Fix dependencies

The unit test framework always loads the client key as well, which requires a different curve and a hash than the server key. Signed-off-by: Janos Follath <janos.follath@arm.com>
2026-04-02 10:36:07 +02:00 · 2026-03-11 16:09:37 +00:00
parent 3d02353281
commit 8d21dbf8e8
2 changed files with 8 additions and 2 deletions
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -74,6 +74,12 @@
 #define MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY
 #endif

+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
+    defined(PSA_WANT_ECC_SECP_R1_256) && \
+    defined(PSA_WANT_ALG_SHA_256)
+#define MBEDTLS_CAN_HANDLE_ECDSA_CLIENT_TEST_KEY
+#endif
+
 #if defined(PSA_WANT_ECC_MONTGOMERY_255)        || \
    defined(PSA_WANT_ECC_SECP_R1_256)           || \
    defined(PSA_WANT_ECC_SECP_R1_384)           || \
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3540,9 +3540,9 @@ depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:PSA_WANT_ALG_SHA_256
 send_invalid_sig_alg:MBEDTLS_SSL_SIG_RSA:MBEDTLS_SSL_HASH_SHA256:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER

 Baseline for: Server using sig_alg not offered by the client - ECDSA with SHA512
-depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:PSA_WANT_ALG_SHA_512
+depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:MBEDTLS_CAN_HANDLE_ECDSA_CLIENT_TEST_KEY:PSA_WANT_ALG_SHA_512
 send_invalid_sig_alg:MBEDTLS_SSL_SIG_ECDSA:MBEDTLS_SSL_HASH_SHA512:0

 Negative Test: Server using sig_alg not offered by the client - ECDSA with SHA512
-depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:PSA_WANT_ALG_SHA_512
+depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:MBEDTLS_CAN_HANDLE_ECDSA_CLIENT_TEST_KEY:PSA_WANT_ALG_SHA_512
 send_invalid_sig_alg:MBEDTLS_SSL_SIG_ECDSA:MBEDTLS_SSL_HASH_SHA512:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER