb670590613d97d7c47cf4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dfa7e93aff73600fc552324253066e2c":"c20001e93f1cd05253c277a9445d61e4":"a64d1e20058a1f7e698622a02f7ff8dc11886717ede17bbdc3c4645a66a71d8b04346fb389a251ffb0a7f445a25faf642bb7e4697d2cacf925e78c4be98457996afb25b0516b50f179441d1923312364947f8f1e0f5715b43bd537727bf943d7b4679b0b0b28b94e56e7bbf554d9cf79fcee4387f32bb6f91efdd23620035be6":"":"6ba5e4dace9a54b50b901d9b73ad":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2ecea80b48d2ecd194a7699aa7d8ccfc":"8b4db08bafc23b65ae50a2d20661d270":"efc2ca1a3b41b90f8ddf74291d68f072a6e025d0c91c3ce2b133525943c73ebadc71f150be20afeb097442fa51be31a641df65d90ebd81dcbaf32711ed31f5e0271421377ffe14ddafea3ca60a600588d484856a98de73f56a766ae60bae384a4ae01a1a06821cf0c7a6b4ee4c8f413748457b3777283d3310218fb55c107293":"":"246a9d37553088b6411ebb62aa16":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d38fee3fd3d6d08224c3c83529a25d08":"a942ccb11cf9468186fabfc18c899801":"1c92a4ce0a1dae27e720d6f9b1e460276538de437f3812ab1177cf0273b05908f296f33ba0f4c790abe2ce958b1d92b930a0d81243e6ad09ef86ee8e3270243095096537cb1054fcfcf537d828b65af9b6cf7c50f5b8470f7908f314d0859107eed772ee1732c78e8a2e35b2493f3e8c1e601b08aeab8d9729e0294dca168c62":"":"803a08700ec86fdeb88f7a388921":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1899b0cbae41d705c6eed3226afb5bc0":"82d0910aa53e300a487d880d018d0dea":"6bf5583cc1007d74f3529db63b8d4e085400ccf3725eab8e19cb145f3910c61465a21486740a26f74691866a9f632af9fae81f5f0bffedf0c28a6ce0fd520bb4db04a3cd1a7d29d8801e05e4b9c9374fd89bcb539489c2f7f1f801c253a1cc737408669bcd133b62da357f7399a52179125aa59fae6707d340846886d730a835":"":"c5d58870fee9ce157f5ec1fa8f":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8b95323d86d02754f4c2874b42ec6eb0":"4f76084acbdef9999c71dcc794238d7c":"ebc75788377c0b264818a6f97c19cf92c29f1c7cdeb6b5f0a92d238fa4614bc35d0cfe4ec9d045cd628ff6262c460679ac15b0c6366d9289bbd217e5012279e0af0fb2cfcbdf51fe16935968cbb727f725fe5bcd4428905849746c8493600ce8b2cfc1b61b04c8b752b915fed611d6b54ef73ec4e3950d6db1807b1ce7ed1dcc":"":"c4724ff1d2c57295eb733e9cad":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"30da555559eb11cf7e0eff9d99e9607d":"7799275bf12335f281ec94a870f90a0b":"e735d556e15aec78d9736016c8c99db753ed14d4e4adaaa1dd7eaad702ea5dc337433f8c2b45afdf2f385fdf6c55574425571e079ca759b6235f877ed11618ff212bafd865a22b80b76b3b5cf1acfd24d92fd41607bbb7382f26cd703757088d497b16b32de80e1256c734a9b83356b6fced207177de75458481eaef59a431d7":"":"3c82272130e17c4a0a007a908e":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ed2ac74af896c5190c271cfa6af02fd2":"e0226e2d8da47badad1fb78b9a797f27":"8f11353ae476ff923013e6e736ffc9d23101a1c471ccc07ad372a8430d6559c376075efce2e318cdf4c9443dbf132e7e6da5524045028c97e904633b44c4d189a4b64237ac7692dd03c0e751ce9f04d0fdbd8a96074cd7dfa2fd441a52328b4ac3974b4902db45663f7b6f24947dba618f8b9769e927faf84c9f49ad8239b9fb":"":"db8af7a0d548fc54d9457c73":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0225b73fe5fbbe52f838d873173959d8":"02a048764f48d9aed1147ee922395bbf":"9b46a57b06e156c877e94c089814493ead879397dab3dfcab2db349ef387efcd0cc339a7e79131a2c580188fc7429044a465b8329d74cd8f47272a4ed32582b1c5c7e3d32341ae902ea4923dc33df8062bc24bb51a11d2ecc82f464f615041387f9c82bd2135d4e240fe56fa8a68e6a9a417e6702430a434b14d70cf02db3181":"":"e2c2ce4022c49a95c9ac9026":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"89ca3771a0ef3287568b4ac036120198":"7e83d2ffa8af8c554cfd71a0db56ef5b":"1bd7a9d6262882bd12c62bd50942965b3cdcadf5e0fab2dc4d0daf0ee4b16e92c6e2464c0caa423cdce88e4d843490609716ec5e44c41672c656ac0e444d3622557ea8420c94deae3ad190ddaf859f6f8c23e4e2e32a46d28df23de4f99bd6c34f69e06eddfdfa5f263dbe8baf9d4296b2c543e4c4847271e7590374edf46234":"":"06b2bf62591dc7ec1b814705":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a41a297bd96e224942998fe2192934a1":"6827f2c5a0b7ecd6bbc696abb0adf556":"f32041abd8543415cbac423d945dda5378a16a7e94d9ab5dbd2d32eb1c5048cc7c8e4df3ca84ec725f18c34cfdeaa7595392aabfd66d9e2f37c1165369cd806cd9d2110def6f5fad4345e5a6e2326c9300199438fcc078cd9fcf4d76872cac77fc9a0a8ac7e4d63995078a9addecf798460ff5910861b76c71bccfb6b629d722":"":"49a4917eef61f78e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a9372c058f42e0a1d019bdb528313919":"8d03f423230c8f00a5b6b712d426a2af":"cfef4e70fcc1821eeccf7c7b5eb3c0c3b5f72dc762426e0bd26242f8aa68c5b716ab97eded5e5720caccc1965da603d556d8214d5828f2cf276d95bf552d47313876796221f62ccb818a6d801088755d58cfb751bfed0d5a19718d4e0f94b850e0279b3a69295d1837cba958a6cc56e7594080b9e5b954a199fdc9e54ddc8583":"":"b82cd11cd3575c8d":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6302b7338f8fa84195ad9abbacd89b4e":"e1bed5c53547cbc85f3411fbb43bb08b":"bcd329c076e8da2797d50dcdcf271cecf3ce12f3c136ed746edc722f907be6133276ee099038fdc5d73eec812739c7489d4bcc275f95451b44890416e3ffe5a1b6fa3986b84eee3adad774c6feaecb1f785053eeda2cfc18953b8547866d98918dbe0a6abc168ac7d77467a367f11c284924d9d186ef64ef0fd54eacd75156d2":"":"5222d092e9e8bd6c":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"78b5c28d62e4b2097873a1180bd5a3a5":"c93902c2819ee494f0fc4b259ee65dd8":"e6b1192674a02083a6cf36d4ba93ba40a5331fadf63fd1eb2efa2ee9c0d8818472aaaf2b4705746011753f30f447c8f58dd34d29606daf57eadc172529837058cb78a378b19da8d63c321f550dfa256b5fd9f30e93d8f377443bfcd125f86a079a1765d2010be73d060f24eebae8d05e644688b2149bc39e18bd527bc066f2ba":"":"eae48137":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d84130578070e036c9e3df5b5509473":"3b9b4950523a19c6866fd2b0cde541fd":"a764931e1b21a140c54a8619aacdb4358834987fb6e263cec525f888f9e9764c165aaa7db74f2c42273f912daeae6d72b232a872ac2c652d7cd3af3a5753f58331c11b6c866475697876dbc4c6ca0e52a00ba015ee3c3b7fb444c6e50a4b4b9bbe135fc0632d32a3f79f333d8f487771ed12522e664b9cf90e66da267f47a74d":"":"79987692":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08428605ab4742a3e8a55354d4764620":"128f5f4a817e4af04113847a223adeb0":"464b484ed79d93a48e0f804e04df69d7ca10ad04ba7188d69e6549ab50503baaec67e0acba5537d1163c868fd3e350e9d0ae9123046bc76815c201a947aa4a7e4ed239ce889d4ff9c8d043877de06df5fc27cf67442b729b02e9c30287c0821ef9fa15d4cccbc53a95fa9ec3ed432ca960ebbf5a169ccada95a5bf4c7c968830":"":"3eb3e3a2":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0dd358bc3f992f26e81e3a2f3aa2d517":"d8c750bb443ee1a169dfe97cfe4d855b":"":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"a81d13973baa22a751833d7d3f94b3b1":"":"77949b29f085bb3abb71a5386003811233056d3296eb093370f7777dadd306d93d59dcb9754d3857cf2758091ba661f845ef0582f6ae0e134328106f0d5d16b541cd74fdc756dc7b53f4f8a194daeea9369ebb1630c01ccb307b848e9527da20a39898d748fd59206f0b79d0ed946a8958033a45bd9ae673518b32606748eb65":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"43b5f18227e5c74288dbeff03801acd6":"08ee12246cf7edb81da3d610f3ebd167":"":"f58d630f10cfca61d4644d4f6505bab629e8e8faf1673e64417f9b79e622966a7011cfb3ff74db5cebf09ad3f41643d4437d213204a6c8397e7d59b8a5b1970aed2b6bb5ea1933c72c351f6ba96c0b0b98188f6e373f5db6c5ebece911ec7a1848abd3ae335515c774e0027dab7d1c07d047d3b8825ff94222dbaf6f9ab597ee":"82d83b2f7da218d1d1441a5b37bcb065":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a433c612d7e1bdff881e4d63ba8b141":"8b670cf31f470f79a6c0b79e73863ca1":"":"ce10758332f423228b5e4ae31efda7677586934a1d8f05d9b7a0dc4e2010ec3eaacb71a527a5fff8e787d75ebd24ad163394c891b33477ed9e2a2d853c364cb1c5d0bc317fcaf4010817dbe5f1fd1037c701b291b3a66b164bc818bf5c00a4c210a1671faa574d74c7f3543f6c09aaf117e12e2eb3dae55edb1cc5b4086b617d":"8526fd25daf890e79946a205b698f287":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8e9d75c781d63b29f1816859f7a0e0a0":"748a3b486b62a164cedcf1bab9325add":"":"a9f1883f58e4ef78377992101ab86da0dafcefa827904dd94dff6f6704b1e45517165a34c5555a55b04c6992fb6d0840a71bd262fe59815e5c7b80fe803b47d5ba44982a3f72cb42f591d8b62df38c9f56a5868af8f68242e3a15f97be8ef2399dbace1273f509623b6f9e4d27a97436aebf2d044e75f1c62694db77ceac05de":"131e0e4ce46d768674a7bcacdcef9c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe6b8553002c69396d9976bb48d30779":"595b17d0d76b83780235f5e0c92bd21f":"":"786f4801b16de7a4931ab143b269c7acc68f1ed9b17a95e8929ccec7d53413059fd4267bedbf079d9d69e90314c1345bc9cb9132f1af69323157ddf7533ced42b4b7bd39004f14d326f5b03bc19084d231d93bcab328312d99b426c1e86e8e049d380bb492e2e32ad690af4cf86838d89a0dfdcbc30e8c9e9039e423a234e113":"8879de07815a88877b0623de9be411":"":"b15dc7cd44adcb0783f30f592e5e03ccd47851725af9fe45bfc5b01ae35779b9a8b3f26fec468b188ec3cad40785c608d6bfd867b0ccf07a836ec20d2d9b8451636df153a32b637e7dcdbd606603d9e53f6e4c4cc8396286ce64b0ea638c10e5a567c0bc8e808080b71be51381e051336e60bf1663f6d2d7640a575e0752553b":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"14898c56009b459172fef9c17993b54f":"0862f8f87289988711a877d3231d44eb":"":"e7ba6ef722273238b975d551f95d3e77e9b75b24c547b86eafb457d409803bdf6e1443839d8604ee497020e1a3dbd687a819b17fdde0fcf240ce2129792792a58bfcd825773001ee959bf9ec8d228e27ce1cd93d7fb86769a3793361b6f82bf7daf284afc1ece657a1ee6346ea9294880755b9b623563ad2657ba2286488a2ef":"36938974301ae733760f83439437c4":"":"3fd56897a62743e0ab4a465bcc9777d5fd21ad2c9a59d7e4e1a60feccdc722b9820ec65cb47e1d1160d12ff2ea93abe11bc101b82514ead7d542007fee7b4e2dd6822849cd3e82d761ff7cf5ce4f40ad9fec54050a632a401451b426812cf03c2b16a8667a88bb3f7497e3308a91de6fd646d6a3562c92c24272411229a90802":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe5253d4b071793b081ebc122cc2a5f8":"49e82d86804e196421ec19ddc8541066":"":"b57a0bd7714ae95e77fa9452e11a7ed4a2bec60f81ad6ddb956d4b1cb5dfc277dcb4034d501801b26733b5e08c710c3cfdccc1b208dc7a92cd7ebe166320582bcaff64cc943c36fbe7008f004e5db70c40de05fa68b0c9d4c16c8f976130f20702b99674cd2f4c93aeaeb3abca4b1114dbc3a4b33e1226ad801aa0e21f7cc49b":"e8b8ae34f842277fe92729e891e3":"":"c4a31c7ec820469f895d57579f987733337ec6547d78d17c44a18fab91f0322cfe05f23f9afaf019cf9531dec2d420f3591d334f40d78643fd957b91ab588a7e392447bd702652017ede7fb0d61d444a3b3cc4136e1d4df13d9532eb71bcf3ff0ae65e847e1c572a2f90632362bc424da2249b36a84be2c2bb216ae7708f745c":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b3502d6f0d172246e16503cdf5793296":"6ce994689ff72f9df62f386a187c1a13":"":"09268b8046f1558794e35cdc4945b94227a176dd8cb77f92f883542b1c4be698c379541fd1d557c2a07c7206afdd49506d6a1559123de1783c7a60006df06d87f9119fb105e9b278eb93f81fd316b6fdc38ef702a2b9feaa878a0d1ea999db4c593438f32e0f849f3adabf277a161afb5c1c3460039156eec78944d5666c2563":"21cdf44ff4993eb54b55d58e5a8f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5fb33dd73db309b9dfd3aee605cd94bf":"3f6486f9e9e645292e0e425bac232268":"":"f4e011f8c99038c46854b427475f23488077ebf051c4b705a1adfdd493a0a10af7a7e9453965b94f52f61ae62ce9243a82a2dbf9c5a285db3fe34ed34ed08b5926f34c48171195f7062d02a6e6e795322a0475017371cb8f645cdcac94afc66dc43e7583bdf1c25790f4235076a53de6c64f3bc5004e5a9ce4783fbf639fad97":"7ee5e0e2082b18d09abf141f902e":"":"0503cb531f1c967dae24f16dd651d544988a732020134896a0f109222e8639bf29ff69877c6ef4ac3df1b260842f909384e3d4409b99a47112681c4b17430041ca447a903a6c1b138f0efbb3b850d8290fceac9723a32edbf8e2d6e8143b1cbc7bf2d28d1b6c7f341a69918758cc82bbab5d898fa0f572d4ceaa11234cb511ec":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a958fe3b520081b638d9e4c7d5da7ac7":"c396109e96afde6f685d3c38aa3c2fae":"":"dfa9487378c7d8af9c8dbd9e533cd81503d9e4e7dab43133bad11fd3050a53a833df9cc3208af1a86110567d311d5fc54b0d627de433c381b10e113898203ac5225140f951cdb64c6494592b6453f9b6f952ec5ece732fb46c09a324f26b27cdad63588006bb5c6c00b9aa10d5d3b2f9eaab69beeddd6f93966654f964260018":"06ca91004be43cf46ed4599e23":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ec319fb143eac8215b51541daec268f2":"8a4684f42a1775b03806574f401cff78":"":"d298d988e74927736237eb8ab09d7a86b854fa2fd1f7f3be83b417ac10aa9291f4af5b3fbaf75a296ac32369ad57ded3984b84711953e477de3035ba430a30ffb84c941936e6c8d2cae8d80159876f87dd682747f2dccc36d7c32ab227032b8ac70b313fa4202ea236e3ec4d9e4d8b48cf3b90b378edc5b1dbeec929549344f8":"e91acb1bfda191630b560debc9":"":"27ce4a622959930f4059f247d29d1438257093cc973bf1bae4e0515da88b9a7e21ec59c7e4d062035cdf88b91254d856b11c8c1944865fa12922227ded3eecccaa36341ecf5405c708e9ea173f1e6cdf090499d3bb079910771080814607a1efe62ec6835dc0333d19dd39dd9ea9f31cd3632128536149a122050bb9365b521d":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"14a3e69f351ac39b4297749a90c1365c":"eb1c6c04437aa5a32bcc208bb3c01724":"":"051224f7b208549dcfda5f9d56ce5f0a072ef1f23f3810c693516c92622be6ed4d7a9e0f9450980ba490b2e9e3468ea7eef10bc9ebd673d91f32b748c1bf2c50cc4ebb59fc409c6d780bba00700d563ce1dc9927a6c860095a42ed053f3d640debfbfa7a4e6d5de234af19755000d95e7f414f1f78285ee165410c020038286b":"e418815960559aefee8e0c3831":"":"797310a6ed9ce47cdc25f7f88f5dbbf6f8f4837701704d7afced250585922744598d6f95ba2eecf86e030cc5ee71b328fc1c4f2d4df945d1b91a2803d6ae8eba6881be5fe0f298dd0c0279e12720ede60b9e857ccca5abe9b4d7ee7f25108beebbfe33f05c0d9903bf613c2e7ed6a87b71b5e386d81b3ae53efd01055bbcccc2":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c34827771fc3918d1cee09ba9401b832":"2379bbd39a1c22bc93b9b9cc45f3840b":"":"ce79701b661066e53191c9acdaf677ad41622314898d7216e3f113e2e6e215d26d8bd139827f06ab3ea5c4105694e87db1dd6cec10e1f86a8744d4c541f08e40319e22ab42fc1a6c89edfd486b6f142c6bbbf84a73912e0b2e55b79db306ccabf839855afdd889e52ae981520c89e7dc29bb2adb1906cca8c93fcb21290a095b":"26e1f6cf0d9e0f36dfd669eb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b1f9bd2006ec550b7b9913d383200b5d":"ca28fa6b64bb3b32ef7d211f1c8be759":"":"6d9fc8f586d50d6e0128172ae147844e80136905d3a297497a9566ca7c7445029028f14c9950acee92a5c12a9150f5e024e01c7505dd83937542b0b1288de9c292ae8ad918a09b2edf8493540b74c73d2794f2eb6eed18eba520ddea9567462c83330f33d7892fcde0b10c73a4e26ab1bef037cec7e0190b95188e9a752fee6f":"c87aac7ad0e85dbb103c0733":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8b2cef1a92aa0af2b00fb2a99855d5bc":"08d87b7acee87d884667f6b1e32e34d0":"":"fd09525ef3c65ab5823e1b6c36b4a9449a3975c5d3a9e7e33c61fb32edcbb8e8c915b6202e3fbce87d73cc3b66d83d9ea7e1e353cc7468f08626932cf0235563e2a28953ee5a0afadb1c3cb513b1f1fc9a8a6cf326174b877448672f7731dd6430a51619da1a169ab302da5af5b38802f8bbf5890b5d9b45deda799679501dc4":"3bd7685318010b0c5fe3308b":"":"583e64631c218549923e8ad33b728d07f23b0f19d2aff1ad7e20d564c591db0e117caa8f21e3f3345e3d84f0ccbb27274cddf9274410fc342cb2a5d4aea4e925d0dd5350389ee0dea23a842ff3f5c1198374a96f41e055f999cfbc2f47ceaa883da8eb6ff729f583eff1f91bd3f3254d4e81e60d9993b3455e67f405708e4422":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"175c306f8644b0c4b894ae3d0971505e":"9860268ca2e10974f3726a0e5b9b310f":"":"fbe7ced7048f83e3a075661c4924eb77da1b4d6019d504afb942d728b31fd3b17557bd101c08453540a5e28d3505aeb8801a448afac2d9f68d20c0a31c7ef22bd95438851789eef1bebe8d96ac29607025b7e1366fecd3690ba90c315528dc435d9a786d36a16808d4b3e2c7c5175a1279792f1daccf51b2f91ac839465bb89a":"f809105e5fc5b13c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08c0edcfe342a676ccdc04bdf854b4b0":"4a7b70753930fe659f8cc38e5833f0c7":"":"1fc8ef8480c32d908b4bcbfa7074a38e915c20ed7a1c608422087e89442d7c5af6fe9c9a716c55793248062d8e6c6e8e904e2804da3a43701e4c78ecdb67e0b25308afc6d9b463356439cd095cff1bdf0fd91ab301c79fd257046cba79a5d5cd99f2502ad968420e4d499110106072dc687f434db0955c756a174a9024373c48":"9ab1e2f3c4606376":"":"983458c3f198bc685d98cea2b23cf71f0eb126e90937cab3492a46d9dc85d76bbb8035c6e209c34b2a7187df007faabe9f3064dc63f1cb15bf5a10655e39b94732e0c6583d56327e9701344e048887a81b256181cdfa9ec42ebc990875e4852240ddcb3cbc4ea4e6307075fd314f7190f3553267bd68b19e954e310ec3f8dbab":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"241067a0301edf0f825d793e03383ea1":"a30994261f48a66bb6c1fc3d69659228":"":"6984bb9830843529fad7f5e7760db89c778d62c764fcd2136ffb35d7d869f62f61d7fef64f65b7136398c1b5a792844528a18a13fba40b186ae08d1153b538007fc460684e2add8a9ed8dd82acbb8d357240daaa0c4deb979e54715545db03fe22e6d3906e89bdc81d535dae53075a58f65099434bfeed943dbc6024a92aa06a":"36c3b4a732ba75ae":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"03cccb5357bd2848332d1696f2ff90cb":"e0754022dfb1f813ccaf321558790806":"":"5e2f18cbc1e773df9f28be08abb3d0b64d545c870c5778ac8bb396bef857d2ac1342ae1afb3bf5d64e667bf837458415d48396204fe560e3b635eb10e560e437f2d0396952998fd36e116cd047c1d7f6fc9901094454d24165c557a8816e0d0a8e0ce41e040ba6f26ca567c74fc47d9738b8cd8dae5dfc831c65bc1ba9603a07":"c75f0246":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"4e5e53c84a05d5a5348bac7b2611cf62":"47e40543b7d16bc9122c40b106d31d43":"":"489c00c05dec06f282924c680f621ab99ac87f7d33ebbb4ca0eee187ec177d30d2b4afb4ee9f0dc019cf1a4da16d84b7f5f5c7fce72a32461db115b5a5a433024fd5ed3d47161836bb057a0189ed768f95e45fa967d0cc512fc91b555808c4033c945e8f2f7d36428dcb61f697e791b74e5c79b2bcb9cb81bec70d8119cd8d76":"81eec75d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2c94008bf377f90b7a1c0d2ea38f730c":"abfe92931a8411a39986b74560a38211":"":"7b3d619d115de9970b2df4e1f25194940b3f3da04c653231e8e6946de9dc08ae5ba37e2a93c232e1f9445f31c01333045f22bd832e3b5f9833f37070fafb0ef1c44cc5637058ab64d9e07bb81b32852d4cf749a3ddbfdb494f8de8bb4e31f46033f8a16bc22e2595d023845505ea5db74dd69ab4ca940078b09efb4ff19bdb66":"47d42e78":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"69eedf3777e594c30e94e9c5e2bce467":"a3330638a809ba358d6c098e4342b81e":"df4e3f2b47cf0e8590228fcf9913fb8a5eb9751bba318fd2d57be68c7e788e04fabf303699b99f26313d1c4956105cd2817aad21b91c28f3b9251e9c0b354490fa5abfcea0065aa3cc9b96772eb8af06a1a9054bf12d3ae698dfb01a13f989f8b8a4bb61686cf3adf58f05873a24d403a62a092290c2481e4159588fea6b9a09":"5114e9983c96fecec3f7304ca42f52aa16cb7c6aadfb62ad537c93a3188835ca0703dad34c73cf96435b668b68a7a1d056931959316e8d3ab956bf64c4e07479c7767f9d488b0c0c351333ccf400b7e0be19a0fd173e3f2a1ae313f27e516952260fd2da9ab9daca478ebb93cd07d0b7503b32364d8e308d904d966c58f226bb":"5de3068e1e20eed469265000077b1db9":"":"208e6321238bf5c6e2ef55a4b8f531cbbfb0d77374fe32df6dd663486cf79beeed39bb6910c3c78dd0cc30707a0a12b226b2d06024db25dcd8a4e620f009cafa5242121e864c7f3f4360aaf1e9d4e548d99615156f156008418c1c41ff2bbc007cecf8f209c73203e6df89b32871de637b3d6af2e277d146ae03f3404d387b77":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"45cc35311eedf0ba093bf901931a7036":"fed5084de3c348f5a0adf4c2fd4e848a":"6e210914e4aed188d576f5ad7fc7e4cf7dd8d82f34ea3bcbdb7267cfd9045f806978dbff3460c4e8ff8c4edb6ad2edba405a8d915729d89aab2116b36a70b54f5920a97f5a571977e0329eda6c696749be940eabfc6d8b0bbd6fbdb87657b3a7695da9f5d3a7384257f20e0becd8512d3705cc246ee6ca1e610921cf92603d79":"5dc8d7525eaad035c19714ae1b1e538cb66a4089027245351e0ad9297410fb3a0c1155407c10a8bb95a9ca624a9c9925dac003ee78926c6e90ff4ccdba10e8a78bda1c4478162a0e302de5ff05fb0f94c89c3c7429fb94828bdcd97d21333c2ee72963ee6f056ce272b8bab007e653a42b01d1d2041ba627f169c8c0d32e6dae":"266a895fc21da5176b44b446d7d1921d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9edb5231ca4a136b4df4ae22b8588f9f":"c342e9bdabe7be922b2695f5894e032c":"a45c7f8032ac5144deef8d5380f033aea2786b0592720a867f4831eaccc6b85d3fd568aedc6e472e017455b0b5b30cf7a08ea43ca587f35e1646ecd9b4dc774d11e350c82c65692be1e9541cbd72a283bdcf93dc7115545f373747b4f8d5915ed0c42fbeefd3e9bd86003d65efc2361fde5b874ddabcf8265e6b884615102eff":"493df801c57f8bb591955712d92d3fc34518f0599fec8533b2b4473364e1df4f560c12444cf50eeb584676b7e955c742189de6b50b8e012dfa6642f3679fb02bc6d8e08d1db88c8ae955a7946263e06494e17f8df246b672942661e5563302252208f2e00a0d77068a020e26082c291a75a06f63c41e2830292a418b2b5fd9dd":"5ed3ea75c8172fa0e8755fef7b4c90f1":"":"56696e501fac1e8d5b83ef911ed11337d5d51ff5342a82993dd5340bb9632e6606eef68ec5fe8cec6b34ebbc596c279e6cbc9221c4cde933f6d93ae014e3c4ca49593f35eaa638606d059519bac3a3373519e6184e7227d2aa62170c36479fe239cb698bfca863925a4c9fb1338685a55a6dfd3bd9c52d8ae12be8551fce6e1a":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d5fdcb8f5225090e63fae9b68f92c7cb":"581c818282a0905df5ffff652e5604e9":"f1ae6cd7b07f261105f555cf812a1d5bf8dd9aac07666318acffa11abb77d0238156663acbf7543825b45c6e9cddb481a40995ecd78bb5f4cba5df7c7efb00fc19c7f45e94d37697aca8ef368b99165393b6107f900194c797cd3289cb097eb5915f2abfd6aa52dd1effffdde448e30075a1c053246db54b0ec16eadca1c0071":"d39b9cba95e3a3aab9bc1d03ff475c04faeb5b7f0510777f39e5a05756606eb7ddd154aac035d9ddaf3535629821dd8f014dedd52cd184f52fc706e3c89a3a271398c9125d9a624dafb297a56022ca2ea331ea7359ab5e65f8e14814788e64e0a886a9b1a0144bf268fdcf9d94c3d10a0452f40111da9df108252e9039eacea3":"827e66b5b70dce56215cfb86c9a642":"":"cec11a12e47fd443f878e8e9fe23c65f29dd2d53cec59b799bcb0928de8e2f92fe85c27cec5c842ef30967b919accafe0c0d731b57f0bb5685d90a3061cb473e50e8aeca1346d1f47f7db06941f83f21ba5976d97c28cab547d8c1f38387a04b8a0b212da55b75fbaf9562eeeabd78eadcbab66457f0cd4e0d28133a64cb063f":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"036198cd3a3ab9319684d0f811cf2992":"47dffc6b3b80ffef4b943bde87b9cf3c":"ec4de476cd337f564a3facb544d0ff31cd89af4c3d9a28543e45156189f8eff8f804494dda83a1fb2c30ce858884a01ec63db59268452b1eea0f0d48280bb7340eaacc84509469dd94d303774d053d7ab4fb5f6c26581efeb19165f8cb09d58ec314d09ab8356731e87fd081f661e7b2d1a7c3aa4af5448a12b742e7b210b0b0":"6b95b9e82a695fb7b466ce3adb536f525d8314f95eada39efb49baf121093ce7d5439f0d8223e03530b85accd388a70650ca9f7e63eb32afecb7b1916ed9b762128cc641caf3e08e027c3d88481d653b6b15172e977dfb9b3f88465911aee162501cbf8501ce2b66ee151bbfdc23225f638f18750c239d62471663e5ee2a5856":"6cf68a374bea08a977ec8a04b92e8b":"":"5c2f7c408167be3d266ff634e1993fe291aef7efae245fa0b6b5bde886a810c866ae6a078286684d1b66116e636e285f03646e09f3c4ed7b184e7c171ba84f3bfd9500c6f35964a404892b4cdcdd3f697fc5b01934a86019810987a9fea7efca016049873f1072f62df3c17f57ea1d88ccd8757f7e3c5d96e8a18d5366a39ea9":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c9fbbff8f25f951ba874dfc5ff38584e":"1c1fc752673be6d4ff4cc749fc11e0fe":"abfde0b60acfe265b62ed68ebebc1f5f725f155c4b8a8aeec8d704701c51ff7817060c1b0ce6b80d6efc9836c9ea2bc022ec67db4cd34e945e3a1b153fd2e0f7ac84bb4b07e04cbb529ee24014b16067f9f082b940c9d5e54024d3e5e910310457478560721587da7b5343d89eec5a8fce389c01185db15e7faa9a3fa32e8ab9":"ca401071396da00376add467490abc6e6a7d8a85852026979f7013a09cf689113c8d833560cd6c5b8fdaa8fdd818e773ac13954839a0a2c91efeaf4e0e14de43308419a8b86fa2ae600a88a6bd39dfaabc16a3c7c1b77a5c2aab7f7caceb2f8595324125efbb7c96ba16c47d0bd10568b24bf445d72d683268466e68e46df500":"ff0b2c384e03b50e7e829c7a9f95aa":"":"239637fac6e180e71b2c9fa63ce8805f453d81499623ec2deba9b033350250662897867bffaf0c314244baf9e1fe3e1bb7c626d616bfbf3e0ac09a32aaf718b432337c9dc57c2d6fc4a0a09bdc05b9184d1b90c7193b7869f91e2caa8b3b35c10c6621ffae4c609bdf4e4e3f06e930541c381451ef58f4f30a559d2b79b0e6b6":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3a314ec178da96311e42334a616fb38b":"d7ea27c819e3eb2666611bb1c7fc068d":"db8dcc31a5681f13d56abd51bd2dcb0d2b171628186e215a68bf16167b4acd00c3441973c3fa62fa2698ee5c6749fc20e542364d63c40756d8bcff780269e5201bafdced3cdc97931d8203873431882c84522c151b775285d0a3c5d7667254c74724ff0ea9d417aa6c62835865dfded34edd331c0c235a089427672c5a9211c9":"518b3f5384ab54f80497d55be7a5d6902bc7718386212c2ec7537db331514b3838f104bf9054e03039a4cfb73f41e5d0a9648e569ed738cea8d33917430dff6afa8f07a75e324b9262fa196a4439dcd66b0535ee5bea0d292600227c2a79ed03be0671740e5cb7b306d855612bd3abcbf02cf7e7cecbb6cdbb33d57b4e3234a2":"1e774647b1ca406e0ed7141a8e1e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e818372a63b7e2c23b524e29ba752bdb":"36e617e787cb25e154f73af1da68cb06":"71801d69796c2ce36b043c157aec9fd2e06fd1ec596126d10c26b6d44e3dc36c4fa30a030d65c382b6ddfd958e71fe9c16732e595137a3d6764c15480fc3358e9a113ba492b31274663f5842df5d1cc6bad70e83b34675a4411e2e70755aede0ff5035601be130562e27a20283d6f144ff1bdb5276dec05fad80d51b28d50688":"c1bf1b702a95ceaa6b48a1cdd888ae51f58a9fc3232bd6c784529a83301c6d0cdda6e605ad9a2563f54a8d59f624ae7c589e48b85041a010dcb6fb8739d43e79a456fc0e8574af086df78680460c3cdc4e00dc3b9d4e76b0de26e9aec546705249fa7e7466c01001c2667eaf2813be1f0f116916f34843a06b201d653aa1b27e":"3744262bc76f283964c1c15dc069":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a04f16882ff45816739d1b6697ce8b7":"66f504d9a9128ad7fb7f1430d37c4784":"f641c53c83c4fb1ff8044bfa97cdf63fe75d8159d65b3e5ad585b89c083a53cf4a2f7a58eaeaf45fa71f2c07bc5725a6b03307d7f32884a133a4c803700bf1e12564b98b71f63b434ddf13ad2c467dda25ffa6effcafa72452b20c34cfae71e47096f8745b487e9f1945f5bec83f7ec2709a13b504d92315b1b727a78902be84":"6a4f3dbb3371f64258fd1f831349e745a4e19a33aad794b1de3788729618beed619586092120e9e5dc3ac6e0d52f991f7be61afbfaa4399ac716ad79a2734827254b1627791dc92a128a6f43426b8085dee94242e83176a3d762658f18ecc1e37e3e1531648c9caed212ea2cf3b3843cb92cb07730f30fe2dca3925470fadd06":"fbb37084396394fecd9581741f3c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"38cf029a4b20607030586cd2d82146e6":"6330084319e2bf32cd5240f4826944bc":"80746cfb0127c592f8164d751b0e14a5b379056a884cece7ee4e9b80538d7ff6be56a3b19c135786722aaf315123b47672b0251e87ea45f0fd3601cf93f9efa6cbd9ad537f54d57f1e187f821faac24096ecec19d137c9f4cf145c278af4cd8de01c7758784fda06f1cc62d92ae1977786f3d0645714ab4ab6f48c8794b12f73":"f4c9f4476561c9ebdac71b282ae6e2f9f03547da98e66d4d857720db2fcc9ed1f363858db34c9dcaca0109d7c81db24150493115f2bb6985efa8686e3d2ab719d33b230aa4c5c70696bf42f225fb3c6704711c054a882d89b320884a78cb59cd2100496edf4010487597fb9135d8ca79693a43843e9626fd6c64a8722b3a27dc":"7b021de5cda915ba58f90ceef4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cf4d81fc5997c744a572bed71f4ae609":"bc4e20c56931c967ce8e3b8f5f1c392f":"b6b8294abf7da5703f864721f7904d3821f5568bf4b269e44edef4f1c95ddc172d83a06c0ad9f7f1fd2e292c17a876392bc5bb705d370b2f16ff721bef7648f423346fd3a4d762676e6fcf2d690553a47224af29afed0f452d263be90eb8150a13d720f1db6f1abc1c2ec18cfbf93b8ed3c5aa7cfc1dcb514d69f90409687a4d":"f3d65d70326e641fbe7fd945fe9cf66c74f17d0d1020ae8ac488f39b7285c99d8632bc2201960f3d77daccfecc04428abe0853aa8d82b90a93127c72b2d2af53f7f1bd0afb99d50f0b3b24e934ec98eddb278b2c65866442cebf10208c7ce1b7ecf764858480b2a269b106fa6d2428d5ad17612e53e62ccc7ad1184663aeb9a7":"0a86142a0af81c8df64ba689f4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d88ad40b42ead744f1b7a36685658be1":"52c3158f5bd65a0a7ce1c5b57b9b295e":"dde2663335c40e5550ae192b843fa9fb4ef357b5c09d9f39dafda3296a4d14031817ee4dc1a201d677597d81e37050cd3dc86c25adbd551e947a080b6c47ec7be8a927ef7920bd1bb81f2c59801a2b9d745d33344cbe4838bcf2eb8dce53ab82c75c9bbab8e406597f6908aaa81fbbdef25aa69116c8f7a8cdc9958435aa32ac":"e99d2566fe6bcb2a04d167605db7c0f1e5567ff2d8d3292c15bbccc5d1e872bcb15a30b3bb8b1eb45e02fba15946e6bca310583a6740845a0f74f4ebfd5c59ced46875823e369e0447cc3e5d03dae530adf3c9846362c94e7f9d17207bf92d4d59981d8fd904eb8b96a0a23eb0f8d7e7a87e8e8892a2451524da6841ce575c27":"7643b3534eb5cb38331ed2e572":"":"6f87f6be2f4e7421aa26fe321045d1e23066a02158634bef35890581c92367d0bc232940de30974c70a66c60137a9f3924d12db1e5bc1b0e7131ea3620a25eb805b7d670263b82c8bbfcd6839305025390fc17d42d82daebe1b24f73ff9aa4617e3866785dded88f8b55ef89b2798ea2641a592a46428d9020f9bf853c194576":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c3ce86a212a30e724b4c624057db4e79":"9e03f0dd4cb2b3d830a6925e4400ed89":"92c48a39d93ea3308f55f6650d33fdf17a902076d582a94a82ac99496de9f62312292b844bbca5a683ef0f0710bbc1c7f89cbcca8f9c0299f154590d32059bd99fca5d78c450ede0d11d55075947caf2151218ce7a06c1e81985a7781a3444054170b457fd7ba816026310112abb47c8eddfd3ab7f679a0f60efc6c6dd3b759e":"3582ef7a9565c9a8e4496750ee5ca3e3a80df6238f7b7608e3394ec56d1360777921da039ede34abcedd01081babd496ba4de74a7de501181d6bb2022a6cc7f79d89a4c6a97676fb0f2b42f70e2d0bc1eaac364c3646df4f611c1d6b09737451b81b5a4da73c05fb58391c74e44498b80b26f1c29562d23c39b5d3f086b280cb":"3230fe94b6ccd63e605f87d0":"":"052347a4273cddba65b2a0b961477f07edee440a9117ab204359d2dd45ad2a6dad3b60ead891e7da6d79f3017ac90f95725a0089f04d25ce537bf53b7ea8e1ea58692d34c221db141e2a9fd7211adcee03ef8b5bf3c5d36311d20bb3d81f70f7e7272d0e2b6d12293b1a2c31b70f140a8f08d98c6231a3c429c3d0a10b2e1c1c":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a0155360b84420b5bf4fb410ea02f31e":"46f0386be7363887e7e357376305eab5":"611bc290f91798ad84f0a5ecb5a7cb8fa35e9ab6a5a51c9869a68a076e96f92c9c117595f92cbac5d33343fa2accd2541473907cbc54792c5e215ae857424c921b04ca4b81376bbedbfcc0e565c118f2aced08f247698eed5e2d202c48245161cabeac9fa195219f9799fa253e339561e13012167f1d02b4012b7791b7c863ba":"ecdb51522fc440f7471ea6a31f7c1ef1ec2153e5bcf6303297dbf8ddb3830b45ed9866157375ce4bdeb5e32fcbc6607984fccd7e6552628736608ab13072856d432ceccd3e90d1bb52ca9ada9cee90eb89ac10e887a1978fd0fb3d7bb20caaf35539e150be8044b725b8427c4c4a910f79980865d36344a8784bcc3d58460acb":"ac5addcc10cae6c1345520f1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"694f621f594d96b16c32254ff06f3f9c":"542db4e107485a3cd24c7ad337a4f1b5":"27b7bfa5eb34ba376e515e58ab8b6556c396820d0074a1fe3b984945dcf5251ca450456ccb4bb66ec739b03fdc5f72d24553e843255adc012d1f1c95aa3cdac5d12926465354217203052cbd4869a8b5be2e01d0fe66b5a6a8da0a2ce351557e2991ce77baa812b9c67b8e1c5a1fc348710e1a73a0fd49acfd538b7db6bef8b3":"e61476b8b7f101ca6005f25af2b9bee795d62720bbbf59357057ca7cd473e00f0d465255fce8d6164657603323549fb4e3d33fa51054b1a70cc7e492916dea85453e9107fe781bfeb4a622c5b2306a8dddef99386dc50745003aa7220cd7f32fb0a060fa7682576769a48f9169c7d11fe0a8a61b95f5d6dfcf216f7d0c652a84":"0bdef4d771a1740381e7db97":"":"8b27a338fd2153d304f04655e09bd9bdf4468890ecce1e3b51de2c9a25a8d9336a9acd753ce270b1fe8d50196feac68145e0fd59c9cb3aa7c1e8af03494bc4279c6e287c849f3c775ada584ae173100946ae6921ef7c96bbc6f216093548702cf1867bb1bf1f4c9e90a34230a2b2aeb584622dd615023a43a406e64428bd9170":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"78826a5215a1d5e1b39cad5a06861f8f":"feb9d740fd1e221e328b5ef5ed19eff5":"ca9411b368d8295210d7a04da05a351d287f2f67d978ef1bb936de9f8065473f6fa11495da2eab13a1002231c86411d5409bbc718e2042ee99e013b1df1ef786e9fc1f2d43293c854128184efb9317c4ef82a002eac8b28fcd91d8a714a3aa25fc3c0ae4af9f4bcf5ad19a30cd8ec4b1785df70aa92074da419abe433dd4c435":"0fe2c798d7015d3e2f8725648d95729c45d357dc0c89fc63b9df5a68d3e65419540f663e9190793a29c58c495d5c6a731782acf119e2df8a96fb180ad772c301d098dbc5e3560ac45b6631a01cef7eed6db51f223775d601d2e11b9baa55e2f0651344777e5a03f6738a2013626a891b5f134f07b16598b8cbe3aeaefa1c2a26":"a724bbb295a02883":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d450f5253251121606e56687952bf2f1":"fe7ff90b020fc77d7fcd90bc583850ac":"a3bca9ff25a60006eb18f993dcdc99681e414e27605264dfd25652195d7fe1489550afd07fc7346b88d93b59eb6642913646e93bf50ee1db5dd30106cf181124d8ad01c72ed99038c9798620abdf5c78c419b08c97f982b34d9e9105d9aa4538afcd37f62e2412f14f7a248fcd60abaf2b66cd4554767f99030f1a495d56a5ae":"479b4f421bd8ac7f615c4a507da187cb5d4b1f1e2c6113d1f9678c1ba92dc5e17c5b525d7f3208733223eb82af0820b8476e9b08ca714ce044417b24d2238720cb8ffdc69db558cbaff52e3651b400e16c9d5ac8ed8949a19c35516f80394a04bd1cfdced7b204f779d792086e00b2ebca2f55a1140e85f5ee9ac7cfc5a31747":"6446398aff73ed23":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"90a59f6b0abf932311f0b65623c17740":"20778bea82a6717038e7064f48a31981":"4022d04f1454a72d2efe57533bd32757595220b20f3a37d166cec0412fb1eb2588f939ecd906c805f4827338669888e9f730905001eb1b136b95e306edf70d9ba1e5cd0aa13a25a1f28ab55cff36f9cd7036c735e3b285d26002ad2ed1074b566e252ea3ec8a9ce10882375dc3f1d9676e301dcb179eaae991120b796cc35648":"be5a948a771a8df12adaf74d702f064a75f6483c03203365fbde7d184844fe6dee0b84cf344be05b1d163817ba1516fcb87b9167ed81f884ada73b0058e2b38cba515bbbe462f4c21f8de1d41bca2cf4340aa659f9f07886c2bb620d9c3295318c07fa3c17fe8242409359c08bcb337e5cf268880839b6a20f4ee4b3f04e7024":"dc77c1d7e0902d48":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6be4ef629f0b38194c74f7b66418922d":"fb77a4b9b246271abfc656433f87628c":"e5d5227725a19a3050fbf2a97a6e854bc1218b94a4a3403b721ace3447daff68fff5553a26edd41219e68fb61fb9e964d0a3c29796251ae4eb942187cdc55d13a09dfb487e93d9e2072d7271456a77c6ccb81154443eea176314d6e3a08619b52cd880f1c28ae5214ac0090a3855dbd74f87389fe8afebd464330fb683dff81a":"b67ea20a320f4ec0e4185c62a4ad79a3c97a8189a5e4d1deff9d3edff0f9a9323532853c1a2a2c1e62e4d1afebfcdf1d8461921ea601750380e63b912d8b7389198f976851d88a19f1aa32c97143668ad00838d98da1c4f2be0e6e2dc964d170d7f7ad2e2997982e5ca110e744b6e10c24ca18eadff6b129b1f290c8a7e0a593":"3d8fc6fb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c50e37244931e8debc12b3d561c83ba2":"6c0b1fd7ab424a6883c36457d1b5521f":"516dc25f6452ae169ce293c5cee440de47353ca5ba770dca0f04175950e87a2d4c3f84fbc6eeacaac436853492929680066f959e74de4b736ab924d8367b90aaa6e9492561ad4b5aa78b6737d562e960edc3b983e2e01a186e9f22896f48d8dfcfb6a42cfe2c6006c687a27772820a1e8875bdf09e8104248ce4db883376bc04":"b9abf0796f2d2f774735546cf809030f65ed0c7f6bd469ef2fe0ef32aa0225b57fbce07c36017bbc1806a81ff1a429278160a07643f864485b4e0e35d57553dc1a131e32aa10f1f91d663b10f0a418f472ed7b4bca54fd7ffdbb22c4d7764d94a7ffd04730614459431eb64335b9b65363de292c04275d40a7b968c0f5c486e9":"7d4393f0":"":"962509e494f10269b70ebad02b0cd799d1d41191a734863ef502aff3d3ba48dc2acf9da9a3fc3f40be4d210dc5e128bc00499aec57aa0a4669863165428687b88d46fad41e36af8ea6605586eaa5c0736d0d53b9d523e0cb5a0b285048e060a73cbf4b587d2cd787debdb2b4c8cda731a61a15b19fe8b561fbdd3a7373853ae1":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8531ddb03977383405baf2ee9ca7d64b":"baf623867d6a25fd85d1f08e599c0566":"18f92cdd37dcd7f99b06838f3f68748aba367baabaebd0da9ee787d70e752fa07dea553a43b643b8d8f460175c0746675205e20a7a98acfcac864d7c4cf5ab4c41c031738c76882acda003c5af47b1c4df8894a827a317935d970d4afaee17715c9cfd1883e8c345f19d1f89e229b8edba6b4f53b86d8da1c0f159afb83b6b33":"d90c9e26509bdba9b1dea8d2b94f2b1881d22c2bd756ad23cd61944710a1c1f2807170ed47a6870ae654e44757fcb3822ef28b37946cafc07284f8a0c22ae3552954f0d87b8d8c825bd546935b494cacb4262d9e2a88f254f200ad31367d8b3715afbabea5f34214ffedb14d7c84806022aba2dc8f88a314ffbb24017d1a9b9f":"2fc9de46":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"862dd5b362cfa556ca37e73cff7f4a0e":"81530a243655a60d22d9ab40d2520447":"":"":"3b9b2af54e610ed0b3dda96961dd8783":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3452b7bc100c334292e08343f139b9d0":"8f92739a30fe4ba24079f5d42753d6ac":"":"":"0eeca69f8b95e1a902cc3ab1aaa8e2af":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"31a0cbaf21b943f8badc939e94eac7eb":"d5bb2c4eaec47088230972ae34fcda9c":"":"":"580e728512c8e44fbb3fe2c498e05323":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9e8fca537746e7cbff97f1dcd40a3392":"43e9f2bf186b2af8cc022e7c7412d641":"":"":"4465a3f9d9751789bcef5c7c58cbc5":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"35b5854ca83792ad691dbda1a66790fb":"cff61cf9b32ea30cf7e3692aa6e74bed":"":"":"726793199df533dd9055b0ac7c939d":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"07259267c1c6a015437a5d8cfa92f9e6":"18b9cf2ad7ace6ec1c8366b72878cf20":"":"":"4340f6263f0ba2d82c2eb79cb0cc7e":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fa1df8955aa3ef191900b06e7c1b7d46":"6928c138c98a4350c318fbdccd3f44ba":"":"":"7c89d9e77515d271b6ed54c9c4e3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c04200ce41ce77d772babb206315ec7d":"a885d58f0f38f9ff26d906fa1bfb12f4":"":"":"9ee0d025421f2bf18caf563953fb":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"650df049461be341c3099bd1613dcead":"8a4ff6327b49d297248ce2d5bd38afa8":"":"":"13f067ef0d7b448d56e70d282fed":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ee61b5bf5060fcc637dc833926898508":"b2dcf21f9ffa4a883044d29f087f9b85":"":"":"9ab1d66666d4dea3cbb5982238":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"01cc56ca7e64db7fbef66236a5c49493":"8ea5b63004189792cc040ef18b37e550":"":"":"d685aeb54aa129a21bed17766e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"134dd72ac8e28ab46720c2f42284a303":"c6368e4c0ba0ec90fa7488af9997a4c7":"":"":"4ad9cdf19ff7d7fd7e273efced":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"180c04b2bde6901edcda66085f73ecd9":"9193b206beade4cb036f01a9db187cb8":"":"":"530f5e9ed0879ccef3a7b360":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"aaac85742a55ffa07e98106d6d6b1004":"630cd8ab849253c4da95ac80324ecc28":"":"":"37911820c810e3700c3a9321":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ab663c4f8f2fdc7d5eabf6ef26169b4e":"86e6100669929e329a1d258cd3552dc9":"":"":"958d6141f7fb2b2dc7d851a6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0dd756d49fd25380c4026ea03cafc2da":"6a6f7e39b0d730ea1670e13d16c12c28":"":"":"872ef05a28da5ea1":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"bd8a834b288bdc7578b6c6ab36f5d068":"aa77de0af5fa4dd1ed2ada5cb94813a0":"":"":"c5c094e83755f2b6":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"020d280dbd06939bbb5e6edc6f6d39c6":"09aea6f0e57598452719d6f63b6fe5a0":"":"":"05d6c56ba601e85b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e47f41a27a2722df293c1431badc0f90":"227c036fca03171a890806b9fa0c250d":"":"":"86c22189":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9d3e112114b94e26e93d3855d4be26bd":"99b98525160c4bb2029da5553ff82b59":"":"":"33bee715":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5b4b7688588125349fbb66004a30d5d4":"b4ae363edb529d8b927c051cf21a2d9d":"":"":"6a920617":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c4b6c5b8e21c32f36b0ae4ef3b75d5cd":"3d1036bf0000e6f1b77a799f2ef32dec":"1cf2b6cbe86a87b4b5bb3cc50024aeb27c48143658d47b41f2f20b87ed67bd6fc3b85a3a803f66d3576608f5d6ce6cad11e02fe12de5390722dccb8242e1dd140051bef51aa9716c860d45d45bca6effbb1a4797e6e7406a04db5d823766c0f011ebc28e9a8cd4446ec8a75ea8bdc1b2fdbb5cc364fa9877886e30404593df34":"":"a49725014c214ef7cc2d28b9b2b53da7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"":"c53d01e53ee4a6ea106ea4a66538265e":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b0c88b191ce6e8e4a3941f7960b7eae5":"e2a899961c332c815685c553351fa519":"308bf10570af48d632911f3641dea60d78046211c01a63bb8e4e5cbddfff8841d2f2b11e18ccb2170805ef4cacf7804d64e0feef40731a1704907f33b77788c18ccf35b224ec3046a67664ac9a3481d2385b6ddeec6da4f32423f94ea9663a5c51cc388cef33744a8159b4fb654dfdb5092718bf926c824be31197f07f276b5f":"":"92604d37407aff33f8b677326cbb94fc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c818dfa0885a09f65ef78712f5ce6609":"ca279284723530fdd68ae880e0ce775c":"2a562abdbb483ca5f355f9cc1c5e607bdd624a078a76b717ce0f8f35d0d4c54b629f372f15d20c848d01420c6af5a7040d42063704a17b46259dcc53723caf2d4bf556143ff9117c752fa4f22c9c155c99b7bf5949d089cdafd562165b9cbf53ff51cec21f49128c8a599718bbcdb4a5d705d20509c44c8945e2a133164b9942":"":"20e9a3a98d71d460743e1efaab13c6":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2354c6b6afaa883e7ce91faca4981f8b":"604f2730c756c8c39a0527093bc2feb5":"959b4b0b9ce2e9120b327d2d090117553999ee10bdd384a546fc6de0957ef4b447daf07b3d07ef7dbc811f36b0fc09a175d26e4d1263cb5e21eda5ecab85d763807bb20b3cb6ac3f31d548dff00aae058d434ebcf6f7e3a37f11324134f453dd0ea7f51094863486426ff1706129a5a93c53d8c5ccb56cafa5881981fe233cb0":"":"3588c9aa769897dfa328549fbbd10a":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b0af48e6aebbb6ff5b7c92bd140b085f":"d210d6502a5221ac1274a9c7f5a81725":"d725311ca10eb4b4aa24e6dd19c5e72dc34fc1ff53feb25d924a9b7d8d72205790ca4b1275bd93ad60c27a5587a45659bca07c111e9748fb683a03465153ffd735b7d134b479674ab8596f0596496fe2090f623fd1e4dd730c5283d8b172db8a25df42d9b34f388ed32676a56b8ba03347e47379702654508ccd0a21ff03516e":"":"e6222f068a1e18f09ba6c771eabd86":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a05fe482fe164b2eca7f6c3e377b39d8":"145327bcc10335fccb93afbf4b17e6e7":"ea6f2e93b5e1bf127d40440b8d6397405246b1b48eebe16964f18928f6b4b8ee2c36322d7126905c1a5b816996e340404b586edc2d77afac11a6c1266511f9eff1a320b035442d4078f8e42ca63cf26d12a971a7adf4645d1bd9a8e4d0a20722f7c2d529beaecc4033f7738075e1cdc6d8a929da5582540678935b82e7b7ba68":"":"3900bde9fa9ae2cbeee54d04f224":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dacbadf819eb16a63f6f091d13ed04d4":"b9ebce724b0dcb0989ac2d8e7ff8aaec":"7dc6e2189d8a96f3507e352e05e8fd1b4bab988c2f1c706115887119f63b78084f015d85f6b460901a02880103e4d36e8f6527dfd74e4a3acd3f578c0cc726b528875f701ff8b66e5c11b4689c346a098e123bebfa253362cb86829be73c2b85a6881fa976aa730fabb76775027feec7fd920a6c8965a4a509ea812d7c413a95":"":"8988fca83c8cfb1f8feefac46f04":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"969244c7444f3f3bf193b28f8e8e96dc":"49b2845a1a1c87fa66eb8f78c05ac029":"1414a07e86d8b61d1eff43e1ff4ab42c1c95e159058b74c731e3007d21a5eb78bc17b7e920363a3974aeb8608813dc9a4655199b6703ed337450702d8ab16a89776831b2c7c811fec3acc23598a0aa01680a7bf42a4e258145beb08c9f0eacf2bb5f56d26bea3ad11e1a956a630b80f3d22bf35592b4704f7c464b08b06dd7f8":"":"a291c7527385f037f62e60fd8a96":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"525abe490c8434802b69439c590a5290":"141f79f0501316e66451c41c7af0f0cd":"be440db66d3f81be467605a7b2805ec1df5e71e1b1b04bd7a4d05e912f5aa1912ba08de72df18613b32b7edf78963c48c80c25178b3b19262b85bb829f5377e0b368b500d6d3b442f54172d4ca4500eb5b4d478b602e5dc11d090539455087ce1e5b9ea74355fc06e9b60cbf25a9804d3f8c623fff130abc48bc2d8d116b8366":"":"038c7e95f790e6ca5ce73f9551":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"51644e025659de983f5c8156516b812e":"614837c743d0974e9cca497f13038c02":"60c5d062ade2c5c2dec68b734dd3e58ec474a586d1c4797fdfa2337800510134cb27a10d501927632af3c1febc275010c0d2e5abee630cd2bc792963fa82a42286ab047b934a261927311b40f5f953bfd661427921147cac7613d95ee86e16326ef67c1ed097e8fb87a78753d785de34e03a182232786079cb6be00182e41c9e":"":"77e3deba2c7f9386f85bc4a801":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08566ca7310302dfb84d76ea0525ba20":"5f20ec9c35c08aa7f1c0e8a20fdbd2b3":"5d84e32768b8d1e7e3c426b3118d48e35491bf1bb454b359c8429220216efd8826be94fe1919409a128ccd8125a594f1691c9421fc3dbbb3f757bf2355bb0d074ceec165eb70e26eb53fa2cb5d84dfae06babb557805ef7b8c61c1bc76137571bcc5e84bf5987dc49013831d78bd497ccc49cde7dca2cb75e7ab967da8c6ce81":"":"873f037fc05252a44dc76f8155":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dfb54db96383fa911bf5b4fa1218ef9a":"7e849e24983f63f1194b396bbd2d55e0":"d3fb689c5818810dd104693f3306a10b27178444af26798a194f7c2ab31ff3a172904b951942b1a26c8ae5b5b1ee2d86dc78bb72a335fde350766d7d9aef6f549871dd46b04b2cc319fcdd47be437d431ad18cab82d51ca9fa57f4108a8de622a92f87d28c0349fab27757fd773413f559a8c00d30e258c1f6cd96f9759bd957":"":"dada7fc7fed58db462854ef6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"389cf888474e9403e5f4d0e22ffec439":"ef57794cf6fac9f9cea3e8499b53b1d6":"7ea7f7f4763ad208eb6199285b6b2819756c4e3caf2d0ac6f5076ae6785fecdcc4b138a51860ff8b87aaac3a18c2df778a4818308d458dba28f5017513e1454f60be20dae68736ea6d48b1f9deadb517df63140acbd329fbfbc9b82f3ca1862c9e998f0faff1d3ae60b005bf66829f5cf0c5fa03efbdd92d39351e3954be0257":"":"92726d90ad26130e65f2beb4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e55abb2ca36c822bf2a030ac703cb8b4":"d86f7177e8ec90f9e9edf10175d5012d":"777a9d93091de56324c10712243f5541722e0b27e1f303fef6faa387a8666161ab354dbea6c43c82a24e8623bfec39aab13164add6be0dfd55d23204c0975b4ba6fbda51363befde482a9ccc1eb9f151e6ad59c77a1e24dd268389e4686f198a936dd603044a3fb653d63cff80597f5a2913c8a2ec1b7d9dce5728dd56c78c2c":"":"65025250343ed8c09b3fceed":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"586114f3b1dc087e1b2739b28c592dfe":"ae5a38ddd455505284434a4bcfe81ef2":"531ff8c285e532d961f49bd210a5523cd9b19a697a3a3fb26db940a496f253862405b1e825daeda7eb0445c98022b8342c8f8ea20301618483f8ab04b6ebccd7e7fc57878fb544a5bf78fa896f50ac30126ff8afca8a86388666b64c643d16812729bfd7e5c03ba52f7e6ea4c6a685404f7bcbd956964417fa0ea9a6d7290c41":"":"467a815610faeb82":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cbfe806bddb7f06b3826b097550c68f5":"04c1b6c9fd2ab76fc2adfe15d3421bbb":"cfa86d02599652cb4ffff027b9c6ef2336dc9fe946f64fa5ce83f624e144563d4738381bc5371c3cb55cf41ceda07e62cb635ff37246bfa428785229c6e869d5df69d7949a8577889a29e3d05b788ddd43608d9c14e3f1b51ce2085b9a976fe843e3396a74922babe6797d5f01c37ead623b5b582505bcd29edf8a6ea36b0fc7":"":"0697ac372a9acafd":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"96ce3a095a91effdd91d616f1f02ddcd":"579d6633ec6687afa24ef874899b58e0":"3ff3c0038148ed391b6a10aad623a82fe9209c5ba74482f11506d597b5fc7af977235d8ee9e28cf2160346ddd0e33a5bd1fb67b87dad7167fdd4b2b4000d8460ef7b3e1b59b9d61d06cfbe7945379ed6b650de86f396a38cc70d47b8a349f067d00144c903c276b323be6a929a7d7dd8ae7d254d640cdc1176f98e01a1d8c82f":"":"55a0f61032e048f3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"24ece168c2971cf2b404ea206dc9e29d":"e9db62a42491664a6c46cbb0b2bafc92":"3579f6c0cb3d2a5d0c4548855c7c052d36b6a8dfc60f4ca1b4bbe28ed87306119e71982dd84c4205ceba918d675472753df1b5192d3693dbf6a061c6056e312135ffc5ff426895a7e30f7f675d2cb21de06eea5e3761b94deef7537b985d324864c9ff6ab6e230a1006720f98c958912b604a6d03e3979887c07be3ceaafc78f":"":"d2b15a23":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d3c3cf993f6740a019e61ce13c29955c":"af900ac348082ff32d2e0ab886079516":"2ddd0e8c99661f0757f04aa79a1ffa24ad48fbe5da68b9e71f7a0cf1b4f2ca9b757695900b7549d48847ae49950dc9b270b1569d29dcbef412216737bd83509c17ae41c34ccda318939cb37a0a380762993a7568c0b07794e78746173dd5c0d921cd50de4b548c1589e142c3dadbad42161aaeda2310f3c6d5c722d9ac69e96d":"":"f2d3a6ff":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5f1e5bd45ee8bb207ebbd730510ff218":"8846424a194f5de858556e6be5b65d7f":"e968947fc0e49136e730b97f6b16e393d5e4fdf3e4803a23af79211ef59f29167c60ead72fd489da32d2ffa43b2bca2074f9d1b4f5396ca65004b0806cb7c6dfa751fb6afbee3e443f3c9b0e3df6722e0d1320441400c5ca508afb657c2b7f1669b0de21761dccab9a40fc513768bd1f552692626ce35078a2e0e12f5d930647":"":"0d6c15da":"":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3997050377cfbb802cc438d973661688":"c95c84c263bdfd5f1de66e7e616cf3fb":"":"b02f0dd373e42c65e8e1db2dd76a432e0b2bf6e630c8aaf0d48af51b3709b175de9a19b3245ae75818274c771c06fae225c4f8b002236712336e805ab006449eb29cc5e29abd82b06c32d4c36ee99acb9a6d7d9eae6ec6ec263c002a22c4a898c74f6abd6d92112367ca7ffe82787c5b39e7012ba22825d3612af3d41e8008a8":"b35b3cf6ed59ccb69dbc9b47a3f284ae":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0bc2bde877e881aea512068105694968":"05f0c34ab2e8e8026b0a23719344b71f":"":"1a6369a45e8ef2846c42d54f92d0d140a94f9633432782dcbf094f1444a1d006acd07ef6076cd0faee226f9ff14adc1fb23e3c63ed818c9a743efbe16624981663e5a64f03f411dcd326e0c259bcadca3b3dd7660ed985c1b77f13a3b232a5934f8b54e46f8368c6e6eb75f933196fa973e7413e4b1442b9dee5e265b44255ed":"46bab9fc2dbe87b8f6ca0ed4d73e5368":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e14f45ba5d1eb52e0412240da5d7b5f9":"d7f8ef12f66f8b7c60aea02ef6ff688f":"":"9a85fda19ce923f093a0c25b0c52f5d9534828af7c7687d22307004ae2d10c4592242c0f2704070307ab55b137780d1e2013a19396ab43ff6a295b63fdcf323456d149758f9a2bb37f1418d62ea6368b24d5067b9c63d2968e06d6586c7e3275faffa005f7c7bfef51303e4c2b2ed4564acd17d50efac9f5e3e7f16ce589c39b":"beede05e4928c808bc660f3de95634":"":"4ad5b9ace0c0c7c07df2900faf37a902899471e7aa4a0a1ad5387f8f56d73f78f619be79a4e253f95b15d52895a05bae9ecffa916d35efacd8baf1c704d2aa4a38c234efc4dcfb191ec0fa0b522328fa5b5dff55e8c443fee660ebe3d8ad85de157a889aefc823720030a4cd6ba94a6309dd61806f0abb27772432018bc61701":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a64579f3601b0022d357b601cd876ab":"515efc6d036f95db7df56b1bbec0aff2":"":"88be1f4bc8c81b8a9d7abc073cb2751e209ab6b912c15dc094002f95a57a660b9f08b1b34f5947223205b579e704d70a9ecb54520ce3491e52965be643f729516f5cb018beeedc68a7d66c0d40a3f392ec7729c566ce1e9f964c4c0bd61b291ccb96e3d1fac18a401a302f3775697c71edb8ff5a8275a815eba9dd3b912e3759":"13ea92ba35fced366d1e47c97ca5c9":"":"7fc8565760c168d640f24896c69758355b17310dbc359f38b73fc7b57fe3f4b6ecad3f298be931c96a639df3c5744f7e932b32d222f5534efb8eb5d5b98d218dce3efef5c8c7ce65738bf63412d0a8ed209071218a6fa2f7be79b38d0b2f5b571ec73f1a91721bd409b1722b313683e97d53df19ded95fd471124fa5f294a4bb":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1bda4acfd10ab635f357935bb0ab7020":"48b77c587616ffaa449533a91230b449":"":"c9ac8d4ef7d83848fdc03664957c28b9b76710797d5db1c21e713e85eb0898892223e52be1644fc7362c95026ebb9c9ca74d7d3739eff10cab1eda00c36628dae0b98d119a14635800e37cd340faa6fbba9c3d41d52722cc3969612b1a8c5ca9a68773f5ee654506cb88ea65fb1eddf5ab6312d0170dc03324e483342448b854":"8325e4394c91719691145e68e56439":"":"1287ad3719508a9be70c19e3b134a2eaa4415d736c55922e9abcfd7f621ea07ffb9b78d8a9668c74bbd548b5e6519ea12609d2d6197c8bd3da9c13c46628f218e7ff81884ff7eb34664ab00f86e09cd623bec248d8898ef054fce8f718a0e0978e8b5d037709c524114ec37809ac3fd1604e223e08f594e7aa12097f7dc1850b":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d21cf24bc5bd176b4b0fd4c8477bb70d":"208cb9dced20b18edddb91596e902124":"":"2e7108fd25c88b799263791940594ec80b26ccd53455c837b2e6cf4e27fcf9707af3f0fe311355e1b03ac3b5ee0af09fb6fb9f0311f8545d40a658119e6a87ba8ba72cc5fdb1386bc455c8fec51a7c0fec957bed4d6441180741197962d51b17c393b57553e53602f2a343a0871ea2dc4b1506663b2768ce271b89c4ed99eec6":"7edfb9daf8ca2babcc02537463e9":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d02e2b02170986944487cba8448f998":"6336077bb83eff1c9ea715de99b372cd":"":"bc1d7553f4a28754cf59ed6f7a901901f04ce62a449db2b45ad60329d0341bb9ba421c783c28a9200b41da8ab6328d826293134a7d0c9a5775dd2735e7767efda4ad183566e0847d6d978abd1a8ab13b16b8323acef05ced3b571631e1e24ad44d65e6ffa64e03c9970e94bacb9f721aba06cda6a08806a3be63dddd8029301d":"0466bb2957281f64b59eafed3509":"":"5f395958f2f7acafb1bca6d3a6ec48b717f2ceeac1b77e1b0edc09a09e4a299d2ec722cc7daf34c8f4121a93c80b2adb20a2fc95afd09320f91085c93c8b082dd703814c9777501d23bf9b328f07f04652592dc5a3f4321626a695b8db8e65c8617c809eb2978d8c9a882ffa82a4bb707c1a8f9a965bdacce5c041bafc94a1c6":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cd1ad1de0521d41645d13c97a18f4a20":"413873a0b063ad039da5513896233286":"":"588c2617517329f3e1e7ba6206a183dc9232e6a4fa8c8b89532d46235af1e542acaa7eae4d034f139b00449076ba2ef9a692cae422998878dabdac60993dce9880d280bec1419803ba937366e5285c4a7f31a5f232f8d3ef73efe7267b3ef82a02f97d320ebc9db6219fbdf1c7f611e8e5164e9ecf25b32f9c07dfa12aa705af":"d4dbe9cae116553b0cbe1984d176":"":"bd519b7e6921e6026784cd7b836c89bc1fa98e4013b41d2bf091ef0d602e44a70df89816c068d37f0c6377af46c8bfa73ec0d5bc0b61966f23e55a15a83cea49f37cc02213b4996f9353ee2b73a798b626e524b9c15937ecf98a4eded83fb62e6deea1de31e0a7f1d210f6d964bc3e69b269da834720fd33487874489b8932a8":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1cb120e9cd718b5119b4a58af0644eff":"5a7087989bfe2f6eddcb56fde4d72529":"":"4c8e8fb8c87ff6b994ae71bfbf0fa4529f03bad86edf9d27cf899ea93a32972640697e00546136c1dbc7e63662200951b6479c58ae26b1bd8c3b4f507c0d945d615183196868ec4f4865d1d00bb919a00184e9663f6cb9a7a0ddfc73ee2901f7a56ef2074d554f48cef254be558fca35651be405f91c39e0367762b4715d05fa":"95d8bd12af8a5ab677309df0fb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"315b206778c28ed0bfdd6e66088a5c39":"7ec6f47ec56dda5b52bbdaa6ad2eb6da":"":"6186f57a85b65f54efbf9974a193012b1396fc0ca887227e1865f1c915ac2af9bbd55969f7de57ce9fb87604cf11c7bc822b542f745be8a101877a810ed72bf4544d0acb91f0f9d3c30b6a18c48b82557433d0db930e03bcecc6fb53530bfd99ee89f9e154aa1a3e2a2c2a7a9e08c9aed1deab7fae8ea5a31158b50bca2f5e79":"930750c53effc7b84aa10b2276":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e886de1c907c97e7db8ec80a79df90f8":"612cacbf33266353d0a29a24532f3c0c":"":"c64cc9596d7c738746ab800f688eec190a4c802c55b2528931d74d294496892b81f53d3073d48f9bef1d58ce3be26547474cdda2868abeab71aff566fff613b4e5bfed1be1d2fff35d8ffa33302d3da1c82e421aa3a23848f31e26d90c0cb2ac2ae136ada73404ed3e0e1d3e7cb355a11cd2a4f9393b4d5eac988104fe1cf959":"76634e58d8f3a48f15875ac1d6":"":"7001d7395efb432e2804cc65c0ba5d4719ce84177ce46292c4fd62a5596bd2bab1d5c44217ac43235bd94489c43d01618a11f047d2e247062c3b88d6e59adaa1f46514fb33b7843483920bee60a41f3cb312322c305d25251b4704fb66da58637c95a9d539731434f60ef44fe3cd6d37e2c8e7089880a563938dcc98b43f08fd":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3b936e09a6477f3bd52030a29df5001d":"f93105be83fa5e315d73acfdcf578de7":"":"65cf11d1afad19b34f282f98f140315992392f5d4eed4265085b29e1e5553f4783fec681ba2d368486ba6a54c00e71c82c08ca3d097904f021ce4b0acba2d2a7005e28e5f8750ea3d18a4f78363c37583e85104234498942c639a0564b0d80055c21cb7735dd44348298291ab602f345b1d74d624750c0177fbd5cca6f99223b":"91b55bb5e3f3f1abcf335db5":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dc9e2095de7b1b48481b56bf6a3604cd":"9e5268db19a1b51c0496a160ca76f8f7":"":"ed61ff94a3f84c72147faefa615e2df00324fb01790cf9764c72c1b8ba47f17866a1fd64ee5c2f53865d1bc24ec93165a6774466a59603199ee476c1f2da7d932c8943d126aa172d532d8475a484d42bb45fcf92766feafd7f3e2e3d42d22f6f84a90e7e688232f799d80cd2cc152ddd21ecfb137701ecafcb2b65abe2e4e6f4":"0fa9588536fca71bb44260f7":"":"ef562e301fcf923ff1a1acd3aff9b1c963058228655fe8a66cab01396547dbd2aa1f79a22eefc62944b86d1a31ebe2d17130175b8c003d6755b0eb8b79895b0f7f8046c5ae888a067ba17bc8e11a8f6e5023a9cd42f6461966c28e505b371c0f72a2606bff430a58016e99713d25ce11f10391fb4a922e27989422c6a64f9107":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3f93901fd7cc88db3ba76a158d658c7b":"7e98de461e6d96c0ce6c8d8b3854cf49":"":"16402fded879fcbfe9405902aa63ca2a520889e0045f687455469b7bb867829a01208b8dc5dcc852d8ee478993c30e6d9ec6408773b367821310a0ae171d38d71e06981ff6e845acffbc794142b87c748e12484c0636419d79be3d798cde59e9dae0a4a4a4346596427e6b235ad52e6a1b02d6f4df0c7de35fc390cae36aef14":"86c9a70e4bab304ae46e6542":"":"1b4c09569b42c469b3ab6b39312c214502ec09f5fe2fed1d1933d13cdc6a7b77a5d135123fa69d9207d6844b0357b26b7a2f53b33a5cd218dacda87b78b09cf259e48e74076812c432e2d0833fb269721f9347c96e158500f9b2283342a35c8de0a022edce711118d72d8fbaa354bfb0ffee465844ef2d37e24ec2cea8556648":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"42289f3d3cd5838e250ef54b128e60d1":"e557389a216ad724aafdab0180e1892e":"":"3edae1d554b67d2036f5fdbdb2945cc112f100adc1b47009c2e23f6a2eaee78d1f39ce8a98f715853cc29fc793fb6981ec3036834188dea7d668185ccc8642071b15de1332f6a59c8a9b4399733eb4b3d8f224af57ba6b4a8e64494bb6630b9d28e7ec3349064350febcef6a3ad1d6cca1b1da74f3d2921c2b28a2dd399c3416":"6f78bc809f31393e":"":"25c476659cc7b343a69088baf868a811ba37daca85c4093105bf98235a90aeca015ab034da008af0982f9b2e80df804c186a9b2e97f74cffd70ebb7771d874fcaf12f6d01c44a8b0ec2898cf4493cf09a16a88a65cd77909bbf0430c9603869bd5f20d56cb51d8a3f0a032fc30d925c96599d296b1ec41c2912bda426adea4fb":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d772eabb7f19475665ca2a7e693bcfc":"0747cbb486a013453fde1ca6abb11dbe":"":"e9fc4d86f5b857fa6057b73f967351e06f87288c40a95b9e378c84f1a4c0f4b80ed0a0b44ff90a8973be4199c0c4006fc4f5ea19d5f1fe8b9c8c01f4675ab85afab0592bb3daba36bb4fc7ed9eea867e9d8cc50c19fb62a5a57956e9efacebac5e9f849649d35a329bd68de97bb6e5ff7bef477a86765c2c9ec15e24cbba5c6e":"8e761ffaea68f967":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fb7fd753ee6eaaf283a42a121dab4e43":"8164929fb54485377ecccc9b9621af5e":"":"fd5cecb2c0287cb8229e97d9cc4b9885f428710528884ce663ed1728cd44cb2df93e56ef17ace0678d1e341366c652f4ba7ee45797d39be4a05c1151e5cde499e13e5d45549b5d95a174d03616d06ef96e9d7b2b6bb0d79a726b253dd64223a5f09611671b234ccf9b383952f8888814b2c167e774cfbf54e9c6b99a753f4fa9":"40a2fa7f4370afb2":"":"6208d068be60f7b04b80fc611062e6caaef9a5cf59f850d174b7446c78c039ea9aefe4885e19c2b33911d32ce1fe3c48ddffa4b03e450fd35da03f40c4e7c5bb3b1c3f3049dbfad3ac81ca1b79cafbaa172f4900e3829d38edea3b64000f93924a801259bc4b2523445c64bc23bfee190b952468507fa4baf6dc2bec66fcf0d8":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"30d757fd73a0fd5fa49159ad0653296d":"b35b8df0aebd0608517f2830e0e70cd0":"":"17d485b258f80d8924e35291118cfdcffd86c47851b65f0b06a7c1f5202de82f3f460fc61b1aa38fdba7c8ded375c92cf005afe63e59d362c0960044af39241b81ca24e85c5faa43903229355b7313fee21b992ef3931d9d2407b32b3cf72dd7acbc7948395eb513cb2fd428b215ba2bd1e29c62f45d0ce231884f62480c6d8f":"954c0e99":"":"022618d2598f79104e918a09c937a82b3db59243b5e13de731fcb912e4366105797ce47f6dce7f08073f2f41e5c15fd6b1ec4b5861469a4880c3b0bd769b78c696ff29c28c9349d5a46a6e5ad9211bd4b708a8c0b6928ebbb0dac1c0a5f5ce6b05de6a50073128566a23f09cc1b826aa5803f9f750aa4debf59f24ae9f98c9b5":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d9d3cfd5900de5d5e2109e7721cfeef6":"b4b9dfb013de6f7c44779e5a9daaf5e5":"":"e4243cc37cc32dfcedf9bb76890e706af6ab1e06b290b8ccfe2a55e5dabe68cb390f7636dc9676b431d4dc8ad3f6d989e510194294ab7ab0556789046743cf374d8b6462f5f95a17f3f44337d6c69ee47b0e1ad7e5ce6f9b224c54099a104e70d2d06af869b921ea47febe08f90c591ed49c1f12003afceabd2c7bba458a0111":"2b81e8ce":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"68dc138f19354d73eaa1cf0e79231d74":"e7147749560f491420a2d893c075bb76":"":"ce345567a76bc30d8b4fd2239788221cfa75e1a310aeeeb8c355f8eea57d80967f3047fbd4e6173fac5caeb22151fa607065953c4c35e0537b9e3788cc80de9eedf2a340698bde99a6a1bdc81265319da3e52f7a53883b7f21749237fcfd3cd4f149bb2be7a4ddd9ef0544cfe0789040d1dc951b6447304942f03ab0beae8866":"70a83f6f":"":"64b021612c78b3e192e8349d48b77d02927e7fd70c7160d37cb8ef472f6bcd9df9d93431627c1c80875e208724ae05f94fdd2e005e9707b78a1bf3bbca7beec4b03ddd4d9de6235ffd6d84a8b9a1842e104c1e22df4566f6c4d3d4e3d96a56b9b8a5cdce9da70aa236109b289266036f285564060b204dfd7ac915eea0dd0b1e":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"7362c86344e0aefb0cf0d04768f9c05d":"7e8d12c2f0dcf4f792247134234ac94b":"86d2b5debc3b10495da353d6821f6cad380776d805bd8660b08dcdb1acd87026e4f344b547a4db47b5f44cded314bec4ce9a417ce40a2acd5a21460c42dfcd27483abf3f38dd8cc5fa523b6768a26513df5896435baa97781cff1966e2e3d6ec6d0a9cdc013de5a50e4d46831667055bad04f784024a82f9cd087ae4cd37dd64":"8baffc7836004deb87c0111d47c182512bf861874021ddfcd559acf2c4a51cf5bc4bfdee2d039b9c005b6af95a2607643dcf4d9cd9d62412f709334556db22fc91d7b40438505d6806ccb2f2c21ae731bc1f1c825d28a71ab27095a39985e96ccd07cfb2e75243ccafd474494a2338c324ef533ca5f17d2ac1b1883140342ced":"9594da428fd8c1b13ecb23afa2c1af2e":"":"e2c424f42aedd56f0e17a39d43ad19c8e2731efc7a25f077aef51d55280b10e667e338bd981b82a975ef62bf53bc52496b6995d33c90c7ae14767c126826e3f32bd23f444ddcfd7a0dd323b0ae2c22defad04ce63892b45c176bd0b86f5fa057a3dc371359744cb80bbfb4a195755136a0ea90b4044a45bc1b069f3cb3695c04":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"58748bb204ccb7bdafdbf739b6c19a3e":"93ac298c73c88e127a4d9dd81bf24e3d":"8f168fc4d1da13bdbefae3f9d6ac1d8cb19fcec1f43f727951af0a466d8826649a46c3cb50c045ea83849fce0eedbc042a1a435e6d9d59017997a2d5459b940078b8a7f3b6b0ff279ff8c560248296a17240ff1b0643d1f436b6e3f2079363fc49fb45f410debbdde083b92057916368cb807d603cb82e2c0dc01658bff7f1ab":"b72902c9ebb72a86be539b19a52fd9af00aa4de081d90c0d8ad580ebb5900177a036f40a1e9b43e3a07d715466526d6d7544e5a5551805b62463f956cd519fc99182c2d54bd62fc7ffc6e5ebf1503859b706da11a1b6c707a67a70789dbfc10ef726bd360f9f2347326e068e757c8443ddc9308a171e682359ae1bfe87194ab5":"efba4589d4a03555766bbc3b421dd60f":"":"d5c97a659f016904ff76286f810e8e92da6f8db2c63d8a42e617760780637e32105503440cdf04d1fe67813312f1479fda8d746c8b0b080591eba83850382f600e9d8680516c6579669f0b3d0a30323510f9de1c92512790b8347751994d022156cae64da0808a649d163a0e99e869fdf224b7c1a6a8fbc613d5917eca8ee08c":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6cc13cbd62428bb8658dd3954fe9181f":"86740da7ce4efbed70af55e1d6c10fdf":"be561ac15e3cfda624b422af97c26719c140bb50e4a993d636efe9c7f1963fb9047a0762169b571a698ff310bc417e34d4039b7562a95af710ccc1b197964a376c986fd2ed8ac4b0c7b4e843c37a41366f2f483c821a1823f317416c7e4f32eed9b9dc2ae1a2f3ed32c4b3187358a2329aa42191b7c2fe87b6e27ff20303cb29":"2c9ec982d1cfb644ddbc53c0759b10493206d5186affc6882fbb2ba3aa430f9bae1209db2d78dcc125f3c909a54dd84fdff96c71e678216a58390ef4308bdd90f94f7109c4edefa76a74fda64b201b7a435bbabc27298f3eaa4c2d1393bd584f811fff52638f6ad2f6d86a8c3c9c030d9d4264c8c079592a36178d25991cff09":"76b990a1e010e5f088f6ae90bec40b32":"":"0b9a5f5d2e6852b75b9cf26c1b310b2200e56dafcf3c941478862cdf9737ac8e2cb9b38d41bd4a1872ea1b4cfd51a1a0b9b743aca439eefa10de8459a0a7a221c5429b3dee393f17031ca6c399df8e05657c3db55be9c9dd29e690042a4ed8db732efce7c58d6b20a2a0f7c79e42e5ada43b87ab00f481c20cac1b35514dcdc9":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"286d3f5080cfe88538571188fbeb2dd5":"da6140bd4dc6456ddab19069e86efb35":"5d350a04562a605e9082ebd8faec6c27e561425849e7f0f05f5049859c2c1bd2c4682ebf9773fab6177d2601fd5a086cefc3adef5a2f8f6b5dc9e649e98dd0a3d1a2524419f01305bd0fcfff52d84a20d1b14dea2138dcc54eea2bf263c6fe27c3e7255f1f359d0d00fb1b350d7a04965af30027632520197e85eb41de6bb286":"55135928997711360622eda1820c815aa22115204b1e9bb567e231ac6ea2594b4d652627b6816bdc6c40a4411fd6b12fab9a1f169d81c476dbf77151bff13f98ca0d1dc0a68ea681652be089fadbc66c604284eebfc8ce4cf10f4ca6bda0e0f6634023db6e3f0f1de626c3249a28a642ecc9ec5ff401e941fa8a3c691566c0ae":"d90d34094d740214dd3de685010ce3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"726ae113a096769b657f973ea6d2d5dd":"2f9900226c97585d200dd20a279c154a":"761663c3fcbf1db12bc25546b2425b8229b3153e75f79fa63958819caee3febff74603d99264b5a82ef5980439bef89301ae3206a1d01a3bbd7a6c99d27d1e934cc725daeb483f826c2c9d788fd1f67a627864cf8b5f94df777bb59ef90cb6781a2000e6f0baa4f1ea4754b47bb7cbd2699f83634e4d8ab16b325b2c49f13499":"90636012ba8c51d16f8f6df3d3bcabc3f09aeffbe2a762f62e677913188045b861b2e7d9a7bd93dcee46e9e4832e497a6f79db52b4e45c8dab20fa568ff9c4ace55be3216f514a3284768a25d86b1c7da5377622f3e90ed4c7bd4571715af4d0a2ab5181d0475f699202e4406bb9cfdbd4fa7f22d0dd744d36b3223134658496":"d095bfb8990d4fd64752ee24f3de1e":"":"9f7759c6d24fd9aa0df02a7c0cc5f17e61622c63195f85dfafa5d820d3ad218c7288ec017821100f1fade10f9bb447a4a01e3698b045548c7619a08f2304e2818a9bf55e70b40f8b994b7dcf0cb243848cf3f6fdfec3ebbb147d01df84a3ec62cd8fa5d78ad9f2f28cd288a35eb49a5172339e9872e8e7e3350b0d69f59acd07":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"73a9eeda721c6f292e6b399e2647f8a6":"c1e80eb723960049cc4448b66433f1cf":"fb2a0b1f817404e74aee0a6ec8f2cd86f0c9114ed367b2690c44ad80f9d3377d7fd5066beaf1daa739d27ed3fba98379188016b1fe901204a174f9ffca370c181aece5e5d40939a0d460913b40b895e78a3b80ddf3d613c05e4e27bfd161ea2ef42271a2679f2cdca5b728ffb2319781c946a4f3ecacf486b754b30bb04ea60b":"215fc7e52abe4c751ca2f7f9a5cbde9ab8b44b8d4054bb62dcea6df5b936145ca6ec83a2b78b070638fd6e5ea3bad5d0caf1b8f755f391c3e0962a92337e3eba575585eb83680075fc818860388c587746af78d5fc75ccd0a63f1612abb1ba0f04a2228ca27fbddba4878f9b2683683f516b6d6fe4f6622e603bd3c5ad45e332":"e08161262234d0d5be22f09e5646bf":"":"b5e286183f16dd9403bec6786bd4836cc6add47947ef111fb1d5503c18c333c8fe60959502f58390d0e0f69fbe5fee13c72aed65fe6e32f6ea45877fe44f8a556aa5157b112e572197c1c350b7943c6cf2e9146018599524d27599f09c86027f2c5927e4a20c63833870e8369baa36ecc07cdb3ced520b5ae46869ff357ca089":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"90dbda7397d8fc46215a1218a6ffd0d8":"7be477d14df5dc15877ae537b62e1a56":"7358ddf1310a58871a2f76705f1cf64223c015c4d1574104d2e38783bb866205042f05c86e76c47a2516ce284911f1d2cbee079982dd77167e328b8324eec47c9244cc5668cf908c679bb586d4dd32c6c99ed99a6b571cf18b00689463e7a88cea6ea32d288301a10a9139ed6092ffe298e25b8cfb6b4be8217f16076dcd0a90":"4f82a1eca6c9184240f50f7e0cfec07ec772cad5276d93043c462d8364addd9a652eed385ccc6b0faa6ca679ab3a4c3d0be6a759425fd38316ee6a1b1b0c52c1bb3b57a9bd7c8a3be95c82f37800c2e3b42dde031851937398811f8f8dc2a15bfd2d6be99a572d56f536e62bc5b041d3944da666081cd755ec347f464214bf33":"776d871944159c51b2f5ec1980a6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0c85174d428fc1c7c89ca5d1b8aaba25":"b3c9dfa4c55388a128fbf62aa5927361":"3f552d45b61cf05ae2aa92668e89f3338a15ec7c5b7113b6571cfcd9e4c4a962043ccd9323f828dd645e8a91b007ce2112b7f978ad22ee9821698a4f2559d987ae4421452ad2e8d180953297156426d4540aff2104d8637b56b034a3a1823cf962bffbc465fe6148097975a8821ca7487e6e6c7ff4ee4de899fe67345676bb1c":"3735cbfb8000260021d1938d2a18e7737f378ecddb11a46ce387bf04e20bbfcc902457637fd152ab87017185601f32a7f906057123b6c2da31a1069c93e3cacc59a359aebd3e31b302e1a1f7d5d8f1b2917a8fe79181fa633b925ce03a1198dac48f4c959076b55bc6b3d50188af2c6aa33d83698aa8db22649f39825ba54775":"1e7dec83830183d56f443a16471d":"":"3d98cabca4afb7c1f6b8eeed521f4666ae252ac12d17ebf4a710b9a22d839b69458387ba4bbec2f6400e0cff80fbe4682c24efcd3b8c594d9b515ca7842c9d5988c42b59b6526c29a99256451e2927f5b956ef262f97c733dfa8bff73644473b9a8562bdfca748f4733ddce94a60024dfbfcde62fb3cbd7c3d955012d5338b91":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d89f06eb07744d43d44734faf9751d07":"185f8d033713ee629e93561cf8d5acb8":"743bcb671d0aa1c547b5448d64d7c6b290777625ba28f25ca0fbf1fc66495a2fde0648a8db51039b0e7340d993aef8afb48269e660cb599837d1e46f72727762d887ee84c073d6136d1b0bc7d4c78f5673a4a6b73375937e8d54a47304845f38ca6b4f51cf14136a0826016535dc5ed003e38c3ac362b9d58ba8b555a05a1412":"36cc3b2f563305208a03378f7dc036119f7de3fee77cefac06515853d36609a622382ed026c59783fbc0d9910767874c516e10c7bf3e3d104f73b3463c8d93a63418c76cb0d05e62e9c8642cb4f32caced2620912cb6c79e5110a27d5fba1ef3b4d0578077858526c5e4254365f2b2ab47a45df4af08980b3b7a9b66dff5b38c":"fcad48076eb03ebe85c6d64f6357":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6150f14dc53f391e815acfabed9f9e20":"7e92dd558bd2662c3a539dfe21a352cf":"9b4624e9118e6aa5dc65b69856638f77fd3f9f562046f50ba92a64e988258637932af7979f000505b84a71ff5dd7b60bad62586b1a8837a61c15a1a1ba7f06668272c28169915d7f06297b6c2a96c8c44203a422bfd25500c82e11274ffe07706365bfd3da34af4c4dd8ad7b620de7284a5af729bea9c4ed2631bdcba2ebdb7d":"fd8f337017e1b60d6618e6e4ad37c1f230cdeb78891579c2c63d4e6a4f7d2cb7252e99de333c73db45958808c08e91359c885a7385ab6f9ed98a27927a5b83c3a456ce2e01869712675e527155ba1e339ac14a3ccd7a4b87360902f2b8381308fe5a4eac5c90d0b84da4bf5b907de6ff3139cffd23b49a78750006100183032a":"922a7b48ad5bf61e6d70751cfe":"":"f272a3ee9b981f97785cc6fad350e516d72d402dae0d8a531c064ec64598b2a5760f9b279c10aa1ff71bec07300ab0373187138e7a103fc4130105afa6b6346f3d368b40d6f542375de97878ad4d976d64c5c4968a17be2b1757a17c03100231c34721250cd37cc596678764083ade89ae3b1a2151ff9151edcd7ba0eb8a4649":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3e8216072ed6fcde0fe0f636b27ed718":"23a122cf363c3117b8c663388c760ee4":"28ce0b4a44fa83323e060f3ff6436b8829d4f842090296bdc952b6d4a6b1b1a66be06168c63c4643e6ac186f7ffd8d144f603b2d4bc0d65be48121676f9fa1f359029c512bebfd75075ff357bc55f20fc76d9f2477c9930f16408f9f09c5ae86efa2529d2f1449ceeb635b83ca13662860ef9ac04a3d8ab4605eccd2d9ae5a71":"3b50f2a8dca9f70178503d861d9e37f5edfafc80ee023bfed390a477372986e4794175ec22ac038c3461aba50c9b2379cab48512946efdfe2cb9c12a858b373a5309324f410e6a05e88ba892759dbee6e486dc9665f66cb5950ea7e71317fa94abbebd67a3948746a998173fbbb4f14f9effbdf66d3b6e346053496a4b1934ce":"531a65cc5dfeca671cc64078d1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1af434b73a1210b08595ffa686079832":"ae318f3cb881d1680f6afbf6713a9a2f":"3763c9241be0d9d9a9e46e64b12e107d16cca267ff87844c2325af910cc9a485c7015d95bbe62398864d079fb2b577ba0cfad923c24fa30691ad7d767d651eed4a33d0be8f06fed43f58b2e0bb04959f10b9e8e73bd80d3a6a8c8ce637bfbdb9d02c2b0a3dd8317c4997822031a35d34b3b61819b425c10c64e839b29874ddfb":"13f6c1c2d4edcf1438a7b4e85bcd1c84a989831a64d205e7854fce8817ddfceab67d10506ccf6ed9ce50080ef809e28e46cba7b0c96be6a811f59cd09cb3b7b3fe5073ee6763f40aee61e3e65356093f97deef5a8721d995e71db27a51f60a50e34ac3348852c445188cfc64337455f317f87535d465c6f96006f4079396eba3":"2ae7350dd3d1909a73f8d64255":"":"3cd2a770300ce4c85740666640936a0fe48888788702fc37e7a8296adb40b862ec799f257a16821adaa7315bd31e8dec60e4a8faeb8ba2ee606340f0219a6440e9c1d3168425e58fac02e8a88865f30649913d988353ab81f42a5ad43f960055f0877acda20f493208c2c40754fbf4ccee040975aa358ea3fe62cbd028c1611a":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"04036d2f5273c6ff5b8364aa595359c9":"edc433c381140dff929d9df9f62f4cb6":"404acfeeea342aeea8c8b7449af9e20ddf5b85dc7770d2144a4dd05959613d04d0cfece5a21cbb1a9175ddc9443ffacd2085332eb4c337a12a7bb294c95960e7c0bde4b8ab30a91e50267bbd0b8d2a4ed381409ea2e4c84f9a2070a793ce3c90ea8a4b140651b452674f85d5b76d0055df115608bf3a3c60996108023ebabe65":"acf79b6099490af938fb5fd8913255b3daa22786b03356cdf3e0ffaf570f9f866047b8e15c9953f893d97e7098265297396868ebc383be8547e8ec9d974b6a65b5dc5147cdadef2e2ad96696e84e44f364c2ba18c8aabe21f99489957b2b5484bf3fb4fecaf5ddaa1d373e910059c978918a3d01b955de2adb475914bf2c2067":"71f818f1a2b789fabbda8ec1":"":"4729cb642304de928b9dca32bb3d7b7836dd3973bbccf3f013c8ff4b59eca56f5d34d1b8f030a7b581b2f8fdc1e22b76a4cbc10095559876736d318d6c96c5c64cbd9fbd1d8eb4df38a2d56640d67d490d03acc1cd32d3f377eb1907bbd600f21d740b578080ba9c6ddc7dc6c50cdcee41fec51499cb944713c0961fc64f5a70":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"59fe44c6e28d025b2ad05e6e867051ab":"eb0c30320029433f66d29b3fd5c6563b":"49b7418b87374b462d25309b1c06e3132a3c8f4a4fcf29fed58e0902509426be712639db21c076df7b83dcfcc2c2c8fcc88576f4622a4366eb42f84ebf760e3eb22b14f8b5ff83f06a6f04a924eaab05b912e126e80da22461abf7f1925fd72ebdf2aea335a044726e7c2ebbb2b8aeebab4f7de5e186b50f275b700794d895d8":"20e66bae1215de9a87a0b878d39015d17e0d4542a1aaba2000cefbd5f892c26a410f55f0d7dc2f6b66690f2997032985e5516e068bfc6ec8a3669f566e280b0cefded519023b735ee3bcbfc5b6ce8203b727933a750f9bd515ec448c1f3a030aa0f40e607727a3239ebbe655d46b38a3d867e481ccf0fadbf0d59b665d2ed6b5":"296c4cdaeb94beb2847dc53d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c314264cee0e6db30ebe9b2f6d4991b2":"4cd4431bb6dea8eb18ae74e4c35a6698":"0eeafbfd04f9a0ea18e5bdc688c7df27183f346187e9574b61222006f2b3e12e8d9d9bf1f0f15949ee1a7ee8e5c80ee903b8ba2860e15ccb999929f280200b159c2adca481748d0632a7b40601c45055f8cb5126148e6cbab2c76f543537ab54eb276188343cea3c4ab0d7b65b8754e55cfe3f6a5c41b6ea3c08b81fcecc968a":"d436ff9abfb044a332c4e009b591719a67b12a5366da0a66edf19605c34daa37588e15dd3da0d1a097215e469439de79cca74e04cd4904e5b4a6cb4e0ea54e6ba4e624ed6bd48be32d1ef68ffea1639a14e91a5914c2346ea526df95cbd4ad1b8ee842da210b35b6315c3075ecc267d51643c4b39202d0ad793cbb0045ebdc19":"fda18d2f795d900f057fe872":"":"cb9e0fb0ac13ca730b79e34745584b362d0716c344e4de90d8352b21117471ba12c97f193150b33774baee5e4a0f11b10428eaf0106c958e16aa46c5f6f3d99eed93d1b9ba3957bed05a8b9cc8c5511cf813a66dc7d773cb735b0523d8d6b0b80639b031ddc375f714c6dd50055320cd7ed44a471c8d5645c938a9005d0b5050":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"26072018bd0bda524b5beb66a622c63e":"c783d6d3b8392160e3b68038b43cf1f4":"8ae7c809a9dc40a6732a7384e3c64abb359c1b09dcb752e5a6b584873e3890230c6fc572b9ad24d849766f849c73f060fc48f664c1af9e6707e223691b77e170966ed164e0cc25ede3fbc3541c480f75b71e7be88fe730d8b361ea2733c6f37e6a59621de6004e020894b51dfb525973d641efe8d5fd9077a0bbc9dc7933a5de":"91c524b359dae3bc49117eebfa610672af1e7754054607317d4c417e7b1a68453f72d355468f825aeb7fde044b20049aed196ec6646cce1eeeccf06cb394286272b573220cdb846613ebc4683442dccc7a19ec86ef1ec971c115726584ae1f4008f94e47d1290d8b6b7a932cfe07165fd2b94e8f96d15f73bf72939c73f4bd11":"edffe55c60235556":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"201751d3da98bd39ff4e5990a56cfea7":"6172468634bf4e5dda96f67d433062d7":"ae2d770f40706e1eaa36e087b0093ec11ed58afbde4695794745e7523be0a1e4e54daade393f68ba770956d1cfb267b083431851d713249ffe4b61227f1784769ce8c9127f54271526d54181513aca69dc013b2dfb4a5277f4798b1ff674bca79b3dec4a7a27fcf2905ae0ce03f727c315662cd906e57aa557d1023cce2acd84":"2965af0bde3565a00e61cebbfe0b51b5b5ee98dbbfff7b1b5bf61da5ba537e6f4cf5fa07d2b20e518232c4961e6bc3ae247b797429da5d7eee2fc675b07066ac2e670261c6e9a91d920c7076101d86d5ef422b58e74bdc1e0b1d58298d3ee0f510ee3a3f63a3bbc24a55be556e465c20525dd100e33815c2a128ac89574884c1":"66c247e5ad4e1d6a":"":"efd064d4b4ef4c37b48ddf2fa6f5facc5e9cc4c3255b23a1e3765fabb5a339fa0eda754a5381b72989fc1323ff9a6bbaecd904eb4835e5a511b922927574673061ed8de23299ea1456054e7ebb62869878c34fb95e48c8385b5ebceecb962654cf1586b3f54e7887ce31850363e9a22be9e6fbc22e694db81aa055490495dbf2":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3bc0dcb5261a641a08e6cb00d23e4deb":"16fa19f69fceed9e97173207158755a5":"92ddd3b98f08fc8538f6106f6434a1efa0a7441cc7f6fd0841103c2e4dd181ea0c9a4811b3cb1bad1986a44d8addabc02dd6980daf7d60405b38dadc836bb1d0620ceab84e0134aca7c30f9f9490436b27acfd7052f9d7f0379b8e7116571017add46b9976f4b41431d47bae6f5f34dc42410793bc26c84bfe84fb53ae138c85":"d533ad89a1a578db330c01b4e04d08238b020e36aebe87cf2b0bf0b01f1ce4197be8b0596e475a95946918152e8b334ba89f60486c31f0bd8773ca4ff1319fe92197088b131e728d64405441c4fb5466641f0b8682e6cb371f8a8936140b16677f6def8b3dd9cbf47a73f553f1dca4320ad76f387e92f910f9434543f0df0626":"f5289e1204ace3b2":"":"be0c30deeffbe51706247928132002b24d29272eee6b9d618483868e67280236632fa1ae06f3ef793f67bd01b1b01f70a827367c1cd28f778910457c7cbd977dfefff1f84a522247e19b2fd01fa22ce67cef9503d45c80a5084741f04108f2462b7cdd06a8f1f044fea2b05e920bcc061fbc6910175d732f45102a63c76ae48c":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"239c15492d6deec979e79236baca4635":"916b8b5417578fa83d2e9e9b8e2e7f6b":"b39eb732bc296c555cc9f00cf4caaf37d012329f344a6b74a873baf0d8dde9631f5e57b45b957d6aec0f7978e573dd78b43d459b77756037cd64d10d49966eb3a2a08d0f4d5e4f5dcb8713f4e4756acdf9925c5fc6120c477f6dffc59b0b47a3d5efd32b8c9052b321bb9b5129e5c6a095d8de563601b34608456f58d7221f2d":"d64886ce5f5b4adb7fe8f95904bc1461749c931655b02819ffdd0ae31bad4175125aa68962f8e36ec834a7d53a191a74c937e81ec93ad9ce0d3b286d3c11ff1733c0b7780130768c120b1833933561cf07399ca49b912370ae34f0e49b9c8cb9920eddc6816ab2ae261c6d7f70058a9b83a494026f249e58c4c613eefafe6974":"fc08cbbe":"":"95c169721ea007c3f292e4ec7562a426d9baa7d374fd82e1e48d1eaca93d891d5ffa9acf5e3bd82e713ac627141e26a8b654920baffab948401cc3c390d6eea9d7b78c4fcb080b0aa9222e4d51bf201ccfd9328995831435e065d92ad37ee41c7c4366cc1efe15c07fc0470608866aeea96997772ecf926934c5d02efe05f250":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"db68a96e216b0dd9945f14b878487e03":"8a1a72e7bb740ec37ea4619c3007f8ae":"1b4f37190a59a4fff41d348798d1829031204fd7ac2a1be7b5ea385567e95e2ace25bf9e324488dd3ab8ce7f29d4c9a4f4b1a8a97f774871ee825e2c17700128d3c55908d3b684a1f550fdb8b38149ff759c21debdd54e49d64d3e8aac803dfd81600464ed484749bb993f89d4224b3d7d55c756b454466ff9fd609019ed5e83":"5634196a32d4cbfa7a2f874a1e0f86287d2942090e0cc6a82bd5caf40136a27ddf524a17713ce4af04ca6cb640a7205cce4ac9cb2d0ab380d533e1e968089ea5740c0fcbfa51f2424008e0b89dc7b3396b224cfaed53b3ac0604879983d3e6e6d36053de4866f52976890f72b8f4b9505e4ebdd04c0497048c3ce19336133ea4":"9251d3e3":"":"0c6bb3ee5de5cbb4b39d85d509bcacb3dda63fa50897936531339882962e8dc54c285c8944768d12096d4a3c2b42ffa92603cee2da9b435ec52908fca6d38ed74f898fe0ffa761f96038ff7dfeccc65bb841c3457b8de1e97d9bee82e2911602ee2dc555b33a227424dea86d610d37c447776295b412b412903ad2cede5170b6":1
AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"659b9e729d12f68b73fdc2f7260ab114":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"8e5a6a79":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"806766a4d2b6507cc4113bc0e46eebe120eacd948c24dc7f":"4f801c772395c4519ec830980c8ca5a4":"":"":"8fa16452b132bebc6aa521e92cb3b0ea":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0c2abdcd2e4ae4137509761a38e6ca436b99c21b141f28f5":"335ca01a07081fea4e605eb5f23a778e":"":"":"d7f475dfcb92a75bc8521c12bb2e8b86":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"eef490a0c2ecb32472e1654184340cc7433c34da981c062d":"d9172c3344d37ff93d2dcb2170ea5d01":"":"":"017fef05260a496654896d4703db3888":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fe0c3490f1f0dba23cf5c64e6e1740d06f85e0afec6772f3":"f47e915163fa3df7f6c15b9d69f53907":"":"":"14e1a057a2e7ffbd2208e9c25dbba1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4356b3b1f308df3573509945afe5268984f9d953f01096de":"a35b397b34a14a8e24d05a37be4d1822":"":"":"e045ecba220d22c80826b77a21b013":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e2898937cc575c8bb7444413884deafe8eaf326be8849e42":"169a449ccb3eb29805b15304d603b132":"":"":"3a807251f3d6242849a69972b14f6d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"75683c7df0442e10b5368fcd6bb481f0bff8d95aae90487e":"538641f7d1cc5c68715971cee607da73":"":"":"07d68fffe417adc3397706d73b95":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0724ee1f317997ce77bb659446fcb5a557490f40597341c7":"0d8eb78032d83c676820b2ef5ccc2cc8":"":"":"7da181563b26c7aefeb29e71cc69":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"be2f0f4ae4ab851b258ec5602628df261b6a69e309ff9043":"646a91d83ae72b9b9e9fce64135cbf73":"":"":"169e717e2bae42e3eb61d0a1a29b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"583c328daecd18c2ac5c83a0c263de194a4c73aa4700fe76":"55e10d5e9b438b02505d30f211b16fea":"":"":"95c0a4ea9e80f91a4acce500f7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b40857e7e6f26050f1e9a6cbe05e15a0ba07c2055634ad47":"e25ef162a4295d7d24de75a673172346":"":"":"89ea4d1f34edb716b322ea7f6f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"627008956e31fea497fb120b438a2a043c23b1b38dc6bc10":"08ea464baac54469b0498419d83820e6":"":"":"ab064a8d380fe2cda38e61f9e1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8c386d67d7c2bfd46b8571d8685b35741e87a3ed4a46c9db":"766996fb67ace9e6a22d7f802455d4ef":"":"":"9a641be173dc3557ea015372":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"711bc5aa6b94fa3287fad0167ac1a9ef5e8e01c16a79e95a":"75cdb8b83017f3dc5ac8733016ab47c7":"":"":"81e3a5580234d8e0b2204bc3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c74620828402e0bdf3f7a5353668505dc1550a31debce59a":"cfbefe265583ab3a2285e8080141ba48":"":"":"355a43bcebbe7f72b6cd27ea":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1eb53aa548b41bfdc85c657ebdebdae0c7e525a6432bc012":"37ffc64d4b2d9c82dd17d1ad3076d82b":"":"":"34b8e037084b3f2d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"50d077575f6db91024a8e564db83324539e9b7add7bb98e4":"118d0283294d4084127cce4b0cd5b5fa":"":"":"507a361d8ac59882":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d9ddca0807305025d61919ed7893d7d5c5a3c9f012f4842f":"b78d518b6c41a9e031a00b10fb178327":"":"":"f401d546c8b739ff":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6ed8d8afde4dc3872cbc274d7c47b719205518496dd7951d":"14eb280288740d464e3b8f296c642daa":"":"":"39e64d7a":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"80aace5ab74f261bc09ac6f66898f69e7f348f805d52404d":"f54bf4aac8fb631c8b6ff5e96465fae6":"":"":"1ec1c1a1":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"23b76efd0dbc8d501885ab7d43a7dacde91edd9cde1e1048":"75532d15e582e6c477b411e727d4171e":"":"":"76a0e017":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"94c50453dd3ef7f7ea763ae13fa34debb9c1198abbf32326":"1afe962bc46e36099165552ddb329ac6":"b2920dd9b0325a87e8edda8db560bfe287e44df79cf61edba3b2c95e34629638ecb86584f05a303603065e63323523f6ccc5b605679d1722cde5561f89d268d5f8db8e6bdffda4839c4a04982e8314da78e89f8f8ad9c0fee86332906bf78d2f20afcaabdc282008c6d09df2bfe9be2c9027bb49268b8be8936be39fa8b1ae03":"":"51e1f19a7dea5cfe9b9ca9d09096c3e7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c6a98102af3d875bcdebe594661d3a6b376970c02b11d019":"bea8cd85a28a2c05bf7406b8eef1efcc":"f2f80e2c042092cc7240b598ab30fad055bce85408aa0f8cefaf8a7204f0e2acb87c78f46a5867b1f1c19461cbf5ed5d2ca21c96a63fb1f42f10f394952e63520795c56df77d6a04cb5ad006ee865a47dc2349a814a630b3d4c4e0fd149f51e8fa846656ea569fd29a1ebafc061446eb80ec182f833f1f6d9083545abf52fa4c":"":"04b80f25ae9d07f5fd8220263ac3f2f7":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ec3cc45a22fdc7cc79ed658d9e9dbc138dcc7d6e795cba1a":"b10d9c70205e142704f9d1f74caee0f6":"714994017c169c574aaff2f8bad15f8fa6a385117f5405f74846eca873ca4a8f4876adf704f2fcaff2dfa75c17afefd08a4707292debc6d9fafda6244ca509bc52b0c6b70f09b14c0d7c667583c091d4064e241ba1f82dd43dc3ea4b8922be65faf5583f6b21ff5b22d3632eb4a426675648250e4b3e37c688d6129b954ef6a8":"":"d22407fd3ae1921d1b380461d2e60210":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5a32ebc7a2338038ced36d2b85cbc6c45cca9845a7c5aa99":"9afe0882e418c9af205eeb90e131d212":"61ff8a8bc22803f17e8e9f01aff865bc7d3083ff413ce392a989e46ebed5114894de906f7d36439024d8f2e69cc815ac043fff2f75169f6c9aa9761ff32d10a1353213ac756cb84bd3613f8261ef390e1d00c3a8fb82764b0cda4e0049219e87d2e92c38f78ffac242391f838a248f608bb2b56b31bbb453d1098e99d079ea1b":"":"fcbb932ddb0128df78a71971c52838":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bf22885e7f13bcc63bb0a2ca90c20e5c86001f05edf85d8":"99dec21f4781284722b5074ea567c171":"9f4176dacf26e27aa0e669cd4d44bca41f83468c70b54c745a601408a214bf876941ae2ae4d26929113f5de2e7d15a7bb656541292137bf2129fdc31f06f070e3cfaf0a7b30d93d8d3c76a981d75cd0ffa0bcacb34597d5be1a055c35eefeddc07ee098603e48ad88eb7a2ec19c1aefc5c7be9a237797397aa27590d5261f67a":"":"18fd1feec5e3bbf0985312dd6100d1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cfd75a9d3788d965895553ab5fb7a8ff0aa383b7594850a6":"a6df69e5f77f4d99d5318c45c87451b2":"041aeb2fa0f7df027cd7709a992e041179d499f5dbccd389035bf7e514a38b5f8368379d2d7b5015d4fa6fadfd7c75abd2d855f5ea4220315fad2c2d435d910253bf76f252a21c57fe74f7247dac32f4276d793d30d48dd61d0e14a4b7f07a56c94d3799d04324dfb2b27a22a5077e280422d4f014f253d138e74c9ac3428a7b":"":"fd78b9956e4e4522605db410f97e84":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b0b21ae138485591c6bef7b3d5a0aa0e9762c30a50e4bba2":"56dc980e1cba1bc2e3b4a0733d7897ca":"a38458e5cc71f22f6f5880dc018c5777c0e6c8a1301e7d0300c02c976423c2b65f522db4a90401035346d855c892cbf27092c81b969e99cb2b6198e450a95c547bb0145652c9720aaf72a975e4cb5124b483a42f84b5cd022367802c5f167a7dfc885c1f983bb4525a88c8257df3067b6d36d2dbf6323df80c3eaeffc2d176a5":"":"b11f5c0e8cb6fea1a170c9342437":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8775665aba345b1c3e626128b5afa3d0da8f4d36b8cf1ca6":"cd17f761670e1f104f8ea4fb0cec7166":"2ee08a51ceaca1dbbb3ee09b72f57427fd34bd95da5b4c0933cbb0fc2f7270cffd3476aa05deeb892a7e6a8a3407e61f8631d1a00e47d46efb918393ee5099df7d65c12ab8c9640bfcb3a6cce00c3243d0b3f316f0822cfeae05ee67b419393cc81846b60c42aeb5c53f0ede1280dc36aa8ef59addd10668dd61557ce760c544":"":"6cdf60e62c91a6a944fa80da1854":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cc9922299b47725952f06272168b728218d2443028d81597":"9b2f1a40717afcdbb6a95d6e335c9e4d":"bcfca8420bc7b9df0290d8c1bcf4e3e66d3a4be1c947af82dd541336e44e2c4fa7c6b456980b174948de30b694232b03f8eb990f849b5f57762886b449671e4f0b5e7a173f12910393bdf5c162163584c774ad3bba39794767a4cc45f4a582d307503960454631cdf551e528a863f2e014b1fca4955a78bd545dec831e4d71c7":"":"dd515e5a8b41ecc441443a749b31":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5a27d718f21c5cbdc52a745b931bc77bd1afa8b1231f8815":"59661051912fba45023aef4e6f9380a5":"2b7ce5cea81300ed23501493310f1316581ef8a50e37eaadd4bb5f527add6deb09e7dcc67652e44ac889b48726d8c0ae80e2b3a89dd34232eb1da32f7f4fcd5bf8e920d286db8604f23ab06eab3e6f99beb55fe3725107e9d67a491cdada1580717bbf64c28799c9ab67922da9194747f32fd84197070a86838d1c9ebae379b7":"":"f33e8f42b58f45a0456f83a13e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b83e933cf54ac58f8c7e5ed18e4ed2213059158ed9cb2c30":"8710af55dd79da45a4b24f6e972bc60a":"b7a428bc68696cee06f2f8b43f63b47914e29f04a4a40c0eec6193a9a24bbe012d68bea5573382dd579beeb0565b0e0334cce6724997138b198fce8325f07069d6890ac4c052e127aa6e70a6248e6536d1d3c6ac60d8cd14d9a45200f6540305f882df5fca2cac48278f94fe502b5abe2992fa2719b0ce98b7ef1b5582e0151c":"":"380128ad7f35be87a17c9590fa":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d2f85f92092385f15da43a086cff64c7448b4ee5a83ed72e":"9026dfd09e4553cd51c4c13ce70830de":"3c8de64c14df73c1b470a9d8aa693af96e487d548d03a92ce59c0baec8576129945c722586a66f03deb5029cbda029fb22d355952c3dadfdede20b63f4221f27c8e5d710e2b335c2d9a9b7ca899597a03c41ee6508e40a6d74814441ac3acb64a20f48a61e8a18f4bbcbd3e7e59bb3cd2be405afd6ac80d47ce6496c4b9b294c":"":"e9e5beea7d39c9250347a2a33d":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"de7df44ce007c99f7baad6a6955195f14e60999ed9818707":"4d209e414965fe99636c1c6493bba3a3":"da3bc6bdd414a1e07e00981cf9199371192a1fb2eaae20f7091e5fe5368e26d61b981f7f1d29f1a9085ad2789d101155a980de98d961c093941502268adb70537ad9783e6c7d5157c939f59b8ad474c3d7fc1fcc91165cdf8dd9d6ec70d6400086d564b68ebead0d03ebd3aa66ded555692b8de0baf43bc0ddef42e3a9eb34ab":"":"24483a57c20826a709b7d10a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1dfa5ff20046c775b5e768c2bd9775066ae766345b7befc3":"2d49409b869b8b9fc5b67767979ca8cd":"e35d34478b228bc903ea2423697e603cc077967d7cfb062e95bc11d89fbe0a1f1d4569f89b2a7047300c1f5131d91564ec9bce014d18ba605a1c1e4e15e3e5c18413b8b59cbb25ab8f088885225de1235c16c7d9a8d06a23cb0b38fd1d5c6c19617fe08fd6bf01c965ed593149a1c6295435e98463e4f03a511d1a7e82c11f01":"":"23012503febbf26dc2d872dc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2df3ee3a6484c48fdd0d37bab443228c7d873c984529dfb4":"dc6aeb41415c115d66443fbd7acdfc8f":"eafc6007fafb461d3b151bdff459e56dd09b7b48b93ea730c85e5424f762b4a9080de44497a7c56dd7855628ffc61c7b4faeb7d6f413d464fe5ec6401f3028427ae3e62db3ff39cd0f5333a664d3505ff42caa8899b96a92ec01934d4b59556feb9055e8dfb81f55e60135345bfce3e4199bfcdb3ce42523e7d24be2a04cdb67":"":"e8e80bf6e5c4a55e7964f455":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce0787f65e6c24a1c444c35dcd38195197530aa20f1f6f3b":"55300431b1eaac0375681d7821e1eb7a":"84a699a34a1e597061ef95e8ec3c21b592e9236ddb98c68d7e05f1e709937b48ec34a4b88d99708d133a2cc33f5cf6819d5e7b82888e49faa5d54147d36c9e486630aa68fef88d55537119db1d57df0402f56e219f7ece7b4bb5f996dbe1c664a75174c880a00b0f2a56e35d17b69c550921961505afabf4bfd66cf04dc596d1":"":"74264163131d16ac":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3a15541b5857a668dc9899b2e198d2416e83bac13282ca46":"89bf8ab0cea6f59616eeb9b314d7c333":"4d2843f34f9ea13a1ac521479457005178bcf8b2ebeaeb09097ea4471da9f6cc60a532bcda1c18cab822af541de3b87de606999e994ace3951f58a02de0d6620c9ae04549326da449a3e90364a17b90b6b17debc0f454bb0e7e98aef56a1caccf8c91614d1616db30fc8223dbcd8e77bf55d8253efe034fd66f7191e0303c52f":"":"8f4877806daff10e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b61cdfd19c136ee2acbe09b7993a4683a713427518f8e559":"4066118061c904ed1e866d4f31d11234":"153c075ecdd184fd8a0fca25cae8f720201361ef84f3c638b148ca32c51d091a0e394236d0b51c1d2ee601914120c56dfea1289af470dbc9ef462ec5f974e455e6a83e215a2c8e27c0c5b5b45b662b7f58635a29866e8f76ab41ee628c12a24ab4d5f7954665c3e4a3a346739f20393fc5700ec79d2e3c2722c3fb3c77305337":"":"4eff7227b42f9a7d":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce175a7df7e429fcc233540e6b8524323e91f40f592ba144":"c34484b4857b93e309df8e1a0e1ec9a3":"ce8d8775f047b543a6cc0d9ef9bc0db5ac5d610dc3ff6e12e0ad7cd3a399ebb762331e3c1101a189b3433a7ff4cd880a0639d2581b71e398dd982f55a11bf0f4e6ee95bacd897e8ec34649e1c256ee6ccecb33e36c76927cc5124bc2962713ad44cbd435ae3c1143796d3037fa1d659e5dad7ebf3c8cbdb5b619113d7ce8c483":"":"ff355f10":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5f659ed236ba60494e9bf1ee2cb40edcf3f25a2bac2e5bc5":"ad49f12f202320255406c2f40e55b034":"6da62892f436dfe9790e72d26f4858ca156d1d655c9cc4336fcf282b0f3f0b201e47f799c3019109af89ef5fd48a4811980930e82cd95f86b1995d977c847bbb06ecdcc98b1aae100b23c9c2f0dcf317a1fb36f14e90e396e6c0c594bcc0dc5f3ebf86ce7ecd4b06d1c43202734d53f55751a6e6bbda982104102af240def4eb":"":"cb4d8c1d":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a73f318b1e298ba4ac0ab2aed74f73543b1017cccbd1b240":"abe33b7e8d88bd30deb96d1e90c4e951":"6de616b000047b14b6759015183dd753c61499c0e665d06a89e4fb0cd0dd3064ff8651582e901ef5d0cdf3344c29c70c3aabc2aaf83cb3f284c6fe4104906d389b027e7d9ca60d010f06ef8cd9e55db2483d06552ddbe3fc43b24c55085cd998eae3edec36673445bf626e933c15b6af08ea21cbace4720b0b68fe1a374877d5":"":"4a28ec97":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"73d5be74615bc5b627eedfb95746fb5f17cbf25b500a597f":"eb16ed8de81efde2915a901f557fba95":"":"fc40993eb8559e6b127315c03103ce31b70fc0e07a766d9eecf2e4e8d973faa4afd3053c9ebef0282c9e3d2289d21b6c339748273fa1edf6d6ef5c8f1e1e9301b250297092d9ac4f4843125ea7299d5370f7f49c258eac2a58cc9df14c162604ba0801728994dc82cb625981130c3ca8cdb3391658d4e034691e62ece0a6e407":"804056dca9f102c4a13a930c81d77eca":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a249135c9f2f5a8b1af66442a4d4e101771a918ef8acee05":"80b6e48fe4a3b08d40c1636b25dfd2c4":"":"c62b39b937edbdc9b644321d5d284e62eaa4154010c7a3208c1ef4706fba90223da04b2f686a28b975eff17386598ba77e212855692f384782c1f3c00be011e466e145f6f8b65c458e41409e01a019b290773992e19334ffaca544e28fc9044a5e86bcd2fa5ad2e76f2be3f014d8c387456a8fcfded3ae4d1194d0e3e53a2031":"951c1c89b6d95661630d739dd9120a73":"":"b865f8dd64a6f51a500bcfc8cadbc9e9f5d54d2d27d815ecfe3d5731e1b230c587b46958c6187e41b52ff187a14d26aa41c5f9909a3b77859429232e5bd6c6dc22cf5590402476d033a32682e8ab8dc7ed0b089c5ab20ab9a8c5d6a3be9ea7aa56c9d3ab08de4a4a019abb447db448062f16a533d416951a8ff6f13ed5608f77":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fa832a4b37dcb3c0879a771bb8ae734f0d88b9be497797a8":"70835abab9f945c84ef4e97cdcf2a694":"":"0f1105f9ec24121232b60b6ef3c3e8ca9eec1a3d7625004b857d1d77f292b6ec065d92f5bb97e0dc2fdfdf823a5db275109a9472690caea04730e4bd732c33548718e9f7658bbf3e30b8d07790cd540c5754486ed8e4d6920cefaeb1c182c4d67ebed0d205ba0bd9441a599d55e45094b380f3478bcfca9646a0d7aa18d08e52":"a459be0b349f6e8392c2a86edd8a9da5":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"dda216287910d1f5c0a312f63c243612388bc510cb76c5ba":"7f770140df5b8678bc9c4b962b8c9034":"":"d6617d583344d4fe472099d2a688297857215a3e31b47d1bf355ccfe9cf2398a3eba362c670c88f8c7162903275dfd4761d095900bd97eba72200d4045d72bd239bda156829c36b38b1ff5e4230125e5695f623e129829721e889da235bb7d4b9da07cce8c3ceb96964fd2f9dd1ff0997e1a3e253a688ceb1bfec76a7c567266":"9823e3242b3f890c6a456f1837e039":"":"b4910277224025f58a5d0f37385b03fcd488dfef7580eb5c270c10bd7a6f6d9c7ddc2d1368d68d4e04f90e3df029ed028432a09f710be1610b2a75bd05f31bae83920573929573affd0eb03c63e0cec7a027deab792f43ee6307fd3c5078d43d5b1407ac023824d41c9437d66eeec172488f28d700aa4b54931aad7cd458456f":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c5afa1e61d4594b1c2fa637f64f18dd557e4df3255b47f24":"151fd3ba32f5bde72adce6291bcf63ea":"":"5c772cdf19571cd51d71fc166d33a0b892fbca4eae36ab0ac94e6164d51acb2d4e60d4f3a19c3757a93960e7fd90b9a6cdf98bdf259b370ed6c7ef8cb96dba7e3a875e6e7fe6abc76aabad30c8743b3e47c8de5d604c748eeb16806c2e75180a96af7741904eca61769d39e943eb4c4c25f2afd68e9472043de2bb03e9edae20":"f0626cc07f2ed1a7570386a4110fc1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"febd4ff0fedd9f16bccb62380d59cd41b8eff1834347d8fa":"743699d3759781e82a3d21c7cd7991c8":"":"dc971c8f65ece2ea4130afd4db38fc657c085ea19c76fef50f5bd0f8dd364cc22471c2fa36be8cde78529f58a78888e9de10961760a01af005e42fc5b03e6f64962e6b18eaedea979d33d1b06e2038b1aad8993e5b20cae6cc93f3f7cf2ad658fbba633d74f21a2003dded5f5dda3b46ed7424845c11bab439fbb987f0be09f8":"1da347f9b6341049e63140395ad445":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d280d079110c1c826cc77f490d807dd8d508eb579a160c49":"85b241d516b94759c9ef975f557bccea":"":"a286d19610a990d64f3accd329fc005d468465a98cfa2f3606c6d0fbeb9732879bad3ca8094322a334a43155baed02d8e13a2fbf259d80066c6f418a1a74b23e0f6238f505b2b3dc906ffcb4910ce6c878b595bb4e5f8f3e2ede912b38dbafdf4659a93b056a1a67cb0ec1dbf00d93223f3b20b3f64a157105c5445b61628abf":"bbf289df539f78c3a912b141da3a":"":"b9286ab91645c20de040a805020fed53c612d493a8ce9c71649ae16bd50eab6fb7f3a9180e1651d5413aa542608d7ecbf9fc7378c0bef4d439bc35434b6cf803976b8783aecc83a91e95cea72c2a26a883b710252e0c2a6baa115739a0692c85f6d34ff06234fbdc79b8c4a8ea0a7056fb48c18f73aaf5084868abb0dfaa287d":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5e80f87fa2156c62df7be2ad16c4890de5ee5868a684fcf9":"9769f71c76b5b6c60462a845d2c123ad":"":"c829073efd5c5150d2b7e2cdaeff979830d1aa983c747724ade6472c647a6e8e5033046e0359ea62fc26b4c95bccb3ac416fdf54e95815c35bf86d3fdd7856abbb618fe8fcd35a9295114926a0c9df92317d44ba1885a0c67c10b9ba24b8b2f3a464308c5578932247bf9c79d939aa3576376d2d6b4f14a378ab775531fe8abf":"394b6c631a69be3ed8c90770f3d4":"":"f886bd92ca9d73a52e626b0c63a3daa138faaacf7809086d04f5c0c899362aa22e25d8659653b59c3103668461d9785bb425c6c1026ad9c924271cec9f27a9b341f708ca86f1d82a77aae88b25da9061b78b97276f3216720352629bd1a27ebf890da6f42d8c63d68342a93c382442d49dd4b62219504785cee89dffdc36f868":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d8a7b99e53f5e5b197364d4516cace4b928de50e571315e3":"4b12c6701534098e23e1b4659f684d6f":"":"d0db0ac5e14bf03729125f3137d4854b4d8ce2d264f8646da17402bdad7034c0d84d7a80f107eb202aeadbfdf063904ae9793c6ae91ee8bcc0fc0674d8111f6aea6607633f92e4be3cfbb64418101db8b0a9225c83e60ffcf7a7f71f77149a13f8c5227cd92855241e11ee363062a893a76ac282fb47b523b306cd8235cd81c2":"729b31c65d8699c93d741caac8e3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c874b427b7181b0c90b887147c36f242827149324fd5c945":"4b8dda046a5b7c46abeeca2f2f9bcaf8":"":"bdd90190d587a564af022f06c8bd1a68735b6f18f04113fdcec24c6027aaf0271b183336fb713d247a173d9e095dae6e9badb0ab069712302875406f14320151fd43b90a3d6f35cc856636b1a6f98afc797cb5259567e2e9b7ce62d7b3370b5ee852722faf740edf815b3af460cdd7de90ca6ab6cd173844216c064b16ea3696":"fe1e427bcb15ce026413a0da87":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"56543cd6e2ebb1e3dc136a826bfc37eddb12f7a26430a1b4":"927ce8a596ed28c85d9cb8e688a829e6":"":"d541dd3acec2da042e6ea26fb90ff9a3861191926423b6dc99c5110b3bf150b362017159d0b85ffea397106a0d8299ec22791cb06103cd44036eed0d6d9f953724fb003068b3c3d97da129c28d97f09e6300cbea06ba66f410ca61c3311ce334c55f077c37acb3b7129c481748f79c958bc3bbeb2d3ff445ad361ed4bbc79f0a":"3a98f471112a8a646460e8efd0":"":"a602d61e7a35cbe0e463119bb66fd4bb6c75d1fe0b211b9d6a0a6e9e84b0794282318f0d33ec053f2cfba1623e865681affeaf29f3da3113995e87d51a5ab4872bb05b5be8ef2b14dfc3df5a48cbc9b10853a708ee4886a7390e8e4d286740a0dd41c025c8d72eda3f73f3cec5c33d5e50b643afd7691213cccccc2c41b9bd7a":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"caaf81cd380f3af7885ef0d6196a1688c9372c5850dc5b0b":"508c55f1726896f5b9f0a7024fe2fad0":"":"6f269929b92c6281e00672eaec183f187b2ddecc11c9045319521d245b595ab154dd50f045a660c4d53ae07d1b7a7fd6b21da10976eb5ffcddda08c1e9075a3b4d785faa003b4dd243f379e0654740b466704d9173bc43292ae0e279a903a955ce33b299bf2842b3461f7c9a2bd311f3e87254b5413d372ec543d6efa237b95a":"3b8026268caf599ee677ecfd70":"":"c4a96fb08d7c2eebd17046172b98569bc2441929fc0d6876aa1f389b80c05e2ede74dc6f8c3896a2ccf518e1b375ee75e4967f7cca21fa81ee176f8fb8753381ce03b2df873897131adc62a0cbebf718c8e0bb8eeed3104535f17a9c706d178d95a1b232e9dac31f2d1bdb3a1b098f3056f0e3d18be36bd746675779c0f80a10":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2fc9d9ac8469cfc718add2b03a4d8c8dcc2eeca08e5ff7bc":"b2a7c0d52fc60bacc3d1a94f33087095":"":"bc84d8a962a9cfd179d242788473d980d177abd0af9edccb14c6dc41535439a1768978158eeed99466574ea820dbedea68c819ffd9f9915ca8392c2e03049d7198baeca1d3491fe2345e64c1012aff03985b86c831ad516d4f5eb538109fff25383c7b0fa6b940ae19b0987d8c3e4a37ccbbd2034633c1eb0df1e9ddf3a8239e":"0a7a36ec128d0deb60869893":"":"fc3cd6486dfe944f7cb035787573a554f4fe010c15bd08d6b09f73066f6f272ff84474f3845337b6e429c947d419c511c2945ffb181492c5465940cef85077e8a6a272a07e310a2f3808f11be03d96162913c613d9c3f25c3893c2bd2a58a619a9757fd16cc20c1308f2140557330379f07dbfd8979b26b075977805f1885acc":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"81ff729efa4a9aa2eccc37c5f846235b53d3b93c79c709c8":"1bd17f04d1dc2e447b41665952ad9031":"":"3992ad29eeb97d17bd5c0f04d8589903ee23ccb2b1adc2992a48a2eb62c2644c0df53b4afe4ace60dc5ec249c0c083473ebac3323539a575c14fa74c8381d1ac90cb501240f96d1779b287f7d8ba8775281d453aae37c803185f2711d21f5c00eb45cad37587ed196d1633f1eb0b33abef337447d03ec09c0e3f7fd32e8c69f0":"01b0a815dc6da3e32851e1fb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"068500e8d4f8d4af9035cdaa8e005a648352e8f28bdafc8a":"5ea9198b860679759357befdbb106b62":"":"98e32428d9d21c4b60e690a2ce1cf70bee90df31302d1819b7d27fd577dd990f7ffe6ba5ef117caac718cc1880b4ca98f72db281c9609e189307302dc2866f20be3a545a565521368a6881e2642cba63b3cf4c8b5e5a8eabeb3e8b004618b8f77667c111e5402c5d7c66afd297c575ce5092e898d5831031d225cee668c186a1":"d58752f66b2cb9bb2bc388eb":"":"2ef3a17fcdb154f60d5e80263b7301a8526d2de451ea49adb441aa2541986b868dab24027178f48759dbe874ae7aa7b27fb19461c6678a0ba84bbcd8567ba2412a55179e15e7c1a1392730ac392b59c51d48f8366d45b933880095800e1f36ff1ac00753f6363b0e854f494552f1f2efe028d969e6b1a8080149dd853aa6751e":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7474d9b07739001b25baf6867254994e06e54c578508232f":"3ade6c92fe2dc575c136e3fbbba5c484":"":"1cbab2b6e4274caa80987072914f667b887198f7aaf4574608b91b5274f5afc3eb05a457554ff5d346d460f92c068bc626fd301d0bb15cb3726504b3d88ecd46a15077728ddc2b698a2e8c5ea5885fc534ac227b8f103d193f1977badf4f853a0931398da01f8019a9b1ff271b3a783ff0fae6f54db425af6e3a345ba7512cbf":"67c25240b8e39b63":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d50d4c7d442d8a92d0489a96e897d50dda6fbe47ca7713ee":"41b37c04ab8a80f5a8d9d82a3a444772":"":"b36b4caf1d47b0d10652824bd57b603ec1c16f4720ce7d43edde8af1b9737f61b68b882566e04da50136f27d9af4c4c57fff4c8465c8a85f0aeadc17e02709cc9ba818d9a272709e5fb65dd5612a5c5d700da399b3668a00041a51c23de616ea3f72093d85ecbfd9dd0b5d02b541fb605dcffe81e9f45a5c0c191cc0b92ac56d":"4ee54d280829e6ef":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"38f3ec3ec775dac76ae484d5b6ca61c695c7beafba4606ca":"9af53cf6891a749ab286f5c34238088a":"":"49726b8cefc842a02f2d7bef099871f38257cc8ea096c9ac50baced6d940acb4e8baf932bec379a973a2c3a3bc49f60f7e9eef45eafdd15bda1dd1557f068e81226af503934eb96564d14c03f0f351974c8a54fb104fb07417fe79272e4b0c0072b9f89b770326562e4e1b14cad784a2cd1b4ae1dc43623ec451a1cae55f6f84":"6f6f344dd43b0d20":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6db4ef061513ef6690d57aef50d8011e0dd7eb4432d82374":"623df5a0922d1e8c883debb2e0e5e0b1":"":"b7f9206995bc97311855ee832e2b40c41ab2d1a40d9263683c95b14dcc51c74d2de7b6198f9d4766c659e7619fe2693a5b188fac464ccbd5e632c5fd248cedba4028a92de12ed91415077e94cfe7a60f117052dea8916dfe0a51d92c1c03927e93012dbacd29bbbc50ce537a8173348ca904ac86df55940e9394c2895a9fe563":"14f690d7":"":"a6414daa9be693e7ebb32480a783c54292e57feef4abbb3636bebbc3074bfc608ad55896fe9bd5ab875e52a43f715b98f52c07fc9fa6194ea0cd8ed78404f251639069c5a313ccfc6b94fb1657153ff48f16f6e22b3c4a0b7f88e188c90176447fe27fa7ddc2bac3d2b7edecad5f7605093ac4280b38ae6a4c040d2d4d491b42":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8901bec4d3c64071d8c30c720c093221e05efed71da280bf":"9265abe966cb83838d7fd9302938f49d":"":"7c447e700db7367260dffa42050e612eff062eb0c8a6b4fe34858800bcb8ec2f622cb5213767b5771433783e9b0fa617c9ffb7fde09845dafc16dfc0df61215c0ca1191eabf43293db6603d5285859de7ef3329f5e71201586fb0188f0840ed5b877043ca06039768c77ff8687c5cfc2fd013a0b8da48344c568fce6b39e2b19":"6f6c38bc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2c57eb763f886154d3846cc333fc8ae8b3c7c9c3705f9872":"9b3781165e7ff113ecd1d83d1df2366d":"":"9fe7d210221773ba4a163850bab290ba9b7bf5e825760ac940c290a1b40cd6dd5b9fb6385ae1a79d35ee7b355b34275857d5b847bef4ac7a58f6f0e9de68687807009f5dc26244935d7bcafc7aed18316ce6c375192d2a7bf0bee8a632fe4f412440292e39339b94b28281622842f88048be4640486f2b21a119658c294ce32e":"62f32d4e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"307d31a594e54f673bea2f977835670aca4f3d45c9c376cc":"0bdaa353c4904d32432926f27534c73c":"aa39f04559ccc2cae3d563dda831fb238b2582cb2c2bb28cff20cc20200724c8771b9805ef7464b8fc06c7b8060c6920fd2779fbc807c2292c8c1f88f8088755609a1732ff8c0b06606452b970c79997b985889404fd907c4668a0bcc11ba617175f4525523494a244da60b238468c863055f04db20ea489adf545d56c0a71d8":"d7385a7bd0cb76e1e242fa547c474370bcc7cc7cf3e3fa37b00fe08a56383ca31d023d8c493f6d42e482b0f32e4f244dd100ea08eee6535e5bb8d27f76dbb7eead6ba8e031ccd0eaeb649edee92aeaf0f027d59efd4e39b1f34b15ceb8b592ee0f171b1773b308c0e747790b0e6ace90fc661caa5f942bdc197067f28fbe87d1":"2ddda790aae2ca427f5fb032c29673e6":"":"0b92262759897f4bd5624a891187eba6040d79322a2a5a60fb75c6c6a5badd117abe40c6d963931bbc72dca1a1bf1f5388030fe323b3b24bd408334b95908177fb59af57c5cc6b31825bc7097eec7fec19f9cdb41c0264fd22f71893bcf881c1510feb8057e64880f1ea2df8dc60bb300fd06b0a582f7be534e522caadc4a2c7":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"23c201968def551817f20e49b09dbb5aae0033305bef68a0":"bd2952d215aed5e915d863e7f7696b3e":"23f35fac583897519b94998084ad6d77666e13595109e874625bc6ccc6d0c7816a62d64b02e670fa664e3bb52c276b1bafbeb44e5f9cc3ae028daf1d787344482f31fce5d2800020732b381a8b11c6837f428204b7ed2f4c4810067f2d4da99987b66e6525fc6b9217a8f6933f1681b7cfa857e102f616a7c84adc2f676e3a8f":"77bc8af42d1b64ee39012df5fc33c554af32bfef6d9182804dcfe370dfc4b9d059bdbc55f6ba4eacb8e3a491d96a65360d790864ba60acf1a605f6b28a6591513ea3cfd768ff47aee242a8e9bdfac399b452231bfd59d81c9b91f8dc589ad751d8f9fdad01dd00631f0cb51cb0248332f24194b577e5571ceb5c037a6d0bcfe8":"bb9ba3a9ac7d63e67bd78d71dc3133b3":"":"17d93c921009c6b0b3ecf243d08b701422983f2dcaec9c8d7604a2d5565ed96ce5cddcb183cd5882f8d61d3202c9015d207fed16a4c1195ba712428c727601135315fc504e80c253c3a2e4a5593fc6c4a206edce1fd7104e8a888385bbb396d3cdf1eb2b2aa4d0c9e45451e99550d9cfa05aafe6e7b5319c73c33fd6f98db3c5":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6baec0669add30acb8f678ce477a2b171f89d1f41935c491":"b1472f92f552ca0d62496b8fa622c569":"5ae64edf11b4dbc7294d3d01bc9faf310dc08a92b28e664e0a7525f938d32ef033033f1de8931f39a58df0eabc8784423f0a6355efcff008cae62c1d8e5b7baefd360a5a2aa1b7068522faf8e437e6419be305ada05715bf21d73bd227531fea4bc31a6ce1662aec49f1961ee28e33ae00eb20013fd84b51cfe0d5adbdaff592":"5712b84c4c97d75f84edd50561bc1d3f1ba451cc3b358b2403b5e528290954348cf7a235b4dc11a72ddbc503191204e98a9744d85419508c8ca76438c13305f716f1e239a6d9f6423c27217a0057aa75f6d7e2fb356e7194f271459ab5482589ea311b33e3d3845952ff4067dd2b9bcc2e8f83630b0a219e904040abd643d839":"29a2d607b2d2d9c96d093000b401a94f":"":"beb687f062ae7f5159d07609dd58d7b81c478d180bc0b4c07ae799626ff1da2be2e0d78b2a2a1f563257f161491a5ac500cd719da6379e30d0f6d0a7a33203381e058f487fc60989923afbee76e703c03abc73bb01bd262ff6f0ac931f771e9b4f2980e7d8c0a9e939fa6e1094796894f2c78f453e4abe64cb285016435ef0e8":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7b882a2df81fdb9275fb05d120f32417e8ffedd07457e938":"5c064d3418b89388fb21c61d8c74d2c5":"5bfa7113d34e00f34713cf07c386d055e889bb42d7f6c8631ffce5668e98cb19bed8820b90ecb2b35df7134f975700347e5514287cfef7ffa2b0ff48b1de0769b03dca6610995d67cb80052cb2e5914eb4ed43ef5861f4b9364314fde6ad2b82fbba7fd849dfa6e46ecc12edc8cabfff28d9bd23c2bcc8ab3661c9ba4d5fee06":"0aae7213da279b34d6dcf2a691b2d0333112ea22de0c3c68d47cf9f9f4ed8ad4e03d4a60ec18c3a04ac9c2abb73e1023051029b5e8705bb69c4c50afc84deb0379db5077be1f663652f8bd8958271af2c1ac4a87e08cb526bab8a030652f2a29af8055d0f31e35475caee27f84c156ef8642e5bfef89192f5bde3c54279ffe06":"0943abb85adee47741540900cc833f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"51d94d21482c00bb5bc7e7e03aa017ba58f5a23494b72c2a":"fb21cd763e6f25540f8ad455deaccdf0":"019d1db5569eeff83306f65d653b01064854c1be8446cd2516336667c6557e7844fc349adea64a12dc19ac7e8e40b0520a48fac64571a93d669045607085ac9fa78fed99bbf644908d7763fe5f7f503947a9fe8661b7c6aef8da101acca0aed758ca1580eeb2f26ae3bf2de06ce8827a91a694179991a993cdf814efbcc61ca5":"3a9c69c1ed2340bfde1495658dbf4f54731a19b3922a1d535df8d0b2582f5e803b5891e8ad1aa256c923956dcda2430d0c0696bce63295fb61183e040566e459338f908d23ae51f64020c1ef3d192428f23312b285fc4111d50d1add58f4a49008a22c90d3365230e9158cd56f9d84f079bdd673555d4dc76c74b02fa9920e7d":"a93bd682b57e1d1bf4af97e93b8927":"":"7093f44703f2cbb3d12d9872b07a8cd44deb62dae48bc573b11a1ee1c9f3105223423fac3181c312a8a61757a432d92719f486c21e311b840aa63cf530710c873df27fecda0956075923f1ecc39bffb862706f48bde2de15612930fc8630d2036e9e4cfc1c69779171bd23d9e1d5de50a9e0a0de4bd82ed3efc45299980bb4cc":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e6756470937f5d9af76f2abe6df2d0bc15ff8e39b5154071":"4500193711a5d817a9f48deafda39772":"92fa22dba0eee6b1de1ddd24713b1be44c7105df90e6e7a54dcbf19025e560eb4986ee080cf613898a1a69d5ab460a3b8aa2723a95ac4a4af48224b011b55fb7582ae18f6746591eab2bd33d82a8dbbae3f7877e28afef9857a623530b31d8198b2df43f903d6e48ddae0848741f9eaae7b5504c67ad13791818f3c55c9b3d1e":"afae92bd56c426c095d76633701aa9bea5ce05490482c6c64ac24468c3e1af6e6030a6bb6649745b011c6729bde985b9242e22105322fbb8853dcabbd00165d0b07d7b499e0238b6513bf6351eb40635a798f7e6e2d31125dda45ffe8964596fdbff55df22d4e9025bd4f39e7c9b90e74b3ee58d6901f113900ee47a4df5afd7":"7d9f97c97c3424c79966f5b45af090":"":"62258d60f0138c0405df4b2ec1e308b374603a9eace45932fdc2999e9e2261de8b1099473d1fc741c46c334023aa5d9359f7ef966240aaf7e310d874b5956fd180fb1124cbeb91cf86020c78a1a0335f5f029bd34677dd2d5076482f3b3e85808f54998f4bac8b8fa968febceec3458fb882fc0530271f144fb3e2ab8c1a6289":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"30db73d46b518669c45b81bc67b93bed3d0864f7e9e8e789":"5069e2d2f82b36de8c2eb171f301135d":"ef781dce556b84188adee2b6e1d64dac2751dd8592abc6c72af7b998dfae40cbe692a4cae0b4aa2c95910e270600550fca1e83640c64efb1eb0e0a90a6fc475ae1db863a64ce9cc272f00abac8a63d48dd9f1c0a5f4586224befed05be4afae5bd92249833d565cc6b65fd8955cb8a7d7bd9f4b6a229e3881212871a52c15d1c":"750bc1d2f91d786bb1e621192a376f552538ba8c07d50d9e10b9345f31b3e5f9d8ad7c719c03d8548a3b184b741cd06c49d7fb6fe80258d60c01c2987c337c823211cee7c1cf82077266889bc7767475e0eeabb2ef6b5a1de2089aaef77565d40a1c2c470a880c911e77a186eacca173b25970574f05c0bdcd5428b39b52af7f":"a5100c5e9a16aedf0e1bd8604335":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"209f0478f1a62cb54c551181cbd4d24b796e95f3a06b6cb9":"7be1768f6ffb31599eb6def7d1daa41c":"9cb49357536ebe087e1475a5387907a9e51ad1550697f13c6cc04384ec8a67dea13376bdd5e26b815c84a78f921b506b9e2086de50f849185f05ba7c3041e49e42c0673df856da109a78b8e0ce918c25836f7e781e6b16168e4e5976d27ebc83f20b7bf4beadecb9b4f17a7a0d3a3db27fc65288a754b5031a2f5a1394801e6e":"66db7cc97b4a8266c0a2228e8028e38d8986e79fcbcc3caff3050fdd2de87b7ff7a6895b988b0bdb7fcc4d6e2d538dcfaad43ce2f98b6d32500f5a6e6183d84cb19157a699cdde1266d6d75a251ee1a2eb97bfe6405d50be2b17a58ba6eafaee0a023a28d568fd1c914f06041a49c79b9df9efe63d56883cbbbeaba809273d2e":"4d2ac05bfd4b59b15a6f70ea7cd0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1bfa30b315e7b908263330140fa2d66ed57104784a43cc70":"b7081a3010b524218390ba6dd460a1ec":"8c1f42b5931d69ae351fcde7d2b4136d4898a4fa8ba62d55cef721dadf19beaabf9d1900bdf2e58ee568b808684eecbf7aa3c890f65c54b967b94484be082193b2d8393007389abaa9debbb49d727a2ac16b4dab2c8f276840e9c65a47974d9b04f2e63adf38b6aad763f0d7cdb2c3d58691adde6e51e0a85093a4c4944f5bf2":"8eeee9865e23fa51dbbf197fa41776b7edbdb9381a22c935299cd959a46190788ae82f4e645b0362df89bfc00241964784bc7ef70f6f97e81687d52e552a33af20ae34a3005e0a7b85d094368d707c3c4cd3ef31c0daf3ccaa1676609ed199327f4139d0c120977e6babceed28896d2cb3129630f3ee135572dc39433057e26a":"4da85b8ec861dd8be54787bb83f1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fc47156a693e59a1dea0618c41441fe669fc65dcfb7d0726":"ea1935ed014883cc427983d7962d9992":"0d85b8513becfe8c91d0f6ffb65ec31f2cf406c51c0da88893c43d1327fd8ad1f4bab2d7b5e27438d643397034a72f8666bf641b6781bc90f764db387eae6720b5723d510194570ccd773e1b3bebfc333cc099d078583e8dac60d174d332925a24a45110c8d2abe8924ea677ac74db66ea789e2838efc96c78bceaa6236c0a67":"3e4f0a586bad532a08c8863ebba01fd25014baa907e6032ee43d4a7dfc7c3171916dcdf9faee0531f27527872ae4e127b6b9aaee93f5e74d0ab23f3874aa0e291564bc97f17085dd7d5eb9a85d9f44574e5952929eda08863b64c85dd395c91b01fe5bef66e3fa8f9ee5bf62c25d80dc84fbe002ecfd218430b26f3549f734a1":"8781b045a509c4239b9f44624e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b5fcd780a03ba80341081ef96b440c0e4348afde4d60c1d5":"ad20cce056e74ec5d0a76d6280998f15":"28f8fcf23b9c1ba40c19ffc1092632e35f234c1e8b82bcd5309d37bf849a2ce401413d1f242cf255ed597f9a93a1d6e50676997f95aa612e580d88234a86ddc404292746f0b2f5cf15abebcea6659f998ec6a1cb5a9914fee5aa1aa5d04b3c20914e45095e4141ce9c173653dd91c3ebe4ed4a9a28f3915d7b2edba34c2a58d8":"6316f3beb32f6f3bf8f2ff6a2c160b432bafd3036d3eefa1e4ec204f24892e37dc4d75c7ce9a24b5c49fb4df901f35ef9d5955f7dc289c56cb74753f4d6b2982267d5269d12237e21202a65061849c65e90e6702dda03a35ace3a3a098d16b4bfbb85b7232404baee37776a9b51af6b3059a5f170f4ebe4ecf11061ca3c1f1f3":"2ad4520ddc3b907414d934cc1d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4382507dddccf1385fc831da8924147563416d0656e168ec":"a37687c9cd4bdc1ead4e6b8f78bee7f5":"fa9ae30509cbb6fe104c21480ae7b8ec9f12f1afb17320d77b77cdf32ce8c5a3f7f927e501118c7ccd6975b79225059cef530a4fcb0a9719f5e2d3bebe7bb6ec0855e495a31e5075eb50aa6c1227e48b03e3fdf780084ac4912eb3a5674cca9dd6ac037366b230ae631a8580d2d117942dee5d5ddbbb2233afeca53289cc4f68":"e5c5430b960aa35dc8540215c2772d66811270859e33dd4477904759e7e5eb2986a52a4ccc9f592e614147b5ea2ead6636a15c6426336b2995d9a31ab36d76578c3540bc6693842a4bc0491c7963ee9cda2317951cf93244bd30bcdfec69a4767004636fe7d1be7300c35e80627bab9236a075a803e9e1080b9159060c643a78":"4221818d4be45306e205813789":"":"b5b36719bc4d13a5fbf37188ea814cdf3c97a430784330540325c899570e15482300bc82c5b8163074e0544c5132e3ce93bba68bd7a8d2db81d1431b424b697c1158c4d70625666d5ff99145ca34856815c905b5a0fd95806df56b9cd5b384bda3e394b409048eb1037144cc071539c02397e931da28a43cc354d584643afd4f":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7a66db3450dac9a1e63d2639f34c5c6a3fbfb3c8e8230199":"21f8341529b210ade7f2c6055e13007a":"1699bc8c198ab03e22d9bc4f3682aad335c6e35f3f616bb69769a9d5a202511797e770ae0d8d8528ef7b2bb25b4294d47427b43f0580fa71d93fdef667f4f4196f84e41c0b1978796d0de74a94420fb8571bff39137fa231c572b31be9ae72338288bef5f8c992121dc918538551f346e279a9047df14ec9fc0fd399cd3bd8d8":"6463a7eb2496379bc8a5635541525926a6f9fa718e338221952118ae4cf03a85f2074b4ebaf108b9c725809be1e6309c3a444b66f12286f6ea9d80c3413706b234b26372e8f00783819314a994c9e3ecf6abdd255cbfe01b3865e1390a35dcd2853a3d99ed992e82ec67ba245f088cb090adade74bdbc8a1bad0f06cbea766a6":"4af02b81b26104d1d31e295a":"":"53fe6a34d280f2c96d1ae2b2e8baf6abd67cedf7d214312f75dd4a1bec28a641dda3e71aa398726b2b0b1f515e1f4259ee97acaf17f122db9ec7814c2de6a88d36c3ac106396ad03d337c2cd2d2b9b4b7170e23a5848ca7ea129838f967dfdfe83b45ff2a9be699bfb2346115465d59f074f09e24d8fcbd9ece0018c92776c43":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1f5c818f24d201f9fb23fcca211b0545eee5c5c9b440810d":"3a163067bdd90fce0406d1c198a88771":"a5e94e233d04fe0c4b6c4684b386902fe05096702237dfbe76f73befa69b6f30394cf9fe3358997942df65842748fb4f075a3dc06e147bd8d67fc4371113a4d75c70219257c650a6f38a136659e20a1cf3a119397835c304e0fb2a33aa3c3019175c86463043d5edc6992874f61e81cd0d26af8b62cf8c8626901d4f16d84236":"9a7566817a06f792e96a6a2ba8e0a01f8837e2de06796e68b0782cc54ed0b04fc5e24a1ad37d5ffb035548b882d88150e89915b89f57cde2bf3c43ab9dae356927daef6bd61cc9edd5e1b7a4abea2f71313677f1b2fdf3d8d4a7e9814ea820fbc3e5c83947db961839a985a57ced7f5e4a1efffcfd17a2c806d4cdc1e79162da":"b124eea927e2a62a875494a1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9a301f7edf83da63bcf37216a3a33d7613331c3210281dd7":"d73a546b0fa307633ac89506fa86138b":"f57fe548cf4a551a216ffb24a1dcf1b79c95f9abf06443fd58af042d287c2165db373c82a94172db517840f22e45e966e3ead91ce1ddad132bcb844e406e84b76a0b5b0ee23064b66a229f32a2d3b9c71103f020c4ba57fc0f0608b7114914cf2ada0c5a9bc4afbfa9ce5da320f34beb2211d569a142f53bfd262f6d149c4350":"e09cc8543db7804870004706a26e94b457c125bd648b581a196f962f2ae8fa55d9bc66530ba5020e22d282080b4720dc9a2096a11c0fcc3d9a67cd1cf95cd7cd2417ba308c761e64be24347a14c9423447094a5c72a0043c288b35e753ba0aa748f208381249fb1c8d195a472192404b6c8172663ee4b4d4ecfa426e1fb003f2":"f536a3b8c333b1aa520d6440":"":"124a327a8c22b7652886dac2c84b8997ca8a6f61c9ba9c094b5aea41eaa050a6df6cbf280259e5466071bcfa53b4ebc76c3cc4afc8c0385189a5382933aa57c89aab78dca84331e0fe8f0aab3a7857d3e13f08dcd90ec5f0684f82088ef8eb7fd67e75de43b67afc3a0beb458f5ebd61b2c779e6c539d795c667bb7dcc2b762e":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fd40e8226fd13cb95ba50b7cdf0f07f7ab7037cf8705ca50":"3406e70cbe16b047fedaa537eb892279":"390b18d22d5ecc0b5a524ae9afac6fd948ac72d1360775a88b385aa862cce8a27f3e4b420e539bec6e8958f8c1b5416c313fa0a16f921149a2bfeae29ad2348949b29a73970e5be925ec0c35218b82a020cf21bb68c6931f86b29e01b85500a73f3ee7eb78da60078f42550da83b2e301d151d69b273a050f89e57dfc4787cbf":"75aa7df5c3c443d48ee998064b6fd112c20d2d90c98e00d025ef08d1ad3595385be99de47fa627549b827c48bc79eb1dcaf2f1be95a45f7e55755b952aee5ae0748e68bee1b014a628f3f7dc88e0ebac1d1d00e268355f5101838ce125c57003aebc02a1c9d6ae2cd6e2592f52c0be38cef21a680ae35c909cab99dce9837aef":"69e06c72ead69501":"":"6e8d661cd320b1b39f8494836fcf738b0ab82873d3903c9ee34d74f618aea36099926b54c1589225ec9a9d48ca53657f10d9289c31f199c37c48fb9cbe1cda1e790aaeedf73871f66a3761625cca3c4f642bc4f254868f6b903e80ceeeb015569ace23376567d3712ad16d1289dc504f15d9b2751b23e7722b9e6d8e0827859f":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a85ab87563b809b01725764d64ba4cc6a143e2e0362f0c52":"9f991ff16a3e3eb164a4f819c9f1821a":"df289511f78d8fa2505afc4c71ab1d7c31a8d15d1e5fcbb29d70f0e56f89c4d7b30f1b3b4745b5d2cc7af34fb4c95461372bf516ec192b400dc8fdb0ca9fe1f30f5320d0fadf20155cfcddcf09233c6f591c1c89917e38a003f56b94a1e2429d1f2b6297db790d7dce84d9fa13d2d86a0e4d100e154050b07178bee4cdf18126":"ef43629721b50bd3656b7ae31b6e4b4ba1cf2c72ed0460ee7d9fb416631ddc597e5f9aebbcf4442b95cc46e28476a464dd87caf9c1c1d6c99d3e3e059dc23f8d2fe155ff5e59c50d640bc052c62adee3aa1295b38732e3458f379e98a8dbdfed04c22a5761792e87fa67ecbcbf3b90eb1bcd1d3f49e60132452f28afece83e90":"dc4c97fe8cc53350":"":"ff0e531c7344f0425d62d5fbedf4bc8d3d5cc80647e67b852c1a58ad1516d376d954cb8dda739f6a4df3cf1507e59696610bcb6b34340d6313028e00d7197845d392e73331aaf168b474a67364d8f9dab740509fabf92af75045f0afabc1b5829264d138820952bbc484d1100d058a4de32b4ece82746b2b4a85fb2993d4add8":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f4f1e03abb927ffd0b081b9dce83a56a6dd419a6313ac34f":"d1e29bb51a3c4e871d15bb0cd86257e2":"ae2911cdaaad1194c5d7868b6d8f30287105df132eb0cecca14b6e23ec7ac39cc01da1c567a0219cca7b902cc2e825e30f9524a473eb6e1d4d1beff5ab4f29103b2c7522a33dd33182fa955c4f09a75196b1072a6f0340fc55a802d29c7067f05219c21857ebff89ada11f648c1f28dfbfdaab56028f05509de17e2381457ebc":"0e70421499bc4bcb3851afa34cdf5be374722815abdd9bcee5f332dbe890bdc1c0210ab10667e5bb924bf3c1120e25a0c074da620076f143940989e222086d1b34a1200d09aea1f810ef6de7d8520c65eef9539fde5a6422606c588fce6264e5f91f934ede6397c4b307d2d7e07a518fce577a427fa92923cbba637ae495afad":"44f760787f7bc3c0":"":"2199fa5051461b67581429ab19de2ccb50b8b02e12c0e1d81a8a14929f84e09d9715b7d198e77e632de4af1c08c5041276204a7ed76646385e288e96e1a4b0b0f2b1a9df7f0892beaea3cb58d9632720158f6daa4cbbfc0ebdc56ff6a5175768ff2abd24cb7669bc3fe40f8aba7869d2dd7dac86b6ebc4e4ce261edbec88db17":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"33efe20433c6a1ad261a1fed494961749e5bf9d35809b59d":"dc94673b0c49c6d3b4611e278212c748":"919f7397a6d03836423b7cac53177fcfbe457d4aa4348646f646aae1bc5a15568cdb8c96fabef278ace248aca531110a4f4f9e8ab0c32525ad816ae3facf03175232dc84addcd6065f9cc1f513966b63fd27e91a09f1921b95d6bd8f08f1dbce073bcf827847f774514b478b9d7fb5426847dd4dee6f39b5768c1fb729b32d03":"cfbeb61be50def25f513346498f75984bfe797a8ad56be34f2461e2d673f6ce14e7479a59777267b75dadc6b9522599ebe5d7b079495a58ca187ec47796f6ee8c322278ad7451b038c938928adcff6105a8ea3780aedc45b6a3323d3ae6fbce5da4fb59ca5ec0a16a70494c3c4859672348532505e44f915e0b9b8a296ef5225":"c5098340":"":"c5e47d8c60b04df1974b68a14095d9bc8429a413d21960b15bae4fd7356bf7872e0da0a1a385ca2982d3aa3182e63ea4bb8ca01410cd4e71ddad34aa1f12c1387902b3d56634f89c619a2e6756648ab3bf90e9bc945afc9140eb935b633bae96bb067e9ee421697bcf80b14b1b88dbf13e010b472a7ca5411db36848b9c7a37f":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3ed5dadefa0f6d14fedd1a3cdbab109f6660896a952ac5ab":"553a14f1e1619f9d7bd07cd823961f25":"eb8ea81d3e328a1113942cd5efd0f2b5e7f088791c8fc05690a34584101c4d493628ee7d0099a2865ac194b9124c3fb924de0c4428d0a1c26ea3ad9a0bc89187a16673e3b6f7e370dfb2dc26e8a56a9cf91f9c2088c020a766efe0d0c91689743a603f2cd1e300a6a84828b3b515a4b9a06e6bb20457bf124cd6ce4ac8b83d51":"aef617f69724e020309ec39d9587520efda68a8e303686c3a41ef700cba05b7c6e43e95aadb1a566f61650c87845835e789eb2366941e3bfef6d9846af0e0dbc43249117ad6f299bbc40669ac383cdf79289ada6ccd8ccfe329a0dc6a38eea1a99550457102d10f641cda50c21f533b1f981663f74a0a7c657c04d9fc6696ff4":"dc413c4c":"":"bc1f34991a48aabb0fea513f790f0d223e9feac4c99fa1e8427f01ab8b4b2827cfaf239342de36051a846af0306a3f82e7aed98dd0416fb078bc7f3b617b00ceb2cea4ddafc22dd022efa8303e9804510e0e888065d8427345156d823f796f74130c06db9f9934435552b4fefd051953e20ecba3a4514ac121d7d2097d597439":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6d97e8bff3923a778504fb917dbc1428a1328587047697d9":"0c28dc4cd53725091c2fb68a476c2e40":"f3932f5e82d75a1e3eba1591c17769e1a45819ccf057c31e76fa810b93678766d25905e859775c244e96bcafbc75c4a2d95e7d02868ccb2f65e49276f0b645ac8cf6e3758402304a3c25ce2de0a49f401b1acadaff8b57589b45cc79130ddc8387f41cc383e33ef38eec019152051c756198d6f782ccf56297b9fe944269a65a":"dc1a81efd51e967767f5bdd7e2e425732c1d28451f2bf5bdf3f5a6492279330594d360dd8a193e5dbde1be49bf143a35c38bcd059f762ada65c5119e097f0976891347f4d829b087bd72daa3494b344cbd3370c4459ca243bd57aeda4cb86cdd0bf274f07830cdbf5e5be4eb9b742ddffef8aa35626d2b9ea0a29d3c3d058b28":"e6d6df7a":"":"39327836e9d8cfb59397adcf045a85644c52c3563290795811f26350c8bce8f55ca779cbcd15479efd8144b8a39ef611153955c70bf3a7da9d4d944c2407a0d735784fcb68de1083eebf6940ebc9cf92f9f139c01404b503ff64e61126a94e881351473507884357040fd32714b872c254349071069644e2bd642905521b944e":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2c78e29971e90a01bb65973f81260b9344fa835751f5f142":"f1a23ce6e2bc9088a62c887abecd30ae":"":"":"d4d5c22f993c8c610145fcbe4e021687":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8c582d5b6a40ef0e4048ec20f0263572d7cc82704e380851":"ef221a1c66fda17906190b7c99ab60b8":"":"":"6327dcb46ffb3d0fd8fbf3d2848a8f01":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3a58abadd29e946e23ca9eb09af059913d5394971bda6a4f":"7c29b3196d44df78fa514a1967fcd3a6":"":"":"fc123944bbea6c5075a5f987aed9cf99":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"04bdde4c35c385783715d8a883640851b860ce0e8436ec19":"783f9a3c36b6d0c9fd57c15105316535":"":"":"23e21a803cac5237777014686564f2":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4ba5fba0c22fbe10c2d1690c5d99938522de9c5186721bac":"2acc2073089a34d4651eee39a262e8ae":"":"":"7ac742c859a02a543b50464c66dcf5":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f12890b0a8819faa5a8e0e487f7f064af42fa6d5519d009f":"c937615675738f4b3227c799833d1e61":"":"":"88300bd65b12dcb341f1f6d8a15584":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"51878f3630298a81297f4a21514fea637faa3815d4f26fae":"1f939226feab012dabfc2193637d15b1":"":"":"eed5fcb7607c038b354746d91c5b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ae596e74840a600556a06f97b13b89e38f67c152f1a1b930":"e2076e1050070d468659885ea77e88d0":"":"":"b4586bdbd4b6b899648f2333eee0":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fd33b7a0efae34339ca987b5eb8075385fd1276e63cc8530":"2d07bb8616fc0bbb71755a1bd256e7fb":"":"":"6b60d645220cfde42d88296ac193":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5685b12a6617d554c36b62af5b8ff2239cb3ffb1d2c40e14":"6c31194df99d08881fa5b1dd33b45a92":"":"":"69431593c376c9f8052bf10747":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"036ae037410dae9f0741608516d03b855c9c1851df8c54a4":"73599275f8237f14c4a52b283c07275d":"":"":"6f7249d25c9f273434c4720275":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ac144f39ebd6124bad85c9c7fb4f75bff389ece2e8085d83":"d0871bfc3693245be478e6a257c79efb":"":"":"5a99d59631d0e12f58b7b95ccd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a8a541ff11a1b8548e832d9e015edeccc94b87dadc156065":"c72bb300b624c27cded863eba56e7587":"":"":"ea2528e7439be2ed0a0d6b2a":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"30dd8f400335e9c688e13cc0b1007bd21736a6d395d152e2":"28899601fa95f532b030f11bbeb87011":"":"":"35625638589bb7f6ccdb0222":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cb8f672b04d706d7d4125d6830fff5d2ec069569bea050ce":"375d4134e8649367f4db9bdb07aa8594":"":"":"70610bf329683e15ecf8c79f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"bf71e5b1cd6eb363ecd89a4958675a1166c10749e1ff1f44":"9f502fb5ac90ff5f5616dd1fa837387d":"":"":"a4b5138122e1209d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5b9d1dfb2303b66848e363793bdca0e5ada8599cb2c09e24":"2ee96384dd29f8a4c4a6102549a026ab":"":"":"3b33a10189338c3b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a35ae271f70ebacb28173b37b921f5abcad1712a1cf5d5db":"8d97f354564d8185b57f7727626850a0":"":"":"813d2f98a760130c":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bdd0cb826d5d28c2ab9777d5a0c1558e7c8227c53ed4c4f":"daf13501a47ee73c0197d8b774eec399":"":"":"a6d108c0":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"81b4d5ee4e1cbee1d8966fb3946409e6e64319a4b83231f5":"bc2f9320d6b62eea29ebc9cf7fc9f04a":"":"":"a47cdadd":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5813627d26d568dfe5a0f8184cf561fe455eb98b98841fe0":"817199254a912880405c9729d75ed391":"":"":"d81d9b41":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"94f160e2325da2330fbe4e15910d33c2014f01ace58e5b24":"80a1b99750980bf2be84a17032fc2721":"066fdd980cf043a732403ee5f65c82ca81e3fc858ad3cfa343014a8426fd3806770f127e2041efb42e31506ce83390ac5d76de2fe1806df24ce6e4bb894972a107ef99e51e4acfb0e325ab053f9824514b5941ab1ec598fbb57a5d18ed34d72992a19215d914e34ad1a22326e493d1ff2da7bc271c96ad3ab66d0c32bd711293":"":"dd153cfd7aa946280660c445f586fa28":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4785846f7c0524e78f3eb137fd433e1808af64549af69183":"5334476a5fa3fa50dcc4b12f8ac00b51":"e70f82d1e3361ac5a5c9a087e47984d5533ba296f9b7e4a192a4ab28a833cdbbd5cece3415cf6fbb2f8055560b5c31c98d83d139954e1c03a464739f1eb5ad982c4371cf20b8984bbd97d5f40b336f5e96df3d272b95f7547be15c3bc05b3caac7d08c5eb5de8bdd246e74f6caa6bff76ea0417730ce72b911867f88fdcf73a0":"":"c59231ddaae98e0e8db6b3fe8f4d3427":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"49b085fe1a8e1ae769ed09fc585d29eb24d589689992e6c5":"899878b0684fb865d30190821817b88c":"f789eafe3d02826b619ca4fbca7bb1919e5c6f7c33824a2f7f815dc50e329979705f7ef61e9adf7899d34f1b8840384ff62ef6d29eea38c45d12be9249aca69a02222cd744d81958c6816304ff0d81d6714a2023b3dd9d940db5c50afd89c52774d28d6afde2b6c68425b6acbe34682531a2e57e2b9a7729b3e8d96a729b15cc":"":"2c84bf7a8947ab93b10ae408243b4993":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"75847588760ecb6ca548747b743914c89fea367a5ccb81b6":"7d8a9fd254e2061c01e39eb574951924":"b03c57dfd49152401a225357f1d6e533f3a423e5cfce07b8ae7ca9daf68645e5bd67b3ca2421eac447530b27c6dc6bd9c7f1b22441b8cc8c4ac26cec2c9c0d665a35b66d779a3772d714f802d6b6272984808d0740344b6abdb63e626ef4e1ab0469da521c7908b2c95a0fd07437c0e9d4d2451ae189ad61ff19f4efb405127c":"":"e8aac14b53cdbc2028d330fc8d92a7":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e3a18a96d2e45d2f60780dc39cee7160e28cb810bf09858c":"26a4d659665ded39b7a1583de756d0ad":"83f8d9c58169b4c68032321197077ff5c8ee4ebb732b040748e1b55dcf53375ae86fb9646a672b5c5bc805a92c475cbb6d0ed689a58abdf2230250a7d3fbd8cfab07835fa85e738a7f74bc3e93616d844b1ec61b79f23dfea62e1815f295d43f61d7b5956103b31ca88afb0b3d37eb42cf77232dbf2258065232971c397dcbcb":"":"dc034564d4be7de243ff059b5f9160":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7be3909170ea7a2ff76f9f28241d8cc48ddeafa8517c6f8c":"8dee7e29350c60c5bcfec89da6617d2e":"f6e9e7a7f9716760eb43060d5c80236a0f118b0f750ebd5df01fd2dba95c556ecd2e54a3f337767321abf569c8137a8e48c5b44037ba62951e9f9f709e6e4540a36d769f3945d01a20a2ed1891c415a16d95cab7ddf9bcebf18842c830067509a2a5d49a9684324c433d53824d2f8fd326b149af17f40e5bf5e49185738fba60":"":"942b52277e9dc0a30d737d00f5e597":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1fe413bafc4753e1511b580c830449bee56e0e5b9acb852c":"e30829f64f3eda13bfb2ac572aceb3de":"6c772d08b4d7507e35804572fa697c646c77301954cc5c160941e49e230697ed8c23338b9f30c3ead69b1c1a2329ff025dcd3c0d0a9cc83fee4979448aa71ddb9d569bedc8c497a2a4ac3b60d087d7872f0a110bf90493ae7da03b0953734223156cd2d6c562e4a978a6dd5cdb229dd58dd4d0f50ac015f2f5e89dac4aa29a19":"":"87737873b82586bb29b406946cae":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b4bc4378d423931f9b320bb57df584c641406c1daa7448ad":"eca70e10c0358838a3f4a45c4b016ccd":"68d1c045c1604e3c3dd4f7c7543240aca8dbc5266dc18c5a8071e8b09e3700b7cf819044b2722d8db92021f42a0afb295d7b16ecf4e4704a50a527a2e72d7f53617c358e3b7be3d7fecda612ce6842fcfaa68f2d1b8a59d8b8391779f2fab99f820862c94029f444abe62367c5de0a4becc359660e4a5366f7d482bdc362b866":"":"06f95ca69c222a8985887925b15e":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1cd4414ffd24e830e2dc49727efa592e430a6a75391cf111":"a08e32ad7d63f975de314ad2c0fa13fc":"20a271f1f4c6bea8f1584ab39a7179ec448650e2ff67a7338d1bc9fab7f73b2ce5222cd07ded947d135d9d0670dc368f0a4b50ece85cbf641877f9fe0ac6a7e6afb32fdb1b3cd35360bb80cfffc34cfb94dbcbee9ca5be98a0ca846394a135860fba57c6f0125dcb9fb8b61be681ada31a997638ee172525c03dd13171534a91":"":"c68842cafc50070799f7c8acd62a":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9e0ef9ed5e6f00a721a9893e1f0d9079c5aa667a4cdd2a52":"5f015fd556e87ff0d0df586fb452306d":"b82986135e49e03f6f8f3ce4048ded2e63ee0c31ddc84929e022ee8561159179b3bb4403ebdafdf6beae51ac5bf4abed4dbc251433417ece3228b260eca5134e5390cba49a0b6fcbbbabb085378374e4e671d9ba265298e9864bfce256884247c36f9bddceb79b6a3e700cb3dd40088ba7bb6ab6aa11b6be261a7e5348f4a7d1":"":"ec9a79a88a164e1a6253d8312e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bc8f15d98e089d60d4db00808700053f78b33c31652c3e4":"5cc0ff9bb7d5b9b2aa06f6ecf669d5bb":"24ac95a6ed2f78853f9ab20f53de47e7f662f72aea454141e2131aace7ed2daeb395bbccdbf004e23ce04ad85909f30151b6526c1ce7934726f99997bbab27055b379e5e43b80ad546e2d1655d1adad4cbe51282643bb4df086deb1b48c1bd3ac3b53c4a406be2687174028ecf7e7976e5c7a11c9a3827813ade32baef9f15ec":"":"9779b7c3ece6c23d5813e243ec":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"19afc43a4481f796d77561f80b5b2e1514c96c5d1d86e64c":"d4c06595fefd4a81bbbd4b40c2e1989d":"98fcca51352998d0126b5539e3fb9a238ac31c05954fc206d381909aee70983b6ab99d3f3efe8530a1c3cfe3b62756321b1d0771a5940055eba1e71fa64f29291aa5e5b0af0fcc8e6f5a02688d9e93417225eded791a35217822ffb346d3fa2809b65abe729448316be30cf661137d3c0e49846cb0df598d90eda545afb64a5e":"":"ca82448429106009094c21d70b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b4fc31dcfef6203fdb296cc928c13b7df56bfe6f32583057":"6308a78dc8f3c90442dc52196649c38e":"2567d80c253b080c0158102558551445d8ce4d5ddee2014a2be5cbad62e1717a0fd4d2059447c3151192951eb11a4a7b19a952f6ba261c87f10f4c9032028de3cc5a2a573a4e993a690fc8954daa3ec92743e7343e75b646c4fa9cbc3fceb4f5d59bb439c23754c4d9666fbc16c90c0cac91679b6ad1bfe5dcf6bd1a8a67c6b5":"":"9d1603799e2485a03e7b05a0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1c2d9412486c381440213e1588b6bb58b0da53300b9d3089":"727ed8846daab874d5a9918b47d016f4":"656430f0c1423018b5e2efbb1e32a5385c1a9a1779c4dbd585dea91edc39ea8752ebfc2d8064251a8a5ae71e1845f24a7e42c6371c2ecb31e2229d5f4923bffc21d4804575a84836f3cf90ec6047bb360b558a41a975ece111b5284dfa2441705a6df54fc66ca6cc1af9163ecc46902fac337d5f67f563fde8e8e7e64b8588b7":"":"05ee6ce13711535864674a5b":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"abf7a97569427225a4bd5143c716a22e62f84c145bb51511":"e255088cdfe8ae5c9fea86d74d2f1b7d":"b850993300f54d078f83ceb9aef7345bbf758f92365b6625c210f61dad4f2a2319f51d883a383a706392d3dfca1706eba585a6fac8bd4294c0bb2cb3f6b454d5c97819e8e5c926754840261b07ec4ef1f87cf281d75c187839689944230306e1903047915e086043990745864819ad713d34a244aa4e9d755fdb137105d7eed8":"":"0c9c17388d0610f99d0a093f":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"45a6df655e88bc880acff41520aafd0cc8aa8aeb8952fd06":"1125e1de94970c9e7be70e58e7626ef4":"fe9838a445b8edef19b3e9f33c8c0c265b3a12c97b8ec57ceb94f65ae5227177de38f1e338dccb2b24e5bd0f0eb8127f83eba0f1ddfa55198789df0cdd1d977fcb985ad9c7d51b96e749d2cf3cc7a1ec4dfcbc641a1a022d55def328e081af890a7e699f2dbafdf506389e045aa1219239d5868ba675a3925602b6fb6f6e6d37":"":"1c3bd1e0d4918e36":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"279f4f2ab4b70778fdb9ca7800cd20e323601d7aa2c75366":"0f7b402560735cf03d5da58de5b6c685":"7dd9a8c848bbcf5127161c8a419a436a0dad559f7c1613cdf41594e177016acb1ccf44be852185c42e7120902a42efe83855995ab52cf5c190d499fcfd698c671fd72949dc3ea7ddb874e586a3aa455a021cec7b5f8608462ca66f926aba76e60a5846d4eb204155cd3c1328da51ba35c3007b8bb394f34e3a8b81ddd2ea1115":"":"dab612351f75e2cb":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6716ab937755684af7403e6fba5452c1b11568a9047bb50f":"2fd5a446dd564619ef75b6e00905ffe0":"20d261d3192996c21da69e979c26f5f937e6ea4cb7b05c6ef556ce4d86ca0fe85ec2425d274c43b5212fe9d27bb48b04e887461a9f45f524059b87eaea2e287a8d4537f338b0212012a9d4b6610e8c97dd554e0b3c3133e05c14d0ddab3524c93fd527e223b1996b4cff0a4a7438f1d54890bf573cd803941b69e5fc6212c5d2":"":"f1d743b7e1b73af5":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7dc94b5bbd6315ad8d2b67f0c683d10cf456f822a3ebb024":"6f3eedeb57dcf12bfb3cd80849893c90":"ee1ff367f4b23c156e3dccff84ae4bf2b8ecec1fb5ffd25ccaa93b6c6834389bd79655bd4bac75238eb0f65d3603ecc57c8774798309e85b6677e78ed2077b712cf28795d0dc8fee994f97373a82338ef67c62378136a79a990ecbcd6367445e805efa98f9168826e57cb8dd7e7b1d5c89ad98358646fa56dd2a71c40e0275a1":"":"4dc74971":"":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3bbe223e253bf272599e28af6861013ecd0c88710947ed41":"4fbf09ffaffb600f0de38fb12315cab5":"5388146f6479f7b3b280f45655a95b847ee27c734fb2fd91f6c009b1ab1810c772c7435d3221069f9490d251b76e740147906ac1db1c209c175b21aa10881c44fb307d4d2900aa3b1d56fb0edb9f2a58505653a17fee350e12755b9656bc65c78c1593d5cb7178e29f82209caf53e60fddf725f6957cc9718bf410c4a0229ed4":"":"fb845ab7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"461877813acfe6e9979eab729b52e3d192b3236758bb6563":"6985cf77b75a47a3978dd6412d59200b":"385551854a89ab37063ba0ed911501b3d632153c5c2992e154c0a334bc36620476f11495437b842409e0954f7352cbf288d158bdbbaf72621ea2ce75b708bc276f796c5aa7fd0071e522c5f175a9e7787deef79f6362101aa3607b4588f2e1df7127f617c6073593a1c792b959e201e4a7a43ea8b1c3af026376439ef629266c":"":"c840d994":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"09770f9114120a2c1c3cc416fe0eb8699e07141158a5bdff":"cff291d2364fc06a3a89e867b0e67e56":"":"875e2e5b5c02e0a33e71b678aa29c15ce18ec259cf4b41874893ed3112daa56ff2a7475681b8b3d9028ef184d30658e881c908f3588f69899962074db4ddfc0597f8debb66c8388a1bccf0ffe2cf9f078dc1c93f8191f920754442ad4a325985c62de1a57a25de4e9ed5c2fd0f2c8af33f3b140bac12bf60fdb33e0ec557955b":"81f1eb568d0af29680518df7378ba3e8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4fbf1c785c087ad06b43d4163cf9b9396deffd3712856379":"1c8f41424acaf009996ceaa815b24ad4":"":"96a690e5319c94d94923988025307e543f16fd970aec24524cf9808dc62b093359287251503f4231bf52cd1a16a80bfa82d8f585d96855dc1932f4919a92da2618d6448fc18a234f9acb386ab4ab4a9e38ea341e7c54faceff38c162d74e7fabbca13aadb71e9c8ae6072e7bef4073cf08aa7faaa6d639f98d15bad4ed183ced":"9f3c0349c5a4a740a82d6d63bf00fb17":"":"6100b091e52366fb422251d9b68974b6c666a62a8bb77a1ffd7c7d1ae586a6ee763b84dc11aace02a25af91d194b70b3265ec46872fded54275b7ddb26ee1f20c857328f46a694fb1dce68bcaecbd587ece5b505d658d57d50333e30b639eea1f6537b37c175f62497c6c84e3cfddae214285d2d68d90dd5cd8ce2273d25c8ca":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3e0ce4fb4fe4bb2fdf97b23084ff5671b9b899624184acef":"a950ab0dd84115e3829ab0ad3bbb1193":"":"df89974b1534f0ba262bbea5efe39d8b72820cc8a720cc99520fedbf667515c3f6d8c3e25c72c48c1cff042171df58421741aacb2a49f23167257be7d7004d56b14901b2075eaca85946e9fbf1bbf4ae98227efc62bf255a25dd0402d37c67ba553531c699dd89ff797e7a5b5b9a9aa51e73ca2dacfda0f814152aa8ed8c79f9":"25cfde73e7a29115828dfe1617f8b53e":"":"847b54e176ccc83081cb966efc4b4a3bf7809ce0b4885009f620f61fafcaa78feee91a835ae6c1a942571811108b1e81b4c4ddac46aaff599c14988c9a1fb9f387ab7f1357b581568b7b34e167ac2c8c2b2b8a4df3fd7ad8947a363c1c0cb782ec54b1901e928821cf319669dd77eb37b15c67f13ad787ff74312812731ca3e6":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6be3c66b20e5e66ababbfba1b38e5a716eafce23a1767b69":"3a2acf69bba19f5d1d1947af2cfda781":"":"de1cd978354a499415176f260021abe0a8c5bc34d166f53d20e02e413e1377ce4ef5d7f58337c62251a3b4ddea0dea23c40e5de037fd5dd8a558eb53bffa4e8ce94899afa8284afab503c1a485999a154d23777f9d8a031b7ad5c6d23d6abbe3b775c77876ad50f6bed14ac0b2b88fb19c438e4b7eb03f7d4d3fcca90dd01260":"f826d212f7c1212fb8a8bf23996826":"":"fd1f7b56e5664cf4c91e58f7c50f6c5e98e42ca2e4adcc00348cee6f662b382ad4022da54a47d8faeb9b76a24dfc4f493c27fc0bc421a4648fad7b14b0df95d8752013feb033b1fd971daa2c9a5df898bece6a3b8fa078dd130071df20a68cd0f394be25dcbb3e85bdfa0df4797fa6f01f5f0da7a6e86320207ddb5b3be53ae0":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d16abb9f5b38d7f5abba9dc36995ce6ce928ed822a07b7c4":"3cd95429c6de1d327b9eb3c45424a87c":"":"e72f29b1fc1dbfc2d93a0f3b79ea4b9806ce9b2c4d490ac5c0c3c793df9dc7df5471e834b84d18afa5a7516f9a6a813a9b65ae2f083a854730547e28a1f60fe97d8dba1d2d433e11847b9bffd8873ec634e64365530c905dd6f274e45c9795ac127a6f356f63cc6c116c5dd8c628e7e17e1fadc58f8452bf21f53c4133198118":"13521236f190f78e75c0897c5fb237":"":"cd8bb97c28df092b6783ef653fd26f2bdc27c442bab0a4c7bee2789f389dcd1b280c0231672721bfbbc939a0449557678ec61ba0afb2e5817e6f7d94387f84ecafbfa1216d65e7f5025f47b0d2905cff7c99adf8306a3d9850c5908be05f87cb1d36a4837dba428aac97d7fbc18e3778f8d81a319259504c87fc94bd0766ed93":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0bc344b1a4078807e5f53a6e7e1e36fa83108473ae2fb4c2":"bd505fcba464e6e2c58fdf29f5695fb9":"":"8bd73f94c71e3765bc7d17fdc90a9ba6aff9648b46300e4048985fbbd7c60c39c3766f7c524780bfc2296dc11e1132134921760a373104edc376eab6e91e9a60a5c4a5972935df12eadae074722bdc0147c3caf6a62fd449ef37d76b65f6d210283c94ac524cf13186e444d80a70b01e4373cc0462546f1caee6b49e738a742c":"8510fff71bb879f56ea2fe43f6ff50":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c8097398fc21f93eea6a95aa93a3231096817b65520bc549":"776248381941e16908f52d19207881f5":"":"80b0abbaebbd537a0810ed75cd172d29d50f5982e4d01f8664ddb2dfda8f57fa0ed87e64a779a1d7f5e568b6acfdc739572a7176752307b430fb1fa1c3c2c346477cebe7d01b16745ca6c8929a7f446c03ad9a9e8a5a935de78ca6c701e8c1c5e6d2550c42949cf5342fb5ef4c6ab9bb02ace8388b16edf72a1237e5d1d0e820":"7fc4388b2f8eab0f0c2d6a08527e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"76d4bb5694faaf344db83bc6d6c47d56bb6ab52700826f2d":"603977845d82faccb401817ecce6e2fe":"":"9e31fda6a171f0d4a5f2af2c4f827b1312d9dda5d78fa329b8f1b6373b9b29be358601e5bb0d0c615aef4b9e441c811219f1f2ff2d0ab23e0cd829a88b5b615ee72e5e3ea604fa26cc6438ec4c30e90f7348e9116adf8e8efb7498320d2da16679fa546b1aa9afc7720b074c4e48e06862d41428c9e71a4772c2e195a6f36978":"c955a3bc316841be07e406d289c8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a3e5020695587984074d78d9c98b8e1a5719e5f88372740e":"4cd56de54e5140a587be7dfd02d3a39e":"":"c0bfe3b2dc4dad17ec5a7662d86847fb67e582cc0baf469bc9baa7a075d48a8b97521a1072c2798bfbdae5ca3752eda1cb96fe5cf24af989eb77a2948aae3d8b70d83d93f84c49347f788480f34051621c358c03cf8159a70fc72cb8bc02876234ffe76b181da8b22b8796c87b0904da1af46de519c20d8d1b1dc7cc24e39ba5":"1a29527a41330259f918d99d7509":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"afe986ead799727063958e2ce13ca846f76c51605439f839":"f85a95ed10b69623162ab68d1098de94":"":"7c1b354a5bb214bd95147e32d81e658705089c38035d0ea423eb1a5c82f97443c6903d2cf1ba7a007eec7c8ff98b8f82b073d9636a79bd47c7f2f639a8eb4e92076f9ed615766f43ac3a4f1687301ed7d507766605e0e332880ae740ab72e861a2cb6dce1df1ff8be1873d25845ee7c665e712c5bbe029a1788634bce122836c":"3cf1cdb4a4fdc48da78a8b4e81":"":"a7f252ad7983e7083260598051bffd83f40f4d4a8b580cc2388d720a0979dde71549ddcb86b0a62c4964fca591d0982f3a203f2f8884ff4991f17e20f759ea7125ba2bb4d993722f23938994eb2709c850f33ed9889e5a3966f9d7b76add46aedf230e8f417425f9db79ccd46b5660361de7c5d87f71a9d82c491c0c3daaf56c":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2cfaa215841826a977ae6adfdd993346210c49dd04d5d493":"537a4ee307af3072e745570aaaadce34":"":"e8eb3b6edd0ca4201b49a6a83036445aba1a1db040f3e74511363bce769760a9914e05a067f555ca15a57c6e02e66fbe4e04dd8c8db8d6d14ebc01cc7d84a20ff0aacb69bb3679d6b7d9d2e07deda7c2d4fe4c584fe1166e78d21dc56b9cdad93709c03b9145b887f87b4f605f24f989d5e0534fc71a58e8a8619ee99f69e5f5":"df01cffbd3978850e07328e6b8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"128ddc83d2170c403a517615056dceec0d19d6fd7632e738":"5124b410c43d875eca6ce298c45994a7":"":"cfe9f7797ee37bfc4f564419bf2268c964479efa7435970874154432930f3b2736438da4dc9c76200009651340e23044bc9d200a32acfd4df2e1b98b0bae3e9ff9d6e8181d926d2d03f89768edc35b963d341931ac57d2739b270ce254f042b64ceac4b75223b233602c9a4bdc925967b051440c28805d816abe76fc9d593f5a":"56ad9c1653f11a41fd649cccd8":"":"cf91f087fd7faf362caacf4a68cff51ec57b3075563e4ad0955df20b366e92bd75c3762cf4a6f0eb859872667a5c55aa5d94f5ac9479b1b9c9345b50f82379d551506a2ab02b0441b14b28b78a12b38500d703a8c19888fe612d4710eec7cd18c16d6a4b55d3c69760e2bed99efc8b551dbe2ac9b9b64715f87180b8e14d1795":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"98581c28983c4da321ce0c419cc0d476d539e77da513c894":"ff10234524433b871202c2cca6acb194":"":"bdef5b65b5111b29e781a6b71a0160179c52b5bccb1ac5c0377b26cf3f61432f3ccd67633a836357c24b5099db0510a7f8110f59e8227cacd11f17ea1798b5d4d68902ca6c6eccd319fef14545edd135078b38d43b61c9af269fc72f7a209ba7897e4c6dbd21bb71d7e93d2d2426ffa1557cae28e74059d3baf06ba419a47b39":"984943355a7aef15c4fb8033":"":"808e28bfd441cb8890416a757d252c986daa8d607ac9cadd2f4fd29eddbcf3b859ba298e14a4ccefe2c2752b123f87b98d6708fde48faca4bc7dd818a7ea76cfa4357932e59cb6be0e9283bdfb49454b86b9fd04aa8cdef503c65d13fcff42e9cd8f142f8c06cf7daa6d8ef8b9c9d69c39e8afd980048fecf731fd674b2a814b":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"167b8b6df8014c8f3de912b77f5a0c113580aa42d785298f":"49da91e926091a448d57d521cc90f3c0":"":"4f787de12ba907a589edf74c8e7a6cdaaabebddd465a86e170e1efc289240298b516fddc43c7fd9bb1c51720a4455db4dd630b59aebaa82bd578eb3cb19f8b23ee6897c1fefaef820430efa6eb7d6ff04de4d8b079605fb520b0d33e96c28f0cd71983c4ce76c0ea62fd7209d21ec7b416881d545824a73d1f9f8d3323fdb90c":"99198f55f9fa763651bba58e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"71f5f8505fba62f08fa0557dd5407fc83a852c6007ccecc8":"b5efb9feae3de41b5ce9aa75583b8d21":"":"3e19ec02365e450e946123a3362f9859352eb52902a6bcb8a782285dfac9d2b282f56302b60d6e9f53fddd16bbf04976cf4eb84ef3b6583e9dc2f805276a7b7340dec7abde4916fb94b0ed9c9af6d4917b27e44d25f3952d0444cd32a4a574e165a23fa8c93229ceb48345171a4f20d610b5be7d9e40dcf7209128f029fed6bf":"9604d031fa43dcd0853e641c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4cdb38f8185a4186fc983e58a776a6454b92ecf0bffefe98":"aef257dd44d14d0bc75f9311ef24e85a":"":"1ca72c50a093076e9a9dfa09888b9c89eb36a942072fc536a81713f05a2669b39fdb2871b82ca47dcaf18393ca81dcb499aafcc4ed57ea79f8d4f9bd63540610215b2c65481b294638cec41264a7fdca4230df5fe1e7e3d8d26dcd0c435fec8e9bf778f9e6f13482157a9722761601e08425f6160d3bb626ae39ee1117b0353c":"d951becb0d55f9fb":"":"2eaa7e922dbd8963e2078aae216636276f3f7cb5d7f35fa759e91bddb6e247a93c388241ba1d0d37040c0b9e447c67d35b4991c1acce97914f3bc22ee50171bc5922299983ee70af79303265bc1ae1e7334202460618b4a8891d1a7eaaac5cac1e4dce024ce662d14849993f89e771fb873644b552120fd346250df39aaaa403":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ee8d3aced3aa3cb2166aa66c4a252c12dc0978830d0bc75b":"c15c9c0b0b70c7321df044bfde2b15fb":"":"ee69b2421d43a9f383d99f9802ba4d6cf1c537b42041c86cce681049bb475e5098d4181f1902b0a49c202bf34ef70ea7b787fa685ab8f824fcc27282146d8158925bfef47ccba89aa81c0565eacb087b46b8706c9f886b7edf863701003051d6fb57e45e61d33412591ec818d016eec7dee4254636615a43dacb4f1e6ec35702":"c5c9851a6bf686d0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4a8538d609444e3197ab740cd33b66db1cf53600096b94e0":"0bd64d222532dae8ab63dc299355bf2a":"":"8c2b8fb775d1b21c41a3dcf48ad6d68ab05be3879f9b94b305a6ce4d799e3a992c1c3a65a3e4eab563edb57424927c90c76e49386e29dd5e7de2800fcc0eefbc8b4f977f71be3754c006ee93dc09b1cfa59c424b6b3987aeb56feefc21004c63e8284b6845e395bc8843cca0917267fb4a8f2db1f7daafe7a9da95083a44de70":"3477cad1fd4098b2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"447f0f065771b6129952e52206a64fe0844658ed685e39cd":"37e3a300542d9caf3975c6429cb8a2e8":"":"fea5d227869e527882c63a68a6623f4a699df82b3dc715c7260a5554336df8376744c05ae89ec27d40da02d9f1c5e9e29405579fd4132143cb21cdbe3edfaaab62128ecc28018725c8dd309d2376223d2e2edfea9765699b2630ff5d9fe9bec416c0ca6418b938d195d31a08e4034c49d79e3a249edd65f985230b33c444dd02":"06bfca29":"":"e1bdd1c212b159b87e41a5f64dcba6b27aa0f5c8871fabfb588df0e06bd7730ec1beb0e3388f96c992a573ff69b34870f83c53fb65b420c1c6f92e2aa6f03917e8203d77c7f5ee08baf9fab12f9d38fc0ffb83807ba781c3dd7b62edca2121f68ef230b42b8adbd4cea072209d02713789ed559b83739a54cfde69e68bdc4128":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f465e95f6fc19fe6968b98319b547104d0c01c17105f8fc0":"6cba4efc8d4840aa044a92d03d6b4d69":"":"2426f108368a00d2a49670a3b64b4f0569c6da9660163e7b209ec3f8d058ee11f7818a8c5030c5f4ce6e1e5a93faa3e5ae3d0bd5d712fbc891cfeb20845707edcf5e29719a5246a3b024fb12d37bd1b81df3812fd50b1dfb3e948ce546dd165cc77f903c07fe32bc7da7fbc25036679017317ce94cd8a00c1bce7379774f1714":"92750ac9":"":"2e59b104c1a6f6d651000396adbfa009bf4cf8cbf714da8e4d3b4a62bd7f522d614decf090c7552a4b9e8d7ee457ba642d5100c0c81c14cbba8c8ff49b12827f6ebd41504ccb6dfc97cdf8532d1f7f7e603c609efa72d2ae0dce036ec4ab36849a0c06f8737d9710075a1daaed3867ca0a7e22111c0e7afae91f553b6fd66c6e":1
AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f08e3e9f7b3a20ccdc4d98b56f2b567399a28a6b3908deab":"4f4636d1b283bfa72c82809eb4f12519":"":"a986e816f1eafb532c716a555cca1839a1b0523410134ea0426ab309520b339fc1fdeb40478ae76823cee4e03b8d3450e6be92d5ff17b2f78400f0176e6d6a3930bd076a7a3c87c3397dcc0520c6b7b4ff9059ea21e71c91912a74aac2ca70eec422b507cc5c60860bb8baca01eec2a3003970ba84011efe576804b2820e306c":"16c80a62":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"87b5372571fb244648053c99405999130f87a7c178052297":"a1cc81b87bd36affe3af50546e361c9e":"684ce23f59632308d7db14f7f6eddaf4d83271fb0c27401b09518a775b36252540f14305f0dae13ff6c0dc565c9e570759e070c8ac73dfb97abd3285689a7cdcfc941f6271be3b418740b42ba4a114421065a785be3dfa944c86af56da8209779e8736e62529c418b507c6d8ae002cbc0431747722afd64521734f99273de455":"ae078d1554fc6a14447a28c3dd753e790f7ef9b53e35c3e0fe63a7b1b326bc56034847f8a31c2d6358049aae990bfe7575b439db370aa515e225e0ec730488c700a7b0a96a7b8e4e8e4c6afec20decd16fe3c0f3f8d7a6cf7a8711d170829d14c706cceb00e133b8c65c8e08cd984b884662eddd2258ce629abf6b9dd28688c9":"98177b3428e64bc98631375905c0100f":"":"8be7df33a86b1162464af738de582a357d0ce8e213bba1b7913c0d13ad759d62c3bf4366f5130b3af2b255b7ad530b4977627f9e76b07e360c079d0f763dabbd22e976b98cd5495c6182f95bc963aad4b719446f49d3a448d11cac5bfcba4b675b8e4d88a389e2580e8f383f95bf85c72e698680d2a2bc993c9ee1ce0d1f1ac3":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a2d069b826455d5e79e65db4f1d2b6a29ae9f401bc623917":"6d40a0c7813bc0410ff73f19bb5d89c9":"9960376b1898618d98c327c1761959d045488cc6198238bbe72662f276d47b41e8aebc06dbce63da5adcb302a61ade140c72b9cf9f6dfad6ecedd7401c9509fae349d3c7debe35117776227ba167f2b75921d7321d79f4ebca13d20af1638a1567043365f179f4162795fe4fd80b5d832e4ca70e7bf9830bc272b82182f70d2e":"acd6225dc5b9109d56ea565ab38dd4db432a7ec08f0db04f1c6b691c96d2eaaa6be62da7cc7fd75f931716c7f39705ea7cf828f1a5a325955e9b2c77e7fb2d562be6a89b3351b1b3d1355b43b73ed425049430314c16bf0836ed580e9390a3b8e2a652fddbfa939ca4c3c99765b09db7f30bf2ef88e1aa030e68958722cb0da3":"010195091d4e1684029e58439039d91e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f3252351fe8e7c628c418c1a49709bf1f8e20add82539948":"eacd2b1c3cf01bf4ea7582d8ee2675d5":"141cb39a2fb8e735e0c97207f1b618a4b98f6b9bf8c44a1c8e9ea575a7759cc2a02301274553e7744408b2c577b4c8c2a00e18f8717fd8a6d2f46a44eeb05d685fbef7edeb4229e7ea9b8e419ffcb504d33583b3ae421c84caeca9f9789047dd7b1810318d3765307233567bc40e003401c9f4e1b07a2a7162889e1a092aedc1":"7e8d2816d280c91d232bad43b6610e2d0532a9f670f221a3a975fb16472c2e83b168115e87a487bcd14b37f075e1faa59c42515c353cdefc728ac617b7d273fa96778e3fb5f7a1132f8e2add4a57015b15d1984338b7862356243d1c5aa628406f4a507498eda12d2f652c55e8e58113ed828783b82505790654f036b610f89a":"63a310b4f43b421a863fb00fafd7eac4":"":"699c146927ae29025e5b20088b20af27bc75449e4725ee6b7d5dc60b44ba8a06f7d265330c16060fbd6def244630d056c82676be2dc85d891c63d005804085c93ce88f3f57c2d2c0371c31027d0a4a0031e3f473cb373db63d4ff8f65be9ebe74045de813a4e6c688110d000f6b12406881c08085c9348e1f0315038907e33f7":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e462957f2c500bf2d6bfa9af97938fdd8930e360ea4175e7":"b380584a3f4e0e59add4753c282f2cf7":"682b0af6592eef173e559407e7f56574c069251b92092570cbb7f5a2f05e88bed0af48dcda45b2930b1ee7d5da78dc43ec3598a38593df7c548058eda3c9275c1304489aff95f33a6cd79e724e8d12ca0ae92b20273eb3736efcd50dc49e803ad631dcbf64376a45a687eb4e417aef08a3f5f8230d3f0b266ea732c21ed2eed7":"82a7a6dd82a5ea3d9a8e9541d854978487eda298b483df02b45c76b8b38bac98ffd969dd160a2765595b19d4ea3e64351ce95764a903f595dd673d13facf5a5594e01be1d60a0c6d28b866a1f93a63a74fecb6d73ac6fb26b20c008b93db53e9dc1d3e3902359fd47734fe22a5c6958f97e9001cc4e8b6484d9542dbbdfcfcdc":"28a43253d8b37795433140641e9ffd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4a62ddd87f41c6df756e8da0985dcd8c91e73ba395b3d79b":"1d1843e2118772d76a0244a2c33c60bd":"028b92727b75b14cb8dfeb7a86a7fec50cd5de46aa4a34645754918b8606819d4bf8a2e7531a05ae5505492ca6cbc8c0e6d6ab2dea23bff1fdf581bb780b4a3312aa39639383fd10bcf92489801954733f16b021c2e84809345216f8f28a99773341e40c4a64305a2098eaa39f26a93bd556c97f02090e1a6c181a4e13e17d3a":"37a83ee6dbdece212446739ea353cb957b9aa409c88bee042bbc3a6e5199aeb28f2b4b00ff433c0c68d6db5a197566019db8a4c7a792e2839a19a302ee02bee046adce04c1fbbd5b0c457d7cbe277992ce2c153d132269e2d1f12b084cf3026a202b4664bc9d11832e9b99c7cc5035dcfde5991dd41aeb4fbf8bec5126a9f524":"ab738073228bdf1e8fd4430b5c7d79":"":"e702f1bb9a1f395c74fca0ce9cdf29e7332c14acaca45200cd432a5767be38929ef8de43d0e1a5e7300c1eb669ac1ab997b31cb1403af8451e77e63505920af0f8c3abf5a9450ea47371039ba1cf2d65a14fa5f013b7ce1d175859404dcf6461a36e8bc260e7abf739d8951ddf1a3754e2d65e0aa31320a5ffca822023bc0906":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fc46976d38a581a7042a94ea4b5bfe3587ddc65d1162d71e":"b5e92563dd0339df00b7ffa2239d21bc":"7b6f6e104acbcd7188161477d8e425ff99add22df4d22de7f28d0a0075ca4ef848f68d07ed22d3165c08e40890ce04d1bd05b1a6ccb2fec8193d5f7dffc93d97a0c036b3748f708b011b68247a0249b9e1a60b652164e5c2fd7210377de804ac010c8aa08a11f40af97e8370a59f936cd14c22ea7a236d904145adc04a241fc0":"4b9e858fc8f01903e426112192d4ae4686b1ae4d683b75afb2b8c63590275943d0d6d6a23b6d35796a2f101203acba107474ca6f4ff6dd87d6b77785ad1d160ef2755d84092dc70c86db5e639b689943b15efa646aff44b3f51f5d3f4cf6c8f7fc5adfe7bf2d72f75b93b8ee94ef3fa69ea0fc0bb77b3983901fdcd30bcd36f5":"d4356cb417953b01f7b1110c8aa3eb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"403e49feadd4db763652ed5c4b1e12680cfe0abc30f4696d":"1a60258a56e15f92814b4d372255a80d":"a4ffa9e3c612103224c86515dad4343cbca7a7daf277f5828670834f4d9af67b9a935c71b2130dfbc929c4409bffb7974ffa87523b58890770439c33342880b33319c626bf776c1c0aeb9c2a348a7681572f4ff711d94c192f3450e8b1275f9d02c742a2c9f1da316e9918bf787f22699172986cb9b10fc56d5f6b8392ff92b8":"221c61d769febce3913bfead9a201a805f11005ddcac185cbae00ce749de9c4362889b1b0d9546e91598e0ddedb88b673a90acca65d7e71a85636be052f361839a646dc8b834c02f3e2261d370e6bac9636b7536225b5ea77881200c8a3450d21bfd1e11afb3a470e178ecfe944a25a7cd0254e04a42b67723aac8afffd56fee":"62646fc8bfe38b3ba6d62f9011e3":"":"5c76c90dea7d659804ad873960906259fbdda3614277ec575d9eec730e747a2e7b9df6716b4c38d3451e319eeecee74d1f4918266fc9239de87080f1ad437b47c6904ed2d5514161ad25e3e237655e00e53fe18d452576580e89b2f1f0f6aa7e40a337fd8c48d690fe013a67264a80e9b5dfd009a9152d559aa02a68f401a09b":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c3471259512d1f03ce44c1ddac186e9a56c1434a6ac567c6":"50164c63d466148ab371376d5c2b6b72":"11d1f523888bea1fbc680d34bc9b66957d651efa59e788db3d3f6f50e72184b9d14e9ff9bc05fb687520cf423d681812e007025eedf0e78e7e8191e6b62404e8eb400cf837d762a31aa248553367263d6de091fcf7abedc3e69fc118b7efb0594c89b96c387b7c28ed9a7b75db60b6b5133949b891ff81eca5790a265f12a58c":"dd5b98b3b3cf03fb92be579068a885afd984630692eb5f155fa6b49f2b1690b803d34b90e8de3cc39c2e61650ffffb51e7ef36d35ad17dc4d91f336363b0734996b162b509c9954cab3dd959bde7e437e9100d84c44104c61e29dbe12492a0272ce6eea2906d390de7808d337e8c650b3301af04a9ed52ab9ea208f3c7439d6c":"6c5f38232e8a43871ab72a3419ad":"":"50438ee712720abf2089331e4c058b30c30c3d17834c507c0010ac3f974a256d01b14a45e9ce5193c5cede41330cf31e1a07a1f5e3ceca515cc971bfda0fbe0b823450efc30563e8ed941b0350f146ec75cd31a2c7e1e469c2dd860c0fd5b286219018d4fbacda164a40d2980aa3a27aa95f8b8e2cd8e2f5f20d79a22c3ff028":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ec326a1e0fe6a99421398df4fc7d8fea67b67e5f5fcd50ad":"c94aa4baa840a044dbd5942787a0c951":"f8401c578f20d9c250ea86eb945184e007a0190462c7abddf238ce1ceddcc230756aa222386d8ba66ebbba13de008ced140896ac55bc47c231cc81370ca9feadc225e017d59890e6291cc4cca27db3078c0cd6cbb51afb62210226a76837c5454728cb5ce3afe7352e7fe75421f94986e6b7b26321bbca15c75ac7c13dc15f50":"6d5016c434a0f4b4a5d9e0b6b8e2d848a94f132f055d2d847e54601a4c9cfc5966a654d696f8a3529a48a90b491ea0d31c08eae8ef364f71f8ec7ae7f7e39bb9c331137b2578362ff165628099944ba8deb0d99ac660d5ed2215b9a7626ff1fa6173cd8dd676c988d16c9cf750a0d793f584c3c8f5fd5d167bc278f4d77a629c":"3269922affb9d767f5abe041cc8e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a7ef81652f604e88a72416924c53979dc73cadd3575eda1c":"0cc9ae54c9a85f3e9325c5f3658ab3b2":"d0195b744351aa25a57a99df9573dfa3cebe9850139149b64f7e4af37756a430dda8af98e4ed480e913aa82821c01c1f75b187e105a8f39621757d522c083a8d81d7d8bfe6cf15c439d0692b6affd655a11bcd2457046fae996a1075c66029867b88cd23c503ae04037dd41f27bafd5000d1f516002f9fcc0f2500e8c1b27de0":"9ecd19a8eba9fba843486e1bbfb8d9053c5e04b24e30174d4aa89d8307439d653f8630edddafd51719c744bcb4bce3e444847567bd2cdde2995870d0634cc0ba2bde4b6bc2bc583062fb83874a1c25b50aeb945bd109a151772c077438c4d1caaeb5b0c56390ac23c6d117f3a00fd616306fc2ffc4c1e76f934b30fbbc52eec2":"22c2efeddfd5d9cb528861c4eb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"605271a41e263c92dc14fe9df5203e79d58cc2d1289dc361":"7f128092a777fc503adc7f6b85eb2006":"aef9f984fb645e08d5f0aa07a31c114d2f8e9eca047e4a8d5471378cfc2ced1159dc093d174788e58447a854be58942ed9a3fd45f3f4a1af7351e087369a267797c525f134e79709097e733b9003b9be0c569fc70ee3462b815b6410e19954ce2efac121300c06fd9e00542a9c6a5a682fe1010c145acbbb8b82333bdb5ddfd9":"2bda3448a283ecba31e0299c0a9e44628cb2b41fa7b1a41107e107cabc381083bdbe048f2804568fdd5fe016f4d607f694042a459ba03a2deda4cccc8cbe4612d8ed0d4575e48bc9f59843369dbe2af6d048e65ff4250e1eef61d7b1b378fe2f3305b133ddc7e37d95ca6de89a971730fc80da943a767ff137707a8d8a24329c":"673afea592b2ce16bd058469f1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fa076f36cb678e2275561e9553ebdf397360e5a5e44791c4":"1ecd53d94fe287047ff184e8b9b71a26":"5ff25f7bac5f76f533f9edffdfd2b2991d7fc4cd5a0452a1031da6094cd498297fb2a05ae8db71cb3451e4ac33a01172619035a9621d2d54f812ef5343e14b9dedc93838e4cf30e223d215b4d2476ea961a17ac7295069f25b2a12d6e2efe76d91f45632c6d4e61ff19a95d5ae36af960d95050ce98b5791df0b7e322411c884":"513305e86c0cb046c5d3720b25a406392766bd1fb7de2758de370ff2e68281e211922890c61f3659460f22c45a57895b424441262a3ba0606df4e2701f38281fd3436a4d0e0f8efecd231808a9ea063dfb725015a91f27cadfe7909a0ee109eac391ac807afed1767ae0515b9c1b51ae9a48b38fe7fec7fe0ddee562c945e5ae":"079e8db9c3e6eddb0335b1cf64":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce9dafa0e7e53a8766fc0bc38fba807d04e14e5ed61bc234":"fd0751af49814ee98b2b0cdf730adaa6":"1cba488a0fc8a012f9a336cc7b01cbcc504178eeb08237dbedbc6c7ac68fdf3a6742751a207e43d43068abf6ef4e12a5e3c17e5a2f9398fc04ced67377cbb858fd6020fad675a880adb249e4aba94b96efa515d1cdf5c0c3071a27a3245968867ea94b2bfc2028a67be34c84c3f475944497aa8ca1ab009f8e4b11c8308c1996":"b585b8bf634757dac015f2f69f2ae674372a664f2115ad2d03bd3e0c335306b02d0947d3cda5991f5c0c25f12ead2c3cc2d65d575fd67091c70bc93ddb4b1e21f7b0fc6e6ae652dea93a6564ff13489f927942e64dd94bf8f821c7ffdef16df58bd8306a957821ac256da6f19c9d96e48eee87f88acb83bae05d693b70b9337b":"e5dc92f4ad4000e9b62fb637":"":"95f4324b0656bef19eca5570548fc6a7a9923f4e2a7e42066891bc132fd73bc1c9089755d996756de0072824e69c43f2db8ba2bf6f90d3c4eafc0721ceaccce1af896f9fb15fb19c4746979b6d945f593fad61d550f81d12b5945ed728c02931d7f8d917285c22a3af748d75a6bf163fddd84b941d8564c1a63192c816ad6d6d":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8a328554fed68dc4838fbc89fd162c99ec105b36651abbc9":"e4f7c69a1d026eeebfc45e77bd7b3538":"e349dcedb0bfcc771c820f0d510b80cef32ae3326484e25aa183015941e7844bc46f617d5e61fd64fa71759e90fcb72ae220bcd507f0fb389b689dd3fa29b3b937eded85f26ada9e0f3f5109f82fef47c7eba7313049750ad17969e7550c0d4093ed18ee27843d082bcee8bf3fc7833d569b7723998595a5a1d871089fd238da":"75986f56972c045c850ed68aeb229f203b228fdfc36cad6b16d9bd12037c48700d20d8062a983ffeca76b8d36a67ef51bc8853706e83a34e4e23ff4f4a4eb943f19dbe85e454043d7906be6587a85079f9ccd27962d2905117d2dbeaf725d6ffe87bef52b2138da153ef29b18065b3342b3f9d07837d57b8bc5f2597de06c54f":"8e8320912fff628f47e92430":"":"a1ed65cfc7e1aeccd0531bce1dc749c7aa84451ec0f29856f12f22c4105888c7d62e2e2fc8ad7a62748610b16e57490f061ad063c88800037d7244ee59e109d445205280473390336d7b6089f3a78218447b1b2398c4d0b3aac8b57a35891ad60dc1b69ad75e2e86248ceac7bb4cf3caade4a896e5ee8c76893ef990f6f65266":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6e7f6feb4022312de5c804ed1d7a37580d74499107f8cc8b":"6ce13485ffbc80567b02dd542344d7ef":"c6804a2bd8c34de14fe485c8b7caa2564adaf9fcbb754bd2cc1d88ba9183f13d110c762a3c5d2afc0fbc80aedcb91e45efe43d9320075420ee85ab22505f20e77fa4624b0387346c1bd944e9cd54055b5135c7fc92e85390ecf45a7091136b47e3d68d9076594cfad36c36047538e652178c375a2fe59a246a79784577860189":"4f5bbdf575ab8f778549f749f2265e17dc7225713e73ee6d7be163ff7071557dcc2240b0705c079008605f81396414ac64f06b1b637876e04c3fca8d0fa576cef4dd3dc553fd6808eaf120f837f9bb1d9dbbd5cf67ed497167fc7db89d3a84151b81aeab0e921057f121583df5ed7f976b206ece17a913f23485385f64c462a8":"974bd0c4a8cac1563a0e0ce0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"46d6e982feff0e7d04a84384c56739b69626dde500e4b7fb":"71a6d1e022a6bdff6460c674fb0cf048":"67a8455c7d3fbfdba3c5ec5f40e0be935fbb9417e805771832ffad06ba38a61b8377997af1f586dc0fa1e3da0b39facd520db1f0ec2bdf1904a3a897f0b507c901fab30a85de51effa9f7d4703ceeb2ca72abe0bd146ba0bd3ffdee11628310db7d65ea1343b018084ea2414995f86fefb45ba91a9dc2236d92078b4305671b5":"a5160fb2d397b55a7eba02df33a042404188f02f4492d46f4edc03fc67723d64f5f7fed3a60728438703c60454a30f473ac918ffc8f98be5c5e9779ee984415e415ce3c71f9acc3f808d215be58535d3144cebe7982b9b527edbe41446161094d6fc74dec2e0a1c644bbc2cf5779a22bd4117a7edb11d13e35e95feeb418d3f0":"84f1efd34ff84e83":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"991dcaa2e8fdad2b4e6e462a3c06c96067ef5e9fb133496a":"978913d2c822ba7cc758041d5ee46759":"5a94dc81af011a8af263318b60215b9752292b194b89f6fc013b0fe8e29133de631d981862f2c131ee34905bd93caffc3b8f91aeb0264b27a509e5c6a41ae781209f8c5895d0d35b3c5e1ae34a1a92a2b979e0e62132051394940ea4d9bfffb8d89ba1e8331b15bdf05c41db83a57745a4a651a757cc8648acdcf850a2f25367":"9cd0c27f0c2011c1ab947400d28516c7f46d22a409a18fd35c1babf693b8030dfd7822d9ba03bb8fd56a00f9c7149c056640dde690889d2f23978eeeb28ccc26e2fc251220a3682c963f5580c654c1a6736cccb1b8ed104ec7390021d244bd9f92abde89e39a4b83eff8211c8a6259bd6ac2af1da7dfb8cf1355238056c60381":"15d456da7645abf2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f29cff00781f5916930f125489c87d21f6593324d1506f65":"50db7ee25a9f815c784236f908bfd7f2":"ec1482e18692bcd6894a364c4a6abb9c3b9818bb17e5e1fc9ec0b41702c423f3a60907e94c888fad8e78f51e1f724b39969ba7b11d31b503504b304d5c4b4cbd42634f4ec5080a9fe51c82e121ae191270dd2c307af84c82d892d982413a50ccce33698054f761a3fa93da9a1fca321296b378a50d458ba78e57a70da4676150":"a3e8595747b7147d471ac4fe38014bf4a409931e3f419ff88ae249ba7a7f51bd0ede371bf153bab4b28020b7a82a8ca30b75f1e3bcfee3c13db813cbc85138ef05874dedb14a6e5b6d06d7589a83bd5e052dc64433a8e24c1188b9470ddb2536d13b4b7bff0c5afcfaa9aa0157c3aae3b1774df2df14f965d6dee4332edba67e":"a1e19ef2f0d4b9f1":"":"eea18261a4de31d8619e77005ebbb3998c5dcfac2bc120ae465e29d6b4c46de7e6c044c8b148ffe4eda7629c243df8af4e7ceb512d5751a3ee58defb0690b6f26b51086dedfde38748f6f0bbe6b495f4304373188e5d2dc93461bd51bf720149a7d3aa543623b122b9af0123b2cdc9020136b041a49498ec4aa696c2d3c46d06":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2087e14092dad6df8996715cb1cfca90094f030328080ffd":"d30504afb6f8b6ac444b4a76115d79d1":"d95845d268c8d8f9135d310c39e30f55f83ef7ffee69e6ba1f80d08e92ed473b5ac12cc8f7a872bfc8b325e6b8e374609c90beaf52d975f71caeef5ee4c13de08dce80d358ee1cd091faea209a24e3392adcfe01aeb2b2e1738bc75d4a9b7cd31df7f878141cf278d150f6faa83fb3a2fd1225542a39c900606c602f15c06a4f":"6d039513061980fb195bdf2f7c7079ca4b7e0fdd50d948cbfab5ba10b99e3aea27f08abd000c428851de82cacb0d64c146cd9567e9d55b89819876d6a635bd68bcaf47ffa41e02d9ee97f5a2363bfe6131ae7a21ea5130ae953a64d57d6cbfd45260c5f1946388d445ce97d23ab7ba31a5069a4896bc940a71de32bde02bc18d":"5412f25c":"":"1e81a4c10a3440d0002ddc1bfa42ebb08e504fcc8f0497915c51b6f5f75fee3f0cd3e9c5a81ff6528e0fecd68a36192114f17fa1a4cfe21918dac46e3ba1383c2678c7a6889a980024ee2a21bcf737f7723b5735e1ebe78996f7c7eace2802ebb8284216867d73b53a370a57d5b587d070a96db34b5b4f5afe7f39830498c112":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3fc76d627c775de2f789279dc7b67979a9f1cc23c8dcabc9":"8f6fd53eb97e12dcd4d40f2843e25365":"e56995df73e52606a11de9df6c7bfb0ef93b86bf6766e319aea59372060294b0e1b13c6288c2310a4bef725a2dddb174f3e1228649861757903c4497a0eec9c141454fc75f101439a2150e368857c4f0f6e5161c42c77f632bf1c229a52595cbf16e9018de9a8f6a1e6b8b18bd244f93f001eb2eb315405d223c0d27ece9d4d9":"92a60d38fc687b92d44635aafee416a142d11a025680e5aa42e9ba5aa010462991ad3dd7328ca4a693673410f9bba37f05a551b949ab0d43fc61ef3b8996dd3fc1b325e66eec6cc61ea667500f82a83e699756a139d14be6ca9747ed38cd9b1d9da032ece311331bdcd698666ddc970b8be2b746ec55fe60e65d7ae47c6f853c":"613ba486":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"28d730ea":"":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2c186654406b2b92c9639a7189d4ab5ab0b9bb87c43005027f3fa832fd3507b1":"3a0324d63a70400490c92e7604a3ba97":"":"":"4c61cd2e28a13d78a4e87ea7374dd01a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"747d01d82d7382b4263e7cbf25bd198a8a92faabf8d7367584c7e2fa506e9c5f":"7156358b203a44ef173706fdc81900f8":"":"":"9687fb231c4742a74d6bf78c62b8ac53":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1cbe30216136b7eaf223e6a7b46c06625176d9a08182fa806a63d8b143aa768b":"4fe6ace582c4e26ce71ee7f756fb7a88":"":"":"d5bdf8ec2896acafb7022708d74646c7":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f31194c83bb8da979a1eabb3337ceb3d38a663790da74380d8f94142ab8b8797":"404efd26b665c97ea75437892cf676b6":"":"":"e491075851eec28c723159cc1b2c76":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"daeed52ae4bf5cbe1ad58ae4ccb3da81fb9c0b6f7619ca21979313ad9d3e83c1":"4037eadb11249884b6b38b5525ba2df4":"":"":"360c6ef41cbd9cd4a4e649712d2930":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3ad81c34389406a965c60edb3214663ac4a6bd5cfd154ae8d9dc86dae93def64":"cebbce06a88852d3bb2978dbe2b5995a":"":"":"bd7ca9f6bd1099cde87c0f0d7cc887":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4c152ba30aefa5b2a08b0b4d9bf3f16fc208bb0bc4c4eca9411dc262d9276bad":"008d040fbd7342464209f330cf56722c":"":"":"c87107585751e666bedae2b1b7e8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9aed4ae6b1d857fdcbe5aec6db38440613dcc49f24aa31fba1f300b2585723f1":"947c5f0432723f2d7b560eca90842df1":"":"":"7d331fedcea0fd1e9e6a84385467":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cc80bc031676eff5f34dd076388a5130e985f9e06df4b4bf8490ff9ff20aae73":"51f639467083377795111d44f7d16592":"":"":"02d31f29e15f60ae3bee1ad7ea65":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"db7a40213b5b4b07e9900dc28f599403b0579cbce13fcd44dff090062f952686":"aea6f8690f865bca9f77a5ff843d2365":"":"":"7f2280776d6cd6802b3c85083c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"299b874eaa8b7baf769f81f4988a41e2708ae928e69a5ba7b893e8e6b2db5c3b":"2aa04d85d2c0dc6f5294cb71c0d89ac1":"":"":"ea01723a22838ed65ceb80b1cf":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a6c7b4c8175db4cf23d0593ed8ea949043880fc02e2725f0ab90ae638f9dcfce":"ae07f8c7ac82c4f4c086e04a20db12bc":"":"":"1132e4fff06db51ff135ed9ced":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b98e1bf76828b65a81005449971fdc8b11be546d31de6616cd73c5813050c326":"929b006eb30d69b49a7f52392d7d3f11":"":"":"33940d330f7c019a57b74f2d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"09ccef64ae761a70fe16772cba462b058a69477c91595de26a5f1bd637c3816f":"e34b19381f05693f7606ce043626664d":"":"":"2adc2c45947bfa7faa5c464a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"654cf46598e5ad3e243472a459bcd80f1e026a65429352dbd56e73fcc5895d1c":"a56f27709e670b85e5917d5c1d5b0cc2":"":"":"177b9a5e6d9731419dd33c5c":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84bca1b2768b9202bf194f2d5e5a0a5f51fd8bb725f2bab8a3fccbdb64a4ea70":"c45b2708c5bdf65ec6cc66b6dfb3623b":"":"":"fe82300adffd8c17":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c8ae011795c9a60ad7660a31fe354fa6f7e9c2724d7a126436291680cd95c007":"1bd9ea6186450f9cd253ccfed2812b1c":"":"":"35214bbc510430e3":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"df2f0a8a3849f497d12bda44e12ce30a6957f3febcd5ec9bc134171326ca66d3":"728cb9608b67a489a382aa677b1f4f5b":"":"":"e2ef5d9cc5791c01":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"78e8a8ad1ecd17446cf9cd9c56facfd4e10faf5762da0fd0da177f6a9b9c3a71":"f169ce6f3ccc58f6434ae2b8ad1a63a1":"":"":"0fe57572":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"02ca6d8a862e25db9d68e4404abc107e700135df4157cfb135ce98eaa33151c9":"7b722fdd43cff20832812f9baf2d6791":"":"":"72dea6cc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9a2b709dbcc3a4fb15b3ad541fb008c381b7e985b57df52f07ca7cd26ab1ecc4":"729baa4c0ef75ed8aae746376b39fe3c":"":"":"2a0d607c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"449d39f863e4909984b37f2e5c09ea4d4b3e9fac67bd57c299e4e1d1f084aaa3":"d8e9118f331bb5a359f0aa8882861b72":"4ddcae0bc24d622e12bdeaac73e8d1ab7957af051d27dfaafce53aeed4cdd3f989ea25989a2f41cfb3c38dbd841c5560b0b5ab1861b1fbcd236865d13da55b50219462e021f8a21848a64a85326031fcec8fe47a6ef4a435dd2b2fff637644ffcf3914ef2dfa5dd556421bfd297be150b31db039f0f2cc422b282e659e70cceb":"":"c595b9d99414891228c9fa5edb5fcce3":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3e70e66813fc48f984dcda4d1c9c24f1d5d1b71ecfc8bb9581782e7cca5a5cc6":"d804f1051e72c9b7117002b862eb45ff":"0b1ab2b7a87cebac668c7a532fa8fa56a22cabf0c41fc1e6744ffe07c857c6865d623f508351f98f3f0c577d1eb94300a30a445472218c8ac626b0bee7d4c122d33f8130436a89add341e8ef7e00694afb4ad80d314d87ad3f921c7105eed05431b8151df7cff2c8e3790efd4acd3f60332dc7f34fdd90beef70f9093361d65b":"":"c09c2e3fdfefa222f7345ae4efb978fc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8e534041090b45b80f287dc5fa20ebda017ad81b0530e680f62c6280fd8881af":"ead675b019ef5c6bbf4985f2a382d6c1":"b1db220052c4bebcef27eed6db0dc91be481179d71160c5a2ddb2fe497a05484840b04cce48980057d770fbbd0d5f3d5c633b55470617ad2cab5767188283310337825c4b0eafe13b5b11293dec230dad43b220885105767938c7ec4600fe063f98aa14bc6afb886fc874c10546749da295f571e696305bd9165486e29f43f52":"":"9aa0cdad5686ca515cd58aed94938ef4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2de18874470c09db683cf45cd752bdfa8bf33e7967220b1a69f41f2a02da1d80":"af30eb2d0a0c2a50ea413f3285aa88d4":"22889b868d8ccc9f488406813caed199b23091ddd796c8632f564e7cf5a39dfb725266a931fec958659b6fc5b6b9343b8217edb0acb010afc9416601155262b57bd398d62f555953f0e15958e19ae004fbc9cb25e0269a9eaa38a4635a27bfa719fb249fa49337796bcf5f416bba87fbf3b19f0d8c11290c25ca50bbdc822f01":"":"646bbc9b14681af65b0d1c4c9f1d0d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1a1bb9122e762ecd7ff861a1d65e52607d98e7ae5bd1c3a944e443710f3b0599":"32f99ea4cbf52c2701c2252e5e6c863d":"91b7a70c3a06c1f7f2ea584acb5dd76177ba07323c94f2e8f7cbe93fc0bb7c389c3c88e16aa53174f0fc373bc778a6ccf91bf61b6e92c2969d3441eb17a0a835d30dcf882472a6d3cb036533b04d79f05ebfaadf221ae1c14af3f02fa41867acfdfa35f81e8a9d11d42b9a63288c759063c0c3040c3e6ee69cf7c75f9c33fea1":"":"a8e29e08623a3efdbbe8b111de30a4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3bfad1e8f9850577f9ba3f290e9a5e91b494c2d99534220362e171a7543177ac":"8410886b70c57d7ded8596443bd1b157":"ca801c83596795515ea931edba00e06e332bf84246b7036e10b317e2d09a51b2981fcb664ee3bf4180bb0b12ed1cda221abc6790b27c26914f5ef9cea9536e2453cd5b247cb054e295c2687b725a97cbc484b8eb86c6ceee03bd07a54a9301a3ac0ddb23aecb825a238252e7575329058b40e75575a7f16439edf5be163ce5f5":"":"e3645db0c600dba52044efcecfc331":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"65debdf2f2191a6cd8de8ad4d5d4d0d8f731f67744e2545df6b2a7cba89c1ee0":"fdab2ee547dd8b6f5a4ea2dd19697b3e":"d2b0a0438ee0f145aec9a7ca452b788ecb473152b78fb75f6ace721afc7b0ae1942049b790f3a5b6221a8760295659756d35347cc04029be03459f3e23a71209b4e0bbe13a253a888c83db23376d3a6d9a539f7c9fa4a12dc64297e7c93dfa0ab53ef76b6e1d95bf6f3d5e6ee8f08662fc03ec9d40eff0a43f23ac313671bfd9":"":"c25fc157c3f2474885e2eea48aea":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"496ae810380460d40cd2fdae8c0739f16b87205cc7f57db0a71a473eb361d570":"77233de96f5e1744337778212b411bd5":"85f5b54b4c4af5c808120bd28d98e44e96f4126623e57684957e9fc4fd1a2d0583940b8fc8314a249325476e8d05247831b04709580ae714e8187cd38f9559419e14c9fc4f8c454ec191b8ef2a3610988fe3339d0dc6b72f5978f9eff9d596dfabf27056e3a908c6497267461386e860f6b9d65526294bcb92908b5661b06b5a":"":"4ed91af6340e70b0c2b94ab6f82e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"aca188183b46139cc7cffc82a6aaaeb2fd73cecad14e75c663bd62daf1ec711d":"7bbf7fb55eb70cce94cc6a2b67de55ba":"015cfba90f069545fed60f31992ff3d3c3592eb91e7a53df5978ded64291954cb99a57de82d5398ce782b68d14ac04a8b425395bd076ead59eb445721bdb2f45e19fa089117800cbbac7b8313fb165ccb1122acb654e1242dc7fe6885ea1cbb7281b1270cfa1549cdfe9b47caf47b4ac3807e562e48c066566f5e606b5023b47":"":"3bcb5c2a4261d75bfa106fb25ee1":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8cd6815f6ec15f03b7a53f159e877a5981e0ab7f6e6c261ddde4b47cbb2f2366":"c431c07d9adf5f61204a017259cddd75":"4e1a835402bde4f5227e64b46a1f8d0f23a9434e189377fcdf1b9621ba1987eb86a7f3b97ed0babfd674e74c5604a03dd016d71000a72bbbd00a7f7fe56ad0fcb36a3e24dd0fdb63bd66d4db415f35012416ed599796ca3f678df7eb5a1b17f75abb348ddd3b366369a7b362c9488aedab836b61f9a158f0b129c8ca0a53a81e":"":"0e463806ff34e206f703dd96b3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8f0a72abcda104aa7fae501f9a3b686d00d3f6fe984731db8a2865bfec587073":"ab8acd063775d1b1314f14e90fddd1be":"02c6d426e7f20b725d8cde0a6382e49b029b52126889013ef45251f27b2fadb95ca4a9a3b16ad06999eeca4a473e813045db4942e9b9ff2e5a5e429d9bac298372344d1b781d5facabf6d779643f31ada6124eb50aad599044b54279ec9b25714ac8a3b9ad2487cec7f4b1ee245d7be3d496d6af1d4cbee1c8201312541f3064":"":"3f0ccc134091e0c0425887b1b9":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"417135cad74280e6f8597dc791431c95cb8fa63bbf7197e3ab37c4b1d6d9438a":"0fe22d9ba1d0e32656e3a9f07a517a27":"a0b2712e81d329d5b076a4be2ad6823cee6dbd17d9a592d065bdebb92b1ff37a56bf2f5e5341f39c574246ccda19e5f35fede49c9ba958f3920cc5440fb404fab7846884ca0c2a3af5b51f4fe97a1395571319cc5b40f8aac986d77de280db82343983982638326ef003e0c013af19c34672975dc99ccc0853a1acf7c617d965":"":"888b836c9111073924a9b43069":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"304824914e32ea0efd61be6972586093349bd2cc2cf0cff44be943682b2dbff5":"b6d927a71929029f6766be42746f7cb1":"7281c81c7514f4b17cb125c4649006ef8959a400a1e4d609d277e363e433725fa32346a10bcbd826b6afc8222158920d0a2db1e6fc915e81231c34c3941ecf3c6f94ffe2136190cae3dc39a4277acbc247f36291b5614a8433b1a0780434a6c50521b72ec25145bbd3b192647155d5dd9df9e66762d39592602ea99bf9bfff49":"":"b6044c4d7f59491f68b2c61e":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8a10e9abe9389738e12a4bb6f553ae81e8bd320e0dfbc05fbae2128c1fde7a23":"6da44354e198e3beb54792718becbcc1":"199d754630135b669bf2ec581d3027a569412ab39a78dd9d482e87b778ec65c6473656260c27827e00e566f1e3728fd7bc1853a39d00e43752c6f62c6f9b542a302eea4fd314473674f6926a878ec1e4b475d889126ce6317115aea7660b86ab7f7595695787f6954903f72361c917523615a86d6ce724bd4a20c9257984c0c6":"":"5c5683e587baf2bd32de3df5":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d164ffde5dd684becaf73e9667e3e6acb316682c41aea247899e104a54dd7a7f":"1d388e19e9d7a9750e2fc1187d4b075a":"f166a5b6f91261cda56f1a537f42ffb8aed10af5e0248f8910034b92dbc58d25953f1497f571d31fbf5ec30d92234b440161703851f0e43530418147ce6270fbcb5db33ab819ba8973051908704b6bea8aaca0718947e6aa82498a6e26a813981783ed9bf9d02eb1ea60927530c4700ff21f00179002b27903dd4103bbc5c645":"":"52e10495105799ead991547b":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2854188c28b15af4b8e528ab25c0950fc1384976f242716c91bddeec06f2fdea":"075af9c31f5252b8920092cbd999e7a0":"e9452f71093843a025bb5f655eb6a4e8316ab5946484b11818f22b62f4df75d5891fa3397537093a261dc9a7648b7477ea1f5fc761716e302763364bcab7992595edd0fc1c7f7ac719c879e6616e2007948eb8530065a6cccf73d0fe4a0598819b471b0856e6d90ea0fc0e5d36a30ee925b6b8e5dbf40e77f01efe782c0bb4f7":"":"6ff8fd87e5a31eb6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2bfc445ac0365ae6c3c3815fd18bbd0c60ea224f6620d9b6ac442a500221f104":"43c5f3367a9955aaee1a0c4d4a330059":"db0bae8ce7c66a8ba2fedec22f236212e9a7ad72b371de285c7dc6d2f6c22df0ce4920e0f03f91eb1653c4490050b9f18a2a047115796f0adc41707d1ffcbf148aed5c82013f557e6c28f49434fc4eb20112f43566f212c48cec9894ac40772fcd9b611ee9444df7b73e35b8a38428ccb064c9c50491d2535e0b539f424db83e":"":"49aaa806cb2eeadd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b828f99aaf751bf22d993ed682e488595617a607ed74aaacbb6b60457453080":"d48dac1d8d77e245420feb2598812418":"f50f785f4e7c848a55a616ecf4b6b1e1ca85e16de7100c7e4273d411bd95c1380ee157ba501ba9616980195f34e39f43e335f33253342feb8ed64443483c721b85241a0320b3cac83104de2db47188c61a373fba592ea16feeefdee1f2bb43927396f58151418672ebb74afff5c029503a0d0be81430e81ed443e08b74c03183":"":"a5b71ecf845b25d0":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b6da11d69fca3e4c907628d3eb63d95c7e502fc901372fd097e064e70831432":"6fe2148f250ea178d4c8ca8423ead87d":"a8097bb74ded776f578eb7588f5ef8915db9bfa7262af700c8e76ee114e07557b6786dd5a60a66b2703e7c9de5d6b42aca92568aec5d1ecc298dbd0edb150b8cc13c9a78698f7674caa94da6cacd1f3ef4ca4238c59830ea725ab3a6284e28966c8c32d9bccfb0cfd6583a5ca309debe86549a6f317d15c5f928cbc7f473310c":"":"e9cdbc52":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c5ae9328be49e761064080fc213e53e373fd86359a09d0355e2d438d9b8e68f1":"a7e3f8660ff925d5c88c5aceffbd7026":"2ddddba7a56cc808aec4602f09ae9bd78887827bf0315d8dbe16821606ef9d117746dd138bf1f23565d1ab8f4cee36d53fe3730632c5df9f12109b16edbeae285bb49dfdd155f5dc97b319a85362d53cc86817b7c1c31e5e87c9f37422f133d00dd0776bd92ab05ce6860573cd911645cfe3fbe515e85f744899a447fe443653":"":"e35dbac8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e4f8ca13ba86c658cc7f42d4f029422209efbd101bc10a1df81a42cfb3a0f79f":"1a362fa0e4054ba11e4b06d59c8bc9cf":"e7ad5c75aa13659f8ce4b1650c46382645ec67418199b84ea445b8ceef619ef3fbde59ed3d313c459e36fcf87d26ef2b453409b32f1086934c3072c1ef0aac83762d28b1193b9afff2c083ce4300b768b0ae23ff9d3dcf65bc1693f1350da65180620aab205aceacfc683c8be53a332e2d0337a7518d2a5204f9c8d7325a4799":"":"e7a37f15":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"00050a21ca1e72cd0924be31b943c60854be6744577de3dd9d1f4fada4a19ea6":"2fc1afc1395d8409919248709f468496":"":"693ffd3d92294857a99c702a0799eeca28ab066dd90917b9ea5ef8f6547f1d90b106cbec8ef2c22af9f8efa6c652f2f97c2baf33af14fe9def230d49524bd65909c3df1490f637f99e788dcc042b40e00bd524c91e2427ef991bf77e7b2f770cda6e90076c5dac4cac7ee3958b53ff8ce846c3a96281f53c2c52f5f3e523536f":"e39b6a7fd5ac67a2a1cc24d5eb9d9c74":"":"cfcd6b9ff7641829cbadeaa2e56f1f150a099eccf3e378fa4da59794dcc4490aa4f9c5db0ab245bec36a7d4557a572008e42f03bc1baff3c946f23f54a4dc9828f106cf4264e4ab40165839d1085e7795b1ae0950f0ee4a08e46ada501b6b51dee0e518129c9426e5bd44c66674a9f99cfe676f002cfd344c5bbd22d3d91e600":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f10965a66255f0c3515af497ccbb257a09f22ec2d57c5edae322a3e6d2d188ef":"c571ce0e911de5d883dc4a0787483235":"":"91598690edf2de8b27f9bc7461a84e80811cee544f0542923898328cf157590251f0342cb81d359b5dccc5391a12320d1444c26f24178977dd6705c2b365dc1ece0152c42e2f0ee3162cf886ef5529f4f16a77f3bdd2aeccd405b59addf098521d0d38cc25f1991e11be7ecf24caedb48a2a286d2e560a38fa9001c5a228c4d1":"6d9d3a5dbc8dce385f092fff14bfffda":"":"2867996e389e09ec0da94d42e77b1e436b50065b09ca4adf1cd03240444ee699dbb7b3fc081a1869ca607d77d5ff9754fc3c997ff0a4ee17543a2ba77886b88a7128bcc51d3450df58ff3a26671b02c1d213df6adb6f7e853080eb46b504517cbaea162710a9bbc2da8b552eb6b0e0cb98e44fcab0a157312be67974678d143e":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4437ee7d16d8c3ca1aa01e20b66749efa901614d4bb4bee786ad5a5f1bfde2e6":"275393276745bc43bae4af1e5d43a31e":"":"ff80727a3485cdbc7fab4ee9fadfdc621c538e2055706629046078f1aa3fb687fc728d3a7ffa52ae457b7b5649613eab7bafa464bb435314c49e5900750f7ad39ca9b75df6b2eaa755439e101f67b7ae4cd80dc4a9dea0027048253f2d0a6014056ca69b8c85605b00cf75fa7634a0ddf464270a8c79ce1a1324c4a4c513b24b":"a82ff1e87d26e4d6e417b60fb2d3ce23":"":"88f994d276ed20be3932d16f551c4b7e2ed80411f2e72ce098fa0b70c22157a59edab30649fec447dd63f0c87dceca7238ef0d9561b58489ba7bd86f2892743099f40af63c432f78ac0ad0b5c2be47b9e3045e7237b096ee400f430af63a6f309de785caf190f3f4aabbe79f727a741590de542bd343df68d13db55a5f8bab41":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"fe4ec037ce563dadee435cfcb2bf090f1f7ccc7d1b5b4fab2f1b738348f8ed2f":"47f5264f7a5b65b671892a05fa556f63":"":"64eb8a4bda9804c09b04cfcd89094928c21480908b81ee19d6c29c2a3631b1a5bdc8e7f8ea56f7b8b8e14a5208296026785cac3a6afa54be8af4d5faedcd12b6621bde0f8ec5a2635fe72a89468ca7704c73aa40cd2ba97aef08886b27a694d339b00e7d12a31308672f87c06a7388a1432f869eb4cc1da864140b1b33931925":"660462b4088f6628a630f2e4170b21":"":"4a310e035361f98b8c54fb4cef70b1a9c910552ece056ca8fdab54c52308ec0ad7fe9dd1dae92badab5010577de522088768fa6466fbccce22e14c51ca7986c4063d0f06bf578dab16a91856713198a7138395c49c78b6314b57ab72fd079028c8dc351952d90b04a7cd2b245df0c0522447cdb7d3329fd9425fe5cb40a8e7c9":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e6e1ada628ca76eb9832cc6b5efc5c9d2686bb587366a6de2d734233fa95279e":"5a100b451e3a63a3e6d4b8a9e59c6bce":"":"a0ac738e0fb35246b84a6fbe319f827039515df25d0c0fc6de7c048253ae63d3c561e44a12672ffeae1cb925610b482aa422bbee0e1784fc69baac3a97d69f51e6d2a17957b44b318624ea7ec680a559f4d3f2761d09bee66efb3a312ae6b3ecb673e756b2a0f654671e82500e7ace91f2be2a74bc3bc1ec1a4b6877a53c27c8":"88df9a1ea54e5bd2ef24da6880b79d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cd5c1e90d78213155c51767c52c290b3d657db8414ee0a7604a2ec7b48105667":"4e022d8d86efbd347e8cbab7e979771f":"":"8e987693da0fb77b6d1282eebd3a03e05d9955ff81929b1a2c721574862a067ddee392c7ece52ca1451f3e6e321d7208882d97b4149af6d78d65c054e1bfcdfa62bd2202de32dea8363f8d7f041891ce281840f3cd906ab46ca748e5b3b11890b4014bf0271c9427c874097782d1c13dbb40e78fc8276fc134f3c29923a43a01":"e7df79af0aef011299c3b882e3a45b":"":"3b20473d9b5018d089e7f74d3fef22ec2805948a9e07689831973c704a6d8db4d090af88d696ab8c3aae9740a2bbd7f03e0b18b2b591e59c335c1043a2578a89b1a9f20fd0dd53f12e00e9bfdb27de8caac772bbfc4de9e4a255a5d1b04e59625a87b8279babe613def58d890d5502abf2f709aab625dcc20c58772832c7bbab":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6e3dfc07003bb6a2d82bd5263b2832f47db4e73279266c7a9ea21f4f18eddf83":"7c0f49fb54f5e68c84e81add009284e6":"":"a960da222af9d4da5797e6957d59b00f6d3893599c70e95c0984b56eb3329b191703c2532f3288b15ebf655b9b5ee4617484e5ac9c39bb06731d03ebe4fef9495d003b0ed694cf540b4dc759d32629e55512680badd81234bd71ffd55fcb5e6a85031c1dc31ee1ed198939582d8336c905717cc87101dcfcf9d833fac815c8ea":"b2ec0f3da02a9eb3132fb4ebe3b8":"":"a40b6f70f0572fe0bc70d83368e7c154f7dbd501f52501630a2e523d18e216e07368521f6040d806299397722b99bcf7f85d36b8bed934b49aa1fa76d38783e6a2e392d6d0786d467f7bc894a739ecf94f0fe884a9c391154f8326bf31ea5242a18aa263d04da4b63b11de23b42d3e10a2d5460cb32700cdf50a0d89165ba22a":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4103b1ddff87a508a219c808a04ad4750668688f4c2ee75b92d28d70b98a2c94":"5cea906737518c2cb901016e30206276":"":"a00a196193ff07006b7df524824bd0971d63f447a3a7bb1b75c1e2d11789482c115cff677b54948d36dc4de34200bce97be0101d88cee39b177857dd5da3cb0d2f9d6e1150f72a3bd655e0bace1d25a657ba9a7f8dff082b4460432075afb20173da22b49beeb6a030d72ba07869ff4389fc1c28d87018d7c1a9829c21932197":"3a3a771dd5f31c977e154ef5c73a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cd8c2f0c330d5db316dae7a16b57d681ca058864f7bd60f3d0de174442283f77":"387ee8c1e7f047e94d06d0322eec02fc":"":"e2a5ad295d35031535bf13c2993bd0b292e8a9465b9dab738e59ba03670248a1ecc92b38a55bae34729162271cc1572c35fcccb27417b48dfcbff852a7a8845cc829a4461061b558ac8b5930a5c6491ffba04a9d0dff220b3cd5e4fc2e0f3db3b2ddd90328f2cad819573a7856299620b02f5ee0267f3b56981afbf1b7d9e3e1":"62356850d12b54e39872357cfa03":"":"17b7f6bdfc1993c56dd9bd674cc276a55a46fdd9fd5fe435b9e4b7ebc7052a9dc76a99e4e43aba7d486603189c90d10a21ad3722c86bf5bc856a0f930ff5bca65be708b76bb8a29105da67f31eebcec81f28aaf526d2f8f0feac393a24959dcd612e2b93b4463f61957d2b3046bcdf855e346601e4c7760c0ca618ee7bf55381":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7e19e400872eed721d560202cd757d3eb99729496b6e3a6d38dd8afe1066045a":"d2b277f78e98f1fa16f977ce72ee22a7":"":"3fb9abc7aba654dfb174e8899c17db222ffbb387b7260fc6f015b54f1cd74284c516e21aae3b72338e5e8dc643cfafca0678f5bda3a7539f1612dddb04366031b5a3eda55f3232c1b176cc9be7cc07e0ebca674a272224929c401a2530efc6d4eed0087b544b12d172a01bc8340d9c2a2ebcb5af8b07d96073a879fda140c196":"4c81c044101f458fdfac9ca3b9":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d0653934a16fd36c27d54488a1829302b931bed6e26ca26047242b85b50bfb61":"94886a1845aebba5ed6b86f580be47f9":"":"c02347e1add9178d830d8baaad9aeee37e958bedf2cc846e2561fe8c83481d0a8a85911e7f1f6e444b28f30bd96c13c390e80f616feb6844ee6fa486543a2e3f38c138f45b4405e3fb331b64648219aaf1d574be948ccfca6afc18d12488db19c35b05601e47c0af5d49a93a5dd4420f38585c1eb033e173376fa390d3f948df":"4be34ff42085ef4443c8b6042d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d0f0ccb88c7cec9496f26a59ddc67dc59ebe49ae3dd89ef3be008598727e214c":"e5ca84b907ac761a5e68a9080da0a88a":"":"7845e155f4f28021291e7c814a1ace8f42b239990831aa82758fc1e376cace0b6f668f7f2f224dede1ef5b1df7ae74b2c01483701044acbbb72a9216eec6b7ef0190f114b3c73c6985c4653f11601c774d10b7f9df1f1e1f3ff4fafa20d6525edb37d9e5acfafe6d3468ee068d407fdb56dc718c98425926831253978d727854":"c8f78e4139dd3eaf2baef8aafb":"":"0cc3ede50b0d3fb9ada11300a3239a383c98f968ad65266d57a195bb18d3e568fe6cabba258da4bee9e923c7c838e06dc887a6c49cc1453ea6a227c6a83e651a8742e0316cad5efc93739393e3603446b5c920a206db1434adbb8ebde4d1a7a8699c7f6c61b2d57c9709b564338423b4f526d6c157647a6c45da9dd521061f05":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e35dcea17cbf391491ae5ba6056d0dd13b348183474dd4b614742751bdebfc32":"fa549b33b5a43d85f012929a4816297a":"":"5213542beb044910d7fdeec8bb89de93f350760e493286eaef1140485380d429f74a4279c1842a5c64f3ca3381cb5dbb0621de48821bded650cb59703e0ca88f4e9c3d15875f9dc87d85ba7e4bae9986ef8c203fce6f0ce52c28e3a93befb4cc4ba3d963d2283cd30f9bf6ab99d92f2f4f3aff0b022f1751b89d43ea10bbb28a":"afa61e843cee615c97de42a7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"844c50ddc0ac1d9364b21003287d6ae6360d12bbb17a85351362420ee4ca588e":"2f8512bb7e214db774a217a4615139e1":"":"3a3bf4ccaf05f7c02f5e158dd2c5cb08c6aed4b1ba404a6d8ef9a0737fe2f350b3e22188fc330ea63e35df82f996e3cf94d331c4246cdb25bb2c409762e05ddc21f337edee51b64f1766ad18f520b3f34735b24278d9d647c533a743e0c1e9c81e9dee975cdc47e8582113fd250ef59353605b64acb7c025a97854c1a5c03237":"f1da1cebe00d80eb4e025feb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2aae1aa047a20ed2d6d8336d923864cee9404f924031ae327fbfe2d293e1d93c":"3da9af3567d70553ca3a9636f0b26470":"":"8e5b6b9e4e7d01de9a919dd33c0c1eb94dcfebf28847c754c62c1c00642d9e96f15b5d28ad103ff6969be750aadfd02fc146935562c83ec459a932a2fd5fda32eb851e6cff33335abd5c2434ae4f5524d6bc74a38094ced360f4606a1a17096ff06604952c8ca94a9a6dc4a251e13b0e0c54bd8a6dff5f397a1eb1cf186fa518":"e1026b3d15d261b2fb47632e":"":"58c52ea9f3b162511160eed1a68b6f52b3c4f5834af728de97a3d9e4ba337b29aad12636003cf5be9ffbeae0f383f7cf32f645a8f6fc5cdc1cde91c625c69a92bc434ed671e52a0044a48f3fce55cae49a7d065c2a72603a7efe58b5a7b18ac500d1a51420e820357e7a439b1c02198ebe3d4e62d5573a3aa5f40900a21e3b41":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f3d69208cb0d27474e9a231cd46eac7c1574fff950c48bbd1ba03fad16f563df":"b957f05921d21f2192f587768dc12b4f":"":"0d1f06eef5e8f2c81d1a73bb1dca93c22cfb6e40e9948bc75b0d84830fb9216330424f580b89050c3fb3f620eca8f9fd09fb86d2e8b3a0869c6022d8a705fc280d66fd16d3aba7395d6be4bed44145d51d42d56285f3675726d62d94c081364a6d440511de83a613c598b03078e2ec7648c6302defbbea66aafd33e1a4b1686c":"322374fbb192abbc":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cb2cdeb17fa6bcb006c7fc60858a12a411804464458db351957e8caf42f1ee6c":"31bd7c971a6d330b566567ab19590545":"":"296504131354b2c1928982f12d408ba2377f2d4bbe87e4c69f92a15bf6003910a43bda6c8929df66b3ab1d202a5258cad199f32f36cc30d2dc06199c2a52f7ccadad1fce50123c5f8434dec57cc60cc780263d7aace8f59cc8a6c54bddbaded3adb12ae2ee0bacf6a8da635ff85b51a4e8a1b3dc404863b90059de4ad0f158dd":"efc5a1acf433aaa3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f94170790fadab3240df568197f9d6f6855afaed8d07eceeaa2380121872529f":"2f9c0647a4af7f61ced45f28d45c43f1":"":"ed231b78db082f652bc6310c396993b52de804a82464fa3fac602a1286535f59c67fc2b1b420c7321eb42b971edde24cd4cb9e75c843f2ac6fb8ecdad612d2e5049cf39327aa7a8d43ec821161c385f3fdc92284a764a5d1cbae886f07f93017f83a105bb7c3cc4fc51e2781516a2471b65c940ddae6b550ad37b35f53d7cc64":"ab74877a0b223e1c":"":"1cb5ed0c10cee98ff8ecfa5a1b6592391bbd9f9b1dc1ff351e0af23920d546b5e27d62b94daabd32f7f96a2632dc9fd7c19bf55f3b9b7cd492e76f4d6b0f5b437c155c14a75e65bfc4120bef186da05e06a2fd3696f210292ee422ddbce6e63d99ee766b68363139438733c5e567177f72e52ef2df6a7dd33fc0376d12ec3005":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"797c0091ff8787fe7cd0427c02922620e7f6fb71c52ddcc03a9f25c89ba33490":"69d81c73008a6827a692fa636fbab8bb":"":"2d3efc8900315c3691a8e3c9de3319d4deaf538fcf41aa0e295b861d0ac85baf56d149a6437747dd6976f44016e012b88de542fb8e5b9e4ad10c19deec4b7c0b69bc1b2e33d44a981ded66127dea354b072010b8dc24b85ed2ffeea3b9c0e931619dbbf22677691f0d54fc03eaa162e0ab0d760ad41021f67057c0d6ac19ca8f":"be2dda5c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"90ce1afb5500489b9edbad987f4009509c847b3e55cdf0c764ef2fb085e3d033":"e119e166471ecf44bc3a070639619931":"":"98482b54edce2bac1cd64d44917dcf117ebfbfe26ad17a9b263447028304f1cf5a69559c05b5d833420f4fddb6e308277d01eb4b3235f1c4b47d33d3899325b55e7be19d43187a5b1b1354ce02a529b3df1c13b4883902ae9fc565079dee825e705f3e580371e4fd86c3b0d31bae98adb529901f346ca07127314152b4370edd":"b2f54b3a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"29264a90f114a800c0fc3247b3bda00981a12a8f85cf3a19ea4c7ffdd005f4bb":"cf296aa43cb7b328e09c8975e067404e":"":"587c8e53ab5ae8c31e16160b4a41d88798e27f4ad61c573c023c62d4dbb3952eef5026ad7b453fa9e0694347ab8fe50a6cf20da566202b81e325cee9c07ab2d4d53ed45b3ec2d2135936515f8a24f2a8116807dce9df3c44edf64c32647145152ff241d9e018e4101e400af070192dc3b498b5a213d265b4cfc8c8d4d7deccb5":"56015c1e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96":"5c044a66e488b853baf479f7dee2aadb":"00304e3d40cbc6d2bee0778462884f4ec047a8c74bb3dd7e100f2b9d0e529fd24730063986117b56ca876b208a3691425ac63afc3d504ccb499c76622eade09717023fcb7d956b01ce24a3e53cb5da472be3fcf5b278b5d9e377de22fab75bc74afa9670f5fe9691aa0ed77e43f6abc67a61ec409ec39fd66ac0307bf195f36f":"a87de56d49725a1625baf12fd15931fe1a6783dce5d1e744eba108f45e0c105d8141dc027d0e33ad7efb6752b43729715e2f3e2c42ebdab4d5f72f886bd821c4372244699ddded99a63dbe7763a5a3bc21cbfc253cdc2514eba2a4f54e24dca7c207cb3f6ae80153d77fe0641f357d5a073dcd425c38deb77c45f27427345516":"72ddd9966ede9b684bc981cbb2113313":"":"aadb8537309940422f67ca393aa6182d67fe7c52092538a15e98a4254f0a9087c7f10903d5e78078c2e55de914dec8b6b35cb720e3e55963c0ac9901e44b83a0e7c5b2d3f002aec0a4a08354febe47b2abb955f2a21107626ef0b8e1e099650812a6fecf36908fce2d078c2735cf7c2b970a309e5c6d6ff29c26a05720c57105":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5ca3991d0160b1729ae1a622dcf4b03b1f4ba86150bd66bf35cbbee9258af10":"f8402184d1cc36df07b68ecb1ab42047":"d378cfd29758bcbd21e26a324239c42c992941b3ad68d9f2b3d2def3a051fd172ee882562970ef59798ff8d9eb5f724ff17626156f4cf5d93e41ffef6e525919af6194ea9bbb58c67563d3ffd90e5a6e2a3a33bd1fa3d55eff5dba7cd439d571f7e08014c4780e3d10904ef22b660897e78258da20b2600e88d71c35ecb6329a":"62aad5854a238f096bdde0711ac6f5763e7fea29db068ea8c911f17ba91e6d7807883e6fc5ba7db17af33da2b00973008a3425e65cc786ce1b97360019ee2cef74563d54752be436b905705b507c3d62689df4edf0356d26b693eb43d8a2a927a9f3866b7e0e19e84a90447bd6f47e31070fa7c2a71e3f78229ee19fa47e848f":"9e8b59b4971130557aa84ec3ac7e4133":"":"556dd32edc0af3c64186fe8c000ddad1516cd14721c93c228e379d4f87e32c79e734539cec930322048f34a2b34931c585d44f09966caf187ec4b9244c991a8a5f263e9da1d08d6086e52535afdb36c7662307521cbceb9ecb470a76970243723fbc1613b6ebbcae261ac2f1936e66ce29ec7350b2e6b2f73a910ade645154f7":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"df867d1dd8a287821a54479cab6f88636d2aca30e1bf01a5dffc735e17590356":"35019826c51dd1ef07ff915d9ac4ea96":"0375ed93f287eefe414ab2968844bd10148860c528dbf571a77aa74f98cc669a7fc317adc9f7cf2d80dda29b19db635b30a044399f3665b6176ed669146d28f5ada03b3d32d53fe46575a8afcd37f20386d9e36f7e090b4fefadfab7f008e02f1b5022c0eeb81d03443a276eae48c038ed173631687d2450b913b02c97243edb":"6517272cac85d7f38902bcb4b96a0c59c4bdc46bfefa6ebacd7f2fb1629b87ca91de2ffefc42ce3cfd34dcbf01b3f7cadcea3f99e6addf35d36c51f2ceb1f85c1f56a04ec9c9fff60cd7fc238674992183ea3de72ef778561b906202b7b83fe6562a0bca9c1e0a18638e8685b998b4192f5120435809ad6e93a0422d00725262":"e49beb083a9b008ae97a17e3825692f0":"":"723be39bc13adbc48c861b07753f64fac1ae28fc8933acba888b6538721df0a8b91c040a26522fe0dbb7335d8f63d209e89f7cde23afa9ca3c584b336d63a91e07fdd8808b14c3214c96a202e665bbaaa34248ff30348f3d79c9f16e66ad6c5903305acd887a89b6244eb7c2d96e18b13a686de935bf3821444ee20f48678be5":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0e8e9ce6294b7fbc534a96bdd060120976a6e08315d2ea73ac61d085cd462a44":"4edc6be20f904b4789e5bee0a80a3fc8":"db28ce076b360816cd1e04b7729f8ab080e0a07f35204350f3bd056945aab8638c0e8311ab056f3e5debdbfbb03fae700770264faf73e0f3a05a5812aee84ab613c82f4a76da276250675f6a663f85e2c26d4f4a8666a7f4cedaffc1a7218dec11ca4e72b8b5d5b620d1efbd3d3b94a5ae0d118b9860dfd543b04c78d13a94c3":"9855f186b51358f0e2111c06bfaaeaec9bf95c55e246375c614fad9883d86c82a20c86538dc5f42a0ea69677d59a20c5112d15d2a8396f12096242ad5d7b838d16ee0679fc4017af75bc15e8ad2f77b0e802c864031cbfb0bacd95c828d1db4b7bab0713619e9e5e8fe6902aac7a9e6c42eb05f5b156f7e663ee43e6fdb62480":"03cfe6c36c3f54b3188a6ef3866b84":"":"e10142f852a0d680c983aad2b4609ccbd35ff61bb3eb66442aee6e01d4cc1cd70f45210acbd506395d6ca0cfebc195a196c94b94fc2afb9ffa3b1714653e07e048804746955e2070e1e96bff58f9bc56f3862aaa5fe23a6a57b5e764666ddec9e3e5a6af063f2c150889268619d0128b3b5562d27070e58e41aadd471d92d07e":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"886c77b80f5f3a21c01932685a540b23629f6d41d5574fc527227ed0bdf2e21b":"5ec506edb1890a5a63b464490450d419":"05b8d820c9f439d7aeae5c7da0ee25fb0dad47cc3e6f3a47e8b984e856201546975f8214531fc3c2e504d2ac10fa49cb948596b9a8fab01b95c49d6f04d1589f93b77b899e803dd20e1f00a51c0b5953e85be639109b14b100e35ca26d84ea629964b0db8260dfa5a150a66261bf37e79de2ec49e9f1b082a7c58ecd3d39b6c9":"53a17d7b69f607f08676d6f6dd4e8db08e01333a8355d8c87616e84cdf10ef5b041fc6ddc3f6a245c0f534c2b167064af82f45e4702a5e8dede59579fdecf6713353392433950c9b97c38d9ee515ac97d0970ccf03981954540088567a30941bb2cca08cbed680500f8342faa7aebbc6c143e2ea57ba6b4ac1fd975dcc5d0871":"ffdf56e1c1a7252b88422787536484":"":"79ee27adfa9698a97d217c5010ec807806feda37db811e398c3b82abf698aece08561fffc6c601d2691738e279eeb57e5804e1405a9913830e3ba0d7b979213ef40d733a19497d4bb1b8b2c609a8f904e29771fa230c39a48ebb8c3376f07c8013fff6e34f10fe53988a6ec87a9296c0a7cfba769adefe599ec6671012965973":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5231ca6d772edd9ea2d251e22d7d455928c22474b4b44130dad57e6511fed6ee":"048698a4a0feabc1f336112e2794795a":"3a81b6b0b722899ff931cb73c39222d555b83ae3f8880b982593cbc1ab8be90d1ee32fd7dfe697cf24c95b7309d82c3fed3aa6b3d5740cc86a28174ac8f17d860ebb251ac0d71751c2ff47b48bfb0b3beb4f51494464cda34feaecddb1dbbe5fa36c681ada0787d6ed728afc4008b95929a1905787917adc95f1034fedcd817a":"2767c808410ee132291585ea74a48ad3102f883f07d060c91c5f10abd37fe0996d2210dc490260238ae15f5d74c7be2a1e15d80db09079c520047f88488a7802857a3fc3b81d85a96949997430a880177880a31d4d0c9c9045247804f057a4f2756d6e40375a4a3187c4376d6bf573ce334cda1ed88d8a50db499e7cdb89d8db":"ba61edeb7b8966188854fc7926aad2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5a3f516a7898e04e5da4efd6c7c5989b77552d195464620c2b35b9a4fda29cce":"9310af6974890c0a0364231f9cc8103d":"2103af8356bcb9dfc2a4f1d4ed09cbcd8e1990d23865605e19f87feb50bf8d10d0257740e5557a9297f0499c01e29a1a513ca18e6f43f7406c865cbe3951a7771128f3110c8da3bd696368901944549552842a1f6fd96cc681b45da098f3c1acb3d237d2363285f520d0b6714b698790b7660c52ac84a42c9721ac7e9d38a2ef":"5cc28b61ae97557774bdcd7ff653f4aa349df68d53c7e5a65263883ef1fe224ad40e86bffc2d38f28a2ed9ae1fc08563e2a1e46246106546eb8e6064c06baa0046fa137421734b7f0f94656a4f459d9d981717557d843700d116b6e5e2dd3af5f67c34edf31b40b71fd3c6f2475f9310feb70bcb973be52d41e86792c49d54c0":"993fc8e7176557ee9eb8dd944691":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"59c9258554363d8a885fc0f5d112fee08eadfc7ce52a0e7e73e3d0d41d9a0290":"77e51e89dc47bbcac79cca21e81a61de":"25a6f8800a9b914c0ebf9a45d72355c03ee72a138eb81b2980f332645ce1d7aa4659805821866aee2b276e2c032776b4eaf36f93b5f9a72b791be24e31eff105ca6d0700e3069ee327983dd7fe1c7465d6c6d77837aff69055149988e7199847fad98605c377d997dbd40f3e2ff1a4f978a493684e401249e69540fbde96323c":"79c491411402ea7878e480519fd984dde44bce6459303bb76d4eaf97d4e345d1aafaa68ceb0590b41cfed0f411b675d9344c7e888cccfc9eb6fe6b229d198f94ba516ee850ee7f078a4f5f32a23f92f72264e3a76a31ebd042564315ac4f2ec0bb49ba6d08cfd2d3a6308688e39f28e3ecd669c588368cee8210edf5dbefb925":"ee6d85d3f3703b45adb4f9b2f155":"":"44ca68deed5478074adfddc97f06f44c08bf7bca4dee8707d621fc7396fe2efcdad0a167d1708a9ff59ce4cddb86920bf1dbdf41b2109a1815ffc4e596787319114cad8adab46cf7f080c9ef20bcf67a8441ba55eac449f979280319524c74cf247818a8c5478ea6f6770996026a43781285dd89c36212050afc88faa56135fb":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5e9eae594cb54c8089330e4404ff79abb1c0841b0be5347a14633ad1e1ff44fa":"0917b486da754f48bb43ecc8766a7ce3":"2aa1ef2f91aeba5da10b48a882dbd4574df4e9157a18abf8cecd03e4176712ba171b6ecb0e745841ff84e35063e47b08101afc44cfd9cededb913a82f00b9d4bac922f23a22f200642270399896405d00fa5271718eefb4cd5fe7e5f32097766ebff36ff1898a1c8a1a01cc18e6121e470805c37ff298fc65ef2fb1b336d09fd":"32abc1eb6077555a85a0a6fd1c78cccca6c8b375842e2eb8eee45ee6c38dc0837443d16c647252e8124639dd01c808ac5e857a25d927c2a75e2fa8955cad5beb5c206fc050cd933fc4621f5718936f01f39dd700ae1aee7537cc595df8789c5d1a6e1e87b1c7a60e3ce5d57c80dd65dee3801798e1481b1963bcc78cc69f8c50":"92282b022e393924ab9c65b258c2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"aaf03c3055a35362212b9b059931e7a24fc71e32bc9a533428c9dc31077f2ebc":"7dfccd077b29e6ed5720244bb76bde9f":"21edd1c6056f51fd5f314e5c26728182edcd9df92877f30498949098dcde8089eed84e76d774ef8874d77125669a302d268b99dcd66b349d0271dde6f8cc94dc4f2df3787887b1173cad94d067e346846befb108005387102854d9387d2c0fbc9636cdf73a10d145f4b612c201b46e1ff4465f6a7654ce3da5792daf9a27fb35":"c0e12cdd8233878505e025d52427536be7b6bf1887d2dd20eac7092db80b22417a3a4ca83cdf5bc5e36161be1ff9b73f7ceb297c6d07c9cb2a75035a5dc079e48283daea60596f4b356ca28c243e628cbe459f069709fe193394c9b1a31d8ccc5a3a4eba30056c415e68571a2c34bb5c32efff12e9aa483c4a68be5e76aba4cd":"6154c6799ad7cdc2d89801943a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"60c775971a9eac7950ed2bdd85bd60fe948ba04c419f6743fb67f37557e46c6e":"9b92ad7079b0de09c94091386577338b":"1f6a84b0df75bd99a2a64849e9686957c6a60932ebe898d033128be9b757e9890225925d856bfdc33ff514c63145f357730bb0435c65342bc5e025267b410af6fd388a5eca01b7efc87fd3b1b791df791bd47dfab736350d7b7f368b4100e04c939d5af957bab95ed502dac904e969876674602a0f0790da2d7351b686e46590":"8abb2e66a4d08074916056bb8e925551372f737f0e1b597c5d08ee102989743a273b29d7281013f8b3aee2934399cb427370d70370ee86eb41584b653660c633506a53cae747826bb7d93909f069d5aacf058b7f2bbdc58ea08653db857bda83a979fc22a4f126dfef7aac45177f4cdb802fab0c812fb35d12a8176ec21336d7":"1d6cd4ab3914e109f22668867f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3b426e449337a14bc0663246ab61b671b523c9a3130c21ed59c93fa6a5aa5ae3":"e6efc96acd105fe4a48d1ac931eea096":"0902cf7a0685444126369712ac47962bc2f7a3a5837f1b6190d9ab1adb4cd35e7f0892eee628b8e07fcf2b598cebe1ec07d8c4823172ae66a135bb51cc71590707b691a66b56af1ffe38772911d11685da355728eaddd83752d21c119d7b59f4c17c2403629fa55cd70cd331aed7b0de673c85f25c2e9e0267f53f0b7480c8ca":"291bd5a00d71eb7d547b7c94e7030ba4a947418eaeb378a3bacd304b08c6f92f6958eaba968ac6aa23e0512a2a8ad7c1ca2f8fcf623bfc1281f5b7b598c08d2aebcd447668b23238c5e338b4c2ac7f8fd381714c596ea3e0c17aca4317a08563e58f0f52a8af08e078dc242ae54ee0fe3869f8c9687b004a4ded0aa27d8f4c5d":"ca4bfeedcd19d301d3f08cb729":"":"bcef3f2fd101b828d36cb38530cf9a0a7a285ac1c55ee1069cc78466327e85887534c98a8891d579effd832c0f7d6e7e822fb1eea85a39317a547591def4aeed6660872859fc9d1df9725d3c40e9ccaa900e0f1426a55d20ac4f2e8e07bd3bbc687f8e059ab93e7604c97e75ac94be1c8c24f4c4da0080a4d77953fb090cbb62":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ceaf204ff504ea8e7fade1a2097f2b527a44766860447322fa5ad346cd810217":"cfdb8183251f4b61c64e73243594fdc6":"a60f3969fd1b14793dd1425aa0b1f742a4861e0b50eaffd1525cd209ba6d1252176763bb5bee59aaa55f92341cdc0705899aba44cf0ec05cbf80274ebef65cd9507fd4224b25cac19610968d6a37e2daf9ddf046ef158ef512401f8fd0e4f95662eebdee09dd4a7894cc8c409be086d41280bd78d6bc04c35a4e8cd3a2e83be3":"1c8e4cf6018211518494d46c2e0607fa42e236abc28d58f8175c530f84b1f030572f5f6a74cb5517e1fb999a637d352afcbeadea9121e695675859b66b499a3a351ecba5226e58ebbb59fe12e359e4c89cd51c8703d4643c49921ae495801c73627df404b91e828e1d0e03ae09a39defb5aa5f2c8106953772ba0713d3261329":"9e45029f4f13a4767ee05cec":"":"5cdc66b587ed5eebb04f42b83a6ab7017093514881c598cce332d74fa3fab927493ac15bff26835296e080b5b45ef907c0529fc2f4ed2fc09db179ef598e5d193ea60c301d3f8d823404814e3e74de0e1d2417c963e9246c353201c7a42659d447376e7d05c579dd4c3ae51c2436407b8eff16ec31f592f04b8013efcfd0f367":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"15652abe38cd09777bba21d0db04637f5737d3cb3922181b9f2d07bfdafd327a":"3a5e0d223ae981efb405566264e3e776":"cd755437cb61b539908e0cfaaa36c0123f8f17d1e6539783cb61d4b56cac3bc1e971c1ea558b12669b025cb6b9ad55991c6e2f8ee8b0b7901790193e226a0fbbfff7ff0bee6a554660b9f32e061b6c04bf048484ff9ebd492f7e50e744edd72d02c8fd32f87f9421bf18a5a20ebb4d9dbe39a13c34b7296232470e8be587ba09":"1d6c153dec3b4738a09c9fbdfe31a093eb7ea79b8fa49f83e5e1f46893590f074fb171fb66e30ef887767014e3a10a3aa05da2bd50dd7b7936e1d7f6f31af9030e31e76bdf147f4396464db0f6a72511c4885c6c2305d339906e3c761a3249d7ebea3bf463e8b79c3706e684575550e964b8047979f7aed6ea05056c4b5840b1":"01a573d8e99c884563310954":"":"162430c23f7adcf98575a2d9249b4b5cec42efae33776360ebfa6a19c8eee4bd6b07cbd274deadc3292b7cdbb7803e99d9f67ccc5077f3ad5808f339a05b3213dbfd11377673d4f9b486a67a72a9ac8ea9ba699861dce0de7e2fd83d3ba2a2ec7fabf18b95a2bbe2184ff7bddd63111b560b3afe7f2c76807614ba36c1b011fb":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a43f6d07042a15cd49f6f52a2a3a67c6c2ff420d95bb94b9fe03b287c3abcaf8":"3b6fad21f0034bba8b1f7a344edf7a3c":"2e01c0523c8293fc51388281dccdb8d0a2d215d729289deb327b8142d716c2bb849e9476545b82f3882ba7961b70c5da2a925ba18b6b121e9215d52ac479c9129c9cd28f81584ff84509d5f9dcb7eaae66911b303cc388efa5020ac26a9cd9ea953f61992a306eb4b35bcd8447eea63cef37bb0c95c1e37811115cf26c53e8c5":"b67e58c8b608724fd20aa097ee483bc4c804490cc79de635170944af75c87ae0ad8261365c1dc80d852553bcba18da9fbc3fbe61d27550a03003ef0c60202054626655509a9e1ab54677e537a4e761df011d6c6dd041c795446b384161ae9eab441afd24d19b58eb4fe5116cd7b11b751ebbd0a2adba7afc380d9d775177099a":"43470bc3d7c573cb3a5230f5":"":"e1720d451fa7ab9db4988567187244b15b6fe795dd4fef579fb72e41b21aaa436d2e5d8735a4abd232a3fb9188c75c247f6034cdebb07fd7f260f8e54efefa4f2981cafa510dd5c482a27753a7c015b3cae1c18c7c99a6d6daa4781b80f18bbe6620bfc1518a32531017a1a52aadb96a7794887c11ad6bdd68187ba14f72a4b5":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1f0f0191e18db07c0501dbab4ed952c5603a4cd249d2d8d17e62e10b96ae713f":"ab8be16b4db809c81be4684b726c05ab":"a5a6e828352a44bd438ad58de80011be0408d410f6e762e3145f8b264a70c593476b41bb87875746c97de7d5fab120bd2f716b37c343608ee48d197a46c7546fafcdbe3e7688b7e9d2f5b6319c91d3881d804546b5f3dbe480996968dd046f406c11f0dc671be0421cbc8b4ea6811dd504281518bb96148dddf9f0dc4e2e2436":"aad40e7866c26e486b6f6e8eb14a130d5f88891bf0d09aa8fe32f447ab8dea7bee5d3eda4499c0103a010483f2b64fdf1155499d31decf528c77dd7627884f9995c213cf7402143dbb7561d69c86886734260ac94ffac7eb33598d25714228ef43f744ec1af2a87e789f1e5d6fff0fbd5082dcc49328f194e8f8a14a5bfc962d":"d8bd7d8773893519":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a6cf7d83137f57f2310ee6bf31e8883952bb07ccdc12f516233ed533ea967e5d":"f17e37e73a28c682366bfe619cc673bb":"0f4dd201b18e20230b6233e0d7add6f96537dd4e82d3d0704c047fab41af5faf6bd52bd14fa9a072f81d92a2ce04352f0b66f088c67102d2d127a9850b09ff6087f194a6e8ccaba24091feb303eebb65f1203b2d22af44e7be4de71f03e6f6cbadf28e15af58f58eb62e5bddfae06df773cc3f0942520de20078dda752e3270f":"83ab20698fd7573fd121976a72b45a7f03aad84702fc8ac73d6926eabd8a546895aeffe4ba81d117507e2cd37d58eeff71cc3afa8a4449be85f228ea52f6dc6395bb43c1c9f795343720841682d9b2f00602eafa4d4cbe297bfc62467e526b9d823cc8eeecd9e5f8dbc2f65610663c6f37b3d896651b254bd60215629ade3b2a":"74110471ccd75912":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b0c85ac6b3887639838ddca94c5c69f38115aa00122322c8114642d12ea1b8fe":"14f68e533ecf02bceb9a504d452e78c7":"796a46236fd0ff6572b1d6257c874038f870aa71cbb06b39046d0fb6489d6ae8622b5154292ae5c4e1d5ff706daedb2e812533ae3a635d339a7fbe53780e3e8204924a5deb4b6856618f4c7465d125a3edffe1ab8f88b31d49537791c0f3171f08dbb5ed1d9ed863dafbae4ecb46824a4922862fe0954ee2caa09ab0e77ed8fc":"0210fce418e7e2199cb8f899c81b9be74a630d00269755f882fc4db27632e99685cc12c426a7503473646df1288d0ede28408be9add5713628700f8e2b2e27d7522520ed00ac47239084651eb99e7d03e1520aae137b768f3144232c16b72158fd5da4a26a2525b9b27791bf06d1eb2e671c54daf64fddc1420bc2a30a324ba5":"6fb0b5c83b5212bf":"":"5e6c362f7587936bcb306673713a6f1fb080783a20e9bbb906456973e529cfa0298206184509c30e1d3793eaaa5d564edd4488f04311821eb652e0a1f4adaf6971505ca014788c8ce085ceb3523d70284ed2bb0aebeba7af83d484df69c87f55a93b3d87baa43bd301c4e55eb8c45dcf3e4612535ea1bd5fdb4c3b9056d0cae9":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #0 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e61b1a6b40e2ab1245ff65dcfb9948318ac4fe55e9ed600cec301dae32ae0e93":"c356244b3034d288e4d4fe901b8e27c1":"bdcfeb09d5b97bab05a7acd9849e7de2c5beb7a4dc573c7e1c1d0c0409245a6584023114fdcc6413c800ca16847bde750b27c4d590248e2ce457c19b0f614f6aff4d78d4a19b3251531e5e852fbb05d09412cc1ff8988d1955ca6f5fe2d820f20a7642e3ae69e8122b06ba0918e806400b9b615e1abe6fdd4f56a7d02d649083":"8d67fa9fcf078e421cb63abeb25dba739ab0e09a091dd06b0c616e1e888f350edb2d73a42f57f115266ea20c7f8fc143ac746649612df06a5e29b4a15934dc049be1ab49d018ab86c4f37d8c3d9c714f038029e74d8ee3dbe61d81adc63712ea413b37f7604da12107aa1695d9b0981e5a92cdfaa5fbda0e31b22c6fd6f3b499":"86acc02f":"":"7c73182eca97d9617abb478a6ce62e3491a7e9951981c89c3071b161a4c80440614c3f24d0155073e28dcccee96bc8303dab4901ef77318df522d16d9da47770ef022395d6104cd623d93d67090a27507fc8ca04157e7939e639c62cd0e7d8a472314833c0eaa9ba2fd54a25b02854e3bff25cccd638885c082374ae520ed392":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #1 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4f5a02e9843d28c8c226ed70d44b8fced8fb757ab6ece4d4f06e3c3cec79e44f":"099e5d9aae89fb6391a18adf844a758e":"ad93e8662c3196e48cfdb5aa3bc923cd204151aa980cbec78f0d592b701f779c1c49f9e8686d7e2385a4146b21a643a59c18c8b82214f42560bcd686fad7c7c8e8c1944ce6b20ec9537dd14b6cf2592740ca112f4cd582250d69f240d3e957040e1f7e19c60b3c8f2bd00cb666604c38946eb9b2f17336d281b4794f71e538a2":"3ec13950d329f24074714c583bdc35686b811f775b76b0a8fcfa66fc56426c9d022f8ab0af38f8d2f71a068548330cdbe891670181ed7491bf40c739ef4dd93689fd35929b225089d2b151f83d9b3cd767300611144586767354c0491112c205409f3168092d27f9b9f433afb79820a2811984d48e70c1fb2a13bbb3ddbc53fb":"30298885":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #2 [#1]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1cdb218e0bd0e02156e5b48182990f778889793ef6018a8928e61164ac047c8e":"d2ffbb176f86bee958e08e5c7c6357c7":"bc580c4223f34e4f867d97febf9b03629d1c00c73df94436852cafd1408c945c5474c554cb0faf2bae35d3160c823d339a64ebd607cf765fa91f416fc6db042bc2bd7445c129b4a0e04b6f92a7b7b669eb70be9f9b2569e774db7cb7ae83943e3a12d29221356e08e5bf1b09e65f193d00d9fe89f82b84b3b8b062e649163dc8":"4d039618a0eb640329f90fe97de18bc928fc3fc7a0db42c97774bec2e882e872fc1097c8319f7837a16516bf387b1bae321c565e8fc1cb8480f051158e4685f0adba310d2c6253bc1300403cbd3f7ddcb2796a69f8bf9e73d47aada9a02673c1a3d5ecdac838abf22b385906236529a1b7dd5b8af2611a04cf4f83b15ba41cfc":"1997daa9":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"dc1a145c18bdbca760f35eea0d4a5992de04a0615964ec8b419c8288ab1470f0":"7f8368254955e1b6d55b5c64458f3e66":"":"":"8ddaa2c3ed09d53731834fa932d9d3af":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b4766d3a6615ee58b390daa228ae7a541c46ce80a1efe227cc43cb777df3232":"274367f31ec16601fe87a8e35b7a22dd":"":"":"5f3a757b596e06e9b246ed9bac9397f9":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d19b04055bf6e7ff82e89daef66c9d8319ab25f9197e559444c5729b92c4f338":"796efaff4f172bef78453d36a237cd36":"":"":"3b445f38bf4db94f1a9ec771173a29e8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7ca68e300534a90a7a87ca9906e4ac614a6aa51f769b6e6129753a4f83d10317":"45e6b23f8b3feefd4b0ea06880b2c324":"":"":"6c0a1c9c2cf5a40407bfa1d5958612":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a2b7cd693239bbc93599d3d12c9876e7303b227b8ae718e2c62e689e1fd62903":"548c9c8fcc16416a9d2b35c29f0dacb3":"":"":"3aa21f221266e7773eeba4440d1d01":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"156b854beb0c276a5e724f5da72f0d1ca4ae7cbd5f93a2257d95c2e5bfd78ad4":"a5129e2530f47bcad42fc5774ee09fe7":"":"":"6bb09ed183527c5d5ed46f568af35f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d824330c60141264e1f709d63227a9a731bcc42b4adec1d8f0161b10b4fdb2ab":"c5afaa45312c64ab3c3cf9d6c4e0cc47":"":"":"55952a01eee29d8a1734bbdf3f8f":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5517589948d8aea778df6fd66c17a170d327f69e504f0a4bd504c4286a9f578":"6404b111c6289eefa0d88ed6117bb730":"":"":"637f82e592831531a8e877adfc2c":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f6137b2bcbd327fbcc7f313efa10f6ffaed30e4782e222e1225c87103fcae905":"3b87b08337a82272b192bd067e3245ec":"":"":"1f2dda372f20ffddd9dd4810e05f":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5e70d1b78e931abf44bba3f937dbc344858516a8a8afe605818dc67d0c3e4c4":"58e70095c6f3a0cda2cdc7775e2f383d":"":"":"1763573f7dab8b46bc177e6147":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"90de0c047d1dd01d521f2dedec7eb81bc0ace7a5a693a7869eaafbb6e725ad7b":"d565c9cdfb5d0a25c4083b51729626bd":"":"":"78738d3e9f5e00b49635ac9a2d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c43e8dbeafb079692483a9fcbab964b76fccca6ca99e1388a1aa9bf78dfd2f02":"f2bd4fe0d30c0e8d429cac90c8a7b1c8":"":"":"ea7b52490943380ccc902ca5ae":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"13540919fdb95559e37b535a427efeee334309e34c4608459e204d931b8087e7":"c993c1802df0f075ce92963eb9bff9bd":"":"":"edfab013213591beb53e6419":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2a7b2e07c148ff0f627ae28c241a395876bbed0c20f3fd637330e986db025714":"8f7e1621c2227839da4ea60548290ffa":"":"":"f9da62f59c080160ec30b43d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b3e7837a75b38ae6d4299a1ae4af3c2460dfca558708de0874d6b1a5689b8360":"05d363b2452beff4b47afb052ac3c973":"":"":"6b4a16d1ea1c21b22bdcb235":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9df3ccd95f7570f6ecf5e5329dcb79bcd46cbcf083fe03aa8f5bd0f645c6a607":"774f4e70a7577b5101c0c3d019655d3e":"":"":"98ff89a8e28c03fd":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1c7123e2e8d3774c8f1bdbb2272f19129e04f29b4351ae19c3b9d24e6ea1fe87":"99f25cebd6cfa7f41390b42df6a65f48":"":"":"8e14a0a4853a156a":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"490090323e9257517e2453469caa3414045cacb4d05d5cebc6b9c06fa6d19291":"c1beff1ff6cdd62339aa21149c4da1e6":"":"":"f998d7c08d609b3a":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"360e48dd38d9e7f5bf29a2994ab5b3c9c70247102d94049ae791850807a4c845":"88126c350dfc079c569210ee44a0e31a":"":"":"f2ebe5e4":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1562b32e4dd843edaf4474b62cadd8f46d50461f5b22c9f1a8eae7367d35d71b":"af29fdb96f726c76f76c473c873b9e08":"":"":"13fd6dfd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d5160d0c98ffcb1c26aad755f67589000e2bb25fa940e6b1d81d780f421353d9":"1552604763453b48a57cea1aed8113f4":"":"":"660c5175":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c3a3ea3a097c0c2b3a4cb78462d87fd5a8f348687c4150e9d3354b388ab13d17":"f77945979241fb3a454d8e3da193e169":"a69bac31241a2c07d3f7e331b77f662b1e67ccb81c07f52578b01f5785de9437f02eb7627ca7b9af09c1cb428fe93d6deb31f4d6dd2f0729f87480bdeb92d985de1aaad4bcebc6fbad83bede9a5dd1ca6a15bf5d8a96d4edb5bee1f7d195e9b2e5fb2221a596d69f257c18a143eda870e22d3f2ed20c9b3b0d8c8a229c462fff":"":"6b4b1a84f49befe3897d59ce85598a9f":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e1626327d987342cba5c8c63b75b4ed65463a2b9c831f4f9f80325fa867d1d73":"4e25800deab7ecec2a2311f8fb44eb7d":"ebaffd558f24dae03117c69ac4b2b4aaeaffe7e0e7599eaba678bfce23a9914dc9f80b69f4a1c837a5544cba08064a8f924064cba4d783623600d8b61837a08b4e0d4eb9218c29bc3edb8dd0e78c1534ab52331f949b09b25fbf73bece7054179817bc15b4e869c5df1af569c2b19cb6d060855be9a15f2cf497c168c4e683f2":"":"8faa0ffb91311a1a2827b86fec01788d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"938da64b837275b0c80c442bdf2301aa75e387fe65a775d10a8ec840f62ff429":"dec6adeb60216cbb8a6c3afba49fa201":"4ac144bd95f405649444f01ab67ef3e4c0a54fdbd933b6ba00518c79db45c22c90030c45aadcfdb53ec8199be0cbb22dbb9ab938a871f4b3b0c98ed32590a051abb946c42726b3e9701f183b2092985e3457943a6350fbcaece2e6b111b179ea3fd10ac080a577a1481785111d5f294bc28519c470ff94392a51a2c40a42d8b5":"":"2211ca91a809adb8cf55f001745c0563":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e2436484ea1f454d6451ad8dbd1574b208d7a3ab4fa34869299b85c24348b43d":"97040d2ec094fe1c64fa35b35b7451a7":"bc198677513ce0e66697dfe52b22315fa5d8f92042f34cc9f373a01f94607df1a599132f60af010ed9b5e52162dd7b162912b68b11700e08f5fdafd84d10f760fc05ec97c05b83e55155194f399594015b90a19c04fb992e228940fe1b54ba59c4bb8318b33cc0df1cb1d71c389473dfb3eefabfe269ca95db59a7bc0201c253":"":"2e080ba16011e22a779da1922345c2":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7fb3fc72eb8a3aa5b102f90039f852cc3fd64f46915f5e49f1d9e02fe9cc13b1":"f6120fea313362524917c53d90bafb4f":"60c2be7fbd15faf895fd19a9ce775fe2b183b45cffafe4fcbf50d421bea97347e41a9418cfa129b2dda63b889a70063010215dbe38c37feae18bc31b34f31b726f22177f2b4b9d648dd4aa80edfd12dafaee10baa83224354432d1cb62ccabe38bb8448d162cd0d30e988d2e1a2458ffdafaacbdff928756390f66dc60d7ea45":"":"83de3f521fcfdaff902386f359e683":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"697c96d80d0a3fa9af35b86f31fb71a17aed30ce841c79896bbc8863b3b3ee04":"3a5163ec7e007061838d755ac219855e":"de50c12da63232768d5eb9920d49683b5b7114cb77448fa10b9d63552ec5d9c2eac94b375d11f944959f903bb20c696639b6e7f108ec1e873870098c631ddacb2c25268cfc26d2a4cacfb7dda7383374c5456bcf4daa887a887f4293f8caa14419472a8bf7ffd214dfb2743091238b6d1142b116c2b9f4360c6fe0015cd7de81":"":"cd4542b26094a1c8e058648874f06f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"66c1d9ce3feb0e966c33e3fd542ec11cc32f18c2514b953103d32abcdc72633a":"46fdb88fdde9b7d74e893802a0303256":"55d2f263d2e3cf0b390fce1dd1ebd5f666086f26e1ce2f08002bedbb810ada3922c6bfcf6a6adaa556e9e326c9766f02b3eb6e278da2fa3baa7dbdb6373be3c6ecfbe646b1a39e27c5a449db9b559e7ea3496366b8cdbca00ee7a3dea7fdfbea1665bbf58bd69bb961c33a0fd7d37b580b6a82804f394f9d5d4366772cee3115":"":"96ca402b16b0f2cd0cdff77935d3":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d7c949420dc9497232cd5810f316d11f9e85d36c430b5943ba79836d88c1eb92":"7ef9788ff09cbeedd9569d49083a4097":"ca1de5cc3fcde2638eb72210e551e9c0e0a3f5570d5be83a9a4406b545d854bf17e75b9cd0f4c45722fbd71319a317b72a8798485e9316a1c8102432b83bc95af42f6d50700ba68f6f2e19b6af609b73ad643dfa43da94be32cc09b024e087c120e4d2c20f96f8e9ddfe7eae186a540a22131cedfe556d1ebd9306684e345fd1":"":"8233588fca3ad1698d07b25fa3c4":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6fe7c70815aa12326cdcbb2d2d3e088bbaaef98b730f87fe8510b33d30e12afe":"e0253bd1f19e99a7f8848206fb8ac4a4":"397897eca4856f90d14c3cdfe1ad3cba47e23174ae2dab7d2a6320898584e03bffa3ffd526f416d7b3c579b0f3628744e36eebb5df519240c81d8bbbf5c5966519c5da083ab30a7aa42deae6180e517cdd764b7f77d19cc1a84141817758887a8d7265e7e62279b9d33cd2f1ba10fd54c6c96d4b8a5dbe2318fef629c8e2af0f":"":"477b0a884d788d1905646bd66084":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cbeefb3817cb02d617f385cf2371d52c8bcbc29e5e7a55cd2da131ca184c6e89":"f74156d6400ae46b612531848bffe18f":"1abe2ab05ceccf2391273126fe4a4426b94d2c3b97a7f1cd2ee6bb952bf4a546e972b5a1701d5ddb0e5bb7a248fcb47107a9fc77e4b9806b68a11850119aa239fa8be1370e3a2e1a8b168f7323afdfc4b8917d92570167848a56132d68876abc386c258a9233dc8a9eb73443b052e842c3d63e8b5369acdd038404e4e9a4b038":"":"0cb67cec1820339fa0552702dd":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e6f5f65ce2fc8ec3f602f5df90eb7d506dd771337913680ac16bdcd15c56583d":"9212a548c597677d1747e98ce6fb18a4":"55ca486c0183d0134925880d2e21dde0af51c4c77c6038a5a9c0497884e0aa4715bdb5b4bb864acc708ac00b511a24fa08496df6a0ca83259110e97a011b876e748a1d0eae2951ce7c22661a3e2ecf50633c50e3d26fa33c2319c139b288825b7aa5efbd133a5ce7483feecb11167099565e3131d5f0cb360f2174f46cb6b37c":"":"08d7cc52d1637db2a43c399310":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0e9a0391435acb57eae2e6217e0941c79a3ff938ec6a19b8a7db2ea972e49f54":"27cd1d7af7e491e30c8110cc01392529":"79140d32bb32dace0779e2d37a0f744d6d973e99a279962b43a6c0af63772e8a0a21d5d9dd3c33d4b218cb2f6f24dd8d93bb4e1e6a788cb93135321ecfed455e747fa919b85b63b9e98b4980a8ccb3b19d50d735742cb5853720c2ad37fa5b0e655149583585830f8d799c0d2e67c0dc24fc9273d9730f3bb367c487a5f89a25":"":"fbb477dd4b9898a9abc5a45c63":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"55a12eeca637654252e3e40b371667e3f308b00f2fd2af696223e4cd89e3fd4e":"8a3793b6441258360f7f4801b03d0b26":"f5810dc5f25e49bd6d94bc63c2494aa7a579a4056a25f1dd9b2734d0b8731ee52523edd54ff475651d45c213e1bf254327fb0e2c41a7d85345b02bcc9d27b08915d332e1659671991a4bb74055967bebbba6ecceb182f57977130623d5a7b2175fa5a84b334868661c1f450b95562928b4791759796a177d59ed18bbf141e2ad":"":"99230019630647aedebbb24b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3d353f870a9c088de5674efd97646b9c5420b2bcdfcffefcadd81682847e5331":"f267fa982