From 42b83db1eb8e7a2bc347fc5cf558c1d7406831a4 Mon Sep 17 00:00:00 2001
From: Jarno Lamsa <jarno.lamsa@arm.com>
Date: Tue, 16 Apr 2019 16:48:22 +0300
Subject: [PATCH 01/93] Verify sign wrapper functionality for uECC

---
 include/mbedtls/pk_internal.h |   4 +
 library/pk.c                  |   5 +
 library/pk_wrap.c             | 227 ++++++++++++++++++++++++++++++++++
 library/pkparse.c             |  51 ++++++++
 4 files changed, 287 insertions(+)

diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h
index 48b7a5f7b..9ec2476f5 100644
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@@ -131,6 +131,10 @@ extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
 extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
 #endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+extern const mbedtls_pk_info_t mbedtls_uecc_ecdsa_info;
+#endif
+
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
 #endif
diff --git a/library/pk.c b/library/pk.c
index bac685dc1..da34e56a3 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -120,10 +120,15 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
         case MBEDTLS_PK_ECKEY_DH:
             return( &mbedtls_eckeydh_info );
 #endif
+#if defined(MBEDTLS_USE_TINYCRYPT)
+        case MBEDTLS_PK_ECDSA:
+            return( &mbedtls_uecc_ecdsa_info );
+#else
 #if defined(MBEDTLS_ECDSA_C)
         case MBEDTLS_PK_ECDSA:
             return( &mbedtls_ecdsa_info );
 #endif
+#endif /* MBEDTLS_USE_TINYCRYPT */
         /* MBEDTLS_PK_RSA_ALT omitted on purpose */
         default:
             return( NULL );
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 87806be33..2f175f590 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -33,6 +33,12 @@
 
 #include <string.h>
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#include "mbedtls/ecc.h"
+#include "mbedtls/ecc_dsa.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#else
 #if defined(MBEDTLS_ECP_C)
 #include "mbedtls/ecp.h"
 #endif
@@ -40,6 +46,7 @@
 #if defined(MBEDTLS_ECDSA_C)
 #include "mbedtls/ecdsa.h"
 #endif
+#endif /* MBEDTLS_USE_TINYCRYPT */
 
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 #include "mbedtls/platform_util.h"
@@ -466,6 +473,225 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = {
 };
 #endif /* MBEDTLS_ECP_C */
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
+                                  unsigned char *to, size_t to_len )
+{
+    int ret;
+    size_t unpadded_len, padding_len;
+
+    if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
+                                      MBEDTLS_ASN1_INTEGER ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    while( unpadded_len > 0 && **from == 0x00 )
+    {
+        ( *from )++;
+        unpadded_len--;
+    }
+
+    if( unpadded_len > to_len || unpadded_len == 0 )
+        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    padding_len = to_len - unpadded_len;
+    memset( to, 0x00, padding_len );
+    memcpy( to + padding_len, *from, unpadded_len );
+    ( *from ) += unpadded_len;
+
+    return( 0 );
+}
+
+/*
+ * Convert a signature from an ASN.1 sequence of two integers
+ * to a raw {r,s} buffer. Note: the provided sig buffer must be at least
+ * twice as big as int_size.
+ */
+static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
+                              unsigned char *sig, size_t int_size )
+{
+    int ret;
+    size_t tmp_size;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
+                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( ret );
+
+    /* Extract r */
+    if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
+        return( ret );
+    /* Extract s */
+    if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+static size_t uecc_ecdsa_get_bitlen( const void *ctx )
+{
+    (void) ctx;
+    return( (size_t) 2 * NUM_ECC_BYTES );
+}
+
+static int uecc_ecdsa_can_do( mbedtls_pk_type_t type )
+{
+    return( type == MBEDTLS_PK_ECDSA );
+}
+
+static int uecc_ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
+                       const unsigned char *sig, size_t sig_len )
+{
+    int ret;
+    uint8_t signature[2*NUM_ECC_BYTES];
+    unsigned char *p;
+    const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
+
+    ((void) md_alg);
+    p = (unsigned char*) sig;
+
+    if( (ret = extract_ecdsa_sig( &p, sig + sig_len, signature, NUM_ECC_BYTES ) ) != 0 )
+        return( ret );
+
+    if( (ret = uECC_verify( (uint8_t *) ctx, hash, (unsigned) hash_len, signature, uecc_curve ) ) != 0 )
+        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+
+    return( ret );
+}
+
+/*
+ * Simultaneously convert and move raw MPI from the beginning of a buffer
+ * to an ASN.1 MPI at the end of the buffer.
+ * See also mbedtls_asn1_write_mpi().
+ *
+ * p: pointer to the end of the output buffer
+ * start: start of the output buffer, and also of the mpi to write at the end
+ * n_len: length of the mpi to read from start
+ */
+static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
+                              size_t n_len )
+{
+    int ret;
+    size_t len = 0;
+
+    if( (size_t)( *p - start ) < n_len )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    len = n_len;
+    *p -= len;
+    memmove( *p, start, len );
+
+    /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
+     * Neither r nor s should be 0, but as a failsafe measure, still detect
+     * that rather than overflowing the buffer in case of a PSA error. */
+    while( len > 0 && **p == 0x00 )
+    {
+        ++(*p);
+        --len;
+    }
+
+    /* this is only reached if the signature was invalid */
+    if( len == 0 )
+        return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+
+    /* if the msb is 1, ASN.1 requires that we prepend a 0.
+     * Neither r nor s can be 0, so we can assume len > 0 at all times. */
+    if( **p & 0x80 )
+    {
+        if( *p - start < 1 )
+            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+        *--(*p) = 0x00;
+        len += 1;
+    }
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+                                                MBEDTLS_ASN1_INTEGER ) );
+
+    return( (int) len );
+}
+
+/* Transcode signature from PSA format to ASN.1 sequence.
+ * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
+ * MPIs, and in-place.
+ *
+ * [in/out] sig: the signature pre- and post-transcoding
+ * [in/out] sig_len: signature length pre- and post-transcoding
+ * [int] buf_len: the available size the in/out buffer
+ */
+static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
+                                       size_t buf_len )
+{
+    int ret;
+    size_t len = 0;
+    const size_t rs_len = *sig_len / 2;
+    unsigned char *p = sig + buf_len;
+
+    MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
+                          MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+    memmove( sig, p, len );
+    *sig_len = len;
+
+    return( 0 );
+}
+
+static int uecc_ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   unsigned char *sig, size_t *sig_len,
+                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    (void) ctx;
+    (void) md_alg;
+    (void) hash;
+    (void) hash_len;
+    (void) sig;
+    (void) sig_len;
+    (void) f_rng;
+    (void) p_rng;
+
+    return( 0 );
+}
+
+static void *uecc_ecdsa_alloc_wrap( void )
+{
+    /*void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
+
+    if( ctx != NULL )
+        mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
+
+    return( ctx );*/
+    return NULL;
+}
+
+static void uecc_ecdsa_free_wrap( void *ctx )
+{
+    (void) ctx;
+    /*mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
+    mbedtls_free( ctx );*/
+}
+
+const mbedtls_pk_info_t mbedtls_uecc_ecdsa_info = {
+    MBEDTLS_PK_ECDSA,
+    "ECDSA",
+    uecc_ecdsa_get_bitlen,
+    uecc_ecdsa_can_do,
+    uecc_ecdsa_verify_wrap,
+    uecc_ecdsa_sign_wrap,
+    NULL,
+    NULL,
+    NULL,
+    uecc_ecdsa_alloc_wrap,
+    uecc_ecdsa_free_wrap,
+    NULL,
+};
+#else
 #if defined(MBEDTLS_ECDSA_C)
 static int ecdsa_can_do( mbedtls_pk_type_t type )
 {
@@ -588,6 +814,7 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = {
     eckey_debug,        /* Compatible key structures */
 };
 #endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_USE_TINYCRYPT */
 
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /*
diff --git a/library/pkparse.c b/library/pkparse.c
index 4ec63e4bb..e8a3e86ab 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -52,6 +52,9 @@
 #if defined(MBEDTLS_PKCS12_C)
 #include "mbedtls/pkcs12.h"
 #endif
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#include "mbedtls/ecc.h"
+#endif
 
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
@@ -517,6 +520,48 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
 }
 #endif /* MBEDTLS_ECP_C */
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+/*
+ * Import a point from unsigned binary data (SEC1 2.3.4)
+ */
+static int uecc_public_key_read_binary( uint8_t **pt,
+                                   const unsigned char *buf, size_t ilen )
+{
+
+    if( ilen < 1 )
+        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+
+    //We are not handling the infinity point right now
+
+    if( buf[0] != 0x04 )
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+    if( ilen != 2 * NUM_ECC_BYTES + 1 )
+        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+
+    *pt = (uint8_t *) buf + 1;
+
+    return( 0 );
+}
+
+static int pk_get_ueccpubkey( unsigned char **p,
+                           const unsigned char *end,
+                           uint8_t *pk_context)
+{
+    int ret;
+
+    ret = uecc_public_key_read_binary( &pk_context,
+                    (const unsigned char *) *p, end - *p );
+
+    /*
+     * We know uecc_public_key_read_binary consumed all bytes or failed
+     */
+    *p = (unsigned char *) end;
+
+    return( ret );
+}
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
 #if defined(MBEDTLS_RSA_C)
 /*
  *  RSAPublicKey ::= SEQUENCE {
@@ -650,6 +695,12 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
         return( ret );
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if( pk_alg == MBEDTLS_PK_ECDSA )
+    {
+        ret = pk_get_ueccpubkey( p, end, (uint8_t*) pk->pk_ctx );
+    }
+#endif /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_RSA_C)
     if( pk_alg == MBEDTLS_PK_RSA )
     {

From b1760926568f8708fb14ae3fc9b1d6e75fe8e07e Mon Sep 17 00:00:00 2001
From: Jarno Lamsa <jarno.lamsa@arm.com>
Date: Thu, 18 Apr 2019 15:58:34 +0300
Subject: [PATCH 02/93] Parse private key in uecc format

Parse the private key from cert in uecc format.
Accept only P-256 curve.
---
 include/mbedtls/oid.h |  13 ++++
 include/mbedtls/pk.h  |  12 ++++
 library/oid.c         |  26 ++++++++
 library/pkparse.c     | 140 ++++++++++++++++++++++++++++++++++++++++--
 4 files changed, 187 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 48f0b30c5..0b8a7faf0 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -471,6 +471,18 @@ int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_a
 int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
                            const char **oid, size_t *olen );
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+typedef enum
+{
+    MBEDTLS_UECC_DP_NONE = 0,       /*!< Curve not defined. */
+    MBEDTLS_UECC_DP_SECP256R1,      /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
+} mbedtls_uecc_group_id;
+
+int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_uecc_group_id *grp_id );
+
+int mbedtls_oid_get_oid_by_ec_grp( mbedtls_uecc_group_id grp_id, 
+                            const char **oid, size_t *olen);
+#else
 #if defined(MBEDTLS_ECP_C)
 /**
  * \brief          Translate NamedCurve OID into an EC group identifier
@@ -494,6 +506,7 @@ int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *g
 int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
                            const char **oid, size_t *olen );
 #endif /* MBEDTLS_ECP_C */
+#endif
 
 #if defined(MBEDTLS_MD_C)
 /**
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 91950f940..a044c57b5 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -45,6 +45,10 @@
 #include "ecdsa.h"
 #endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#include "ecc.h"
+#endif
+
 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
     !defined(inline) && !defined(__cplusplus)
 #define inline __inline
@@ -133,6 +137,14 @@ typedef struct mbedtls_pk_context
     void *                      pk_ctx;  /**< Underlying public key context  */
 } mbedtls_pk_context;
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+typedef struct
+{
+    uint8_t private_key[NUM_ECC_BYTES];
+    uint8_t public_key[2*NUM_ECC_BYTES];
+} mbedtls_uecc_keypair;
+#endif
+
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 /**
  * \brief           Context for resuming operations
diff --git a/library/oid.c b/library/oid.c
index 3119c5768..dd73cf019 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -467,6 +467,12 @@ FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
 FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    mbedtls_uecc_group_id       grp_id;
+} oid_ecp_grp_t;
+#else
 #if defined(MBEDTLS_ECP_C)
 /*
  * For namedCurve (RFC 5480)
@@ -475,7 +481,26 @@ typedef struct {
     mbedtls_oid_descriptor_t    descriptor;
     mbedtls_ecp_group_id        grp_id;
 } oid_ecp_grp_t;
+#endif
+#endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+static const oid_ecp_grp_t oid_ecp_grp[] =
+{
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1",    "secp256r1" },
+        MBEDTLS_UECC_DP_SECP256R1,
+    },
+    {
+        { NULL, 0, NULL, NULL },
+        MBEDTLS_UECC_DP_NONE,
+    },
+};
+FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
+FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_uecc_group_id, grp_id)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_uecc_group_id, grp_id)
+#else
+#if defined(MBEDTLS_ECP_C)
 static const oid_ecp_grp_t oid_ecp_grp[] =
 {
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
@@ -554,6 +579,7 @@ FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
 #endif /* MBEDTLS_ECP_C */
+#endif
 
 #if defined(MBEDTLS_CIPHER_C)
 /*
diff --git a/library/pkparse.c b/library/pkparse.c
index e8a3e86ab..e25b84ec2 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -179,7 +179,28 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
 }
 #endif /* MBEDTLS_FS_IO */
 
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_USE_TINYCRYPT)
+static int pk_use_ecparams( const mbedtls_asn1_buf *params )
+{
+    uint32_t grp_id;
+
+    if( params->tag == MBEDTLS_ASN1_OID )
+    {
+        if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
+            return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
+    }
+    else
+    {
+        // Only P-256 is supported
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    }
+
+    return( 0 );
+}
+#endif
+
+#if defined(MBEDTLS_ECP_C) || \
+    defined(MBEDTLS_USE_TINYCRYPT)
 /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
  *
  * ECParameters ::= CHOICE {
@@ -223,7 +244,9 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
 
     return( 0 );
 }
+#endif
 
+#if defined(MBEDTLS_ECP_C)
 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
 /*
  * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
@@ -524,7 +547,7 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
 /*
  * Import a point from unsigned binary data (SEC1 2.3.4)
  */
-static int uecc_public_key_read_binary( uint8_t **pt,
+static int uecc_public_key_read_binary( uint8_t *pt,
                                    const unsigned char *buf, size_t ilen )
 {
 
@@ -539,7 +562,7 @@ static int uecc_public_key_read_binary( uint8_t **pt,
     if( ilen != 2 * NUM_ECC_BYTES + 1 )
         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
 
-    *pt = (uint8_t *) buf + 1;
+    memcpy( pt, buf + 1, ilen - 1);
 
     return( 0 );
 }
@@ -550,7 +573,7 @@ static int pk_get_ueccpubkey( unsigned char **p,
 {
     int ret;
 
-    ret = uecc_public_key_read_binary( &pk_context,
+    ret = uecc_public_key_read_binary( pk_context,
                     (const unsigned char *) *p, end - *p );
 
     /*
@@ -854,6 +877,114 @@ cleanup:
 }
 #endif /* MBEDTLS_RSA_C */
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+static int pk_parse_key_sec1_der( mbedtls_uecc_keypair *keypair,
+                                  const unsigned char *key,
+                                  size_t keylen)
+{
+    int ret;
+    int version, pubkey_done;
+    size_t len;
+    mbedtls_asn1_buf params;
+    unsigned char *p = (unsigned char *) key;
+    unsigned char *end = p + keylen;
+    unsigned char *end2;
+
+    /*
+     * RFC 5915, or SEC1 Appendix C.4
+     *
+     * ECPrivateKey ::= SEQUENCE {
+     *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+     *      privateKey     OCTET STRING,
+     *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+     *      publicKey  [1] BIT STRING OPTIONAL
+     *    }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    end = p + len;
+
+    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( version != 1 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    memcpy(keypair->private_key, p, len);
+
+    p += len;
+
+    pubkey_done = 0;
+    if( p != end )
+    {
+        /*
+         * Is 'parameters' present?
+         */
+        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
+        {
+            if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
+                ( ret = pk_use_ecparams( &params )  ) != 0 )
+            {
+                return( ret );
+            }
+        }
+        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        {
+            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+        }
+    }
+
+    if( p != end )
+    {
+        /*
+         * Is 'publickey' present? If not, or if we can't read it (eg because it
+         * is compressed), create it from the private key.
+         */
+        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
+        {
+            end2 = p + len;
+
+            if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
+                return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+            if( p + len != end2 )
+                return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                        MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+            if( ( ret = uecc_public_key_read_binary( keypair->public_key, 
+                            (const unsigned char *) p, end2 - p ) ) == 0 )
+                pubkey_done = 1;
+            else
+            {
+                /*
+                 * The only acceptable failure mode of pk_get_ecpubkey() above
+                 * is if the point format is not recognized.
+                 */
+                if( ret != MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE )
+                    return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+            }
+        }
+        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        {
+            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+        }
+    }
+
+    //TODO: Do we need to support derived public keys with uecc?
+
+    return( 0 );
+}
+#else
+
 #if defined(MBEDTLS_ECP_C)
 /*
  * Parse a SEC1 encoded private EC key
@@ -982,6 +1113,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
     return( 0 );
 }
 #endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_USE_TINYCRYPT */
 
 /*
  * Parse an unencrypted PKCS#8 encoded private key

From 9c9e77a8add2765d0297543c19ad24bfc2b3a8f0 Mon Sep 17 00:00:00 2001
From: Jarno Lamsa <jarno.lamsa@arm.com>
Date: Thu, 18 Apr 2019 16:13:19 +0300
Subject: [PATCH 03/93] Actually use the parse functions