af5c85359b6447f9b7715ea":"7cf55630867af5dff747c8dd25bcc531d94a7730a20b6c03d46059ea93fcaa00d07ee17dad0e0dff814b02dfef0cbe00b37fd2f5f95ead7c72be60016f2934d7683fc1e47185c7211c49cb03e209b088edb14e533dbcb792ab7033728904f7ff12381a236dba97894ec1fafcf853ab15fff343f9265d0283acef10168ffd1271":"":"9553b583d4f9a1a8946fe053":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d227c9ff5d17a984983056fb96f3991932ae8132377529c29238cf7db94a359d":"b8f6536f376a7efe0e684acf350bae70":"1cc25da31f90de7fa47ebce92754d3faa99f88d4e25ccab45645c1acdf850d55d7f02f61a0bfdc3125f29259d7da8abef532fe0966c63d3486753c8a2cb63a39349a0641b2f2b9526a03b97d58ca60fbb054c6c164ff2836688b0cad54df2b165bc082eeae660e768dde5130e30f8edc863446661c74da69b9e56de8ae388da0":"":"44b95a37fab232c2efb11231":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b2a57ef85ffcf0548c3d087012b336c46f6574cf1d97ca087bfad042ee83eec2":"3d580402d2a8dc4d7466e5dcb456be7a":"c2b9e95c16e55028794a63ef82d11fb83a2a75dc34a81f238e472c33264534bdd54cd07d02a0ecf9019ad1a6d6c779f339dd479e37940486950f183bade24fca2f24f06d4037b3555b09fc80279ea311769473eb0630b694a29823324cdf780d7d1a50d89f7a23b05f7a8c3ad04b7949aa9e6a55978ba48d8078b5a2fd3c1bbb":"":"072d4118e70cd5ab":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"63889ed5bf2c27d518a696b71c0f85592e3337aae95b5bf07289e4c5dfdc088d":"1ad534280a0fac7dce31f2ae4fb73f5a":"be1b9dabea33bb9443e27f674b27931c0fba699a33dc86fab29e50b76a9441030444b465317bbf2949faf908bc1b501d11a5ea2042e4b460a85f3be5836729e523d99b56ef39231d5c6d8ae2c2ab36ef44e2aa02a1f2c559c6e333216c7f9ed5f9b880a88e920219204c99a3ae8f90afd1396563bc59a691a93e0070b0b5fd90":"":"1bcea0ac2c1a0c73":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"94e3e2c17cfb6f52d4fdba3ba6d18bba891b6662e85df14d7e61f04adb69e0e5":"8a80efb3bfe220526997543409fddb4d":"05da1b0f7ac6eef488d3f087ecae7f35abe3ef36d339709dc3fcb5b471979268ee894c3b6c7f984300d70bc5ea5fba923bfb41d88652bdaecc710964c51f3e2ae2c280b7d6c8e3b9a8a8991d19d92d46c8a158123187f19397ad1ad9080b4ffd04b82b5d68d89dacd3e76439013728c1395263e722b28e45dabf1ef46b8e70b5":"":"faa5c13d899f17ea":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"fe5e479ad0d79dbf717a1f51f5250d467819e444b79cb3def1e0033c80ddadd8":"47ce838083fd070d8544c0ad5337cdc6":"98476bf05a18c4ff1b6024dd779c1ac06d838705a0a83fe42bee5fc6ebf3b2a1a5049b67f4aabc8239cd6ff56504bcbad1e2498c159bbec2a6635933945f6ea49e5bc763dcf94f4b3643d3888f16105abb0965e24f51cb4949406124145e9ae31cc76535b4178492f38b311099df2751f674363ae7a58f6f93019653b7e6a6f0":"":"a3958500":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"27d4dedb71a8f68ca5ce2b9e56da772bf5a09b7981d41cd29f485bd2d1adb8d4":"7e6f0343c54539717a97b6c8b9f7dec4":"d386db78043f719b7e137cbf79a7f53dda2fe3baccbebb57d499f6eb168e5151f10081d76b72ae0f30165efbdda469e826f9246e59dbcad5c0b27691c00d6c192c24073e99c19cf8c142087c0b83c4ce2fc7ba1e696394e5620ab2d117d5dcd2ac2298997407fd5de07d008de8f9941a4a5f8074736a59404118afac0700be6c":"":"50fd1798":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5a7aa836a469d28542d0d24d3232fad266da8fc889c6b6038b726d3da25f7b20":"9faf7cd805803e143ec8f3f13475efd2":"1006c707f608728b2bf64734062b12a5625062bcdcb80a3ce2058352a2922d5e6fbe19681b4f0d79ad3c837f81e72f2fbf8df669894e802a39072b26c286f4b05188c708f7c6edd5f5bb90b87ffa95b86d84d6c1c4591b11d22c772a8ad7f2fe6bd8b46be0e93672df2e8bff8ba80629e1846cfd4603e75f2d98874665c1a089":"":"07764143":"":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a9444fd176acbe061d0221fde3ddfcc4ff74e995d981a831297c4cbda51c22a1":"5714732145470da1c42452e10cd274b5":"":"c146ff5a988496cad7eced7a2ea471e0117d5d6bd2562c23ce9db4bf36d83ba3fc22e90486ec288a627d208e0b2fd3b65f8301cf7fc41d97959981a95cd1cf37effc46db99b94b21c941c3613c26a10b1a6b7793f467d58ff5134612230f1c49d7e1fcf664fe52fc6eca46273982f6fe729b009d90eb8d8e4a0b0dbe907b76da":"db85b830a03357f408587410ebafd10d":"":"a3cad9a57fa28e6f6aaa37150a803bf8b77e765f0702e492c4e5ebb31ae6b12d791149153e469a92bb625784a699fd7ca517500ee3f2851840ba67063b28b481e24ba441314e8b7128f5aaccaf4c4e2c92258eb27310bf031422b7fc2f220f621d4c64837c9377222aced2411628018a409a744902c9e95c14b77d5bb7f5846b":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"686d3bd071e3f46f180611bc4ec8d7726fe72b6c617e7d42b3339f53918c9e36":"a714e51e43aecfe2fda8f824ea1dc4b7":"":"21983ad66449c557263aef299da6eef8f31d576fc17ed2dac3e836f7c2ceaff3094b2695452680e188df10c174810efd1fbaa6c832baedce0b92e4c7121447f6461ac909b4302cdf658095b1de532b536faa4fb38cfdf4192eb5c3fe090d979a343492f841b1edc6eb24b24bdcb90bbbe36d5f8409ce7d27194a7bb995ecc387":"cd30c3618c10d57e9a4477b4a44c5c36":"":"9610908a0eb2ee885981c9e512e1a55075a212d311073bbb2fb9248cce07af16ee4c58bdc8dbe806d28480f9065838146f3e1eb3ae97012cfe53863a13d487f061a49a6c78ca22a321fa25157dbe68c47d78f2359540cc9031ee42d78855ed90e6b8ea3d67725bfffcb6db3d438c982b5f88d9b660f7d82cb300c1fa1edebb6b":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6fe81f15a02e2ecf46e61199c057102d160e6b5d447d4a275972323fff908c3e":"91d55cfdcdcd7d735d48100ff82227c3":"":"0b4ee0385e6665da8fd2ae47f2d0cf1c5bd395a3bb447047ab5a3ae0b95355bf83d0381119a8d4c01acbe60cd7885da650502f73498a682fdc94f7b14f4c753226064fa15e3a90a6083e053f52f404b0d22394e243b187f913ee2c6bb16c3033f79d794852071970523a67467ce63c35390c163775de2be68b505a63f60245e8":"cd7da82e890b6d7480c7186b2ea7e6f1":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4c2095e1379389dc3810e8819314f5a2f87d1494213c5b1de1a402f7f4f746c4":"19788b2e0bd757947596676436e22df1":"":"26ec8ebac0560538a948afbc18fb730e9a91f21392bde24b88b200f96114b229a5b57fa9d02cf10e6592d4dfb28bf0f00740c61157ce28784e9066ea3afd44ecf3a494723610cb593c0feffc6897e3435c6f448697ad3e241685c4e133eff53bdd0fe44dd8a033cfb1e1ea37a493934eb5303ae6ef47ce6478f767ef9e3301ab":"f26a20bea561004267a0bfbf01674e":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"be5351efc0277afc9759ec2464a22cb4401f7a17efd1a205e7af023c7ed30ee1":"c6b26117d9dbd80c1c242ad41abe2acc":"":"1eca91406f338fc09c2988b1d7dc8c409d719300c03840a497d7b680cdd5e09b144903477f7116a934e1d931cf368af1fc2a0a0e7caa95475a3cd7bf585a16fda31eb3f8201db0216b37a1635c1c030836b3dd05ca5b0194388fa198e717822131d5d4318690ef82d35ac80b27fff19aec8f020dc6c6ce28f0813bbbf8230ad9":"61051d6c0801b4a6b6ca0124c019f3":"":"95447aded336d6c20d483a6f062d533efed0261ad321d37bf8b7321b98f55c0f0082ce7f3d341b18fea29a72fc909d30cd8c84a1640227227287674a9b2f16a81b191ecf3b6232d656c32d7b38bea82a1b27d5897694a2be56d7e39aa1e725f326b91bad20455f58a94a545170cb43d13d4b91e1cee82abb6a6e0d95d4de0567":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"814c2cdfdeecf39d43bb141fbfc62dac44f7552c5e5dac2d4913303fc860119b":"0db3ade15cb0dea98a47d1377e034d63":"":"0d3013a1d7132f685d001420daa6c7b643bc36b887511acc4588237d3b412c79e4ebba29c08248ad46c7239e8daa232b7483c9c4e3d1c0bbebc696401efe21f7fd6fc0525a4ab81bd9a893d5f7ab23b70ed07c00f33649b8a996a006de6c94f7793f72848793f4d5b31311c68aae1e715b37409fbe506dac038a0950f05fe82b":"e62f910b6046ba4e934d3cfc6e024c":"":"374d03cfe4dacf668df5e703902cc784f011f418b43887702972dcc3f021bcb9bdd61ed5425f2975b6da7052c4859501eb2f295eb95d10ba6b2d74e7decc1acacebf8568e93a70a7f40be41ac38db6f751518c2f44a69c01c44745c51ad9a333eda9c89d001aa644f1e4063a8eb2a3592e21c6abc515b5aacaec8c32bcf1d3c4":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1ae4541110f2bc4f83cd720b5c40c8315413d896e034b75007f172baa13d29ec":"83f98eec51ee4cae4cb7fe28b64d1355":"":"5ea811e7fbfc0e00bf2a6abfac50cad9efd90041c5f7fb8f046a0fecbd193b70a2de8a774d01dd3cd54f848cb3e9f5152ee1b052ba698bebfba1fbbdae44a260447d6e6482640ae4d01c9cac3d37d4ffe9a0de0b6001de504a33ef7620efe3ce48ecd6f5b1b3a89185c86d4d662a843ff730e040e3668d6170be4cced8a18a1c":"df47eef69ba2faab887aa8f48e4b":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"20c9b662ec4bd13bf58d64cb0a7159b0e7fee4703af66292bf75c8bd6e42e8dc":"2bc0847d46f3d1064bbf8fe8567f54a2":"":"45b64f2ed5ac707890c0c1726adf338770ce6a728fe86bb372c4c49409a32705f881bc4d31a27c455c7c7df9dd2c541743523e7d32f88930d988857847f011be5f5f31a31e8812745147cbff5c1294d0fd4a7285db4833f22bf1975250da99c4d0dd2c9688d7f8001bb6ef2bc898ce4d42c5b78e74645b56ce992338f49d4183":"5a1bf25aa8d5c3fe5cf1be8e54a1":"":"9079d6275db076625e8474c2914fe483d413d5339202f98f06c3b0ef063d8f3d31029deaf7f9349bfec57e5cf11f46f02d5a6520c7992efc951adbbea6d08e53faeb10dfe8b67ee4685da9ea4fe932551a65821147d06d4c462338e6ddda52017c2bc187fd6d02b7d5193f77da809d4e59a9061efad2f9cadbc4cd9b29728d32":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0a1554db37f2e275732a77e521cbd8170729d8677a85db73feacf3c66a89d689":"b9194a4d42b139f04c29178467955f1d":"":"5421d93b7e6e0091978c673df4f3a406aef5f13eb5e6f95da19b0783308cbe26d4fd6c669cc4a9f069d7e62e4c6fad14b80e918fe91556a9a941a28b3dbf776a68ac7c42df7059b5ed713e78120aec84e7b68e96226c2b5e11a994864ed61b122e7e42ef6cfdae278fadbae1b3ea3362f4e6dc68eef6a70477b8a3ffcfba0df9":"05949d591793ca52e679bfdf64f3":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3ab1d9bb571c4bdc9f3ef340914bddcfe0c8e7718d4a2530334372cec86e5fcb":"6a5335901284dd3b64dc4a7f810bab96":"":"80bcea307e009745724d5f15d21f3b61a5d5a8401530346b34a2adfa13e3e8c9c9327d6fad914b081e554fbe6c1c6fe070b566620e559555c702c0ab5becf61ea1d9de64351ce43b2276ef4e20b5af7ce43db6d21286af4e740ef00c6d790705afcf0ee4850fffc12c662f2bd8212feb21db31065ab8f717a7509c213352b869":"04b8e5423aee8c06539f435edd":"":"36b9602eee20b8f18dce0783cd1e01a799f81ae0a1ce6d293a26c62f47e7dad85c8446697cc09c81d3d9ead6f9e55c4147211660c8aea9536cc5516e9883c7d6854be580af8cd47ba38fa8451f0dad9c904e0e7f9997eff7e29bf880cd7cedd79493a0e299efe644046e4a46bf6645dfb2397b3a482a346b215deb778c9b7636":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7dddbd5657e22750bfe6baa70a1f4ac46c1ef8bee573a57cfcef50b66f85e593":"fcb962c39e4850efc8ffd43d9cd960a6":"":"2bf5aba83a8161b9d21ff29251fb0efa697b1ea9c1b3de8481d5fd4d6b57afda0b098decdc8278cc855f25da4116ed558fc4e665a49a8fff3aef11115757a99c10b5a73b1f794f9502186c13dc79442f9226bbf4df19a6440281f76184933aeae438a25f85dbd0781e020a9f7e29fb8e517f597719e639cbd6061ea3b4b67fb0":"1d8cdadcf1872fb2b697e82ef6":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6916b93b2712421f1f4582de7ec4237c4e42e2b32c7dced2f8bb5bd2e0598312":"b4d9248bb500e40de99ca2a13e743f1c":"":"3739cca20279a36ddb857ac22beae901a49529b3182463ab81a7c46e437eb0b0571e8c16f7b626ecd9f2ca0cd83debe3f83e5d58ed3738899f4b616755eb57fb965208f261736bdf7648b1f8595c6b6a779768115e3077dfee7a42d44b555a51675fb1ce9961d0e21b2b9b477c0541184350e70decf7c14a4c24b8a6cd5fed8e":"090d03446d65adcc0a42387e8e":"":"0255be7ac7ac6feb3a21f572f6a593cc8a97f17af7064c80e478f4a6c469cf94d604bc014b003bf284d216161a9c8a493af43c6a0d8caf813a9e6f83c7ed56dd57543876b11f76aa2be80dcd79d19ac61f00fa423ac2f52fae7a8327cd91494ca4116feb735980ad0a4b1445cb7f38cc712b8aee72179e65b97fca38694e3670":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b751c8b724165009a8bd97a9d2a0e22cae5a95c4743c55eeeef0a6fe7d946bec":"160c50c0621c03fd1572df6ba49f0d1e":"":"e8546a5af1e38114822e60e75563a9399c88796f303c99c69d1f3c50379da81e1cd5b5a4a721e23c59da58ea4361b7ff58408e506a27fea24f9a235c6af7f7a5bd93fa31e90edfc322821c08d6324134830b7fe160b4a3e6d27866a10e6e60762a31618ef92f5c67ccb1deb1f1b188f0e687165e7c366c7418920df4f4fcdcae":"9fef9becf21901496772996f":"":"175fa6b7cd781ec057ff78ba410f2897a920739b5fc4f04bc9b998fbc7cc18e327ad44d59b167e4627256aaecd97dc3e4a7c9baaf51d177787a7f4a0a2d207a855753c4754d41348982d9418b6b24b590632d5115dc186b0ba3bec16b41fa47c0077c5d091ec705e554475024814c5167121dd224c544686398df3f33c210e82":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0faf32c22c2a4ee38fe4b5ce08f98fdf6f83b5038dcba5ec8332b3eeb5c710c7":"04885a5846f5f75a760193de7f07853c":"":"8a556cc30075753c6e94c2f669bca2058ff6abcbffffc82da7cfca0a45af82dfb4cf487ceb4ede72be87ee4c8b72db1e96459de1dc96721464c544c001d785f2188b9fccaec4b1a37970d38b326f30163d2fdfdf8a2ce74aec55abcd823772b54f8081d086a2e7b17b4086d6c4a5ea67828ef0b593ea1387b2c61f5dfe8f2bb0":"0c13506ed9f082dd08434342":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0dddc3d2f82bdcdbc37648a6b9b416af28753740f8e998cd1a52a0b665369f1c":"0a93b883cbd42998ae2e39aab342cb28":"":"07bf84b15b21951fd22049be6991a672503ae243b8d285fb1e515e1d2c36bfd5b0d0bcce85791f2cea8f616aed68a7d9cf4eaf76418e8b1ec27751de67cbfd9d9f7905b2667904f10d598503f04c04ea00a681ff89a9c446d5763898430bd7a9dfebfe544e3ed3e639b362683a651e087626ffa63c0c2b3e0dd088b81b07f75e":"5c37918edb7aa65b246fd5a6":"":"ff7b7b2f88b8c6f9f9bad7152874e995eea0ff1ce1ecd9b8d563642a37a31499f14d70f0dd835b7adf80928497f845fd8c2786cd53af25f8c9fe1bba24e3c3860162635bbed58f06cf6c9966bb9b570987a48329279bb84afb9e464bb4ad19ae6600175086e28929569027c5285d2ed97615e5a7dada40ba03c440861f524475":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a0b1a62e46e7712277fc711e19d0c0c865ee77b42ac964b7202dbcaf428086c2":"e20957a49a27e247d00379850f934d6c":"":"7dd7c0787fdbea4aacf929341659dcf4b75cbca8f92001e8b62a4d7b40272c5755fa9c445857db05328dc11ce5221f044f4b3dafbf0e2d72a1ad0d3e4c804148db578218690ccc620d8b97b4450ff83400a6caaa959617611446a6627138a4067be9ea410d4b0581022ab621928205b4a4480560fc4c2c3b39a2805684006f35":"c99751516620bf89":"":"9307620479f076c39f53965c87d20c2aff11c736c040dba74cd690d275591a5defc57a02f6806de82eb7051548589484364f6c9b91f233a87258ede1ee276cb2c93b4fc76f4d7e60cbd29ba2c54cb479c178fa462c1c2fb6eeb3f1df0edfb894c9222b994c4931dedf7c6e8ddecbde385ddf4481807f52322a47bf5ff7272991":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ffcc1c88fba1723b3ab57b458d9bffb98b878c967fb43b9db2ae0753d32a3bb1":"d533c2170c5dc203512c81c34eff4077":"":"19b6dec86d93c466307de3a36c0791ed1010b1b9cf8d30347ae46e0f9283c9fda43da8cb491dd17cc4298b1f0b876d6a0f4bcbc9667fe34564bc08f8f7b67045057d19f4bf027bc839e590822fa09a5cef1af18e64a0116aa2a01a3f246c2b5272c18c9aa23efe674ba53d533ae8f0695cb78c1155cdc7a9d7fae2c4567dc07c":"167ec8675e7f9e12":"":"0539287ac546fe5342e4c3c0ec07127dcd22899abfe8cdd6e89d08f1374d76e877bec4844d06e0a9f32d181c8d945ba16a54ce3725fae21d8245c070a4da0c646203d6b91325b665ab98c30295851c59265b4ab567b968b6e98536b7850738d92e9627b4c9c6f5d9ae2520944783d8f788a1aa11f3f5245660d41f388e26e0a1":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"55e94b339c3bafe068ef9cc30787cc6705850114976843777c92b4b331801650":"2e2b31214d61276a54daf2ccb98baa36":"":"147cc7bc4008dadf1956520b5998d961499bdf3d8b168591adbfd99411ad7b34eb4b2a5c1bb0522b810fec12dd7c775784d7ecdc741e6dec8191361e6abf473b219221801951b4d5ffe955ab50eef9cffdfee65ba29ddfa943fb52d722825338c307870a48a35f51db340aa946c71904d03174b1e4a498238b9d631a6982c68d":"5266e9c67c252164":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"13c9572bdef62510d84f2d415cc481cd1e71b9c1132b43e63b21ba4e16de9b39":"a8339ba505a14786ad05edfe8cebb8d0":"":"7c78e634dec811173ff3c4a9a48ae3ae794fbd2aefd4b31701777ff6fcb670744c592a1d298d319717870dca364b2a3562a4ffa422bf7173c4f7ea9b0edf675e948f8370ffd0fd0d5703a9d33e8f9f375b8b641a1b1eecd1692ad1d461a68d97f91f9087f213aff23db1246ee16f403969c238f99eed894658277da23ced11ee":"df3cab08":"":"91f9780daefd2c1010c458054ac6e35baa885cdd2c95e28e13f84451064e31e0739f27bf259cb376ab951e1c7048e1252f0849ccb5453fc97b319666ebbfbc7ef3055212a61582d1b69158f3b1629950a41bc756bded20498492ebc49a1535d1bd915e59c49b87ffebea2f4ad4516ecdd63fa5afda9cce9dc730d6ab2757384a":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"30a14ca53913acbb215b4e4159083106db3fff83cbedd1e5425f65af1e94f5dd":"4f23f04904de76d6decd4bd380ff56b1":"":"8c5f73ee1544553b712ad7a14f31379c8d54a4e432fb6c5112436988d83c4e94954b0249b470538fb977b756fbee70b811d4dc047a869e207bb0b495f1e271d0034e912000e97594033e0dedde0591b297f8a84bafcc93a46268a5bba117b558f1c73513e971c80a7083e1718fc12d0cc0d996a8e09603d564f0b8e81eea28bc":"18e92b96":"":"bb4b3f8061edd6fa418dd71fe22eb0528547050b3bfbaa1c74e82148470d557499ce856de3e988384c0a73671bf370e560d8fda96dabe4728b5f72a6f9efd5023b07a96a631cafdf2c878b2567104c466f82b89f429915cf3331845febcff008558f836b4c12d53e94d363eae43a50fc6cb36f4ca183be92ca5f299704e2c8cf":1
AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e69f419140289ac25fb0e2ef9cc4f7e06777ac20f7d631918d1af0c8883b7d6a":"531248afdaaf1b86cf34d2394900afd9":"":"ff8dfa4e70490ea9c84cb894dc5d7e1b935ebcdea80a39c4161d4db42cbb269cc86abd381af15ec9a4a42ed18c1eed540decec19722df46f22aa06883297cb393fb23e4bb31a817e88357aa923c7ecbcf24c28a09f622dd21fa70c0a02193024fdcefeaa96cc1b50f81a65dfa9e1bb5126f0c9766a861eed096ec15fb07b0f81":"c6885cdd":"":"f75299e0ead3834fc7ebd4b2051541b598ad57cc908fdcd4324cf4ccf7dcf7b3f0737ad6c026399a8b1b6d3d50011b3c48ea2c89833b4b44c437677f230b75d36848781d4af14546894eecd873a2b1c3d2fcdd676b10bd55112038c0fdaa7b5598fe4db273a1b6744cba47189b7e2a973651bfc2aaa9e9abea4494047b957a80":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"404a5d1ac9e32f9caabffbfa485ce9c27edc9e5cde0f2aab4f32ce3121449b88":"b6e6c078e6869df156faa9ac32f057c3":"6ebc75fc9304f2b139abc7d3f68b253228009c503a08b7be77852da9e1afbe72c9ab374740b0dc391fa4d7e17de6a0aa08c69e6f5c5f05411e71e70c69dfbcf693df84c30f7a8e6c7949ea1e734297c0ea3df9b7e905faa6bbdcaf1ff2625a39363308331d74892cf531cb3f6d7db31bbe9a039fca87100367747024f68c5b77":"b63ec4d28854b7fe2d4d13973f5bcb16f78494ce25cc2820de9d0dc1d8d91db1f19bc9e01cee8418c9e88a69b2f30cdbb0dbdbb50be71e1e666c111c126f2b7197c02f69a1b2ec5e1bf4062b2d0b22fb0fa1585b4e6286b29f6ac98d1b1319dd99851fa6921607077d2947140fdeeea145b56ea7b6af276c9f65393bc43ede33":"94c1b9b70f9c48e7efd40ecab320c2d3":"":"56a0ac94f3ec7be2608154f779c434ee96db5ed4f5a6e1acfb32361ce04e16e1337be5978df06d7c4f6012385fb9d45bb397dc00f165883714b4a5b2f72f69c018ffa6d4420ad1b772e94575f035ad203be3d34b5b789a99389f295b43f004de3daaef7fa918712d3a23ca44329595e08da190e3678bc6ad9b500b9f885abe23":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b56f0c980acf7875cf7f27d53ad4a276adc126d0b93a5774ac4277eecad4309e":"b004c049decfb43d6f3ec13c56f839ef":"b2045b97fbb52a5fc6ff03d74e59dd696f3f442c0b555add8e6d111f835df420f45e970c4b32a84f0c45ba3710b5cd574001862b073efa5c9c4bd50127b2ce72d2c736c5e2723956da5a0acb82041a609386d07b50551c1d1fa4678886bac54b0bd080cc5ef607dca2a0d6a1e71f0e3833678bf8560bc059dae370ec94d43af6":"2c94299e36b7c4a825ecbc5a7809061e0a6761764a5a655ffdb0c20e5c3fcb10f4e93c68aa0a38c2acc5d06f2b7c4ff4fcf814b551bfefa248dbe06a09a0f153213538a31fa7cf7d646b5b53908d8978f514c9c4d6d66f2b3738024b5f9c3fd86b6da0c818203183f4205f186ea44a54edb911b1a17c424c95852c8d271b2e93":"fce7234f7f76b5d502fd2b96fc9b1ce7":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1c5027c36e6caa1b3e5e45fead32b5e3126ac41f106c491b0b3a7c16502f4fe6":"3ee660f03858669e557e3effdd7df6bd":"93e803c79de6ad652def62cf3cd34f9addc9dd1774967a0f69e1d28361eb2cacc177c63c07657389ce23bbe65d73e0460946d31be495424655c7724eac044cafafe1540fcbd4218921367054e43e3d21e0fa6a0da9f8b20c5cdbd019c944a2d2ee6aa6760ee1131e58fec9da30790f5a873e792098a82ddf18c3813611d9242a":"58f0ceaa31c0025d2e6bb58720cce4b64f5f6c657c847ae42936eb1e343fea397c8a8cf2f5ef02ffaec25f431900dcb0910cf32cea9eca3b78aed1c451c7af51066489f87b2a5f8cf28d6fdb6ce49d898b6167b590a3907be7618be11fb0922a3cfd18e73efef19e5cdc250fa33f61e3940c6482ae35f339e8c0a85a17379a4e":"ac33f5ffca9df4efc09271ff7a4f58e2":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"34c3019810d72b5e584f0758f2f5888a42729a33610aafa9824badade4136bbd":"f315ea36c17fc57dab3a2737d687cd4f":"f33c5a3a9e546ad5b35e4febf2ae557ca767b55d93bb3c1cf62d862d112dbd26f8fe2a3f54d347c1bc30029e55118bab2662b99b984b8b8e2d76831f94e48587de2709e32f16c26695f07e654b703eba6428f30070e23ed40b61d04dd1430e33c629117d945d9c0e4d36c79a8b8ab555d85083a898e7e7fbeb64a45cc3511d99":"22deef66cbb7db240c399b6c83407f090d6999ba25e560b2087fed0467904bb5c40cbaa05b8bf0ff5a77c53fa229478d8e0736414daf9c420417c391c9a523fd85954533f1304d81359bdcc2c4ac90d9f5f8a67a517d7f05ba0409b718159baf11cd9154e815d5745179beb59954a45a8676a375d5af7fae4d0da05c4ea91a13":"0bae9403888efb4d8ec97df604cd5d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"29397d98fc5a7f04b5c8b6aa3a1dd975b6e4678457ae7f0691eee40b5397503a":"885543a45fd1163e34ef9276145b0f8c":"d88beaa0664bcef178cbdbfab17ff526b5c0f8ad9543c6a312d93c336707fbf87c0448b07a550580953279f552f368225cc6971f1eecc718d6aad1729c8d8873081357752bd09d77075fa680cb2dc4139171e4a0aaa50b28c262c14fd10b8d799ca1c6641bb7dfdfdf3dea69aa2b9e4e4726dc18b0784afa4228e5ccb1eb2422":"0bbf1079cb5569c32257bc7e52371db46f3961b457402b816588243b4523543430d5ca56b52de6632724c51e6c3af310b28822c749a12bdd58dee58bbc3266631562a998ec3acdc8a2567a9f07f7f9759c3f50b1d1dcdd529256b80c0d227fc1fe8b58c62d1c643f1ac2996809fd061afcf4a9af184c14db9e63ec885c49de61":"7b334d7af54b916821f6136e977a1f":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7555dfcf354da07fd70f951d94ec1d86a635edfdb7929460207b2a39cc0cf4a3":"e1b30b6a47e8c21228e41a21b1a004f0":"bf986d3842378440f8924bb7f117d1a86888a666915a93ba65d486d14c580501e736d3418cebee572439318b21b6e4e504a7b075b8c2300c014e87e04fa842b6a2a3ebd9e6134b9ddd78e0a696223b1dc775f3288a6a9569c64b4d8fc5e04f2047c70115f692d2c2cefe7488de42ff862d7c0f542e58d69f0f8c9bf67ef48aea":"a1351cfffd1b0cbf80c3318cc432d3238cb647e996b7b53c527783594683f535950cd08788687c77226b2d3f095955884adc2e475ca1e1eab04e37d5e901ae8934a9d3a0cb37b80612ca25d989856dfa7607b03039b64d7dcd468204f03e0f2c55cb41c5367c56ca6c561425992b40e2d4f380b3d8419f681e88ebe2d4bdad36":"d8ef5438b7cf5dc11209a635ce1095":"":"95e8db7c8ecab8a60ceb49726153a7c5553cf571bc40515944d833485e19bf33cb954e2555943778040165a6cfffecef79eb7d82fef5a2f136f004bb5e7c35ae827fac3da292a185b5b8fc262012c05caeda5453ede3303cfeb0c890db1facadaa2895bdbb33265ada0bb46030607b6cf94f86961178e2e2deeb53c63900f1ec":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"bbeafe86c72ab0354b733b69b09e4d3462feb1658fe404004d81503f3a6e132f":"ee1caba93cb549054ca29715a536393e":"e44b0e0d275ae7c38a7dc2f768e899c1c11a4c4cb5b5bd25cd2132e3ecbaa5a63654312603e1c5b393c0ce6253c55986ee45bb1daac78a26749d88928f9b9908690fc148a656b78e3595319432763efbcf6957c9b2150ccabfd4833d0dcee01758c5efb47321a948b379a2ec0abcd6b6cbf41a8883f0f5d5bf7b240cb35f0777":"a033c2051e425d01d97d563572e42c5113860e5dedcd24c76e3e357559ba3250f1fc5d4a931a9d0900ac025400f0158621f0b1215b2907467bfc874bcabbb28e28de81fe1ee5b79985261c512afec2327c8c5957df90c9eb77950de4a4860b57a9e6e145ea15eb52da63f217f94a5c8e5fcb5d361b86e0e67637a450cdbcb06f":"a4809e072f93deb7b77c52427095":"":"e62adf9bbd92dd03cc5250251691f724c6ece1cb89d8c4daf31cc732a5420f6bedab71aab0238ba23bd7165ed1f692561ef457fd1d47413949405b6fc8e17922b17026d89d5830b383546ea516a56f3a1c45ec1251583ae880fa8985bd3dcc1d6a57b746971937bf370e76482238cc08c2c3b13258151e0a6475cc017f8a3d0e":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6ad06c88dd4f3becf35eed95bb859be2406a1803a66e4332a74c5f75c09b9a01":"07d8b4a6e77aef9018828b61e0fdf2a4":"cca1fd0278045dda80b847f0975b6cbf31e1910d2c99b4eb78c360d89133a1c52e66c5c3801824afc1f079d2b2b1c827199e83f680e59b9a7de9b15fa7b6848b5bf4e16a12ac1af4cf2b4d7bb45673c5e1241e9996440860a9204fc27cae46a991607bc5e7120d6c115ddcbdd02c022b262602139081e61eee4aba7193f13992":"2219c11672884b93d0290b6a7140feafe416461f1cdaf0b3aa64693d7db2eb10feae46aac7af549fa1b0abc78c11f8df7ee803ef70310fc3e67769f8b4bc64f81143a6ebf8bee9d386a8ede5d2cc0ed17985a3b7bb95191ef55e684690ccdc5ca504bc6eb28442b353861a034a43532c025f666e80be967a6b05b9dd3a91ff58":"e3ede170386e76321a575c095966":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"87bbf7c15689e8c99a5a32a8ba0dfebcfe1989159807428cdd1f382c3ea95178":"2f19aa1f3a82a7398706953f01739da7":"590dbd230854aa2b5ac19fc3dc9453e5bb9637e47d97b92486a599bdafdfb27c3852e3d06a91429bb820eb12a5318ed8861ffe87d659c462ef167be22604facfa3afb601b2167989b9e3b2e5b59e7d07fda27ffccd450869d528410b0aff468f70cc10ef6723a74af6eebc1572c123a9b5a9aab748a31fa764716d3293ff5de7":"b77d3bf3b30b3e6e5c86cbfb7e5455f6480f423cc76834b4663d28d9f1eb5c40212634e3347668427f7848352ab789886f96682a568260bdaeb7de0aae2af36f5ae04f06c332b158d923706c1c6255c673feeadb6d30bfc901e60b92acd9ddd83ef98686c4d492f4a60e97af2541d470a6a6b21903441020ea7619cf28a06986":"5c43fc4dc959fabeebb188dbf3a5":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"24095a66b6eb0320ca75e2ab78e8496a45f4b000fc43436904c3e386fb852ed2":"0955c1f0e271edca279e016074886f60":"f5160c75c449e6bb971e73b7d04ab9b9a85879f6eb2d67354af94a4f0ca339c0a03a5b9ede87a4ff6823b698113a38ae5327e6878c3ccc0e36d74fe07aa51c027c3b334812862bc660178f5d0f3e764c0b828a5e3f2e7d7a1185b7e79828304a7ad3ddcd724305484177e66f4f81e66afdc5bbee0ec174bff5eb3719482bd2d8":"4690edc843e23d9d9b9a4dab8fa8193f8bf03897d3d29759e9dc9e0f8a970c0f5d4399b9f60461fe5cf439f9b0d54bbc075695e4d76b76298cc2b75bb3e0b516ee9ada93f77c4c002ba9fd163a1e4b377befb76c1e5ab8b3901f214c0a4c48bd2aa2f33560d46e2721a060d4671dc97633ff9bcd703bb0fbed9a4a2c259b53f3":"75a31347598f09fceeea6736fe":"":"0dd2dca260325967267667ff3ccdc6d6b35648821a42090abba46282869bac4bdc20a8bee024bea18a07396c38dbb45d9481fedcc423a3928cfa78a2f0ae8eedb062add810bdbee77ddc26c29e4f9fda1ab336d04ef42947b05fbdb9bc4df79e37af951d19d6bf5e5cb34eef898f23642a9c4a9111ed0b7a08abeeefbbd45c23":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"086b77b5731f971f0bf5b8227361b216746daf8b08c583ad38f114a64aa7877b":"164058e5e425f9da40d22c9098a16204":"6633eae08a1df85f2d36e162f2d7ddd92b0c56b7477f3c6cdb9919d0e4b1e54ea7635c202dcf52d1c688afbbb15552adda32b4cd30aa462b367f02ded02e0d64eeee2a6b95462b191784143c25607fd08a23a2fbc75cf6bee294daf2042587fdd8fe3d22c3a242c624cf0a51a7c14db4f0f766ec437de4c83b64f23706a24437":"629317212ff8bd8a7676e4c00b81a9577de6397c832f99ac974fa2bbbccb6e3b8aa776db6922eed0b014bf3923799da7d9d0854c8817470e1e2f7fc7a572f9d0316ee60cde7ef025d59b897d29a6fee721aeb2f7bb44f9afb471e8a7b0b43a39b5497a3b4d6beb4b511f0cefa12ce5e6d843609d3e06999acfbee50a22ca1eee":"2eb6eb6d516ed4cf1778b4e378":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0f9e806b0d937268561c0eafbbdd14ec715b7e9cef4118d6eb28abbb91266745":"8657996634e74d4689f292645f103a2e":"2ca253355e893e58cb1a900fbb62d61595de5c4186dc8a9129da3657a92b4a631bbdc3d5f86395385a9aa8557b67f886e3bb807620e558c93aea8e65826eadeb21544418ee40f5420c2d2b8270491be6fc2dcbfd12847fa350910dd615e9a1881bc2ced3b0ac3bde445b735e43c0c84f9d120ca5edd655779fc13c6f88b484f7":"2ae4baef22ace26f464a9b0c75802303f2d7c0f9a1ed1d0180135189765bdd347fea0cc2b73ee7fbbf95ea1fda22597b8aad826f63e744069a9c349488b2cc1cf9372f423cc650302082125724730ae5a4d878e07385ddc99034c6b6b46748f02c80b179fe6406b1d33581950cb9bcd1d1ea1ec7b5becfd6c1f5b279412c433a":"83155ebb1a42112dd1c474f37b":"":"87d69fc3cbc757b2b57b180c6ba34db4e20dde19976bfb3d274d32e7cea13f0c7d9e840d59ce857718c985763b7639e448516ddbbda559457cd8cb364fa99addd5ba44ef45c11060d9be82b4ebe1f0711ac95433074649b6c08eeab539fdfc99c77498b420427e4d70e316111845793de1f67fb0d04e3389a8862f46f4582dc8":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c24c17911f6db4b3e37c46bcc6fa35efc1a55f7754f0bb99f2eea93398116447":"5098cc52a69ee044197e2c000c2d4ab8":"9ad4dee311d854925fc7f10eca4f5dd4e6990cb2d4325da2ef25a9a23690f5c5590be285d33aaeba76506c59edec64b8c3ff8e62716d1c385fbce2a42bc7bd5d8e8584de1944543ab6f340c20911f8b7b3be1a1db18a4bb94119333339de95815cae09365b016edc184e11f3c5b851f1fa92b1b63cfa3872a127109c1294b677":"0bd92cb106867e25ad427ff6e5f384d2d0f432fc389852187fcc7b0bf9f6d11a102a872b99ed1ad9a05dab0f79fa634745535efed804ff42b0af8dad20ba44709391fb263f245e5a2c52d9ce904179633282f57a1229b0a9c4557a5c0aeda29bbc5a7a871fa8b62d58100c3722c21e51e3b3e913185235526e7a5a91c559717d":"f7930e3fab74a91cb6543e72":"":"6124ede608d416baa5e653a898ca76e9f47f08403c1984feec112e670ded2226e0073f8881ab2161cfda541dccae19691285f7391a729f07aba18f340bb452c1da39cbe83cf476cfc105b64187e0d2227dd283dcba8b6a350f9956b18861fa131d3f00c034443e8f60e0fdfcfaabbed93381ae374a8bf66523d33646183e1379":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d267a8379260036ff3d1ec07a7b086ff75706bad12d37d9656f04776f3d8b85c":"674dc34e8c74c51fa42aacd625a1bd5b":"6a9a8af732ae96d0b5a9730ad792e296150d59770a20a3fdbbc2a3a035a88ac445d64f37d684e22003c214b771c1995719da72f3ed24a96618284dd414f0cac364640b23c680dc80492a435c8ec10add53b0d9e3374f1cf5bfc663e3528fa2f6209846421ea6f481b7ecf57714f7bc2527edc4e0466b13e750dd4d4c0cc0cdfc":"80c68a330ef50e3e516681f1e535868b03466e7edbb86cb385d01db487da3dd3edad940fdc98d918b7db9b59f8d61369eee2928c88557306c4a13e366af0708d94cb90a15f1c3bc45544bdb05ff964da5e06c5ae965f20adb504620aed7bce2e82f4e408d00219c15ef85fae1ff13fea53deb78afa5f2a50edbd622446e4a894":"bea660e963b08fc657741bc8":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c86cb637753010f639fa3aa3bff7c28b74f012ad6090f2a31b0801d086f183ad":"87ff6e0bb313502fedf3d2696bff99b5":"2816f1132724f42e40deabab25e325b282f8c615a79e0c98c00d488ee56237537240234966565e46bfb0c50f2b10366d1589620e6e78bd90ade24d38a272f3fff53c09466aa2d3ef793d7f814a064b713821850a6e6a058f5139a1088347a9fa0f54e38abd51ddfc7ef040bf41d188f3f86c973551ced019812c1fc668649621":"6b7858557e0fd0f957842fb30e8d54dedbc127eb4bbf9de319f731fa28a606df2c046a0bce8ecda4e75d3596e4e988efd6bc279aa005bc52fad92ba07f5b1dfda4cc417029f9778c88d6fe5341a0fd48893dcb7c68d0df310a060f2a5235aee422d380f7209bc0909b2aa7e876044056f0b915dab0bc13cbea5a3b86d40ca802":"7859f047f32b51833333accf":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2c31ca0cac3efe467168198f06beacf39565a6f57f82e1048a5c06a231315882":"95cae6e85f33f3043182460589be3639":"67523751a9b1b643d00de4511b55e4268cb2d18e79e01a55fc7b677d529bd6400940fb25ea6ae135c1a816e61b69e90b966981aeda685934b107066e1467db78973492ad791e20aef430db3a047447141def8be6e6a9a15089607c3af9368cdb11b7b5fbf90691505d0c33664766945d387904e7089b915a3c28886ba1763bb5":"65261d6e29b2369b1828a7cef2df9873d6e6057c499301afedd6cb65b5036ddb95f9e353fbf38e54c4f46f88164325b33620ce183beb2e411fbb89a0e0002e542fc161cad32a61ee6f1e1717e0b4dcd0340b116f795bc1009dbbc65bc31c9b549bf03c40bc204cd0d02ec884be907777ebeed8b527ec3af7cbb508193c0745de":"21309d0351cac45e":"":"1d5f2cb921f54aeb552b4304142facd49497837deb1f00d26fbeddbab922fd80b00dba782961f8fce84f1f7973e81eed6ee168b1760c575c891f40a1dae0fa1a08738025d13ef6e0b30be4f054d874f1b8a2427a19ebb071d98365c32316a88a68c2b40daf1ea831a64519ac3679acb4e04986ecc614ec673c498c6fee459e40":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca9fa36ca2159dff9723f6cfdb13280446eb6bc3688043c7e2e2504184791596":"d13ca73365e57114fc698ee60ba0ad84":"2aa510b7f1620bfce90080e0e25f5468dbc5314b50914e793b5278369c51ac017eace9fd15127fca5a726ad9e67bdee5af298988d9a57ec4bbc43d4eb849535eb10521ac7cd7ed647479a42876af2ebc9e2108b539febdaa9127c49bda1bda800f6034050b8576e944311dfbca59d64d259571b6d2ed5b2fc07127239b03f4b7":"ac04c4293554cd832aa400c811cb202d815d6178aa1343b4628592b7f3ae45dc5f12ea47be4b43e1865f40b06ab67b3a9fb3644248a9b3efe131a8addb7447978bb51ccf749e75574fea60e8781677200af023b2f8c415f4e6d8c575a9e374916d9ec3a612b16e37beb589444b588e0b770d9f8e818ad83f83aa4ecf386d17a7":"2111d55d96a4d84d":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2f802e838250064c15fdee28d7bd4872850355870847701ad9742b2d6eb4b0c0":"2dd550cfd97f8e1d8d31ba5537ae4710":"72b9630dda40306e785b961934c56e20948f8eac0e981f49787eb3dbd6e4607f7d08d10ca643746bf1efa7e5066993683d527a90f2d45ec9cf73113f1f17bb67958be669acd4e2927f1dacfde902cd3048056d7f6dfdd8630ff054efce4526db7c9321d6d2be2236f4d60e27b89d8ec94f65a06dc0953c8c4533a51b6a29bd2c":"e2ca8c8d172ff90232879f510d1225af91bc323bdf636363c2903fcd1790692c8bcb03a1cccb18814678852c6b3a441552e541b843ee5e4f86a152fa73d05aea659fe08aa6428bb257eaa2a7b579fdc4022c1dec359a854253c1aefc983c5ede8c97517ea69fc4606e25f13ffb0f5f49160691454fbb74e704326738353525f7":"bd6c8823c9005c85":"":"f6dd0b5f3d1a393a1837112962dba175a13c2d1e525ef95734caf34949d8b2d63b4fe5603226b5f632f2d7f927361ba639dc0e3c63414f45462342695916d5792133b4a24c7c4cbe2b97c712bf27ab62d3d68b3875d58ffe4b7c30a8171bff1a9e2f3995768faacda2ea9213ff35798b9e4513f6a87bd3f5a9d93e847e768359":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #0 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84dd53ce0146cb71c32776033bb243098d78a22ac17f52a62a122f5653fb4e33":"f0c90a1bca52f30fab3670df0d3beab0":"a3ea8032f36a5ca3d7a1088fd08ac50ae6bdc06ad3a534b773ac3e3d4a3d524499e56274a0062c58c3b0685cc850f4725e5c221af8f51c6df2bbd5fbcff4a93ba4c1054f7f9c67fd9285511a08d328d76a642f067227d378f95a1e67587b90251f9103ed3cacdb6bf69e0794e366d8b92d8de37b4e028de0778841f356ac044d":"68222bffa782dcfe4f328fc20eb520e75a9a5fedbe13ec7fcf0e82fba08bb87a8a8e02902638e32fe0e2294344b380797f8028426ffcc0531c739c884892394c48ff0779c5f5edf0a36a3fb8aa91213347774ec4bf0fe1049bd53746b13beef3c637169826c367056cb1aa0a3868e23f886a9c7b8015c26af9e40794662f6b21":"b1ece9fb":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #1 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9bb36fe25e966a075ae2c3bb43b5877679ebc379d5123c8eda3fa0e30b95cae0":"59869df4ef5754b406478a2fb608ee99":"ecd125682e8a8e26757c888b0c8b95dec5e7ed7ac991768f93e8af5bcf6f21ed4d4d38699ee7984ed13635fff72f938150157c9a27fcda121ffced7b492d2b18dad299cb6495ed5f68441aefc8219d2cf717d15d5cd2dbce4606fcf90fe45f3601127cf6acee210bd7df97309f773974a35bef1d33df984101c2fc9d4b55259e":"fb3a4be643c10343251c6f0745aaa54349463f622ca04a792e9b4780866844b30aeef3269fc60cac0ea031c5f3780b535e15154f7c76eb4a371b8ae368550f3fa2ce693c34511ec96b839cac567f1b0de0e7e3116d729b45d1b16e453703a43db73f5d0c3e430f16b142420b5f0d26d72ac3dba543d7d813603b0bfdca3dd63e":"cb3f5338":"FAIL":"":1
AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #2 [#2]
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:MBEDTLS_GCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"3105dddb":"FAIL":"":1
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index 3ecec3f..2ab5c43 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -109,11 +109,16 @@
Diffie-Hellman MPI_MAX_SIZE + 1 modulus
dhm_make_public:MBEDTLS_MPI_MAX_SIZE + 1:"5":MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA
-Diffie-Hellman load parameters from file [#1]
+DH load parameters from PEM file (1024-bit, g=2)
+depends_on:MBEDTLS_PEM_PARSE_C
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
-Diffie-Hellman load parameters from file [#2]
+DH load parameters from PEM file (2048-bit, large g, privateValueLength)
+depends_on:MBEDTLS_PEM_PARSE_C
dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
+DH load parameters from DER file (2048-bit, large g, privateValueLength)
+dhm_file:"data_files/dh.optlen.der":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
+
Diffie-Hellman selftest
dhm_selftest:
diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data
index 9bb35c5..50411e9 100644
--- a/tests/suites/test_suite_ecdsa.data
+++ b/tests/suites/test_suite_ecdsa.data
@@ -361,3 +361,63 @@
ECDSA private parameter greater than n p521
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA11":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECDSA verify invalid pub key (not on curve), zero bytes of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"1":"2":"1":"1":"":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECDSA verify invalid pub key (not on curve), one byte of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"1":"2":"1":"1":"00":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECDSA verify invalid pub key (not on curve), r=1, s=1
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"1":"2":"1":"1":"0000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECDSA verify invalid pub key (also not on curve), r=1, s=1
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"1":"12345":"1":"1":"0000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECDSA verify invalid pub key (not on curve), r=12345, s=1
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"1":"2":"12345":"1":"0000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECDSA verify invalid pub key (not on curve), r=1, s=12345
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"1":"2":"1":"12345":"0000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECDSA verify valid pub key, invalid sig (r=0), 0 bytes of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798":"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8":"0":"1":"":MBEDTLS_ERR_ECP_VERIFY_FAILED
+
+ECDSA verify valid pub key, invalid sig (r=0), 1 byte of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798":"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8":"0":"1":"00":MBEDTLS_ERR_ECP_VERIFY_FAILED
+
+ECDSA verify valid pub key, invalid sig (r>n-1), 32 bytes of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798":"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8":"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141":"12":"0000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ECP_VERIFY_FAILED
+
+ECDSA verify valid pub key, valid/incorrect sig, 0 bytes of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798":"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8":"ed3bace23c5e17652e174c835fb72bf53ee306b3406a26890221b4cef7500f88":"84eead3fb3cdbdac882412af64cc125b6784690bebf575f1c32162ab65080037":"":MBEDTLS_ERR_ECP_VERIFY_FAILED
+
+ECDSA verify valid pub key, valid/incorrect sig, 1 byte of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798":"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8":"ed3bace23c5e17652e174c835fb72bf53ee306b3406a26890221b4cef7500f88":"84eead3fb3cdbdac882412af64cc125b6784690bebf575f1c32162ab65080037":"00":MBEDTLS_ERR_ECP_VERIFY_FAILED
+
+ECDSA verify valid pub key, valid/incorrect sig, 32 bytes of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798":"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8":"ed3bace23c5e17652e174c835fb72bf53ee306b3406a26890221b4cef7500f88":"84eead3fb3cdbdac882412af64cc125b6784690bebf575f1c32162ab65080037":"0000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ECP_VERIFY_FAILED
+
+ECDSA verify valid public key, correct sig, 0 bytes of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798":"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8":"ed3bace23c5e17652e174c835fb72bf53ee306b3406a26890221b4cef7500f88":"c9cc1ba95156bc103055a5d7946f3a3ae7f0657d1e53f1d5c2c9782950aa69b":"":0
+
+ECDSA verify valid pub key, correct sig, 1 byte of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798":"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8":"ed3bace23c5e17652e174c835fb72bf53ee306b3406a26890221b4cef7500f88":"c9cc1ba95156bc103055a5d7946f3a3ae7f0657d1e53f1d5c2c9782950aa69b":"00":0
+
+ECDSA verify valid pub key, correct sig, 32 bytes of data
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecdsa_verify:MBEDTLS_ECP_DP_SECP256K1:"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798":"483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8":"ed3bace23c5e17652e174c835fb72bf53ee306b3406a26890221b4cef7500f88":"c9cc1ba95156bc103055a5d7946f3a3ae7f0657d1e53f1d5c2c9782950aa69b":"0000000000000000000000000000000000000000000000000000000000000000":0
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index e82f39d..0e2ac92 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -466,3 +466,40 @@
mbedtls_ecdsa_free( &ctx );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void ecdsa_verify( int grp_id, char * x, char * y, char * r, char * s, data_t * content, int expected )
+{
+ mbedtls_ecdsa_context ctx;
+ mbedtls_mpi sig_r, sig_s;
+
+ mbedtls_ecdsa_init( &ctx );
+ mbedtls_mpi_init( &sig_r );
+ mbedtls_mpi_init( &sig_s );
+
+ /* Prepare ECP group context */
+ TEST_EQUAL( mbedtls_ecp_group_load( &ctx.grp, grp_id ), 0 );
+
+ /* Prepare public key */
+ TEST_EQUAL( mbedtls_test_read_mpi( &ctx.Q.X, x ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &ctx.Q.Y, y ), 0 );
+ TEST_EQUAL( mbedtls_mpi_lset( &ctx.Q.Z, 1 ), 0 );
+
+ /* Prepare signature R & S */
+ TEST_EQUAL( mbedtls_test_read_mpi( &sig_r, r ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &sig_s, s ), 0 );
+
+ /* Test whether public key has expected validity */
+ TEST_EQUAL( mbedtls_ecp_check_pubkey( &ctx.grp, &ctx.Q ),
+ expected == MBEDTLS_ERR_ECP_INVALID_KEY ? MBEDTLS_ERR_ECP_INVALID_KEY : 0 );
+
+ /* Verification */
+ int result = mbedtls_ecdsa_verify( &ctx.grp, content->x, content->len, &ctx.Q, &sig_r, &sig_s );
+
+ TEST_EQUAL( result, expected );
+exit:
+ mbedtls_ecdsa_free( &ctx );
+ mbedtls_mpi_free( &sig_r );
+ mbedtls_mpi_free( &sig_s );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 3dc2b8b..bd5d31e 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -521,23 +521,23 @@
pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED
Check pair #1 (EC, OK)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
Check pair #2 (EC, bad)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Check pair #3 (RSA, OK)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
Check pair #4 (RSA, bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
Check pair #5 (RSA vs EC)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA hash_len overflow (size_t vs unsigned int)
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 4448bc4..cce3fd0 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -6594,3 +6594,7 @@
PSA PAKE: ecjpake inject input errors, second round server, client input first
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:4:"abcdef"
+
+PSA PAKE: ecjpake size macros
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+ecjpake_size_macros:
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 6c95c2a..779f594 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -718,6 +718,15 @@
PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) +
PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) +
PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2;
+ /* The output should be exactly this size according to the spec */
+ const size_t expected_size_key_share =
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE);
+ /* The output should be exactly this size according to the spec */
+ const size_t expected_size_zk_public =
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC);
+ /* The output can be smaller: the spec allows stripping leading zeroes */
+ const size_t max_expected_size_zk_proof =
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF);
size_t buffer0_off = 0;
size_t buffer1_off = 0;
size_t s_g1_len, s_g2_len, s_a_len;
@@ -745,38 +754,44 @@
PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g1_len ) );
+ TEST_EQUAL( s_g1_len, expected_size_key_share );
s_g1_off = buffer0_off;
buffer0_off += s_g1_len;
PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pk_len ) );
+ TEST_EQUAL( s_x1_pk_len, expected_size_zk_public );
s_x1_pk_off = buffer0_off;
buffer0_off += s_x1_pk_len;
PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pr_len ) );
+ TEST_LE_U( s_x1_pr_len, max_expected_size_zk_proof );
s_x1_pr_off = buffer0_off;
buffer0_off += s_x1_pr_len;
PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g2_len ) );
+ TEST_EQUAL( s_g2_len, expected_size_key_share );
s_g2_off = buffer0_off;
buffer0_off += s_g2_len;
PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pk_len ) );
+ TEST_EQUAL( s_x2_pk_len, expected_size_zk_public );
s_x2_pk_off = buffer0_off;
buffer0_off += s_x2_pk_len;
PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pr_len ) );
+ TEST_LE_U( s_x2_pr_len, max_expected_size_zk_proof );
s_x2_pr_off = buffer0_off;
buffer0_off += s_x2_pr_len;
if( inject_error == 1 )
{
- buffer0[s_x1_pk_off + 8] >>= 4;
- buffer0[s_x2_pk_off + 7] <<= 4;
+ buffer0[s_x1_pr_off + 8] ^= 1;
+ buffer0[s_x2_pr_off + 7] ^= 1;
expected_status = PSA_ERROR_DATA_INVALID;
}
@@ -877,31 +892,37 @@
PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g1_len ) );
+ TEST_EQUAL( c_g1_len, expected_size_key_share );
c_g1_off = buffer1_off;
buffer1_off += c_g1_len;
PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pk_len ) );
+ TEST_EQUAL( c_x1_pk_len, expected_size_zk_public );
c_x1_pk_off = buffer1_off;
buffer1_off += c_x1_pk_len;
PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pr_len ) );
+ TEST_LE_U( c_x1_pr_len, max_expected_size_zk_proof );
c_x1_pr_off = buffer1_off;
buffer1_off += c_x1_pr_len;
PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g2_len ) );
+ TEST_EQUAL( c_g2_len, expected_size_key_share );
c_g2_off = buffer1_off;
buffer1_off += c_g2_len;
PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pk_len ) );
+ TEST_EQUAL( c_x2_pk_len, expected_size_zk_public );
c_x2_pk_off = buffer1_off;
buffer1_off += c_x2_pk_len;
PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pr_len ) );
+ TEST_LE_U( c_x2_pr_len, max_expected_size_zk_proof );
c_x2_pr_off = buffer1_off;
buffer1_off += c_x2_pr_len;
@@ -992,8 +1013,8 @@
if( inject_error == 2 )
{
- buffer1[c_x1_pk_off + 12] >>= 4;
- buffer1[c_x2_pk_off + 7] <<= 4;
+ buffer1[c_x1_pr_off + 12] ^= 1;
+ buffer1[c_x2_pr_off + 7] ^= 1;
expected_status = PSA_ERROR_DATA_INVALID;
}
@@ -1083,16 +1104,19 @@
PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_a_len ) );
+ TEST_EQUAL( s_a_len, expected_size_key_share );
s_a_off = buffer0_off;
buffer0_off += s_a_len;
PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pk_len ) );
+ TEST_EQUAL( s_x2s_pk_len, expected_size_zk_public );
s_x2s_pk_off = buffer0_off;
buffer0_off += s_x2s_pk_len;
PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pr_len ) );
+ TEST_LE_U( s_x2s_pr_len, max_expected_size_zk_proof );
s_x2s_pr_off = buffer0_off;
buffer0_off += s_x2s_pr_len;
@@ -1154,16 +1178,19 @@
PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_a_len ) );
+ TEST_EQUAL( c_a_len, expected_size_key_share );
c_a_off = buffer1_off;
buffer1_off += c_a_len;
PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pk_len ) );
+ TEST_EQUAL( c_x2s_pk_len, expected_size_zk_public );
c_x2s_pk_off = buffer1_off;
buffer1_off += c_x2s_pk_len;
PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pr_len ) );
+ TEST_LE_U( c_x2s_pr_len, max_expected_size_zk_proof );
c_x2s_pr_off = buffer1_off;
buffer1_off += c_x2s_pr_len;
@@ -8713,7 +8740,9 @@
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_operation_t operation = psa_pake_operation_init();
+ psa_pake_operation_t op_copy = psa_pake_operation_init();
psa_algorithm_t alg = alg_arg;
+ psa_pake_primitive_t primitive = primitive_arg;
psa_key_type_t key_type_pw = key_type_pw_arg;
psa_key_usage_t key_usage_pw = key_usage_pw_arg;
psa_algorithm_t hash_alg = hash_arg;
@@ -8731,9 +8760,9 @@
PSA_INIT( );
- ASSERT_ALLOC( output_buffer,
- PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg,
- PSA_PAKE_STEP_KEY_SHARE) );
+ size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg,
+ PSA_PAKE_STEP_KEY_SHARE);
+ ASSERT_ALLOC( output_buffer, buf_size );
if( pw_data->len > 0 )
{
@@ -8745,7 +8774,7 @@
}
psa_pake_cs_set_algorithm( &cipher_suite, alg );
- psa_pake_cs_set_primitive( &cipher_suite, primitive_arg );
+ psa_pake_cs_set_primitive( &cipher_suite, primitive );
psa_pake_cs_set_hash( &cipher_suite, hash_alg );
PSA_ASSERT( psa_pake_abort( &operation ) );
@@ -8799,54 +8828,71 @@
TEST_EQUAL( psa_pake_set_peer( &operation, unsupported_id, 4 ),
PSA_ERROR_NOT_SUPPORTED );
+ const size_t size_key_share = PSA_PAKE_INPUT_SIZE( alg, primitive,
+ PSA_PAKE_STEP_KEY_SHARE );
+ const size_t size_zk_public = PSA_PAKE_INPUT_SIZE( alg, primitive,
+ PSA_PAKE_STEP_ZK_PUBLIC );
+ const size_t size_zk_proof = PSA_PAKE_INPUT_SIZE( alg, primitive,
+ PSA_PAKE_STEP_ZK_PROOF );
+
/* First round */
if( input_first )
{
- /* Invalid parameters */
- TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF,
+ /* Invalid parameters (input) */
+ op_copy = operation;
+ TEST_EQUAL( psa_pake_input( &op_copy, PSA_PAKE_STEP_ZK_PROOF,
NULL, 0 ),
PSA_ERROR_INVALID_ARGUMENT );
- TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10,
- output_buffer, 66 ),
+ /* Invalid parameters (step) */
+ op_copy = operation;
+ TEST_EQUAL( psa_pake_input( &op_copy, PSA_PAKE_STEP_ZK_PROOF + 10,
+ output_buffer, size_zk_proof ),
PSA_ERROR_INVALID_ARGUMENT );
/* Invalid first step */
- TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF,
- output_buffer, 66 ),
+ op_copy = operation;
+ TEST_EQUAL( psa_pake_input( &op_copy, PSA_PAKE_STEP_ZK_PROOF,
+ output_buffer, size_zk_proof ),
PSA_ERROR_BAD_STATE );
+ /* Possibly valid */
TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE,
- output_buffer, 66 ),
+ output_buffer, size_key_share ),
expected_status_input_output);
if( expected_status_input_output == PSA_SUCCESS )
{
/* Buffer too large */
TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
- output_buffer, 512 ),
- PSA_ERROR_INSUFFICIENT_MEMORY );
+ output_buffer, size_zk_public + 1 ),
+ PSA_ERROR_INVALID_ARGUMENT );
- /* The operation should be aborted at this point */
+ /* The operation's state should be invalidated at this point */
TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
- output_buffer, 66 ),
+ output_buffer, size_zk_public ),
PSA_ERROR_BAD_STATE );
}
}
else
{
- /* Invalid parameters */
- TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF,
+ /* Invalid parameters (output) */
+ op_copy = operation;
+ TEST_EQUAL( psa_pake_output( &op_copy, PSA_PAKE_STEP_ZK_PROOF,
NULL, 0, NULL ),
PSA_ERROR_INVALID_ARGUMENT );
- TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10,
- output_buffer, 512, &output_len ),
+ op_copy = operation;
+ /* Invalid parameters (step) */
+ TEST_EQUAL( psa_pake_output( &op_copy, PSA_PAKE_STEP_ZK_PROOF + 10,
+ output_buffer, buf_size, &output_len ),
PSA_ERROR_INVALID_ARGUMENT );
/* Invalid first step */
- TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF,
- output_buffer, 512, &output_len ),
+ op_copy = operation;
+ TEST_EQUAL( psa_pake_output( &op_copy, PSA_PAKE_STEP_ZK_PROOF,
+ output_buffer, buf_size, &output_len ),
PSA_ERROR_BAD_STATE );
+ /* Possibly valid */
TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE,
- output_buffer, 512, &output_len ),
+ output_buffer, buf_size, &output_len ),
expected_status_input_output );
if( expected_status_input_output == PSA_SUCCESS )
@@ -8855,12 +8901,12 @@
/* Buffer too small */
TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
- output_buffer, 5, &output_len ),
+ output_buffer, size_zk_public - 1, &output_len ),
PSA_ERROR_BUFFER_TOO_SMALL );
- /* The operation should be aborted at this point */
+ /* The operation's state should be invalidated at this point */
TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC,
- output_buffer, 512, &output_len ),
+ output_buffer, buf_size, &output_len ),
PSA_ERROR_BAD_STATE );
}
}
@@ -9009,3 +9055,47 @@
PSA_DONE( );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void ecjpake_size_macros( )
+{
+ const psa_algorithm_t alg = PSA_ALG_JPAKE;
+ const size_t bits = 256;
+ const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE(
+ PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, bits );
+ const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(
+ PSA_ECC_FAMILY_SECP_R1 );
+
+ // https://armmbed.github.io/mbed-crypto/1.1_PAKE_Extension.0-bet.0/html/pake.html#pake-step-types
+ /* The output for KEY_SHARE and ZK_PUBLIC is the same as a public key */
+ TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE),
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( key_type, bits ) );
+ TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC),
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( key_type, bits ) );
+ /* The output for ZK_PROOF is the same bitsize as the curve */
+ TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF),
+ PSA_BITS_TO_BYTES( bits ) );
+
+ /* Input sizes are the same as output sizes */
+ TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE),
+ PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE) );
+ TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC),
+ PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC) );
+ TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF),
+ PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF) );
+
+ /* These inequalities will always hold even when other PAKEs are added */
+ TEST_LE_U( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE),
+ PSA_PAKE_OUTPUT_MAX_SIZE );
+ TEST_LE_U( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC),
+ PSA_PAKE_OUTPUT_MAX_SIZE );
+ TEST_LE_U( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF),
+ PSA_PAKE_OUTPUT_MAX_SIZE );
+ TEST_LE_U( PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE),
+ PSA_PAKE_INPUT_MAX_SIZE );
+ TEST_LE_U( PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC),
+ PSA_PAKE_INPUT_MAX_SIZE );
+ TEST_LE_U( PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF),
+ PSA_PAKE_INPUT_MAX_SIZE );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function
index c52dae1..1fd267a 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -84,17 +84,21 @@
* also be built-in. */
static int is_builtin_calling_md( psa_algorithm_t alg )
{
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
- return( 1 );
-#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
+#if defined(MBEDTLS_MD_C)
return( 1 );
+#else
+ return( 0 );
+#endif
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) )
+#if defined(MBEDTLS_MD_C)
return( 1 );
+#else
+ return( 0 );
+#endif
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
if( PSA_ALG_IS_DETERMINISTIC_ECDSA( alg ) )
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 2b58e60..a35762d 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -261,7 +261,7 @@
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
Handshake, tls1_3
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
@@ -3131,7 +3131,7 @@
# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
# - Padding used: No (== granularity 1)
depends_on:MBEDTLS_AES_C:MBEDTLS_ECDSA_C:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-ssl_tls13_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
+ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
# - Server App Key: 0b6d22c8ff68097ea871c672073773bf
@@ -3142,7 +3142,7 @@
# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
# - Padding used: No (== granularity 1)
depends_on:MBEDTLS_AES_C:MBEDTLS_ECDSA_C:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-ssl_tls13_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
+ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
SSL TLS 1.3 Record Encryption RFC 8448 Example #1
# Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3
@@ -3161,7 +3161,7 @@
# 3a ee bb 21 69 49 15 e4
# - Padding used: No (== granularity 1)
depends_on:MBEDTLS_AES_C:MBEDTLS_ECDSA_C:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-ssl_tls13_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
+ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
SSL TLS 1.3 Record Encryption RFC 8448 Example #2
# Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3
@@ -3180,7 +3180,7 @@
# 0d d0 32 e1 67 c2 95 5d
# - Padding used: No (== granularity 1)
depends_on:MBEDTLS_AES_C:MBEDTLS_ECDSA_C:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-ssl_tls13_record_protection:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
+ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
SSL TLS 1.3 Key schedule: Application secrets derivation helper
# Vector from RFC 8448
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index cc74978..7447a1d 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -31,7 +31,7 @@
size_t counter;
} log_pattern;
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
static int rng_seed = 0xBEEF;
static int rng_get( void *p_rng, unsigned char *output, size_t output_len )
{
@@ -103,7 +103,7 @@
void init_handshake_options( handshake_test_options *opts )
{
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
srand( rng_seed );
rng_seed += 0xD0;
#endif
@@ -790,7 +790,7 @@
return msg_len;
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
* Structure with endpoint's certificates for SSL communication tests.
@@ -1178,7 +1178,7 @@
return ( max_steps >= 0 ) ? ret : -1;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
/*
* Write application data. Increase write counter if necessary.
@@ -1750,7 +1750,7 @@
memset( session->id, 66, session->id_len );
memset( session->master, 17, sizeof( session->master ) );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
if( crt_file != NULL && strlen( crt_file ) != 0 )
{
mbedtls_x509_crt tmp_crt;
@@ -1801,9 +1801,9 @@
mbedtls_x509_crt_free( &tmp_crt );
}
-#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
+#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
(void) crt_file;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
session->verify_result = 0xdeadbeef;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -2029,7 +2029,7 @@
ssl_2, 256, 1 );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
static int check_ssl_version( mbedtls_ssl_protocol_version expected_negotiated_version,
const mbedtls_ssl_context *ssl )
{
@@ -2066,17 +2066,17 @@
exit:
return( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
void perform_handshake( handshake_test_options *options )
{
/* forced_ciphersuite needs to last until the end of the handshake */
int forced_ciphersuite[2];
enum { BUFFSIZE = 17000 };
mbedtls_endpoint client, server;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
const char *psk_identity = "foo";
#endif
#if defined(MBEDTLS_TIMING_C)
@@ -2188,7 +2188,7 @@
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if( options->psk_str != NULL && options->psk_str->len > 0 )
{
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
@@ -2467,7 +2467,7 @@
#endif
USE_PSA_DONE( );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_TEST_HOOKS)
/*
@@ -3685,7 +3685,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
{
mbedtls_ssl_context ssl;
@@ -4752,7 +4752,7 @@
TEST_ASSERT( memcmp( original.master,
restored.master, sizeof( original.master ) ) == 0 );
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
TEST_ASSERT( ( original.peer_cert == NULL ) ==
( restored.peer_cert == NULL ) );
@@ -4778,7 +4778,7 @@
original.peer_cert_digest_len ) == 0 );
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
TEST_ASSERT( original.verify_result == restored.verify_result );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -5100,7 +5100,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void mbedtls_endpoint_sanity( int endpoint_type )
{
enum { BUFFSIZE = 1024 };
@@ -5127,7 +5127,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
void move_handshake_to_state(int endpoint_type, int state, int need_pass)
{
enum { BUFFSIZE = 1024 };
@@ -5183,7 +5183,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
void handshake_version( int dtls, int client_min_version, int client_max_version,
int server_min_version, int server_max_version,
int expected_negotiated_version )
@@ -5208,7 +5208,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
{
handshake_test_options options;
@@ -5229,7 +5229,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void handshake_cipher( char* cipher, int pk_alg, int dtls )
{
test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
@@ -5239,7 +5239,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void handshake_ciphersuite_select( char* cipher, int pk_alg, data_t *psk_str,
int psa_alg, int psa_alg2, int psa_usage,
int expected_handshake_result,
@@ -5266,7 +5266,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void app_data( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments, int dtls )
@@ -5294,7 +5294,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments )
@@ -5306,7 +5306,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments )
@@ -5318,7 +5318,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void handshake_serialization( )
{
handshake_test_options options;
@@ -5334,7 +5334,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
{
handshake_test_options options;
@@ -5373,7 +5373,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void renegotiation( int legacy_renegotiation )
{
handshake_test_options options;
@@ -5392,7 +5392,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls, char *cipher )
{
@@ -5416,7 +5416,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void resize_buffers_serialize_mfl( int mfl )
{
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -5427,7 +5427,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
char *cipher )
{
@@ -5621,7 +5621,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
void test_multiple_psks()
{
unsigned char psk0[10] = { 0 };
@@ -5651,7 +5651,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
void test_multiple_psks_opaque( int mode )
{
/*
@@ -5828,7 +5828,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void force_bad_session_id_len( )
{
enum { BUFFSIZE = 1024 };
@@ -6015,7 +6015,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_C */
void raw_key_agreement_fail( int bad_server_ecdhe_key )
{
enum { BUFFSIZE = 17000 };
@@ -6086,7 +6086,7 @@
USE_PSA_DONE( );
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void tls13_server_certificate_msg_invalid_vector_len( )
{
int ret = -1;
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 6263fba..bd03016 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -88,7 +88,11 @@
X509 CRT information EC, SHA256 Digest, hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n"
+x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
+
+X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
X509 CRT information EC, SHA256 Digest, Wisun Fan device
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@@ -112,7 +116,7 @@
X509 CRT information, Multiple different Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n"
+x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Subject Alt Name + Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@@ -172,7 +176,11 @@
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
+x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
+
+X509 SAN parsing binary otherName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@@ -180,7 +188,7 @@
X509 SAN parsing Multiple different types
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
X509 SAN parsing, no subject alt name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C
@@ -415,6 +423,46 @@
X509 Get Next DN #4 Consecutive Multivalue RDNs
mbedtls_x509_dn_get_next:"C=NL, O=PolarSSL, title=Example, CN=PolarSSL Server 1":0x05:"C title":2:"C=NL + O=PolarSSL, title=Example + CN=PolarSSL Server 1"
+# Parse the following valid DN:
+#
+# 31 0B <- Set of
+# 30 09 <- Sequence of
+# 06 03 55 04 06 <- OID 2.5.4.6 countryName (C)
+# 13 02 4E 4C <- PrintableString "NL"
+# 31 11 <- Set of
+# 30 0F <- Sequence of
+# 06 03 55 04 0A <- OID 2.5.4.10 organizationName (O)
+# 0C 08 50 6F 6C 61 72 53 53 4C <- UTF8String "PolarSSL"
+# 31 19 <- Set of
+# 30 17 <- Sequence of
+# 06 03 55 04 03 <- OID 2.5.4.3 commonName (CN)
+# 0C 10 50 6F 6C 61 72 53 53 4C 20 54 65 73 74 20 43 41 <- UTF8String "PolarSSL Test CA"
+#
+X509 Get Name Valid DN
+mbedtls_x509_get_name:"310B3009060355040613024E4C3111300F060355040A0C08506F6C617253534C3119301706035504030C10506F6C617253534C2054657374204341":0
+
+# Parse the following corrupted DN:
+#
+# 31 0B <- Set of
+# 30 09 <- Sequence of
+# 06 03 55 04 06 <- OID 2.5.4.6 countryName (C)
+# 13 02 4E 4C <- PrintableString "NL"
+# 31 11 <- Set of
+# 30 0F <- Sequence of
+# 06 03 55 04 0A <- OID 2.5.4.10 organizationName (O)
+# 0C 08 50 6F 6C 61 72 53 53 4C <- UTF8String "PolarSSL"
+# 30 19 <- Sequence of (corrupted)
+# 30 17 <- Sequence of
+# 06 03 55 04 03 <- OID 2.5.4.3 commonName (CN)
+# 0C 10 50 6F 6C 61 72 53 53 4C 20 54 65 73 74 20 43 41 <- UTF8String "PolarSSL Test CA"
+#
+# The third 'Set of' is corrupted to instead be a 'Sequence of', causing an
+# error and forcing mbedtls_x509_get_name() to clean up the names it has
+# already allocated.
+#
+X509 Get Name Corrupted DN Mem Leak
+mbedtls_x509_get_name:"310B3009060355040613024E4C3111300F060355040A0C08506F6C617253534C3019301706035504030C10506F6C617253534C2054657374204341":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
X509 Time Expired #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
mbedtls_x509_time_is_past:"data_files/server1.crt":"valid_from":1
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 60e703a..2585720 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -246,36 +246,30 @@
switch( san->type )
{
- case( MBEDTLS_X509_SAN_OTHER_NAME ):
- ret = mbedtls_snprintf( p, n, "\notherName :");
- MBEDTLS_X509_SAFE_SNPRINTF;
+ case( MBEDTLS_X509_SAN_OTHER_NAME ):
+ ret = mbedtls_snprintf( p, n, "\notherName :");
+ MBEDTLS_X509_SAFE_SNPRINTF;
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
- &san->san.other_name.value.hardware_module_name.oid ) != 0 )
- {
- ret = mbedtls_snprintf( p, n, " hardware module name :" );
- MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, " hardware type : " );
- MBEDTLS_X509_SAFE_SNPRINTF;
+ if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
+ &san->san.other_name.value.hardware_module_name.oid ) != 0 )
+ {
+ ret = mbedtls_snprintf( p, n, " hardware module name :" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_snprintf( p, n, " hardware type : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_oid_get_numeric_string( p, n,
- &san->san.other_name.value.hardware_module_name.oid );
- MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_oid_get_numeric_string( p, n,
+ &san->san.other_name.value.hardware_module_name.oid );
+ MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
- MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
- if( san->san.other_name.value.hardware_module_name.val.len >= n )
- {
- *p = '\0';
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
- }
-
- for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
- {
- *p++ = san->san.other_name.value.hardware_module_name.val.p[i];
- }
- n -= san->san.other_name.value.hardware_module_name.val.len;
+ for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
+ {
+ ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ }
}
break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
case( MBEDTLS_X509_SAN_DNS_NAME ):
@@ -818,13 +812,37 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
+void mbedtls_x509_get_name( char * rdn_sequence, int exp_ret )
+{
+ unsigned char *name;
+ unsigned char *p;
+ size_t name_len;
+ mbedtls_x509_name head;
+ int ret;
+
+ memset( &head, 0, sizeof( head ) );
+
+ name = mbedtls_test_unhexify_alloc( rdn_sequence, &name_len );
+ p = name;
+
+ ret = mbedtls_x509_get_name( &p, ( name + name_len ), &head );
+ if( ret == 0 )
+ mbedtls_asn1_free_named_data_list_shallow( head.next );
+
+ TEST_EQUAL( ret, exp_ret );
+
+ mbedtls_free( name );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void mbedtls_x509_dn_get_next( char * name_str, int next_merged, char * expected_oids, int exp_count, char * exp_dn_gets )
{
int ret = 0, i;
size_t len = 0, out_size;
mbedtls_asn1_named_data *names = NULL;
- mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
+ mbedtls_x509_name parsed, *parsed_cur;
// Size of buf is maximum required for test cases
unsigned char buf[80], *out = NULL, *c;
const char *short_name;
@@ -878,14 +896,7 @@
exit:
mbedtls_free( out );
mbedtls_asn1_free_named_data_list( &names );
-
- parsed_cur = parsed.next;
- while( parsed_cur != 0 )
- {
- parsed_prv = parsed_cur;
- parsed_cur = parsed_cur->next;
- mbedtls_free( parsed_prv );
- }
+ mbedtls_asn1_free_named_data_list_shallow( parsed.next );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 1844e5c..8411557 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -56,87 +56,95 @@
Certificate write check Server1 SHA1
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, not before 1970
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, not after 2050
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, not before 1970, not after 2050
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, not before 2050, not after 2059
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, one ext_key_usage
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, two ext_key_usages
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, CA
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, key_usage
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, version 1
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, CA
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque, key_usage
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque, ns_cert_type
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque, version 1
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque, CA
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt"
Certificate write check Server5 ECDSA
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt"
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt"
Certificate write check Server5 ECDSA, Opaque
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:0:0:1:-1:"":2:0:"data_files/test-ca2.crt"
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt"
X509 String to Names #1
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark\, Inc., OU=PolarSSL":0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 1120bee..aa54072 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -235,12 +235,13 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
void x509_crt_check( char *subject_key_file, char *subject_pwd,
char *subject_name, char *issuer_key_file,
char *issuer_pwd, char *issuer_name,
char *serial_str, char *not_before, char *not_after,
int md_type, int key_usage, int set_key_usage,
+ char *ext_key_usage,
int cert_type, int set_cert_type, int auth_ident,
int ver, char *cert_check_file, int pk_wrap, int is_ca,
char *cert_verify_file )
@@ -349,6 +350,31 @@
TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
if( set_cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
+ if( strcmp( ext_key_usage, "NULL" ) != 0 )
+ {
+ mbedtls_asn1_sequence exts[2];
+ memset( exts, 0, sizeof(exts) );
+
+#define SET_OID(x, oid) \
+ do { \
+ x.len = MBEDTLS_OID_SIZE(oid); \
+ x.p = (unsigned char*)oid; \
+ x.tag = MBEDTLS_ASN1_OID; \
+ } \
+ while( 0 )
+
+ if( strcmp( ext_key_usage, "serverAuth" ) == 0 )
+ {
+ SET_OID( exts[0].buf, MBEDTLS_OID_SERVER_AUTH );
+ }
+ else if( strcmp( ext_key_usage, "codeSigning,timeStamping" ) == 0 )
+ {
+ SET_OID( exts[0].buf, MBEDTLS_OID_CODE_SIGNING );
+ exts[0].next = &exts[1];
+ SET_OID( exts[1].buf, MBEDTLS_OID_TIME_STAMPING );
+ }
+ TEST_ASSERT( mbedtls_x509write_crt_set_ext_key_usage( &crt, exts ) == 0 );
+ }
}
ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),