---
 include/mbedtls/pk.h |  7 +++++++
 library/pkparse.c    | 21 +++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index a044c57b5..1536ebeac 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -172,6 +172,13 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
 }
 #endif /* MBEDTLS_RSA_C */
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+static inline mbedtls_uecc_keypair *mbedtls_uecc_pk( const mbedtls_pk_context pk )
+{
+    return( (mbedtls_uecc_keypair *) (pk).pk_ctx );
+}
+#endif
+
 #if defined(MBEDTLS_ECP_C)
 /**
  * Quick access to an EC context inside a PK context.
diff --git a/library/pkparse.c b/library/pkparse.c
index e25b84ec2..bc016be43 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1197,6 +1197,16 @@ static int pk_parse_key_pkcs8_unencrypted_der(
         }
     } else
 #endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if( pk_alg == MBEDTLS_PK_ECDSA)
+    {
+        if( ( ret = pk_use_ecparams( &params ) ) != 0 ||
+            ( ret = pk_parse_key_sec1_der( mbedtls_uecc_pk( *pk ), p, len ) ) != 0)
+        {
+            return( ret );
+        }
+    }
+#else
 #if defined(MBEDTLS_ECP_C)
     if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
     {
@@ -1208,6 +1218,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
         }
     } else
 #endif /* MBEDTLS_ECP_C */
+#endif
         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
 
     return( 0 );
@@ -1533,6 +1544,15 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
     mbedtls_pk_init( pk );
 #endif /* MBEDTLS_RSA_C */
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECDSA );
+    if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
+        pk_parse_key_sec1_der( mbedtls_uecc_pk( *pk),
+                               key, keylen) == 0)
+    {
+        return( 0 );
+    }
+#else
 #if defined(MBEDTLS_ECP_C)
     pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
     if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
@@ -1543,6 +1563,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
     }
     mbedtls_pk_free( pk );
 #endif /* MBEDTLS_ECP_C */
+#endif
 
     /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
      * it is ok to leave the PK context initialized but not

From ad78931fb349703c457c7a973d1fe2cadc378fde Mon Sep 17 00:00:00 2001
From: Jarno Lamsa <jarno.lamsa@arm.com>
Date: Tue, 23 Apr 2019 09:15:54 +0300
Subject: [PATCH 04/93] Signature wrapper for uECC

---
 library/pk_wrap.c | 17 +++++++++--------
 library/ssl_cli.c |  5 +++++
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 2f175f590..c6f6302b3 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -613,7 +613,7 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
     return( (int) len );
 }
 
-/* Transcode signature from PSA format to ASN.1 sequence.
+/* Transcode signature from uECC format to ASN.1 sequence.
  * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
  * MPIs, and in-place.
  *
@@ -647,16 +647,17 @@ static int uecc_ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
                    unsigned char *sig, size_t *sig_len,
                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
-    (void) ctx;
-    (void) md_alg;
-    (void) hash;
-    (void) hash_len;
-    (void) sig;
-    (void) sig_len;
+    const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
+    const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
+    
+    uECC_sign(keypair->private_key, hash, hash_len, sig, uecc_curve);
+
+    /* uECC owns its rng function pointer */
     (void) f_rng;
     (void) p_rng;
+    (void) md_alg;
 
-    return( 0 );
+    return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, 2*NUM_ECC_BYTES ) );
 }
 
 static void *uecc_ecdsa_alloc_wrap( void )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4e99a801b..5fd8e4ce5 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3973,6 +3973,11 @@ sign:
         rs_ctx = &ssl->handshake->ecrs_ctx.pk;
 #endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if ( uECC_get_rng() == 0 )
+        uECC_set_rng(&mbetls_uecc_rng_wrapper);
+#endif
+
     if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
                          md_alg, hash_start, hashlen,
                          ssl->out_msg + 6 + offset, &n,

From 7cb5c110678c983a371cbb3e147b0aa436a1a17c Mon Sep 17 00:00:00 2001
From: Jarno Lamsa <jarno.lamsa@arm.com>
Date: Tue, 23 Apr 2019 15:54:56 +0300
Subject: [PATCH 05/93] Missing uECC ECDSA flagging

---
 library/ssl_cli.c | 7 ++++---
 library/ssl_srv.c | 4 ++--
 library/ssl_tls.c | 7 ++++---
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 5fd8e4ce5..a68d802a8 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -173,7 +173,8 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
     unsigned char *p = buf;
     const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
     size_t sig_alg_len = 0;
-#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_USE_TINYCRYPT)
     unsigned char *sig_alg_list = buf + 6;
 #endif
 
@@ -189,7 +190,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
     ((void) hash);
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
     sig_alg_len += 2;
 #endif
 #if defined(MBEDTLS_RSA_C)
@@ -209,7 +210,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
     sig_alg_len = 0;
 
     MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
     sig_alg_list[sig_alg_len++] = hash;
     sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
 #endif
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index b058e7c81..f27fb0db9 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3064,7 +3064,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_RSA_C)
     p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
 #endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
     p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
 #endif
 
@@ -3105,7 +3105,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
             p[2 + sa_len++] = hash;
             p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
 #endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
             p[2 + sa_len++] = hash;
             p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
 #endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d4d51b5ef..f56475be0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -12057,7 +12057,8 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
 }
 
 #if defined(MBEDTLS_PK_C) && \
-    ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
+    ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) ) || \
+    ( defined(MBEDTLS_USE_TINYCRYPT) )
 /*
  * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
  */
@@ -12067,7 +12068,7 @@ unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
     if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
         return( MBEDTLS_SSL_SIG_RSA );
 #endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
         return( MBEDTLS_SSL_SIG_ECDSA );
 #endif
@@ -12095,7 +12096,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
         case MBEDTLS_SSL_SIG_RSA:
             return( MBEDTLS_PK_RSA );
 #endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
         case MBEDTLS_SSL_SIG_ECDSA:
             return( MBEDTLS_PK_ECDSA );
 #endif

From 8d49ba3b7832b7b95fd6a2ddc9ba63b2824eb2a0 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 15:22:56 +0100
Subject: [PATCH 06/93] Fixup: Definition of TinyCrypt OID descriptor structure

---
 library/oid.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/oid.c b/library/oid.c
index dd73cf019..674c3b8b0 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -488,11 +488,11 @@ typedef struct {
 static const oid_ecp_grp_t oid_ecp_grp[] =
 {
     {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1",    "secp256r1" },
+        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256R1 , "secp256r1", "secp256r1" ),
         MBEDTLS_UECC_DP_SECP256R1,
     },
     {
-        { NULL, 0, NULL, NULL },
+        NULL_OID_DESCRIPTOR,
         MBEDTLS_UECC_DP_NONE,
     },
 };

From 49ac40b81bce5f3d0b608f166ba7de6ebc69b425 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 29 Aug 2019 16:25:49 +0100
Subject: [PATCH 07/93] Fixup: Don't reference legacy ECP curve identifier in
 config.h

TinyCrypt should be used as a replacement of legacy ECC. In particular,
there shouldn't be any use of identifiers from the legacy ECC module.

So far, there's the configuration option

  MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID

that's relevant if MBEDTLS_SSL_CONF_SINGLE_CURVE is set, and which in
this case must resolve to an identifier of type mbedtls_ecp_group_id
indicating which single curve to enable.

With the introduction of TinyCrypt, we must either change the type
of this option to mbedtls_uecc_group_id, or introduce a separate
compilation option.

In order to avoid type confusion, this commit follows tha latter
approach, introducing the configuration option

  MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID

that indicatesthe TinyCrypt group identifier of the single curve
to use (must be Secp256r1) if MBEDTLS_SSL_CONF_SINGLE_CURVE
and MBEDTLS_USE_TINYCRYPT are set.
---
 include/mbedtls/config.h    | 7 +++++--
 programs/ssl/query_config.c | 8 ++++++++
 tests/scripts/all.sh        | 2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 0b4380276..7b50ef047 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2577,7 +2577,7 @@
  * Requires: MBEDTLS_SSL_CONF_RNG
  *           MBEDTLS_SSL_CONF_SINGLE_EC
  *           MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID == 23
- *           MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID == MBEDTLS_ECP_DP_SECP256R1
+ *           MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID == MBEDTLS_UECC_DP_SECP256R1
  *
  * \see MBEDTLS_SSL_CONF_RNG
  *
@@ -3755,11 +3755,13 @@
  * curve operations during the handshake.
  *
  * If this is set, you must also define the following:
- * - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID
+ * - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID (if MBEDTLS_ECP_C is set)
  *   This must resolve to the Mbed TLS group ID for the elliptic
  *   curve to use (e.g. MBEDTLS_ECP_DP_SECP256R1); see
  *   ::mbedtls_ecp_group_id in mbedtls/ecp.h for a complete list
  *   of curve identifiers.
+ * - MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID (if MBEDTLS_USE_TINYCRYPT is set)
+ *   This must resolve to MBEDTLS_UECC_DP_SECP256R1.
  * - MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
  *   This must resolve to the identifier for the elliptic curve
  *   to use according to the IANA NamedCurve registry:
@@ -3771,6 +3773,7 @@
 //#define MBEDTLS_SSL_CONF_SINGLE_EC
 //#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
 //#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
+//#define MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
 
 /* Enable support a single signature hash algorithm
  * at compile-time, at the benefit of code-size.
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index c17941929..dd5051466 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -2866,6 +2866,14 @@ int query_config( const char *config )
     }
 #endif /* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID */
 
+#if defined(MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID)
+    if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID */
+
 #if defined(MBEDTLS_SSL_CONF_SINGLE_SIG_HASH)
     if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_SIG_HASH", config ) == 0 )
     {
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ef5dfccd9..7b25ad28e 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1423,7 +1423,7 @@ component_test_default_tinycrypt_without_legacy_ecdh () {
     scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
     scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
     scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
-    scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
+    scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
     scripts/config.pl unset MBEDTLS_ECDH_C
     scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
     scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED

From 483fd66d21752302f19db54812f213e7e8737044 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 12:39:24 +0100
Subject: [PATCH 08/93] Fixup: Don't reference legacy ECP curve identifier in
 check_config.h

---
 include/mbedtls/check_config.h | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index f28345d2f..504b3539a 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -87,9 +87,12 @@
 #error "MBEDTLS_CMAC_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_SSL_CONF_SINGLE_EC) &&           \
-    ( !defined(MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID) || \
-      !defined(MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID) )
+#if defined(MBEDTLS_SSL_CONF_SINGLE_EC) &&                 \
+    ( !defined(MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID)       || \
+      ( defined(MBEDTLS_USE_TINYCRYPT) &&                  \
+        !defined(MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID) ) || \
+      ( defined(MBEDTLS_ECP_C) &&                          \
+        !defined(MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID) ) )
 #error "MBEDTLS_SSL_CONF_SINGLE_EC defined, but not all prerequesites"
 #endif
 
@@ -103,11 +106,11 @@
 #error "MBEDTLS_USE_TINYCRYPT defined, but it cannot be defined with MBEDTLS_NO_64BIT_MULTIPLICATION"
 #endif
 
-#if defined(MBEDTLS_USE_TINYCRYPT) &&                                   \
-    !( defined(MBEDTLS_SSL_CONF_SINGLE_EC)     &&                       \
-       MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID == 23 &&                       \
-       MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID == MBEDTLS_ECP_DP_SECP256R1 )
-#error "MBEDTLS_USE_TINYCRYPT requires the use of MBEDTLS_SSL_CONF_SINGLE_EC to hardcode the choice of Secp256r1"
+#if defined(MBEDTLS_USE_TINYCRYPT) &&                                    \
+    !( defined(MBEDTLS_SSL_CONF_SINGLE_EC)       &&                      \
+       MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID   == 23 &&                      \
+       MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID == MBEDTLS_UECC_DP_SECP256R1 )
+#error "MBEDTLS_USE_TINYCRYPT requires the use of MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID to hardcode the choice of Secp256r1"
 #endif
 
 #if defined(MBEDTLS_USE_TINYCRYPT) && \

From adf11e13a4c202f2eb676ad7d7c4d8f2c87c8705 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 13:03:44 +0100
Subject: [PATCH 09/93] Fixup: Impl. MBEDTLS_PK_ECKEY, not MBEDTLS_PK_ECDSA,
 via TinyCrypt

The PK-type MBEDTLS_PK_ECDSA isn't really used by the library.
Especially, when parsing a generic EC key, a PK context of type
MBEDTLS_PK_ECKEY will be requested. Hence, to drop in TinyCrypt
for the legacy-ECC implementation, the PK type that TinyCrypt
implements must be MBEDTLS_PK_ECKEY.
---
 include/mbedtls/pk_internal.h |  2 +-
 library/pk.c                  | 14 ++++++++------
 library/pk_wrap.c             | 33 +++++++++++++++++----------------
 library/pkparse.c             |  2 +-
 4 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h
index 9ec2476f5..d3b501dd9 100644
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@@ -132,7 +132,7 @@ extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
 #endif
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
-extern const mbedtls_pk_info_t mbedtls_uecc_ecdsa_info;
+extern const mbedtls_pk_info_t mbedtls_uecc_eckey_info;
 #endif
 
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
diff --git a/library/pk.c b/library/pk.c
index da34e56a3..161a135f1 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -115,19 +115,21 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
             return( &mbedtls_rsa_info );
 #endif
 #if defined(MBEDTLS_ECP_C)
-        case MBEDTLS_PK_ECKEY:
-            return( &mbedtls_eckey_info );
         case MBEDTLS_PK_ECKEY_DH:
             return( &mbedtls_eckeydh_info );
 #endif
-#if defined(MBEDTLS_USE_TINYCRYPT)
-        case MBEDTLS_PK_ECDSA:
-            return( &mbedtls_uecc_ecdsa_info );
-#else
 #if defined(MBEDTLS_ECDSA_C)
         case MBEDTLS_PK_ECDSA:
             return( &mbedtls_ecdsa_info );
 #endif
+#if defined(MBEDTLS_USE_TINYCRYPT)
+        case MBEDTLS_PK_ECKEY:
+            return( &mbedtls_uecc_eckey_info );
+#else /* MBEDTLS_USE_TINYCRYPT */
+#if defined(MBEDTLS_ECP_C)
+        case MBEDTLS_PK_ECKEY:
+            return( &mbedtls_eckey_info );
+#endif
 #endif /* MBEDTLS_USE_TINYCRYPT */
         /* MBEDTLS_PK_RSA_ALT omitted on purpose */
         default:
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index c6f6302b3..cf606914e 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -528,18 +528,19 @@ static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
     return( 0 );
 }
 
-static size_t uecc_ecdsa_get_bitlen( const void *ctx )
+static size_t uecc_eckey_get_bitlen( const void *ctx )
 {
     (void) ctx;
     return( (size_t) 2 * NUM_ECC_BYTES );
 }
 
-static int uecc_ecdsa_can_do( mbedtls_pk_type_t type )
+static int uecc_eckey_can_do( mbedtls_pk_type_t type )
 {
-    return( type == MBEDTLS_PK_ECDSA );
+    return( type == MBEDTLS_PK_ECDSA ||
+            type == MBEDTLS_PK_ECKEY );
 }
 
-static int uecc_ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
+static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
                        const unsigned char *hash, size_t hash_len,
                        const unsigned char *sig, size_t sig_len )
 {
@@ -642,7 +643,7 @@ static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
     return( 0 );
 }
 
-static int uecc_ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
                    const unsigned char *hash, size_t hash_len,
                    unsigned char *sig, size_t *sig_len,
                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
@@ -660,7 +661,7 @@ static int uecc_ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
     return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, 2*NUM_ECC_BYTES ) );
 }
 
-static void *uecc_ecdsa_alloc_wrap( void )
+static void *uecc_eckey_alloc_wrap( void )
 {
     /*void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
 
@@ -671,25 +672,25 @@ static void *uecc_ecdsa_alloc_wrap( void )
     return NULL;
 }
 
-static void uecc_ecdsa_free_wrap( void *ctx )
+static void uecc_eckey_free_wrap( void *ctx )
 {
     (void) ctx;
     /*mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
     mbedtls_free( ctx );*/
 }
 
-const mbedtls_pk_info_t mbedtls_uecc_ecdsa_info = {
-    MBEDTLS_PK_ECDSA,
-    "ECDSA",
-    uecc_ecdsa_get_bitlen,
-    uecc_ecdsa_can_do,
-    uecc_ecdsa_verify_wrap,
-    uecc_ecdsa_sign_wrap,
+const mbedtls_pk_info_t mbedtls_uecc_eckey_info = {
+    MBEDTLS_PK_ECKEY,
+    "EC",
+    uecc_eckey_get_bitlen,
+    uecc_eckey_can_do,
+    uecc_eckey_verify_wrap,
+    uecc_eckey_sign_wrap,
     NULL,
     NULL,
     NULL,
-    uecc_ecdsa_alloc_wrap,
-    uecc_ecdsa_free_wrap,
+    uecc_eckey_alloc_wrap,
+    uecc_eckey_free_wrap,
     NULL,
 };
 #else
diff --git a/library/pkparse.c b/library/pkparse.c
index bc016be43..7573bdc86 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1545,7 +1545,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
 #endif /* MBEDTLS_RSA_C */
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
-    pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECDSA );
+    pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
     if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
         pk_parse_key_sec1_der( mbedtls_uecc_pk( *pk),
                                key, keylen) == 0)

From e8f14483062de9d23e45079d2c93838eb85ba1eb Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 13:28:59 +0100
Subject: [PATCH 10/93] Fixup: Remove references to PSA from TinyCrypt wrapper
 code

---
 library/pk_wrap.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index cf606914e..ea3d24cbc 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -585,7 +585,7 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
 
     /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
      * Neither r nor s should be 0, but as a failsafe measure, still detect
-     * that rather than overflowing the buffer in case of a PSA error. */
+     * that rather than overflowing the buffer in case of an error. */
     while( len > 0 && **p == 0x00 )
     {
         ++(*p);
@@ -622,8 +622,8 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
  * [in/out] sig_len: signature length pre- and post-transcoding
  * [int] buf_len: the available size the in/out buffer
  */
-static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
-                                       size_t buf_len )
+static int pk_ecdsa_sig_asn1_from_uecc( unsigned char *sig, size_t *sig_len,
+                                        size_t buf_len )
 {
     int ret;
     size_t len = 0;
@@ -658,7 +658,7 @@ static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
     (void) p_rng;
     (void) md_alg;
 
-    return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, 2*NUM_ECC_BYTES ) );
+    return( pk_ecdsa_sig_asn1_from_uecc( sig, sig_len, 2*NUM_ECC_BYTES ) );
 }
 
 static void *uecc_eckey_alloc_wrap( void )

From ad353f289be33097aa1578d68af192a96e51988b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 13:04:30 +0100
Subject: [PATCH 11/93] Fixup: Minor style corrections around use of TinyCrypt

---
 library/pk_wrap.c | 7 +++++--
 library/pkparse.c | 8 +++++---
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index ea3d24cbc..3edd7041e 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -552,10 +552,13 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
     ((void) md_alg);
     p = (unsigned char*) sig;
 
-    if( (ret = extract_ecdsa_sig( &p, sig + sig_len, signature, NUM_ECC_BYTES ) ) != 0 )
+    ret = extract_ecdsa_sig( &p, sig + sig_len, signature, NUM_ECC_BYTES );
+    if( ret != 0 )
         return( ret );
 
-    if( (ret = uECC_verify( (uint8_t *) ctx, hash, (unsigned) hash_len, signature, uecc_curve ) ) != 0 )
+    ret = uECC_verify( (uint8_t *) ctx, hash,
+                       (unsigned) hash_len, signature, uecc_curve );
+    if( ret != 0 )
         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
 
     return( ret );
diff --git a/library/pkparse.c b/library/pkparse.c
index 7573bdc86..99464e0d8 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -554,7 +554,7 @@ static int uecc_public_key_read_binary( uint8_t *pt,
     if( ilen < 1 )
         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
 
-    //We are not handling the infinity point right now
+    /* We are not handling the point at infinity. */
 
     if( buf[0] != 0x04 )
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
@@ -917,7 +917,7 @@ static int pk_parse_key_sec1_der( mbedtls_uecc_keypair *keypair,
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
 
-    memcpy(keypair->private_key, p, len);
+    memcpy( keypair->private_key, p, len );
 
     p += len;
 
@@ -960,9 +960,11 @@ static int pk_parse_key_sec1_der( mbedtls_uecc_keypair *keypair,
                 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
                         MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 
-            if( ( ret = uecc_public_key_read_binary( keypair->public_key, 
+            if( ( ret = uecc_public_key_read_binary( keypair->public_key,
                             (const unsigned char *) p, end2 - p ) ) == 0 )
+            {
                 pubkey_done = 1;
+            }
             else
             {
                 /*

From 496b83ff1b0e9cf609e7d1a36bb5c21b2beb593b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 13:33:49 +0100
Subject: [PATCH 12/93] Fixup: Correct include paths for TinyCrypt header files

TinyCrypt header files are expected in 'tinycrypt' folder
relative to the include path.
---
 include/mbedtls/pk.h | 2 +-
 library/pk_wrap.c    | 4 ++--
 library/pkparse.c    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 1536ebeac..c65f39c80 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -46,7 +46,7 @@
 #endif
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
-#include "ecc.h"
+#include "tinycrypt/ecc.h"
 #endif
 
 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 3edd7041e..f8afc1305 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -34,8 +34,8 @@
 #include <string.h>
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
-#include "mbedtls/ecc.h"
-#include "mbedtls/ecc_dsa.h"
+#include "tinycrypt/ecc.h"
+#include "tinycrypt/ecc_dsa.h"
 #include "mbedtls/asn1.h"
 #include "mbedtls/asn1write.h"
 #else
diff --git a/library/pkparse.c b/library/pkparse.c
index 99464e0d8..26686253b 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -53,7 +53,7 @@
 #include "mbedtls/pkcs12.h"
 #endif
 #if defined(MBEDTLS_USE_TINYCRYPT)
-#include "mbedtls/ecc.h"
+#include "tinycrypt/ecc.h"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_C)

From 9a62f2dbfbf7de4b4699bec9e59b1ab5ea093e84 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 14:57:37 +0100
Subject: [PATCH 13/93] Fixup: get_bitlen() PK API in TinyCrypt-based ECDSA

- Return number of bits and not number of bytes
- Return length of private key and not length of public key.
---
 library/pk_wrap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index f8afc1305..92f356a60 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -531,7 +531,7 @@ static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
 static size_t uecc_eckey_get_bitlen( const void *ctx )
 {
     (void) ctx;
-    return( (size_t) 2 * NUM_ECC_BYTES );
+    return( (size_t) ( NUM_ECC_BYTES * 8 ) );
 }
 
 static int uecc_eckey_can_do( mbedtls_pk_type_t type )

From 9c7a359cc451bb349b0ab7a145a4f9cb0fa6ab9b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 15:37:17 +0100
Subject: [PATCH 14/93] Fixup: uecc_ecdsa_sign_wrap() in pk_wrap.c

The previous code passed `2 * NUM_ECC_BYTES` as the size limit for
the ECDSA signature, which fails to account for space required by
ASN.1 headers.
---
 library/pk_wrap.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 92f356a60..42632fc77 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -653,15 +653,32 @@ static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 {
     const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
     const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
-    
-    uECC_sign(keypair->private_key, hash, hash_len, sig, uecc_curve);
+
+    /*
+     * RFC-4492 page 20:
+     *
+     *     Ecdsa-Sig-Value ::= SEQUENCE {
+     *         r       INTEGER,
+     *         s       INTEGER
+     *     }
+     *
+     * Size is at most
+     *    1 (tag) + 1 (len) + 1 (initial 0) + NUM_ECC_BYTES for each of r and s,
+     *    twice that + 1 (tag) + 2 (len) for the sequence
+     * (assuming NUM_ECC_BYTES is less than 126 for r and s,
+     * and less than 124 (total len <= 255) for the sequence)
+     */
+    const size_t max_secp256r1_ecdsa_sig_len = 3 + 2 * ( 3 + NUM_ECC_BYTES );
+
+    uECC_sign( keypair->private_key, hash, hash_len, sig, uecc_curve );
+    *sig_len = 2 * NUM_ECC_BYTES;
 
     /* uECC owns its rng function pointer */
     (void) f_rng;
     (void) p_rng;
     (void) md_alg;
 
-    return( pk_ecdsa_sig_asn1_from_uecc( sig, sig_len, 2*NUM_ECC_BYTES ) );
+    return( pk_ecdsa_sig_asn1_from_uecc( sig, sig_len, max_secp256r1_ecdsa_sig_len ) );
 }
 
 static void *uecc_eckey_alloc_wrap( void )

From 8ea35458e4eaca5e88f3f8623a52bc99000b73a8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 15:39:13 +0100
Subject: [PATCH 15/93] Fixup: TinyCrypt PK verify wrapper
 uecc_ecdsa_verify_wrap()

- TinyCrypt uses `0` for errors.
- The first argument to uECC_verify() should be the public key,
  but the previous code passed the beginning of the entire
  private-public key structure.
---
 library/pk_wrap.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 42632fc77..d683895fc 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -548,6 +548,7 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
     uint8_t signature[2*NUM_ECC_BYTES];
     unsigned char *p;
     const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
+    const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
 
     ((void) md_alg);
     p = (unsigned char*) sig;
@@ -556,12 +557,12 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
     if( ret != 0 )
         return( ret );
 
-    ret = uECC_verify( (uint8_t *) ctx, hash,
+    ret = uECC_verify( keypair->public_key, hash,
                        (unsigned) hash_len, signature, uecc_curve );
-    if( ret != 0 )
-        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+    if( ret == 0 )
+        return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
 
-    return( ret );
+    return( 0 );
 }
 
 /*

From a417459ab17050bda23b2e16534056855b4b5300 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 16:26:32 +0100
Subject: [PATCH 16/93] Fixup: Remove trailing whitespace in oid.h

---
 include/mbedtls/oid.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 0b8a7faf0..584c47003 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -480,7 +480,7 @@ typedef enum
 
 int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_uecc_group_id *grp_id );
 
-int mbedtls_oid_get_oid_by_ec_grp( mbedtls_uecc_group_id grp_id, 
+int mbedtls_oid_get_oid_by_ec_grp( mbedtls_uecc_group_id grp_id,
                             const char **oid, size_t *olen);
 #else
 #if defined(MBEDTLS_ECP_C)

From 52c52f3c2fcdf96ba63d92de1cbf4746523e4b06 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 11:47:20 +0100
Subject: [PATCH 17/93] check_config: Forbid simultaenous use of TinyCrypt and
 legacy ECC

---
 include/mbedtls/check_config.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 504b3539a..33bd8ec39 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -113,6 +113,10 @@
 #error "MBEDTLS_USE_TINYCRYPT requires the use of MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID to hardcode the choice of Secp256r1"
 #endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT) && defined(MBEDTLS_ECP_C)
+#error "MBEDTLS_USE_TINYCRYPT and MBEDTLS_ECP_C cannot be used simultaneously"
+#endif
+
 #if defined(MBEDTLS_USE_TINYCRYPT) && \
     !defined(MBEDTLS_SSL_CONF_RNG)
 #error "MBEDTLS_USE_TINYCRYPT defined, but not all prerequesites"

From b1074979b81a0298c4b8489297cc7c60df9df5fa Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 12:27:03 +0100
Subject: [PATCH 18/93] all.sh: Remove default + TinyCrypt test from all.sh

TinyCrypt and legacy ECC are mutually exclusive by now, and this
commit removes the all.sh test which exercises both simultaenously.
---
 tests/scripts/all.sh | 25 +++++--------------------
 1 file changed, 5 insertions(+), 20 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7b25ad28e..7bb02c88a 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1399,38 +1399,23 @@ component_build_baremetal_raw_armcc () {
     scripts/baremetal.sh --rom --gcc --armc5 --armc6 --check
 }
 
-component_test_default_tinycrypt () {
-    msg "test default config with tinycrypt enabled"
-
-    scripts/config.pl set MBEDTLS_USE_TINYCRYPT
-    scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
-    scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
-    scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
-    scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
-
-    make CC=gcc CFLAGS='-Werror -Wall -Wextra'
-
-    msg "test: default config with tinycrypt enabled"
-    make test
-    if_build_succeeded tests/ssl-opt.sh -f "^Default, DTLS$"
-    if_build_succeeded tests/compat.sh -m 'dtls1_2' -f 'ECDHE-ECDSA\|ECDH-ECDSA\|ECDHE-PSK'
-}
-
-component_test_default_tinycrypt_without_legacy_ecdh () {
-    msg "test default config with tinycrypt enabled and ecdh_c disabled"
+component_test_default_tinycrypt_without_legacy_ecc () {
+    msg "test default config with tinycrypt enabled and legacy ECC disabled"
 
     scripts/config.pl set MBEDTLS_USE_TINYCRYPT
     scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
     scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
     scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
     scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
+    scripts/config.pl unset MBEDTLS_ECP_C
     scripts/config.pl unset MBEDTLS_ECDH_C
+    scripts/config.pl unset MBEDTLS_ECDSA_C
     scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
     scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
     scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
     make CC=gcc CFLAGS='-Werror -Wall -Wextra'
 
-    msg "test: default config with tinycrypt enabled and ecdh_c disabled"
+    msg "test: default config with tinycrypt enabled and legacy ECC disabled"
     make test
     if_build_succeeded tests/ssl-opt.sh -f "^Default, DTLS$"
     if_build_succeeded tests/compat.sh -m 'dtls1_2' -f 'TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA\|+ECDHE-ECDSA:+AES-256-CBC:+SHA1\|ECDHE-ECDSA-AES256-SHA' -e 'SHA384'

From 11cb2637e70d71694f3f5cddef9d3ee15460a86f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 11:55:45 +0100
Subject: [PATCH 19/93] TinyCrypt PK wrap: Simplify guards in pk_wrap.c

With TinyCrypt and legacy ECC mutually exclusive, we don't have
to use #if TINYCRYPT #else #if LEGACY #endif #endif anymore, but
can add the TC and legacy based ECC implementations independently.
---
 library/pk_wrap.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index d683895fc..48eb602fd 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -38,7 +38,8 @@
 #include "tinycrypt/ecc_dsa.h"
 #include "mbedtls/asn1.h"
 #include "mbedtls/asn1write.h"
-#else
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
 #if defined(MBEDTLS_ECP_C)
 #include "mbedtls/ecp.h"
 #endif
@@ -46,7 +47,6 @@
 #if defined(MBEDTLS_ECDSA_C)
 #include "mbedtls/ecdsa.h"
 #endif
-#endif /* MBEDTLS_USE_TINYCRYPT */
 
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 #include "mbedtls/platform_util.h"
@@ -714,7 +714,8 @@ const mbedtls_pk_info_t mbedtls_uecc_eckey_info = {
     uecc_eckey_free_wrap,
     NULL,
 };
-#else
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
 #if defined(MBEDTLS_ECDSA_C)
 static int ecdsa_can_do( mbedtls_pk_type_t type )
 {
@@ -837,7 +838,6 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = {
     eckey_debug,        /* Compatible key structures */
 };
 #endif /* MBEDTLS_ECDSA_C */
-#endif /* MBEDTLS_USE_TINYCRYPT */
 
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /*

From 4102972d313e1d617a06f5f526b3f1e2018a7ee7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 13:18:56 +0100
Subject: [PATCH 20/93] TinyCrypt PK wrap: Implement alloc/free PK wrappers

---
 library/pk_wrap.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 48eb602fd..838360405 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -48,7 +48,8 @@
 #include "mbedtls/ecdsa.h"
 #endif
 
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \
+    defined(MBEDTLS_USE_TINYCRYPT)
 #include "mbedtls/platform_util.h"
 #endif
 
@@ -684,20 +685,16 @@ static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 
 static void *uecc_eckey_alloc_wrap( void )
 {
-    /*void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
-
-    if( ctx != NULL )
-        mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
-
-    return( ctx );*/
-    return NULL;
+    return( mbedtls_calloc( 1, sizeof( mbedtls_uecc_keypair ) ) );
 }
 
 static void uecc_eckey_free_wrap( void *ctx )
 {
-    (void) ctx;
-    /*mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
-    mbedtls_free( ctx );*/
+    if( ctx == NULL )
+        return;
+
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_uecc_keypair ) );
+    mbedtls_free( ctx );
 }
 
 const mbedtls_pk_info_t mbedtls_uecc_eckey_info = {

From 9653d80518f6ddb228badd7a892e7f1da787b2f7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 13:49:13 +0100
Subject: [PATCH 21/93] TinyCrypt PK wrap: Implement check_pair PK wrapper

---
 library/pk_wrap.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 838360405..78cee744a 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -535,6 +535,23 @@ static size_t uecc_eckey_get_bitlen( const void *ctx )
     return( (size_t) ( NUM_ECC_BYTES * 8 ) );
 }
 
+static int uecc_eckey_check_pair( const void *pub, const void *prv )
+{
+    const mbedtls_uecc_keypair *uecc_pub =
+        (const mbedtls_uecc_keypair *) pub;
+    const mbedtls_uecc_keypair *uecc_prv =
+        (const mbedtls_uecc_keypair *) prv;
+
+    if( memcmp( uecc_pub->public_key,
+                uecc_prv->public_key,
+                2 * NUM_ECC_BYTES ) == 0 )
+    {
+        return( 0 );
+    }
+
+    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+}
+
 static int uecc_eckey_can_do( mbedtls_pk_type_t type )
 {
     return( type == MBEDTLS_PK_ECDSA ||
@@ -706,7 +723,7 @@ const mbedtls_pk_info_t mbedtls_uecc_eckey_info = {
     uecc_eckey_sign_wrap,
     NULL,
     NULL,
-    NULL,
+    uecc_eckey_check_pair,
     uecc_eckey_alloc_wrap,
     uecc_eckey_free_wrap,
     NULL,

From d7e0cd001c9f2eda41d26deec8dd5bee975b65e1 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 13:03:11 +0100
Subject: [PATCH 22/93] TinyCrypt PK wrap: Add short documentation for
 extract_ecdsa_sig_int

---
 library/pk_wrap.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 78cee744a..e567e636d 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -475,6 +475,11 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = {
 #endif /* MBEDTLS_ECP_C */
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
+
+/*
+ * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
+ * those integers and convert it to the fixed-length encoding.
+ */
 static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
                                   unsigned char *to, size_t to_len )
 {

From aebffdd363d8c9879f9600a82b7036ebfaa02ecf Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 12:13:44 +0100
Subject: [PATCH 23/93] TinyCrypt PK parse: Add comments to #endif's indicating
 condition

---
 library/pkparse.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index 26686253b..c8171f1de 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -197,7 +197,7 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params )
 
     return( 0 );
 }
-#endif
+#endif /* MBEDTLS_USE_TINYCRYPT */
 
 #if defined(MBEDTLS_ECP_C) || \
     defined(MBEDTLS_USE_TINYCRYPT)
@@ -244,7 +244,7 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
 
     return( 0 );
 }
-#endif
+#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
 
 #if defined(MBEDTLS_ECP_C)
 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
@@ -985,7 +985,7 @@ static int pk_parse_key_sec1_der( mbedtls_uecc_keypair *keypair,
 
     return( 0 );
 }
-#else
+#else /* MBEDTLS_USE_TINYCRYPT */
 
 #if defined(MBEDTLS_ECP_C)
 /*
@@ -1208,7 +1208,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
             return( ret );
         }
     }
-#else
+#else /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_ECP_C)
     if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
     {
@@ -1220,7 +1220,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
         }
     } else
 #endif /* MBEDTLS_ECP_C */
-#endif
+#endif /* MBEDTLS_USE_TINYCRYPT */
         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
 
     return( 0 );
@@ -1554,7 +1554,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
     {
         return( 0 );
     }
-#else
+#else /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_ECP_C)
     pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
     if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
@@ -1565,7 +1565,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
     }
     mbedtls_pk_free( pk );
 #endif /* MBEDTLS_ECP_C */
-#endif
+#endif /* MBEDTLS_USE_TINYCRYPT */
 
     /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
      * it is ok to leave the PK context initialized but not

From 68d5478d8d05fa02dbbac1e14a0c7afc9d5adcf8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 13:19:09 +0100
Subject: [PATCH 24/93] TinyCrypt PK parse: Simplify TinyCrypt public key
 parsing

---
 library/pkparse.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index c8171f1de..7c8cd804b 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -550,8 +550,7 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
 static int uecc_public_key_read_binary( uint8_t *pt,
                                    const unsigned char *buf, size_t ilen )
 {
-
-    if( ilen < 1 )
+    if( ilen != 2 * NUM_ECC_BYTES + 1 )
         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
 
     /* We are not handling the point at infinity. */
@@ -559,9 +558,6 @@ static int uecc_public_key_read_binary( uint8_t *pt,
     if( buf[0] != 0x04 )
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
 
-    if( ilen != 2 * NUM_ECC_BYTES + 1 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
-
     memcpy( pt, buf + 1, ilen - 1);
 
     return( 0 );

From 7e38c373026496a92a27f1bd689263f989864ea4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 17:01:50 +0100
Subject: [PATCH 25/93] TinyCrypt PK parse: Pass TC keypair structure to ECDSA
 pubkey parse

---
 library/pkparse.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index 7c8cd804b..dbef18a3e 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -547,8 +547,8 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
 /*
  * Import a point from unsigned binary data (SEC1 2.3.4)
  */
-static int uecc_public_key_read_binary( uint8_t *pt,
-                                   const unsigned char *buf, size_t ilen )
+static int uecc_public_key_read_binary( mbedtls_uecc_keypair *uecc_keypair,
+                                        const unsigned char *buf, size_t ilen )
 {
     if( ilen != 2 * NUM_ECC_BYTES + 1 )
         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
@@ -558,7 +558,7 @@ static int uecc_public_key_read_binary( uint8_t *pt,
     if( buf[0] != 0x04 )
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
 
-    memcpy( pt, buf + 1, ilen - 1);
+    memcpy( uecc_keypair->public_key, buf + 1, 2 * NUM_ECC_BYTES );
 
     return( 0 );
 }
@@ -567,10 +567,11 @@ static int pk_get_ueccpubkey( unsigned char **p,
                            const unsigned char *end,
                            uint8_t *pk_context)
 {
+    mbedtls_uecc_keypair *uecc_keypair = (mbedtls_uecc_keypair *) pk_context;
     int ret;
 
-    ret = uecc_public_key_read_binary( pk_context,
-                    (const unsigned char *) *p, end - *p );
+    ret = uecc_public_key_read_binary( uecc_keypair,
+                                       (const unsigned char *) *p, end - *p );
 
     /*
      * We know uecc_public_key_read_binary consumed all bytes or failed
@@ -956,7 +957,7 @@ static int pk_parse_key_sec1_der( mbedtls_uecc_keypair *keypair,
                 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
                         MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 
-            if( ( ret = uecc_public_key_read_binary( keypair->public_key,
+            if( ( ret = uecc_public_key_read_binary( keypair,
                             (const unsigned char *) p, end2 - p ) ) == 0 )
             {
                 pubkey_done = 1;

From d45f383b0150c2617c1e0b9169205eb2069e2711 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 14:21:40 +0100
Subject: [PATCH 26/93] TinyCrypt PK parse: Impl. EC public key derivation in
 TC-based ECDSA

---
 library/pkparse.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index dbef18a3e..fce5ad70a 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -978,7 +978,14 @@ static int pk_parse_key_sec1_der( mbedtls_uecc_keypair *keypair,
         }
     }
 
-    //TODO: Do we need to support derived public keys with uecc?
+    if( !pubkey_done )
+    {
+        ret = uECC_compute_public_key( keypair->private_key,
+                                       keypair->public_key,
+                                       uECC_secp256r1() );
+        if( ret == 0 )
+            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    }
 
     return( 0 );
 }

From e65697c351224571ec5739fd6e949597ccd12968 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 14:31:00 +0100
Subject: [PATCH 27/93] TinyCrypt PK parse: Handle each PK type precisely once

---
 library/pkparse.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index fce5ad70a..2df391db6 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -719,7 +719,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
     if( pk_alg == MBEDTLS_PK_ECDSA )
     {
         ret = pk_get_ueccpubkey( p, end, (uint8_t*) pk->pk_ctx );
-    }
+    } else
 #endif /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_RSA_C)
     if( pk_alg == MBEDTLS_PK_RSA )
@@ -1211,7 +1211,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
         {
             return( ret );
         }
-    }
+    } else
 #else /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_ECP_C)
     if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )

From 75f8d3276f7279d840f4e9ad08cdbfd7f00ed911 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 14:31:50 +0100
Subject: [PATCH 28/93] TinyCrypt PK parse: Remove MBEDTLS_PK_ECDSA during
 pubkey parsing

The PK type MBEDTLS_PK_ECDSA is never returned from
`mbedtls_pk_info_from_type()`. Instead, EC keys either
are identified as MBEDTLS_PK_ECKEY_DH (in case they
must only be used for ECDHE) or MBEDTLS_PK_ECKEY (in
case they can be used for any algorithm).
---
 library/pkparse.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index 2df391db6..713ee922d 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -716,7 +716,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
         return( ret );
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
-    if( pk_alg == MBEDTLS_PK_ECDSA )
+    if( pk_alg == MBEDTLS_PK_ECKEY )
     {
         ret = pk_get_ueccpubkey( p, end, (uint8_t*) pk->pk_ctx );
     } else
@@ -1204,7 +1204,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
     } else
 #endif /* MBEDTLS_RSA_C */
 #if defined(MBEDTLS_USE_TINYCRYPT)
-    if( pk_alg == MBEDTLS_PK_ECDSA)
+    if( pk_alg == MBEDTLS_PK_ECKEY )
     {
         if( ( ret = pk_use_ecparams( &params ) ) != 0 ||
             ( ret = pk_parse_key_sec1_der( mbedtls_uecc_pk( *pk ), p, len ) ) != 0)

From f2bf115057e064ad36217fa32e6110ff06bdfe9e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 16:15:58 +0100
Subject: [PATCH 29/93] TinyCrypt Test: Initialize TinyCrypt RNG in test suites
 if enabled

---
 tests/suites/helpers.function   | 16 ++++++++++++++++
 tests/suites/host_test.function |  4 ++++
 2 files changed, 20 insertions(+)

diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index f5b61f31c..6ead2d349 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -28,6 +28,10 @@
 #include <setjmp.h>
 #endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#include "tinycrypt/ecc.h"
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
 #ifdef _MSC_VER
 #include <basetsd.h>
 typedef UINT8 uint8_t;
@@ -545,6 +549,18 @@ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
     return( 0 );
 }
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+static int uecc_rng_wrapper( uint8_t *dest, unsigned int size )
+{
+    int ret;
+    ret = rnd_std_rand( NULL, dest, size );
+    if( ret == 0 )
+        return( (int) size );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
 /**
  * This function only returns zeros
  *
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 0f98d23aa..e1aa3aab3 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -410,6 +410,10 @@ int execute_tests( int argc , const char ** argv )
     mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
 #endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    uECC_set_rng( &uecc_rng_wrapper );
+#endif
+
     /*
      * The C standard doesn't guarantee that all-bits-0 is the representation
      * of a NULL pointer. We do however use that in our code for initializing

From d336f721c0b35548ab3dfb92d6dfa44d951a3e69 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 11:46:11 +0100
Subject: [PATCH 30/93] Fixup: Add missing TinyCrypt guard in ECC private key
 parsing

PEM-encoded keys with PEM header

  -----BEGIN EC PRIVATE KEY-----
  ...
  -----END EC PRIVATE KEY-----

were previously not parsed in configurations using TinyCrypt
instead of legacy ECC crypto.
---
 library/pkparse.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index 713ee922d..69d2935e5 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1414,7 +1414,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
         return( ret );
 #endif /* MBEDTLS_RSA_C */
 
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
     if( key[keylen - 1] != '\0' )
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
@@ -1427,9 +1427,15 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
     {
         pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+        if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
+            ( ret = pk_parse_key_sec1_der( mbedtls_uecc_pk( *pk ),
+                                           pem.buf, pem.buflen ) ) != 0 )
+#else /* MBEDTLS_USE_TINYCRYPT */
         if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
             ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
                                            pem.buf, pem.buflen ) ) != 0 )
+#endif /* MBEDTLS_USE_TINYCRYPT */
         {
             mbedtls_pk_free( pk );
         }
@@ -1443,7 +1449,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
         return( ret );
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
 
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
     if( key[keylen - 1] != '\0' )

From 3bef643987cab1d431dc2d8ea991ecce39f671f1 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 11:47:37 +0100
Subject: [PATCH 31/93] Fixup: Guard numerous legacy-ECC PK parse functions by
 !TinyCrypt

---
 library/pkparse.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/pkparse.c b/library/pkparse.c
index 69d2935e5..92aed5998 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -246,6 +246,8 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
 }
 #endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
 
+#if !defined(MBEDTLS_USE_TINYCRYPT)
+
 #if defined(MBEDTLS_ECP_C)
 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
 /*
@@ -542,6 +544,7 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
     return( ret );
 }
 #endif /* MBEDTLS_ECP_C */
+#endif /* !MBEDTLS_USE_TINYCRYPT */
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
 /*

From 8cf2f5e4666074ed3599be375aba17a10155f969 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 11:51:53 +0100
Subject: [PATCH 32/93] TinyCrypt PK parse: Move TC-based EC public key parsing
 code-block

Keep code-paths handling legacy-ECC vs. TinyCrypt together
for better readability.
---
 library/pkparse.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index 92aed5998..79b06c7e9 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -718,18 +718,18 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
         return( ret );
 
-#if defined(MBEDTLS_USE_TINYCRYPT)
-    if( pk_alg == MBEDTLS_PK_ECKEY )
-    {
-        ret = pk_get_ueccpubkey( p, end, (uint8_t*) pk->pk_ctx );
-    } else
-#endif /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_RSA_C)
     if( pk_alg == MBEDTLS_PK_RSA )
     {
         ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
     } else
 #endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if( pk_alg == MBEDTLS_PK_ECKEY )
+    {
+        ret = pk_get_ueccpubkey( p, end, (uint8_t*) pk->pk_ctx );
+    } else
+#else /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_ECP_C)
     if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
     {
@@ -738,6 +738,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
             ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
     } else
 #endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_USE_TINYCRYPT */
         ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
 
     if( ret == 0 && *p != end )

From da77971ec87457736ffc42ae0c22e9e91ebbdd8e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 13:22:59 +0100
Subject: [PATCH 33/93] Fixup: Rename mbedtls_uecc_pk -> mbedtls_pk_uecc

This is in line with the naming of the analogous function mbedtls_pk_ec
used for legacy ECC PK contexts.
---
 include/mbedtls/pk.h | 2 +-
 library/pkparse.c    | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index c65f39c80..a9d763a53 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -173,7 +173,7 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
 #endif /* MBEDTLS_RSA_C */
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
-static inline mbedtls_uecc_keypair *mbedtls_uecc_pk( const mbedtls_pk_context pk )
+static inline mbedtls_uecc_keypair *mbedtls_pk_uecc( const mbedtls_pk_context pk )
 {
     return( (mbedtls_uecc_keypair *) (pk).pk_ctx );
 }
diff --git a/library/pkparse.c b/library/pkparse.c
index 79b06c7e9..a3184bfbd 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1211,7 +1211,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
     if( pk_alg == MBEDTLS_PK_ECKEY )
     {
         if( ( ret = pk_use_ecparams( &params ) ) != 0 ||
-            ( ret = pk_parse_key_sec1_der( mbedtls_uecc_pk( *pk ), p, len ) ) != 0)
+            ( ret = pk_parse_key_sec1_der( mbedtls_pk_uecc( *pk ), p, len ) ) != 0)
         {
             return( ret );
         }
@@ -1433,7 +1433,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
         if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
-            ( ret = pk_parse_key_sec1_der( mbedtls_uecc_pk( *pk ),
+            ( ret = pk_parse_key_sec1_der( mbedtls_pk_uecc( *pk ),
                                            pem.buf, pem.buflen ) ) != 0 )
 #else /* MBEDTLS_USE_TINYCRYPT */
         if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
@@ -1563,7 +1563,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
 #if defined(MBEDTLS_USE_TINYCRYPT)
     pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
     if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
-        pk_parse_key_sec1_der( mbedtls_uecc_pk( *pk),
+        pk_parse_key_sec1_der( mbedtls_pk_uecc( *pk),
                                key, keylen) == 0)
     {
         return( 0 );

From 251d7523fef979b419f41445736295f343b217a4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 13:28:44 +0100
Subject: [PATCH 34/93] TinyCrypt Test: Adapt 'PK utils: ECKEY' test in PK test
 suite

---
 tests/suites/test_suite_pk.data     |  8 ++++++--
 tests/suites/test_suite_pk.function | 24 ++++++++++++++++++++++--
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index e41dfa710..64ebbc081 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -12,10 +12,14 @@ PK utils: RSA
 depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
 pk_utils:MBEDTLS_PK_RSA:512:64:"RSA"
 
-PK utils: ECKEY
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+PK utils: ECKEY (legacy)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_utils:MBEDTLS_PK_ECKEY:192:24:"EC"
 
+PK utils: ECKEY (TinyCrypt)
+depends_on:MBEDTLS_USE_TINYCRYPT
+pk_utils:MBEDTLS_PK_ECKEY:256:32:"EC"
+
 PK utils: ECKEY_DH
 depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_utils:MBEDTLS_PK_ECKEY_DH:192:24:"EC_DH"
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 4e6ab172c..89d18ada8 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -7,6 +7,10 @@
 #include "mbedtls/ecp.h"
 #include "mbedtls/rsa.h"
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#include "tinycrypt/ecc_dh.h"
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
 #include <limits.h>
 #include <stdint.h>
 
@@ -21,8 +25,24 @@ static int pk_genkey( mbedtls_pk_context *pk )
 
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
     if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
+    {
         return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 );
+    } else
 #endif
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY )
+    {
+        int ret;
+
+        ret = uECC_make_key( mbedtls_pk_uecc( *pk )->public_key,
+                             mbedtls_pk_uecc( *pk )->private_key,
+                             uECC_secp256r1() );
+        if( ret == 0 )
+            return( -1 );
+
+        return( 0 );
+    } else
+#endif /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_ECP_C)
     if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ||
         mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY_DH ||
@@ -35,9 +55,9 @@ static int pk_genkey( mbedtls_pk_context *pk )
 
         return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d,
                                 &mbedtls_pk_ec( *pk )->Q, rnd_std_rand, NULL );
-    }
+    } else
 #endif
-    return( -1 );
+        return( -1 );
 }
 
 #if defined(MBEDTLS_RSA_C)

From c10c9bfc1099e208906919b97bb8fa0400e48cd2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 13:40:36 +0100
Subject: [PATCH 35/93] TinyCrypt Test: Add guards to ECDSA verify tests from
 PK test suite

- The underlying test vectors are for Secp192r1, while TinyCrypt uses Secp256r1.
- The test implementation is specific to the structure of legacy-ECC PK ctxs.

Addition of analogous tests for TinyCrypt-based ECC PK contexts are left
for a later commit.
---
 tests/suites/test_suite_pk.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 89d18ada8..8b95baba9 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -669,7 +669,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:!MBEDTLS_USE_TINYCRYPT */
 void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
                      data_t * sig, int ret )
 {

From c64d5af9ab9f55ca791d5fec1588d623f39f18a2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 13:14:36 +0100
Subject: [PATCH 36/93] Fixup: Don't use legacy ECC error code from TinyCrypt

We want to be able to remove legacy ECC entirely when using TinyCrypt,
including their identifiers.
---
 library/pk_wrap.c | 2 +-
 library/ssl_tls.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index e567e636d..78318cb99 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -554,7 +554,7 @@ static int uecc_eckey_check_pair( const void *pub, const void *prv )
         return( 0 );
     }
 
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 }
 
 static int uecc_eckey_can_do( mbedtls_pk_type_t type )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f56475be0..8e1c37485 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -75,7 +75,7 @@ int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl,
     if( (size_t)( end - *p ) < secp256r1_uncompressed_point_length )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "Bad ECDH peer pubkey (too short)" ) );
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
     if( (*p)[0] != 2 * NUM_ECC_BYTES + 1 ||
@@ -86,7 +86,7 @@ int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl,
                                0x04,
                                (unsigned) (*p)[0],
                                (unsigned) (*p)[1] ) );
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
     memcpy( ssl->handshake->ecdh_peerkey, *p + 2, 2 * NUM_ECC_BYTES );

From 64a81b03aac29e4711388708354c94cd9bc24a9f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 16:08:17 +0100
Subject: [PATCH 37/93] TinyCrypt PK write: Make PK writing helpers accept PK
 context

This prepares the ground for TinyCrypt-based implementations of
these helpers.
---
 library/pkwrite.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/library/pkwrite.c b/library/pkwrite.c
index 8d1da2f75..dcbc86cac 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -108,11 +108,12 @@ end_of_export:
  * EC public key is an EC point
  */
 static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
-                               mbedtls_ecp_keypair *ec )
+                               mbedtls_pk_context const *key )
 {
     int ret;
     size_t len = 0;
     unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
+    mbedtls_ecp_keypair const * const ec = mbedtls_pk_ec( *key );
 
     if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
                                         MBEDTLS_ECP_PF_UNCOMPRESSED,
@@ -130,18 +131,26 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
     return( (int) len );
 }
 
+static int pk_write_ec_privkey( unsigned char **p, unsigned char *start,
+                                mbedtls_pk_context const *key )
+{
+    mbedtls_ecp_keypair const * const ec = mbedtls_pk_ec( *key );
+    return( mbedtls_asn1_write_mpi( p, start, &ec->d ) );
+}
+
 /*
  * ECParameters ::= CHOICE {
  *   namedCurve         OBJECT IDENTIFIER
  * }
  */
 static int pk_write_ec_param( unsigned char **p, unsigned char *start,
-                              mbedtls_ecp_keypair *ec )
+                              mbedtls_pk_context const *key )
 {
     int ret;
     size_t len = 0;
     const char *oid;
     size_t oid_len;
+    mbedtls_ecp_keypair const * const ec = mbedtls_pk_ec( *key );
 
     if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
         return( ret );
@@ -170,7 +179,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
 #endif
 #if defined(MBEDTLS_ECP_C)
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
+        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, key ) );
     else
 #endif
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
@@ -217,7 +226,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
 #if defined(MBEDTLS_ECP_C)
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
     {
-        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
+        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, key ) );
     }
 #endif
 
@@ -326,7 +335,6 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
 #if defined(MBEDTLS_ECP_C)
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
     {
-        mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
         size_t pub_len = 0, par_len = 0;
 
         /*
@@ -341,7 +349,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
          */
 
         /* publicKey */
-        MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
+        MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, key ) );
 
         if( c - buf < 1 )
             return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@@ -357,7 +365,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
         len += pub_len;
 
         /* parameters */
-        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
+        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, key ) );
 
         MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
         MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
@@ -365,7 +373,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
         len += par_len;
 
         /* privateKey: write as MPI then fix tag */
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) );
+        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_privkey( &c, buf, key ) );
         *c = MBEDTLS_ASN1_OCTET_STRING;
 
         /* version */

From 28332a5642a2f5ea9e370ecc06eae4b025d9513d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 16:19:55 +0100
Subject: [PATCH 38/93] TinyCrypt PK write: Impl. PK writing helpers for
 TC-based PK context

---
 library/pkwrite.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/library/pkwrite.c b/library/pkwrite.c
index dcbc86cac..f816f0ee6 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -103,6 +103,56 @@ end_of_export:
 }
 #endif /* MBEDTLS_RSA_C */
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
+                               mbedtls_pk_context const *key )
+{
+    size_t const len = 1 + 2 * NUM_ECC_BYTES;
+    mbedtls_uecc_keypair const * const uecc = mbedtls_pk_uecc( *key );
+
+    if( *p < start || (size_t)( *p - start ) < len )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    *p -= len;
+    (*p)[0] = 0x04;
+    memcpy( *p + 1, uecc->public_key, 2 * NUM_ECC_BYTES );
+
+    return( (int) len );
+}
+
+static int pk_write_ec_privkey( unsigned char **p, unsigned char *start,
+                                mbedtls_pk_context const *key )
+{
+    mbedtls_uecc_keypair const * const uecc = mbedtls_pk_uecc( *key );
+    return( mbedtls_asn1_write_octet_string(
+                p, start,
+                uecc->private_key,
+                NUM_ECC_BYTES ) );
+}
+
+/*
+ * ECParameters ::= CHOICE {
+ *   namedCurve         OBJECT IDENTIFIER
+ * }
+ */
+static int pk_write_ec_param( unsigned char **p, unsigned char *start,
+                              mbedtls_pk_context const *key )
+{
+    int ret;
+    size_t len = 0;
+    const char *oid;
+    size_t oid_len;
+    ((void) key);
+
+    if( ( ret = mbedtls_oid_get_oid_by_ec_grp( MBEDTLS_UECC_DP_SECP256R1,
+                                               &oid, &oid_len ) ) != 0 )
+        return( ret );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
+
+    return( (int) len );
+}
+#else /* MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_ECP_C)
 /*
  * EC public key is an EC point
@@ -160,6 +210,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start,
     return( (int) len );
 }
 #endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_USE_TINYCRYPT */
 
 int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
                              const mbedtls_pk_context *key )

From dfb949bb4e38c5c461171f8a52da0935fd81cc97 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 15:22:25 +0100
Subject: [PATCH 39/93] Fixup: Use TC ECC type instead of uint32_t during
 pubkey parsing

Using explicit enumerated types avoids type confusion.
---
 library/pkparse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index a3184bfbd..d03695b63 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -182,7 +182,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
 #if defined(MBEDTLS_USE_TINYCRYPT)
 static int pk_use_ecparams( const mbedtls_asn1_buf *params )
 {
-    uint32_t grp_id;
+    mbedtls_uecc_group_id grp_id;
 
     if( params->tag == MBEDTLS_ASN1_OID )
     {

From d84dbe559ff84d1daba03b37c3ef0df05dc6fb55 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 14:31:52 +0100
Subject: [PATCH 40/93] TinyCrypt Test: Adapt pub/prv ECC key parsing tests to
 TinyCrypt

---
 tests/suites/test_suite_pkparse.data     | 102 +++++++++++++++--------
 tests/suites/test_suite_pkparse.function |  43 +++++++++-
 2 files changed, 106 insertions(+), 39 deletions(-)

diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 4add252df..335d76413 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -953,123 +953,151 @@ Parse Public RSA Key #4 (PKCS#1 wrapped, DER)
 pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0
 
 Parse Public EC Key #1 (RFC 5480, DER)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0
 
 Parse Public EC Key #2 (RFC 5480, PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0
 
 Parse Public EC Key #3 (RFC 5480, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
 
-Parse Public EC Key #4 (RFC 5480, secp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+Parse Public EC Key #4 (RFC 5480, secp256r1, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
+
+Parse Public EC Key #4 (RFC 5480, secp256r1, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
 
 Parse Public EC Key #5 (RFC 5480, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
 
 Parse Public EC Key #6 (RFC 5480, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0
 
 Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0
 
 Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0
 
 Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
 
 Parse EC Key #1 (SEC1 DER)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
 
 Parse EC Key #2 (SEC1 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
 
 Parse EC Key #3 (SEC1 PEM encrypted)
-depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
 
 Parse EC Key #4 (PKCS8 DER)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
 
-Parse EC Key #4a (PKCS8 DER, no public key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+Parse EC Key #4a (PKCS8 DER, no public key, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
 
-Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+Parse EC Key #4a (PKCS8 DER, no public key, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
+
+Parse EC Key #4b (PKCS8 DER, no public key, with parameters, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
+
+Parse EC Key #4b (PKCS8 DER, no public key, with parameters, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
 
 Parse EC Key #4c (PKCS8 DER, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
 
 Parse EC Key #5 (PKCS8 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
 
-Parse EC Key #5a (PKCS8 PEM, no public key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+Parse EC Key #5a (PKCS8 PEM, no public key, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
 
-Parse EC Key #5b (PKCS8 PEM, no public key, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+Parse EC Key #5a (PKCS8 PEM, no public key, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
+
+Parse EC Key #5b (PKCS8 PEM, no public key, with parameters, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
 
-Parse EC Key #5c (PKCS8 PEM, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+Parse EC Key #5b (PKCS8 PEM, no public key, with parameters, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
+
+Parse EC Key #5c (PKCS8 PEM, with parameters, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
+
+Parse EC Key #5c (PKCS8 PEM, with parameters, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
 
 Parse EC Key #6 (PKCS8 encrypted DER)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
 
 Parse EC Key #7 (PKCS8 encrypted PEM)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0
 
 Parse EC Key #8 (SEC1 PEM, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
 
-Parse EC Key #9 (SEC1 PEM, secp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+Parse EC Key #9 (SEC1 PEM, secp256r1, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
+
+Parse EC Key #9 (SEC1 PEM, secp256r1, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
 
 Parse EC Key #10 (SEC1 PEM, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
 
 Parse EC Key #11 (SEC1 PEM, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
 
 Parse EC Key #12 (SEC1 PEM, bp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0
 
 Parse EC Key #13 (SEC1 PEM, bp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0
 
 Parse EC Key #14 (SEC1 PEM, bp512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
 
 Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED:!MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
 
 Key ASN1 (Incorrect first tag)
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 3eb0397e6..a4d9466c4 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -63,9 +63,13 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
 void pk_parse_public_keyfile_ec( char * key_file, int result )
 {
+#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_USE_TINYCRYPT)
+    ((void) key_file);
+    ((void) result);
+#else
     mbedtls_pk_context ctx;
     int res;
 
@@ -77,20 +81,37 @@ void pk_parse_public_keyfile_ec( char * key_file, int result )
 
     if( res == 0 )
     {
+#if !defined(MBEDTLS_USE_TINYCRYPT)
         mbedtls_ecp_keypair *eckey;
+#else
+        mbedtls_uecc_keypair *uecckey;
+#endif
         TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_ECKEY ) );
+
+#if !defined(MBEDTLS_USE_TINYCRYPT)
         eckey = mbedtls_pk_ec( ctx );
         TEST_ASSERT( mbedtls_ecp_check_pubkey( &eckey->grp, &eckey->Q ) == 0 );
+#else
+        uecckey = mbedtls_pk_uecc( ctx );
+        TEST_ASSERT( uECC_valid_public_key( uecckey->public_key,
+                                            uECC_secp256r1() ) == 0 );
+#endif /* MBEDTLS_USE_TINYCRYPT */
     }
 
 exit:
     mbedtls_pk_free( &ctx );
+#endif /* !MBEDTLS_ECP_C && !MBEDTLS_USE_TINYCRYPT */
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
 void pk_parse_keyfile_ec( char * key_file, char * password, int result )
 {
+#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_USE_TINYCRYPT)
+    ((void) key_file);
+    ((void) password);
+    ((void) result);
+#else
     mbedtls_pk_context ctx;
     int res;
 
@@ -102,14 +123,32 @@ void pk_parse_keyfile_ec( char * key_file, char * password, int result )
 
     if( res == 0 )
     {
+#if !defined(MBEDTLS_USE_TINYCRYPT)
         mbedtls_ecp_keypair *eckey;
+#else
+        mbedtls_uecc_keypair *uecckey;
+        unsigned char tmp_pubkey[ 2 * NUM_ECC_BYTES ];
+#endif
         TEST_ASSERT( mbedtls_pk_can_do( &ctx, MBEDTLS_PK_ECKEY ) );
+
+#if !defined(MBEDTLS_USE_TINYCRYPT)
         eckey = mbedtls_pk_ec( ctx );
         TEST_ASSERT( mbedtls_ecp_check_privkey( &eckey->grp, &eckey->d ) == 0 );
+#else
+        uecckey = mbedtls_pk_uecc( ctx );
+        TEST_ASSERT( uECC_valid_public_key( uecckey->public_key,
+                                            uECC_secp256r1() ) == 0 );
+        TEST_ASSERT( uECC_compute_public_key( uecckey->private_key,
+                                              tmp_pubkey,
+                                              uECC_secp256r1() ) != 0 );
+        TEST_ASSERT( memcmp( tmp_pubkey, uecckey->public_key,
+                            sizeof( tmp_pubkey ) ) == 0 );
+#endif /* MBEDTLS_USE_TINYCRYPT */
     }
 
 exit:
     mbedtls_pk_free( &ctx );
+#endif /* !MBEDTLS_ECP_C && !MBEDTLS_USE_TINYCRYPT */
 }
 /* END_CASE */
 

From fdd294a79f1dc73e3d5441ba897810551f310cb5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 14:42:06 +0100
Subject: [PATCH 41/93] TinyCrypt Test: Skip pkwrite test cases that don't
 apply to TinyCrypt

The current pkwrite tests involving ECC all use curves different
from Secp256r1, so they don't apply to TinyCrypt.

Adding tests for TinyCrypt is left to a later commit.
---
 tests/suites/test_suite_pkwrite.data | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index c8ff1773c..0c1c02b02 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -7,15 +7,15 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
 pk_write_pubkey_check:"data_files/rsa4096_pub.pem"
 
 Public key write check EC 192 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_write_pubkey_check:"data_files/ec_pub.pem"
 
 Public key write check EC 521 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_write_pubkey_check:"data_files/ec_521_pub.pem"
 
 Public key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_write_pubkey_check:"data_files/ec_bp512_pub.pem"
 
 Private key write check RSA
@@ -27,13 +27,13 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
 pk_write_key_check:"data_files/rsa4096_prv.pem"
 
 Private key write check EC 192 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_write_key_check:"data_files/ec_prv.sec1.pem"
 
 Private key write check EC 521 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_write_key_check:"data_files/ec_521_prv.pem"
 
 Private key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_write_key_check:"data_files/ec_bp512_prv.pem"

From 1521ec501c19fda5b6b7e82e9b9de1267af8a613 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Aug 2019 14:04:38 +0100
Subject: [PATCH 42/93] Remove TinyCrypt PRNG configuration from ssl_cli.c

The TinyCrypt PRNG is configured in mbedtls_ssl_setup().
---
 library/ssl_cli.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index a68d802a8..9e35beda0 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3974,11 +3974,6 @@ sign:
         rs_ctx = &ssl->handshake->ecrs_ctx.pk;
 #endif
 
-#if defined(MBEDTLS_USE_TINYCRYPT)
-    if ( uECC_get_rng() == 0 )
-        uECC_set_rng(&mbetls_uecc_rng_wrapper);
-#endif
-
     if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
                          md_alg, hash_start, hashlen,
                          ssl->out_msg + 6 + offset, &n,

From 06e2bf6d013fb022e7fad139a911fd719afbea2c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 14:43:31 +0100
Subject: [PATCH 43/93] TinyCrypt Test: Disable CRT print test in
 test_suite_debug if TC on

---
 tests/suites/test_suite_debug.data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index 0935c1244..d7156b034 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -42,7 +42,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:!MB
 mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: 01\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued  on        \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on        \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using      \: RSA with SHA1\nMyFile(0999)\: RSA key size      \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\:  a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\:  15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\:  43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\:  dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\:  83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\:  70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\:  4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\:  f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\:  ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\:  24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\:  ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\:  69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\:  73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\:  db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\:  5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\:  ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\:  01 00 01\n"
 
 Debug print certificate #2 (EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_USE_TINYCRYPT
 mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version     \: 3\nMyFile(0999)\: serial number     \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name      \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued  on        \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on        \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using      \: ECDSA with SHA256\nMyFile(0999)\: EC key size       \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\:  c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\:  4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\:  39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\:  87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\:  b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\:  6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
 
 Debug print mbedtls_mpi #1

From d931ad2acab39415bdf27483b2cec1df6f3e4491 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 15:25:22 +0100
Subject: [PATCH 44/93] Implement x509_profile_check_key() for TinyCrypt-based
 PK context

---
 library/x509_crt.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 1c4237bda..352ed6c57 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -597,6 +597,16 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
     }
 #endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if( pk_alg == MBEDTLS_PK_ECKEY )
+    {
+        if( ( profile->allowed_curves & MBEDTLS_UECC_DP_SECP256R1 ) != 0 )
+            return( 0 );
+
+        return( -1 );
+    }
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
 #if defined(MBEDTLS_ECP_C)
     if( pk_alg == MBEDTLS_PK_ECDSA ||
         pk_alg == MBEDTLS_PK_ECKEY ||

From 3eb0ee23a0ca81e3de710f78d10c64be6b5494ce Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 15:25:48 +0100
Subject: [PATCH 45/93] TinyCrypt Test: Disable x509parse tests that don't
 apply to TC

TinyCrypt only supports Secp256r1, so skip all tests in test_suite_x509parse
which use different curves, while splitting those which rely on Secp256r1
alone into two tests: one for legacy ECC, and one for TinyCrypt.

Studying and improving the TinyCrypt test coverage is left for a later commit.
---
 tests/suites/test_suite_x509parse.data     | 290 ++++++++++++---------
 tests/suites/test_suite_x509parse.function |  11 +
 2 files changed, 184 insertions(+), 117 deletions(-)

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 2ca2287de..375feb9a3 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -131,7 +131,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
 x509_cert_info:"data_files/server4.crt":"cert. version     \: 3\nserial number     \: 08\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 15\:52\:04\nexpires on        \: 2023-09-22 15\:52\:04\nsigned using      \: ECDSA with SHA256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
 
 X509 CRT information EC signed by RSA
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
 x509_cert_info:"data_files/server3.crt":"cert. version     \: 3\nserial number     \: 0D\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-08-09 09\:17\:03\nexpires on        \: 2023-08-07 09\:17\:03\nsigned using      \: RSA with SHA1\nEC key size       \: 192 bits\nbasic constraints \: CA=false\n"
 
 X509 CRT information Bitstring in subject name
@@ -371,28 +371,44 @@ X509 Time Expired #6
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1_C
 mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_to":0
 
-X509 Time Future #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+X509 Time Future #1 (legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0
 
-X509 Time Future #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+X509 Time Future #1 (TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0
+
+X509 Time Future #2 (legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1
 
-X509 Time Future #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+X509 Time Future #2 (TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1
+
+X509 Time Future #3 (legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1
 
-X509 Time Future #4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+X509 Time Future #3 (TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1
+
+X509 Time Future #4 (legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
+mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1
+
+X509 Time Future #4 (TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
 mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1
 
 X509 Time Future #5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_from":0
 
 X509 Time Future #6
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1
 
 X509 CRT verification #1 (Revoked Cert, Expired CRL, no CN)
@@ -400,7 +416,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
 
 X509 CRT verification #1a (Revoked Cert, Future CRL, no CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
 
 X509 CRT verification #2 (Revoked Cert, Expired CRL)
@@ -408,7 +424,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
 
 X509 CRT verification #2a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
 
 X509 CRT verification #3 (Revoked Cert, Future CRL, CN Mismatch)
@@ -416,11 +432,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
 
 X509 CRT verification #3a (Revoked Cert, Future CRL, CN Discard)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
 
 X509 CRT verification #3b (Revoked Cert, Expired CRL, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
 
 X509 CRT verification #3c (Revoked Cert, Expired CRL, CN Discard)
@@ -432,7 +448,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
 x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
 
 X509 CRT verification #4a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
 
 X509 CRT verification #5 (Revoked Cert)
@@ -464,23 +480,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
 
 X509 CRT verification #8 (Valid Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #8a (Expired Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
 
 X509 CRT verification #8b (Future Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
 
 X509 CRT verification #8c (Expired Cert, longer chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
 
 X509 CRT verification #8d (Future Cert, longer chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
 
 X509 CRT verification #9 (Not trusted Cert)
@@ -632,35 +648,35 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
 x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #32 (Valid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #33 (Valid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #34 (Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #35 (Revoked, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
 
 X509 CRT verification #36 (Valid, EC CA, SHA1 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #37 (Valid, EC CA, SHA224 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #38 (Valid, EC CA, SHA384 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #39 (Valid, EC CA, SHA512 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #40 (Valid, depth 0, RSA, CA)
@@ -668,19 +684,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:
 x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #41 (Valid, depth 0, EC, CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #42 (Depth 0, not CA, RSA)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
 x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
-X509 CRT verification #43 (Depth 0, not CA, EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+X509 CRT verification #43 (Depth 0, not CA, EC, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
+x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
+
+X509 CRT verification #43 (Depth 0, not CA, EC, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_SHA256_C
 x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #44 (Corrupted signature, EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #45 (Corrupted signature, RSA)
@@ -688,51 +708,59 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
 x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #45b (Corrupted signature, intermediate CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
-X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
-X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_RSA_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
+
+X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
+x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
+
+X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_RSA_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
 x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #50 (Valid, multiple CAs)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #51 (Valid, multiple CAs, reverse order)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #52 (CA keyUsage valid)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #53 (CA keyUsage missing cRLSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #55 (CA keyUsage missing keyCertSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #56 (CA keyUsage plain wrong)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1)
@@ -772,7 +800,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
 x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #66 (RSASSA-PSS, SHA1, no RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #67 (Valid, RSASSA-PSS, all defaults)
@@ -799,12 +827,20 @@ X509 CRT verification #72 (v1 chain)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
 x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
-X509 CRT verification #73 (selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+X509 CRT verification #73 (selfsigned trusted without CA bit, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
-X509 CRT verification #74 (signed by selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+X509 CRT verification #73 (selfsigned trusted without CA bit, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
+
+X509 CRT verification #74 (signed by selfsigned trusted without CA bit, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
+x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
+
+X509 CRT verification #74 (signed by selfsigned trusted without CA bit, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
 x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #75 (encoding mismatch)
@@ -812,63 +848,67 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
 x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #76 (multiple CRLs, not revoked)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #77 (multiple CRLs, revoked)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
 
 X509 CRT verification #78 (multiple CRLs, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
 
 X509 CRT verification #79 (multiple CRLs, revoked by future)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
 
 X509 CRT verification #80 (multiple CRLs, first future, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
 
 X509 CRT verification #81 (multiple CRLs, none relevant)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #82 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #83 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #84 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #85 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #86 (Not yet valid CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
 
 X509 CRT verification #87 (Expired CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
 
 X509 CRT verification #88 (Spurious cert in the chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #89 (Spurious cert later in the chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
 
-X509 CRT verification #90 (EE with same name as trusted root)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+X509 CRT verification #90 (EE with same name as trusted root, legacy ECC)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
+x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL"
+
+X509 CRT verification #90 (EE with same name as trusted root, TinyCrypt)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
 x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL"
 
 X509 CRT verification #91 (same CA with good then bad key)
@@ -880,19 +920,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB
 x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #92 (bad name, allowing callback)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
 
 X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
 
 X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL"
 
 X509 CRT verification #95 (Suite B Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL"
 
 X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest)
@@ -904,15 +944,19 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:
 x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL"
 
 X509 CRT verification callback: bad name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n"
 
 X509 CRT verification callback: bad name discard
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":0:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
 
-X509 CRT verification callback: trusted EE cert
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+X509 CRT verification callback: trusted EE cert , legacy ECC
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n"
+
+X509 CRT verification callback: trusted EE cert , TinyCrypt
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPTu
 x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n"
 
 X509 CRT verification callback: trusted EE cert, expired
@@ -924,71 +968,71 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
 x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
 
 X509 CRT verification callback: simple, EE expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
 
 X509 CRT verification callback: simple, root expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: two trusted roots
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
 
 X509 CRT verification callback: two trusted roots, reversed order
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
 
 X509 CRT verification callback: root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
 
 X509 CRT verification callback: intermediate ca
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: intermediate ca, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: intermediate ca trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: intermediate ca, EE expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
 
 X509 CRT verification callback: intermediate ca, int expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: intermediate ca, root expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: two intermediates
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: two intermediates, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: two intermediates, top int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: two intermediates, low int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
 
 X509 CRT verification callback: no intermediate, bad signature
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
 
 X509 CRT verification callback: one intermediate, bad signature
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_USE_TINYCRYPT
 x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
 
 X509 Parse Selftest
@@ -1878,11 +1922,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
 x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version     \: 1\nserial number     \: 03\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2013-07-10 09\:46\:18\nexpires on        \: 2023-07-08 09\:46\:18\nsigned using      \: ECDSA with SHA1\nRSA key size      \: 384 bits\n":0
 
 X509 CRT ASN1 (ECDSA signature, EC key)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 x509parse_crt:"3081eb3081a3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343031395a170d3233303730383039343031395a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d030101033200042137969fabd4e370624a0e1a33e379cab950cce00ef8c3c3e2adaeb7271c8f07659d65d3d777dcf21614363ae4b6e617300906072a8648ce3d04010338003035021858cc0f957946fe6a303d92885a456aa74c743c7b708cbd37021900fe293cac21af352d16b82eb8ea54e9410b3abaadd9f05dd6":"cert. version     \: 1\nserial number     \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2013-07-10 09\:40\:19\nexpires on        \: 2023-07-08 09\:40\:19\nsigned using      \: ECDSA with SHA1\nEC key size       \: 192 bits\n":0
 
 X509 CRT ASN1 (RSA signature, EC key)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
 x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version     \: 1\nserial number     \: 04\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2013-07-10 15\:02\:37\nexpires on        \: 2023-07-08 15\:02\:37\nsigned using      \: RSA with SHA1\nEC key size       \: 192 bits\n":0
 
 X509 CRL ASN1 (Incorrect first tag)
@@ -1984,23 +2028,31 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
 mbedtls_x509_crt_parse_path:"data_files/dir1":0:1
 
 X509 CRT parse path #3 (two certs)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_parse_path:"data_files/dir2":0:2
 
 X509 CRT parse path #4 (two certs, one non-cert)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_parse_path:"data_files/dir3":1:2
 
-X509 CRT verify long chain (max intermediate CA, trusted)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+X509 CRT verify long chain (max intermediate CA, trusted, legacy ECC)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0
+
+X509 CRT verify long chain (max intermediate CA, trusted, TinyCrypt)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0
 
 X509 CRT verify long chain (max intermediate CA, untrusted)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA-1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED
 
-X509 CRT verify long chain (max intermediate CA + 1)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+X509 CRT verify long chain (max intermediate CA + 1, legacy ECC)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1
+
+X509 CRT verify long chain (max intermediate CA + 1, TinyCrypt)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1
 
 X509 CRT verify chain #1 (zero pathlen intermediate)
@@ -2048,15 +2100,19 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0
 
 X509 CRT verify chain #12 (suiteb profile, RSA root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
 
 X509 CRT verify chain #13 (RSA only profile, EC root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
 
-X509 CRT verify chain #13 (RSA only profile, EC trusted EE)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+X509 CRT verify chain #13 (RSA only profile, EC trusted EE, legacy ECC)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+mbedtls_x509_crt_verify_chain:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
+
+X509 CRT verify chain #13 (RSA only profile, EC trusted EE, TinyCrypt)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
 
 X509 CRT verify chain #14 (RSA-3072 profile, root key too small)
@@ -2064,47 +2120,47 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
 mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
 
 X509 CRT verify chain #15 (suiteb profile, rsa intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
 
 X509 CRT verify chain #16 (RSA-only profile, EC intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
 
 X509 CRT verify chain #17 (SHA-512 profile)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0
 
 X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-2:"":2
 
 X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-1:"":1
 
 X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca.crt":-1:-1:"":1
 
 X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-4:"":8
 
 X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-3:"":4
 
 X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-2:"":2
 
 X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-1:"":1
 
 X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca2.crt":-1:-4:"":8
 
 X509 OID description #1
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index b81c1b12a..96ad7d932 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -338,6 +338,11 @@ void x509_verify_restart( char *crt_file, char *ca_file,
     } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
 
     TEST_ASSERT( ret == result );
+    if( flags != (uint32_t) flags_result )
+    {
+        fprintf( stderr, "Expected %#04x, got %#04x\n",
+                 (unsigned) flags_result, (unsigned) flags );
+    }
     TEST_ASSERT( flags == (uint32_t) flags_result );
 
     TEST_ASSERT( cnt_restart >= min_restart );
@@ -421,6 +426,12 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
                                                 &flags, f_vrfy, NULL );
 
     TEST_ASSERT( res == ( result ) );
+    if( flags != (uint32_t) flags_result )
+    {
+        fprintf( stderr, "Expected %#04x, got %#04x\n",
+                 (unsigned) flags_result, (unsigned) flags );
+    }
+
     TEST_ASSERT( flags == (uint32_t)( flags_result ) );
 
 exit:

From 179c15f6b0e4d7d103055eff09c0f8bac727dd71 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 16:32:38 +0100
Subject: [PATCH 46/93] TinyCrypt Test: Add PK priv'key test for
 TinyCrypt-based Secp256r1

Even though exhaustive testing of TinyCrypt is left for later,
without this test we don't have any evidence that PK writing
works for TinyCrypt-based PK context.
---
 tests/suites/test_suite_pkwrite.data | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index 0c1c02b02..8e1532500 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -30,6 +30,14 @@ Private key write check EC 192 bits
 depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_write_key_check:"data_files/ec_prv.sec1.pem"
 
+Private key write check EC 256 bits (legacy ECC)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+pk_write_key_check:"data_files/ec_256_prv.pem"
+
+Private key write check EC 256 bits (TinyCrypt)
+depends_on:MBEDTLS_BASE64_C:MBEDTLS_USE_TINYCRYPT
+pk_write_key_check:"data_files/ec_256_prv.pem"
+
 Private key write check EC 521 bits
 depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 pk_write_key_check:"data_files/ec_521_prv.pem"

From 6e2fddec7ef701764d8e4fda8b5439175b17fc68 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 27 Aug 2019 13:00:33 +0100
Subject: [PATCH 47/93] TinyCrypt Test: Disable det-ECDSA x509write test for
 TinyCrypt

TinyCrypt only implements non-deterministic ECDSA.
---
 tests/suites/test_suite_x509write.data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 44fb27d6e..c5f7462dd 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -47,7 +47,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
 x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
 
 Certificate Request check Server5 ECDSA, key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0
 
 Certificate write check Server1 SHA1

From 0e83f7252f999d0615b4d846ea71853466d1207a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 27 Aug 2019 13:34:22 +0100
Subject: [PATCH 48/93] TinyCrypt Test: Don't expect ECP error code

We want to be able to remove all legacy ECC entirely when using TinyCrypt.
In particular, we cannot rely on legacy ECC identifiers.
---
 tests/suites/test_suite_pk.data | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 64ebbc081..5bdbea05c 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -148,10 +148,14 @@ Check pair #1 (EC, OK)
 depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
 
-Check pair #2 (EC, bad)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+Check pair #2 (EC, bad, legacy ECC)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
 mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
 
+Check pair #2 (EC, bad, TinyCrypt)
+depends_on:MBEDTLS_USE_TINYCRYPT
+mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_PK_BAD_INPUT_DATA
+
 Check pair #3 (RSA, OK)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
 mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0

From 490277c8a29f891d778793e4b8ecad0bf14308cb Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 11:51:10 +0100
Subject: [PATCH 49/93] TinyCrypt Config: Allow TC replacing legacy ECDSA in
 check_config.h

---
 include/mbedtls/check_config.h | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 33bd8ec39..3ed61edea 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -287,9 +287,9 @@
 #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                \
-    ( !( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_USE_TINYCRYPT) ) || \
-      !defined(MBEDTLS_ECDSA_C) ||                                      \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
+    ( !( defined(MBEDTLS_ECDH_C)  || defined(MBEDTLS_USE_TINYCRYPT) ) || \
+      !( defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT) ) || \
       !defined(MBEDTLS_X509_CRT_PARSE_C) )
 #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
 #endif
@@ -337,8 +337,10 @@
 #error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PK_C) && \
-    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
+#if defined(MBEDTLS_PK_C) &&                    \
+    ( !defined(MBEDTLS_RSA_C) &&                \
+      !defined(MBEDTLS_ECP_C) &&                \
+      !defined(MBEDTLS_USE_TINYCRYPT) )
 #error "MBEDTLS_PK_C defined, but not all prerequisites"
 #endif
 

From 8239fad85519071347b09563ffdc7b012eb0af32 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 27 Aug 2019 15:45:44 +0100
Subject: [PATCH 50/93] TinyCrypt Config: Don't set MBEDTLS_USE_TINYCRYPT in
 config.pl full

---
 scripts/config.pl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/config.pl b/scripts/config.pl
index 77358b393..751ea1db1 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -35,6 +35,7 @@
 #   MBEDTLS_SSL_NO_SESSION_CACHE
 #   MBEDTLS_SSL_NO_SESSION_RESUMPTION
 #   MBEDTLS_RSA_NO_CRT
+#   MBEDTLS_USE_TINYCRYPT
 #   MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
 #   MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 #       - this could be enabled if the respective tests were adapted
@@ -102,6 +103,7 @@ MBEDTLS_SSL_HW_RECORD_ACCEL
 MBEDTLS_SSL_PROTO_NO_TLS
 MBEDTLS_SSL_NO_SESSION_CACHE
 MBEDTLS_SSL_NO_SESSION_RESUMPTION
+MBEDTLS_USE_TINYCRYPT
 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
 MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 MBEDTLS_X509_REMOVE_INFO

From 88889c618ed8ac173d2a23df16a1ac5daecb1bb9 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 12:01:45 +0100
Subject: [PATCH 51/93] Fixup: Add missing TinyCrypt guards

---
 include/mbedtls/ssl_ciphersuites.h | 26 +++++++++++++-------
 library/certs.c                    | 38 +++++++++++++++---------------
 library/oid.c                      |  4 ++--
 library/pkwrite.c                  | 18 +++++++-------
 library/ssl_ciphersuites.c         |  7 ++++--
 library/ssl_cli.c                  | 12 ++++++----
 programs/ssl/ssl_server2.c         |  6 ++---
 7 files changed, 64 insertions(+), 47 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 925f2808e..f0f817c47 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -626,7 +626,8 @@ static inline mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg_internal(
 
 #endif /* MBEDTLS_PK_C */
 
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_USE_TINYCRYPT) ||                           \
+    defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ||      \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_uses_ec_internal(
     mbedtls_ssl_ciphersuite_handle_t info )
@@ -645,7 +646,10 @@ static inline int mbedtls_ssl_ciphersuite_uses_ec_internal(
             return( 0 );
     }
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_USE_TINYCRYPT ||
+          MBEDTLS_ECDH_C        ||
+          MBEDTLS_ECDSA_C       ||
+          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_uses_psk_internal(
@@ -684,11 +688,14 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(
     mbedtls_ssl_ciphersuite_handle_t info );
 #endif /* MBEDTLS_PK_C */
 
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_USE_TINYCRYPT) ||                           \
+    defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ||      \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 int mbedtls_ssl_ciphersuite_uses_ec( mbedtls_ssl_ciphersuite_handle_t info );
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
+#endif /* MBEDTLS_USE_TINYCRYPT ||
+          MBEDTLS_ECDH_C        ||
+          MBEDTLS_ECDSA_C       ||
+          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 int mbedtls_ssl_ciphersuite_uses_psk( mbedtls_ssl_ciphersuite_handle_t info );
@@ -710,15 +717,18 @@ static inline mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(
 }
 #endif /* MBEDTLS_PK_C */
 
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_USE_TINYCRYPT) ||                           \
+    defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ||      \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_uses_ec(
     mbedtls_ssl_ciphersuite_handle_t info )
 {
     return( mbedtls_ssl_ciphersuite_uses_ec_internal( info ) );
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
+#endif /* MBEDTLS_USE_TINYCRYPT ||
+          MBEDTLS_ECDH_C        ||
+          MBEDTLS_ECDSA_C       ||
+          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_uses_psk(
diff --git a/library/certs.c b/library/certs.c
index 327a77297..da534a3c5 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -45,7 +45,7 @@
 /* Use CRTs with Secp256r1-only if Secp384r1 is disabled.
  * Otherwise, fall back to previous test CRTs using both
  * Secp256r1 and Secp384r1. */
-#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(MBEDTLS_USE_TINYCRYPT)
 
 /* This is taken from tests/data_files/test-ca3.crt.pem */
 /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca3.crt.pem */
@@ -135,7 +135,7 @@
 }
 /* END FILE */
 
-#else /* !MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#else /* !MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
 
 /* This is taken from tests/data_files/test-ca2.crt */
 /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */
@@ -241,7 +241,7 @@
 }
 /* END FILE */
 
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
 
 #define TEST_CA_PWD_EC_PEM "PolarSSLTest"
 
@@ -607,7 +607,7 @@
 /* Use CRTs with Secp256r1-only if Secp384r1 is disabled.
  * Otherwise, fall back to previous test CRTs using both
  * Secp256r1 and Secp384r1. */
-#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(MBEDTLS_USE_TINYCRYPT)
 
 /* This is taken from tests/data_files/server11.crt.pem. */
 /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server11.crt.pem */
@@ -696,7 +696,7 @@
 }
 /* END FILE */
 
-#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
 
 /* This is taken from tests/data_files/server5.crt. */
 /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */
@@ -796,7 +796,7 @@
 }
 /* END FILE */
 
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
 
 /* This is taken from tests/data_files/server2-sha256.crt. */
 /* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */
@@ -1152,7 +1152,7 @@
 /* Use CRTs with Secp256r1-only if Secp384r1 is disabled.
  * Otherwise, fall back to previous test CRTs using both
  * Secp256r1 and Secp384r1. */
-#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(MBEDTLS_USE_TINYCRYPT)
 
 /* This is taken from tests/data_files/cli3.crt. */
 /* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli3.crt.pem */
@@ -1242,7 +1242,7 @@
 }
 /* END FILE */
 
-#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
 
 /* This is taken from tests/data_files/cli2.crt. */
 /* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */
@@ -1336,7 +1336,7 @@
 }
 /* END FILE */
 
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
 
 /* This is taken from tests/data_files/cli-rsa-sha256.crt. */
 /* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */
@@ -1975,9 +1975,9 @@ const char * mbedtls_test_cas[] = {
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
     mbedtls_test_ca_crt_rsa_sha256,
 #endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
     mbedtls_test_ca_crt_ec,
-#endif
+#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
     NULL
 };
 const size_t mbedtls_test_cas_len[] = {
@@ -1987,9 +1987,9 @@ const size_t mbedtls_test_cas_len[] = {
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
     sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
 #endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
     sizeof( mbedtls_test_ca_crt_ec ),
-#endif
+#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
     0
 };
 
@@ -2003,9 +2003,9 @@ const unsigned char * mbedtls_test_cas_der[] = {
     mbedtls_test_ca_crt_rsa_sha1_der,
 #endif /* MBEDTLS_SHA1_C */
 #endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
     mbedtls_test_ca_crt_ec_der,
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
     NULL
 };
 
@@ -2018,9 +2018,9 @@ const size_t mbedtls_test_cas_der_len[] = {
     sizeof( mbedtls_test_ca_crt_rsa_sha1_der ),
 #endif /* MBEDTLS_SHA1_C */
 #endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
     sizeof( mbedtls_test_ca_crt_ec_der ),
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
     0
 };
 
@@ -2035,9 +2035,9 @@ const char mbedtls_test_cas_pem[] =
     TEST_CA_CRT_RSA_SHA1_PEM
 #endif /* MBEDTLS_SHA1_C */
 #endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
     TEST_CA_CRT_EC_PEM
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
     "";
 const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
 #endif /* MBEDTLS_PEM_PARSE_C */
diff --git a/library/oid.c b/library/oid.c
index 674c3b8b0..abe7bc7cb 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -385,7 +385,7 @@ static const oid_sig_alg_t oid_sig_alg[] =
     },
 #endif /* MBEDTLS_SHA1_C */
 #endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
 #if defined(MBEDTLS_SHA1_C)
     {
         OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA1,       "ecdsa-with-SHA1",      "ECDSA with SHA1" ),
@@ -412,7 +412,7 @@ static const oid_sig_alg_t oid_sig_alg[] =
         MBEDTLS_MD_SHA512,   MBEDTLS_PK_ECDSA,
     },
 #endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
 #if defined(MBEDTLS_RSA_C)
     {
         OID_DESCRIPTOR( MBEDTLS_OID_RSASSA_PSS,        "RSASSA-PSS",           "RSASSA-PSS" ),
diff --git a/library/pkwrite.c b/library/pkwrite.c
index f816f0ee6..bf4ce739e 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -228,11 +228,11 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
         MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
     else
 #endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
         MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, key ) );
     else
-#endif
+#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
 
     return( (int) len );
@@ -274,12 +274,12 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
         return( ret );
     }
 
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
     {
         MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, key ) );
     }
-#endif
+#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
 
     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
                                                         par_len ) );
@@ -383,7 +383,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
     }
     else
 #endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
     {
         size_t pub_len = 0, par_len = 0;
@@ -435,7 +435,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
                                                     MBEDTLS_ASN1_SEQUENCE ) );
     }
     else
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
 
     return( (int) len );
@@ -579,15 +579,15 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_
         end = PEM_END_PRIVATE_KEY_RSA;
     }
     else
-#endif
-#if defined(MBEDTLS_ECP_C)
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
     {
         begin = PEM_BEGIN_PRIVATE_KEY_EC;
         end = PEM_END_PRIVATE_KEY_EC;
     }
     else
-#endif
+#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
 
     if( ( ret = mbedtls_pem_write_buffer( begin, end,
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index ad660079a..18fa9d2a8 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -2307,14 +2307,17 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(
 }
 #endif /* MBEDTLS_PK_C */
 
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_USE_TINYCRYPT) || \
+    defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ||      \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 int mbedtls_ssl_ciphersuite_uses_ec(
     mbedtls_ssl_ciphersuite_handle_t info )
 {
     return( mbedtls_ssl_ciphersuite_uses_ec_internal( info ) );
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_USE_TINYCRYPT ||
+          MBEDTLS_ECDH_C        ||
+          MBEDTLS_ECDSA_C       ||
           MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9e35beda0..97ae00e74 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -815,7 +815,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     unsigned char *buf;
     unsigned char *p, *q;
     unsigned char offer_compress;
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_USE_TINYCRYPT) ||                           \
+    defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ||      \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     int uses_ec = 0;
 #endif
@@ -979,7 +980,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
                               mbedtls_ssl_suite_get_id( ciphersuite_info ) ) );
 
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_USE_TINYCRYPT) || \
+    defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ||      \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
         uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
 #endif
@@ -1076,7 +1078,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     ext_len += olen;
 #endif
 
-#if defined(MBEDTLS_ECDH_C)   ||                \
+#if defined(MBEDTLS_USE_TINYCRYPT) ||           \
+    defined(MBEDTLS_ECDH_C)   ||                \
     defined(MBEDTLS_ECDSA_C)  ||                \
     defined(MBEDTLS_USE_TINYCRYPT) ||                \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -2058,7 +2061,8 @@ server_picked_valid_suite:
             break;
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_USE_TINYCRYPT) ||                           \
+    defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ||      \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
         case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 890725e75..b07ab4fac 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2610,7 +2610,7 @@ int main( int argc, char *argv[] )
         }
         key_cert_init = 2;
 #endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
         if( ( ret = mbedtls_x509_crt_parse( &srvcert2,
                                     (const unsigned char *) mbedtls_test_srv_crt_ec,
                                     mbedtls_test_srv_crt_ec_len ) ) != 0 )
@@ -2628,7 +2628,7 @@ int main( int argc, char *argv[] )
             goto exit;
         }
         key_cert_init2 = 2;
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */
 #endif /* MBEDTLS_CERTS_C */
     }
 
@@ -3070,7 +3070,7 @@ int main( int argc, char *argv[] )
         mbedtls_ssl_conf_curves( &conf, curve_list );
     }
 #endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_C*/
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
     if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )

From 59e7b08b8a439d5aef47990506c8f581a71f8349 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 13:21:21 +0100
Subject: [PATCH 52/93] TinyCrypt X.509: Adapt profiles to use TinyCrypt curve
 identifier

---
 library/x509_crt.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 352ed6c57..00d40db1f 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -510,7 +510,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
     0xFFFFFFF, /* Any PK alg    */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_UECC_DP_SECP256R1 ),
+#elif defined(MBEDTLS_ECP_C)
     /* Curves at or above 128-bit security level */
     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
@@ -536,7 +538,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
     /* Only ECDSA */
     MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_UECC_DP_SECP256R1 ),
+#elif defined(MBEDTLS_ECP_C)
     /* Only NIST P-256 and P-384 */
     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),

From 461fa723a1a1e9feb9db5e9bd77c34cb34caef29 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 17:05:03 +0100
Subject: [PATCH 53/93] TinyCrypt SSL: Adapt ssl_check_key_curve() to TinyCrypt

---
 library/ssl_srv.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f27fb0db9..f617950c2 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -725,11 +725,17 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
 /*
  * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
  */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
 static int ssl_check_key_curve( mbedtls_pk_context *pk,
                                 unsigned char const *acceptable_ec_tls_ids,
                                 size_t ec_tls_ids_len )
 {
+    uint16_t tls_id;
+
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    ((void) pk);
+    tls_id = 23; /* TLS ID for Secp256r1. */
+#else
     mbedtls_ecp_curve_info const *info;
     mbedtls_ecp_group_id grp_id = mbedtls_pk_ec( *pk )->grp.id;
 
@@ -737,6 +743,9 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
     if( info == NULL )
         return( -1 );
 
+    tls_id = info->tls_id;
+#endif /* MBEDTLS_USE_TINYCRYPT  */
+
     if( acceptable_ec_tls_ids == NULL )
         return( -1 );
 
@@ -745,7 +754,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
         uint16_t const cur_tls_id =
             ( acceptable_ec_tls_ids[0] << 8 ) | acceptable_ec_tls_ids[1];
 
-        if( cur_tls_id == info->tls_id )
+        if( cur_tls_id == tls_id )
             return( 0 );
 
         acceptable_ec_tls_ids += 2;
@@ -825,7 +834,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
             match = 0;
         }
 
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
         if( pk_alg == MBEDTLS_PK_ECDSA &&
             ssl_check_key_curve( pk,
                                  acceptable_ec_tls_ids,

From 7e9c2e0d81fe893c645d0bb5f48c5e777db0d1f8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 21 Aug 2019 17:05:20 +0100
Subject: [PATCH 54/93] TinyCrypt SSL: Adapt ssl_parse_certificate_verify() to
 TinyCrypt

---
 library/ssl_tls.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8e1c37485..400d61fa0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7177,9 +7177,12 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
      * Secondary checks: always done, but change 'ret' only if it was 0
      */
 
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
     {
         int ret;
+#if defined(MBEDTLS_USE_TINYCRYPT)
+        ret = mbedtls_ssl_check_curve( ssl, MBEDTLS_UECC_DP_SECP256R1 );
+#else /* MBEDTLS_USE_TINYCRYPT */
         mbedtls_pk_context *pk;
         ret = mbedtls_x509_crt_pk_acquire( chain, &pk );
         if( ret != 0 )
@@ -7190,9 +7193,12 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
 
         /* If certificate uses an EC key, make sure the curve is OK */
         if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
+        {
             ret = mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id );
+        }
 
         mbedtls_x509_crt_pk_release( chain );
+#endif /* MBEDTLS_USE_TINYCRYPT */
 
         if( ret != 0 )
         {
@@ -7203,7 +7209,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
                 verify_ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
         }
     }
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_C || MEDTLS_USE_TINYCRYPT */
 
     if( mbedtls_ssl_check_cert_usage( chain,
                                       ciphersuite_info,

From ee902df678328b8f8c643278d91e0a925cf1a0a3 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 13:47:47 +0100
Subject: [PATCH 55/93] TinyCrypt SSL: Implement mbedtls_ssl_check_curve() for
 TinyCrypt

---
 include/mbedtls/ssl_internal.h | 21 ++++++++++++++++++++-
 library/ssl_tls.c              | 22 ++++++++++++++++++++--
 2 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index df221fe8b..1ba1fe035 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -32,6 +32,7 @@
 
 #include "ssl.h"
 #include "cipher.h"
+#include "oid.h"
 
 #if defined(MBEDTLS_MD5_C)
 #include "md5.h"
@@ -1013,8 +1014,14 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+int mbedtls_ssl_check_curve_uecc( const mbedtls_ssl_context *ssl,
+                                  mbedtls_uecc_group_id grp_id );
+#endif
+
 #if defined(MBEDTLS_ECP_C)
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl,
+                             mbedtls_ecp_group_id grp_id );
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
@@ -1743,6 +1750,17 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
 #define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID                    \
     }
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_UECC_GRP_ID( EC_ID_VAR )          \
+    {                                                                          \
+        mbedtls_uecc_group_id EC_ID_VAR = MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID; \
+        ((void) ssl);
+
+#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_UECC_GRP_ID                    \
+    }
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
+#if defined(MBEDTLS_ECP_C)
 #define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( EC_ID_VAR )         \
     {                                                                       \
         mbedtls_ecp_group_id EC_ID_VAR = MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID; \
@@ -1750,6 +1768,7 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
 
 #define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID                    \
     }
+#endif /* MBEDTLS_ECP_C */
 
 #endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 400d61fa0..2e8a07645 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7181,7 +7181,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
     {
         int ret;
 #if defined(MBEDTLS_USE_TINYCRYPT)
-        ret = mbedtls_ssl_check_curve( ssl, MBEDTLS_UECC_DP_SECP256R1 );
+        ret = mbedtls_ssl_check_curve_uecc( ssl, MBEDTLS_UECC_DP_SECP256R1 );
 #else /* MBEDTLS_USE_TINYCRYPT */
         mbedtls_pk_context *pk;
         ret = mbedtls_x509_crt_pk_acquire( chain, &pk );
@@ -12227,12 +12227,30 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
     }
 }
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+/*
+ * Check if a curve proposed by the peer is in our list.
+ * Return 0 if we're willing to use it, -1 otherwise.
+ */
+int mbedtls_ssl_check_curve_uecc( const mbedtls_ssl_context *ssl,
+                                  mbedtls_uecc_group_id grp_id )
+{
+    MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_UECC_GRP_ID( own_ec_id )
+    if( own_ec_id == grp_id )
+        return( 0 );
+    MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_UECC_GRP_ID
+
+    return( -1 );
+}
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
 #if defined(MBEDTLS_ECP_C)
 /*
  * Check if a curve proposed by the peer is in our list.
  * Return 0 if we're willing to use it, -1 otherwise.
  */
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl,
+                             mbedtls_ecp_group_id grp_id )
 {
     MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( own_ec_id )
     if( own_ec_id == grp_id )

From 27b7e50dcd6df37bf3368d154a8355afb5baf2f9 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 14:39:50 +0100
Subject: [PATCH 56/93] TinyCrypt SSL: Declare EC-related TLS RFC constants in
 SSL namespace

mbedtls/ecp.h defines constants

   MBEDTLS_ECP_PF_UNCOMPRESSED
   MBEDTLS_ECP_PF_COMPRESSED
   MBEDTLS_ECP_TLS_NAMED_CURVE

which regard the encoding of elliptic curves and curve point formats in TLS.
As such, they should be defined in the SSL namespace. Asides, this will help
replacing the legacy ECC crypto by alternative ECC implementations.
---
 include/mbedtls/ssl_internal.h | 12 ++++++++++++
 library/ssl_cli.c              |  8 ++++----
 library/ssl_srv.c              |  8 ++++----
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 1ba1fe035..0e38bc3c8 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1885,4 +1885,16 @@ int mbedtls_ssl_ecdh_read_peerkey( mbedtls_ssl_context *ssl,
                                    unsigned char **p, unsigned char *end );
 #endif /* MBEDTLS_USE_TINYCRYPT */
 
+
+/*
+ * Point formats, from RFC 4492's enum ECPointFormat
+ */
+#define MBEDTLS_SSL_EC_PF_UNCOMPRESSED    0   /**< Uncompressed point format. */
+#define MBEDTLS_SSL_EC_PF_COMPRESSED      1   /**< Compressed point format. */
+
+/*
+ * Some other constants from RFC 4492
+ */
+#define MBEDTLS_SSL_EC_TLS_NAMED_CURVE    3   /**< The named_curve of ECCurveType. */
+
 #endif /* ssl_internal.h */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 97ae00e74..330d017ed 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -331,7 +331,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
     *p++ = 2;
 
     *p++ = 1;
-    *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
+    *p++ = MBEDTLS_SSL_EC_PF_UNCOMPRESSED;
 
     *olen = 6;
 }
@@ -1405,8 +1405,8 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
     p = buf + 1;
     while( list_size > 0 )
     {
-        if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
-            p[0] == MBEDTLS_ECP_PF_COMPRESSED )
+        if( p[0] == MBEDTLS_SSL_EC_PF_UNCOMPRESSED ||
+            p[0] == MBEDTLS_SSL_EC_PF_COMPRESSED )
         {
 #if defined(MBEDTLS_ECDH_C)
             ssl->handshake->ecdh_ctx.point_format = p[0];
@@ -2817,7 +2817,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
         == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
     {
         static const unsigned char ecdh_group[] = {
-            MBEDTLS_ECP_TLS_NAMED_CURVE,
+            MBEDTLS_SSL_EC_TLS_NAMED_CURVE,
             0  /* high bits of secp256r1 TLS ID  */,
             23 /* low bits of secp256r1 TLS ID   */,
         };
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f617950c2..620fa5904 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -347,8 +347,8 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
     p = buf + 1;
     while( list_size > 0 )
     {
-        if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
-            p[0] == MBEDTLS_ECP_PF_COMPRESSED )
+        if( p[0] == MBEDTLS_SSL_EC_PF_UNCOMPRESSED ||
+            p[0] == MBEDTLS_SSL_EC_PF_COMPRESSED )
         {
 #if defined(MBEDTLS_ECDH_C)
             ssl->handshake->ecdh_ctx.point_format = p[0];
@@ -2579,7 +2579,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
     *p++ = 2;
 
     *p++ = 1;
-    *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
+    *p++ = MBEDTLS_SSL_EC_PF_UNCOMPRESSED;
 
     *olen = 6;
 }
@@ -3400,7 +3400,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
             == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
         {
             static const unsigned char ecdh_param_hdr[] = {
-                MBEDTLS_ECP_TLS_NAMED_CURVE,
+                MBEDTLS_SSL_EC_TLS_NAMED_CURVE,
                 0  /* high bits of secp256r1 TLS ID  */,
                 23 /* low bits of secp256r1 TLS ID   */,
                 2 * NUM_ECC_BYTES + 1,

From 728a38b40d0a38c3279a178954b0e178d9082a53 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 14:52:22 +0100
Subject: [PATCH 57/93] TinyCrypt SSL: Adapt calculation of maximum PMS size in
 ssl.h

ssl.h contains a dummy union of fields each large enough to
hold the PMS for a particular ciphersuite. In particular, for
pure-ECDH ciphersuites, it contains a field large enough to
hold the ECDH shared secret in any of the enabled curves.

So far, this upper bound was unconditionally chosen to be
MBEDTLS_ECP_MAX_BYTES from the ECP module.

With the introduction of TinyCrypt as an alternative implementation
for ECDH, we need to
- guard the use of MBEDTLS_ECP_MAX_BYTES because MBEDTLS_ECP_C
  is no longer implied by the surrounding MBEDTLS_KEY_EXCHANGE_XXX
  guards
- add another field which contains the maximum length of shared
  ECDH secrets for curves supported by TinyCrypt.
---
 include/mbedtls/ssl.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 7efb411f3..6660346e4 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -46,6 +46,10 @@
 #include "ecdh.h"
 #endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#include "tinycrypt/ecc.h"
+#endif
+
 #if defined(MBEDTLS_ZLIB_SUPPORT)
 
 #if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -510,8 +514,13 @@ union mbedtls_ssl_premaster_secret
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#if defined(MBEDTLS_ECDH_C)
     unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
 #endif
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    unsigned char _pms_ecdh_uecc[ NUM_ECC_BYTES ];
+#endif
+#endif
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
     unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
 #endif

From 6cf97b7fc6e13473ae8ab49dee4c7d5cb260eb50 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 14:49:48 +0100
Subject: [PATCH 58/93] Don't unconditionally include ecp.h in ssl.h

Remark: Including ecp.h is actually redundant because it's
also included from ecdh.h. However, it's good practice to
explicitly include header files that are being used directly,
and ssl.h does use MBEDTLS_ECP_MAX_BYTES which is defined in ecp.h.
---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 6660346e4..a23003cd7 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -31,7 +31,6 @@
 #endif
 
 #include "bignum.h"
-#include "ecp.h"
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #include "x509_crt.h"
@@ -43,6 +42,7 @@
 #endif
 
 #if defined(MBEDTLS_ECDH_C)
+#include "ecp.h"
 #include "ecdh.h"
 #endif
 

From e8c52ff191893ab8fd37c87cc9e03b166c6fa30e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 15:23:27 +0100
Subject: [PATCH 59/93] Guard CRT writing structure by MBEDTLS_X509_CRT_WRITE_C

---
 include/mbedtls/x509_crt.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index f3ef5723a..182ab15b0 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -194,6 +194,7 @@ mbedtls_x509_crt_profile;
 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
 #endif
 
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
 /**
  * Container for writing a certificate (CRT)
  */
@@ -211,6 +212,7 @@ typedef struct mbedtls_x509write_cert
     mbedtls_asn1_named_data *extensions;
 }
 mbedtls_x509write_cert;
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
 
 /**
  * Item in a verification chain: cert and flags for it

From d82f60da364149a067e29b1d50339ef94fd226a9 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 15:23:46 +0100
Subject: [PATCH 60/93] Directly include stdint.h from asn1.h

asn1.h uses uint8_t which is defined in stdint.h.

This wasn't caught earlier by the luck that whenever asn1.h
was included, another header was included earlier that did in
turn include stdint.h.
---
 include/mbedtls/asn1.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 94990fe5e..7c97d79ef 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -31,6 +31,7 @@
 #endif
 
 #include <stddef.h>
+#include <stdint.h>
 
 #if defined(MBEDTLS_BIGNUM_C)
 #include "bignum.h"

From 61b05e572bd4b5cf398f8a2724ede7314e78afce Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 15:24:34 +0100
Subject: [PATCH 61/93] Remove dependency of MBEDTLS_X509_USE_C on
 MBEDTLS_BIGNUM_C

There is no apparent direct dependency, and the indirect dependency
through the RSA and legacy ECP modules is already encoded in the
chain

   MBEDTLS_X509_USE_C
-> MBEDTLS_PK_PARSE_C
-> MBEDTLS_PK_C
-> MBEDTLS_RSA_C || MBEDTLS_ECP_C
-> MBEDTLS_BIGNUM_C

which will be modified to

   MBEDTLS_X509_USE_C
-> MBEDTLS_PK_PARSE_C
-> MBEDTLS_PK_C
-> MBEDTLS_RSA_C || MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT

in which case MBEDTLS_BIGNUM_C is not needed for MBEDTLS_X509_USE_C
if only MBEDTLS_USE_TINYCRYPT is set, but not MBEDTLS_RSA_C or
MBEDTLS_ECP_C.
---
 include/mbedtls/check_config.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 3ed61edea..b202dddde 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -785,9 +785,10 @@
 #error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
-    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
-    !defined(MBEDTLS_PK_PARSE_C) )
+#if defined(MBEDTLS_X509_USE_C) &&              \
+    ( !defined(MBEDTLS_OID_C)        ||         \
+      !defined(MBEDTLS_ASN1_PARSE_C) ||         \
+      !defined(MBEDTLS_PK_PARSE_C) )
 #error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
 #endif
 

From bd52604f9a5fe2992c8aa2715fabbdadf340417f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 15:27:30 +0100
Subject: [PATCH 62/93] Remove PK and CSR writing functionality from
 baremetal.h

---
 configs/baremetal.h | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/configs/baremetal.h b/configs/baremetal.h
index 11292e1bf..694dcebd2 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -45,7 +45,6 @@
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_PK_C
 #define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
 #define MBEDTLS_ECDSA_C
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -131,8 +130,6 @@
 #define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
 
 /* X.509 CSR writing */
-#define MBEDTLS_X509_CSR_WRITE_C
-#define MBEDTLS_X509_CREATE_C
 #define MBEDTLS_ASN1_WRITE_C
 
 /* RNG and PRNG */

From b251e01a0f24cf07174c7a34adaf82b0816fd17d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 23 Aug 2019 15:27:49 +0100
Subject: [PATCH 63/93] Remove legacy ECC from baremetal.h

---
 configs/baremetal.h | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/configs/baremetal.h b/configs/baremetal.h
index 694dcebd2..e39ceb58e 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -42,21 +42,11 @@
 #define MBEDTLS_CCM_C
 
 /* Asymmetric crypto: Single-curve ECC only. */
-#define MBEDTLS_BIGNUM_C
 #define MBEDTLS_PK_C
 #define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_ECP_WINDOW_SIZE        2
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM  0
-#define MBEDTLS_ECP_MAX_BITS   256
-#define MBEDTLS_MPI_MAX_SIZE    32 // 256 bits is 32 bytes
 
 #define MBEDTLS_SSL_CONF_SINGLE_EC
-#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
+#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
 #define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
 #define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH
 #define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_MD_ID MBEDTLS_MD_SHA256

From 2e80173dfcd16e1be99c2440c0e65da681ff847a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Sep 2019 07:27:41 +0100
Subject: [PATCH 64/93] Fixup: Correct wrong comment
 ssl_prepare_server_key_exchange()

---
 library/ssl_srv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 620fa5904..6d2d82fbd 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3426,7 +3426,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
             ssl->out_msglen += 2*NUM_ECC_BYTES;
         }
         else
-#endif /* MBEDTLS_ECDH_C */
+#endif /* MBEDTLS_TINYCRYPT_C */
 #if !defined(MBEDTLS_ECDH_C)
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );

From 70c7373f81452c3b1f0bbd4b3c15636c1271ba90 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 09:03:53 +0100
Subject: [PATCH 65/93] compat.sh: Introduce env variable for CRTs, CAs and
 keys

This commit introduces environment variables

- SRV_ECDSA_CRT
- SRV_ECDSA_KEY
- CLI_ECDSA_CRT
- CLI_ECDSA_KEY
- SRV_RSA_CRT
- SRV_RSA_KEY
- CLI_RSA_CRT
- CLI_RSA_KEY
- CA_FILE

to tests/compat.sh which hold the path of the CA, client and server
certificate and key files to use by the script.

This is a preparatory step towards switching to a different set of
certificates and keys in case the configuration doesn't match the
certificates in use so far (e.g.: the ECDSA certificates use Secp384r1,
so if that's disabled, ECDSA tests will fail).
---
 tests/compat.sh | 46 ++++++++++++++++++++++++++++------------------
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index 54bc0b7d1..52448604a 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -32,6 +32,16 @@ SRVMEM=0
 : ${GNUTLS_CLI:=gnutls-cli}
 : ${GNUTLS_SERV:=gnutls-serv}
 
+: ${SRV_ECDSA_CRT:="data_files/server5.crt"}
+: ${SRV_ECDSA_KEY:="data_files/server5.key"}
+: ${CLI_ECDSA_CRT:="data_files/server6.crt"}
+: ${CLI_ECDSA_KEY:="data_files/server6.key"}
+: ${SRV_RSA_CRT:="data_files/server2.crt"}
+: ${SRV_RSA_KEY:="data_files/server2.key"}
+: ${CLI_RSA_CRT:="data_files/server1.crt"}
+: ${CLI_RSA_KEY:="data_files/server1.key"}
+: ${CA_FILE:="data_files/test-ca_cat12.crt"}
+
 # do we have a recent enough GnuTLS?
 if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then
     G_VER="$( $GNUTLS_CLI --version | head -n1 )"
@@ -912,13 +922,13 @@ setup_arguments()
 
     if [ "X$VERIFY" = "XYES" ];
     then
-        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
-        O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
-        G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
+        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=$CA_FILE auth_mode=required"
+        O_SERVER_ARGS="$O_SERVER_ARGS -CAfile $CA_FILE -Verify 10"
+        G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile $CA_FILE --require-client-cert"
 
-        M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
-        O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
-        G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
+        M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=$CA_FILE auth_mode=required"
+        O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile $CA_FILE -verify 10"
+        G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile $CA_FILE"
     else
         # don't request a client cert at all
         M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none"
@@ -931,28 +941,28 @@ setup_arguments()
 
     case $TYPE in
         "ECDSA")
-            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
-            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
-            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
+            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$SRV_ECDSA_CRT key_file=$SRV_ECDSA_KEY"
+            O_SERVER_ARGS="$O_SERVER_ARGS -cert $SRV_ECDSA_CRT -key $SRV_ECDSA_KEY"
+            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $SRV_ECDSA_CRT --x509keyfile $SRV_ECDSA_KEY"
 
             if [ "X$VERIFY" = "XYES" ]; then
-                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
-                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
-                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
+                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$CLI_ECDSA_CRT key_file=$CLI_ECDSA_KEY"
+                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $CLI_ECDSA_CRT -key $CLI_ECDSA_KEY"
+                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $CLI_ECDSA_CRT --x509keyfile $CLI_ECDSA_KEY"
             else
                 M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
             fi
             ;;
 
         "RSA")
-            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
-            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
-            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
+            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$SRV_RSA_CRT key_file=$SRV_RSA_KEY"
+            O_SERVER_ARGS="$O_SERVER_ARGS -cert $SRV_RSA_CRT -key $SRV_RSA_KEY"
+            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $SRV_RSA_CRT --x509keyfile $SRV_RSA_KEY"
 
             if [ "X$VERIFY" = "XYES" ]; then
-                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
-                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
-                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
+                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$CLI_RSA_CRT key_file=$CLI_RSA_KEY"
+                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $CLI_RSA_CRT -key $CLI_RSA_KEY"
+                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $CLI_RSA_CRT --x509keyfile $CLI_RSA_KEY"
             else
                 M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
             fi

From 7c2cd3e9d336d61f97b7f3aa0d6983c40b30f40b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 09:15:23 +0100
Subject: [PATCH 66/93] TinyCrypt Test: Force use of Secp256r1 CRTs and Keys in
 all.sh test

This commit uses the flexibility of being able to chose CRTs and keys
to be used by compat.sh through predefined environment variables to
force the use of Secp256r1 certificates and keys in the all.sh test
for TinyCrypt.
---
 tests/scripts/all.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7bb02c88a..dc4c4a931 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1418,6 +1418,12 @@ component_test_default_tinycrypt_without_legacy_ecc () {
     msg "test: default config with tinycrypt enabled and legacy ECC disabled"
     make test
     if_build_succeeded tests/ssl-opt.sh -f "^Default, DTLS$"
+
+    export SRV_ECDSA_CRT=data_files/server11.crt.pem
+    export SRV_ECDSA_KEY=data_files/server11.key.pem
+    export CLI_ECDSA_CRT=data_files/cli3.crt.pem
+    export CLI_ECDSA_KEY=data_files/cli3.key.pem
+    export CA_FILE=data_files/test-ca3.crt.pem
     if_build_succeeded tests/compat.sh -m 'dtls1_2' -f 'TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA\|+ECDHE-ECDSA:+AES-256-CBC:+SHA1\|ECDHE-ECDSA-AES256-SHA' -e 'SHA384'
 }
 

From 4873fde059f19232f86f8459a32705a5279a0d13 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 13:18:30 +0100
Subject: [PATCH 67/93] TinyCrypt Test: Expand scope of compatibility testing
 for TinyCrypt

Previously, the TinyCrypt all.sh test restricted the run of compat.sh
to DTLS 1.2 and listed a few explicit ciphersuites.

This commit widens the scope of the test by testing any ciphersuite
based on ECDHE-ECDSA, regardless of TLS/DTLS or the particular version.

Further, it doesn't exclude SHA-384 as done previously.
---
 tests/scripts/all.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index dc4c4a931..efa458009 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1424,7 +1424,7 @@ component_test_default_tinycrypt_without_legacy_ecc () {
     export CLI_ECDSA_CRT=data_files/cli3.crt.pem
     export CLI_ECDSA_KEY=data_files/cli3.key.pem
     export CA_FILE=data_files/test-ca3.crt.pem
-    if_build_succeeded tests/compat.sh -m 'dtls1_2' -f 'TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA\|+ECDHE-ECDSA:+AES-256-CBC:+SHA1\|ECDHE-ECDSA-AES256-SHA' -e 'SHA384'
+    if_build_succeeded tests/compat.sh -f 'TLS-ECDHE-ECDSA'
 }
 
 component_test_baremetal () {

From 054deecb8a63eaf89ee3b6b6809ba6945770b279 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 13:47:00 +0100
Subject: [PATCH 68/93] check_config.h: Add dep'n of ECC per-curve options on
 MBEDTLS_ECP_C

---
 include/mbedtls/check_config.h | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index b202dddde..e2c04af19 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -173,6 +173,21 @@
 #error "MBEDTLS_ECP_C defined, but not all prerequisites"
 #endif
 
+#if ( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) ||                  \
+      defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||                  \
+      defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ||                  \
+      defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) ||                  \
+      defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) ||                  \
+      defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   ||                  \
+      defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   ||                  \
+      defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   ||                  \
+      defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||                  \
+      defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||                  \
+      defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) &&                \
+    !defined(MBEDTLS_ECP_C)
+#error "At least one ECP curve enabled, but not all prerequesites"
+#endif
+
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
 #error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
 #endif

From 325eb337bda9e162c669d8dc239feec37d59f64f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 13:47:19 +0100
Subject: [PATCH 69/93] TinyCrypt Test: Disable all legacy ECCs in TinyCrypt
 all.sh test

---
 tests/scripts/all.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index efa458009..34ca5a5bf 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1413,6 +1413,17 @@ component_test_default_tinycrypt_without_legacy_ecc () {
     scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
     scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
     scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_SECP192R1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_SECP224R1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_SECP256R1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_SECP384R1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_SECP521R1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_BP256R1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_BP384R1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_BP512R1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_SECP192K1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_SECP224K1_ENABLED
+    scripts/config.pl unset MBEDTLS_ECP_DP_SECP256K1_ENABLED
     make CC=gcc CFLAGS='-Werror -Wall -Wextra'
 
     msg "test: default config with tinycrypt enabled and legacy ECC disabled"

From 6b2b22164cdd0318eb979cb3fc4defd3988ab946 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 16:58:24 +0100
Subject: [PATCH 70/93] depends-pkalgs.pl: Unset all EC curves when testing
 !MBEDTLS_ECP_C

---
 tests/scripts/depends-pkalgs.pl | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 97a43e881..50e4837cd 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -39,6 +39,17 @@ my %algs = (
     'MBEDTLS_ECP_C'     => ['MBEDTLS_ECDSA_C',
                             'MBEDTLS_ECDH_C',
                             'MBEDTLS_ECJPAKE_C',
+                            'MBEDTLS_ECP_DP_SECP192R1_ENABLED',
+                            'MBEDTLS_ECP_DP_SECP224R1_ENABLED',
+                            'MBEDTLS_ECP_DP_SECP256R1_ENABLED',
+                            'MBEDTLS_ECP_DP_SECP384R1_ENABLED',
+                            'MBEDTLS_ECP_DP_SECP521R1_ENABLED',
+                            'MBEDTLS_ECP_DP_BP256R1_ENABLED',
+                            'MBEDTLS_ECP_DP_BP384R1_ENABLED',
+                            'MBEDTLS_ECP_DP_BP512R1_ENABLED',
+                            'MBEDTLS_ECP_DP_SECP192K1_ENABLED',
+                            'MBEDTLS_ECP_DP_SECP224K1_ENABLED',
+                            'MBEDTLS_ECP_DP_SECP256K1_ENABLED',
                             'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
                             'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
                             'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',

From 69c6cde728ce21680ed6678a7e25443384ebe159 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 14:34:23 +0100
Subject: [PATCH 71/93] ssl-opt.sh: Detect use of CRTs using Secp384R1 and
 potentially skip

This commit modifies ssl-opt.sh to autodetect the use of test certificates
server5.* server6.* test-ca2.* using Secp384r1, and skips the corresponding
tests if MBEDTLS_ECP_DP_SECP384R1_ENABLED isn't set.
---
 tests/ssl-opt.sh | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9ebd009a9..33aa792dd 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -645,6 +645,25 @@ check_cmdline_force_version_compat() {
     fi
 }
 
+check_cmdline_crt_key_files_compat() {
+
+    # test-ca2.crt
+    if echo "$CMD" | grep -e "test-ca2" > /dev/null; then
+        requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
+    fi
+
+    # Variants of server5.key and server5.crt
+    if echo "$CMD" | grep -e "server5" > /dev/null; then
+        requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
+    fi
+
+    # Variants of server6.key and server6.crt
+    if echo "$CMD" | grep -e "server6" > /dev/null; then
+        requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
+    fi
+
+}
+
 # Go through all options that can be hardcoded at compile-time and
 # detect whether the command line configures them in a conflicting
 # way. If so, skip the test. Otherwise, remove the corresponding
@@ -655,6 +674,10 @@ check_cmdline_force_version_compat() {
 check_cmdline_compat() {
     CMD="$1"
 
+    # Check that if we're specifying particular certificate and/or
+    # ECC key files, the corresponding curve is enabled.
+    check_cmdline_crt_key_files_compat
+
     # ExtendedMasterSecret configuration
     check_cmdline_param_compat "extended_ms" \
                                "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET"

From 8b3408f1a87e63b7a99f2d40908b2e9aec5f3e86 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 14:35:23 +0100
Subject: [PATCH 72/93] TinyCrypt Test: Run ssl-opt.sh without restrictions

Previously, the TinyCrypt component in all.sh restricted the ssl-opt.sh
to the 'Default, DTLS' test, due to implicit dependencies on Secp384r1.
These dependencies are now explicit and ssl-opt.sh skips corresponding
tests accordingly, so we can introduce a full run of ssl-opt.sh into
the TinyCrypt test in all.sh.
---
 tests/scripts/all.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 34ca5a5bf..a906c8c93 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1428,7 +1428,7 @@ component_test_default_tinycrypt_without_legacy_ecc () {
 
     msg "test: default config with tinycrypt enabled and legacy ECC disabled"
     make test
-    if_build_succeeded tests/ssl-opt.sh -f "^Default, DTLS$"
+    if_build_succeeded tests/ssl-opt.sh
 
     export SRV_ECDSA_CRT=data_files/server11.crt.pem
     export SRV_ECDSA_KEY=data_files/server11.key.pem

From ecf5d3fdb10e277a770df69853672e5c703b351b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Sep 2019 07:47:29 +0100
Subject: [PATCH 73/93] TinyCrypt SSL: Extend scope of use of TC in PMS
 derivation

Extend scope of TC in ECDH-param extraction from CRT

Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the assembly of the PMS.
---
 library/ssl_tls.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2e8a07645..75d199a64 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1952,9 +1952,13 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA                       ||
         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA                     ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDH_RSA                        ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
     {
         const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
         ((void) ret);

From b3a244847df56c1474376171076852146cf857d6 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Sep 2019 09:47:23 +0100
Subject: [PATCH 74/93] TinyCrypt SSL: Impl. ECDH-param extraction from CRT for
 TinyCrypt

---
 library/ssl_cli.c | 42 ++++++++++++++++++++++++++++++------------
 library/ssl_srv.c | 21 +++++++++++++++++++++
 2 files changed, 51 insertions(+), 12 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 330d017ed..22d28c959 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2551,9 +2551,13 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
 static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
 {
     int ret;
-    const mbedtls_ecp_keypair *peer_key;
     mbedtls_pk_context * peer_pk;
 
+    /* Acquire peer's PK context: In case we store peer's entire
+     * certificate, we extract the context from it. Otherwise,
+     * we can use a temporary copy we've made for the purpose of
+     * signature verification. */
+
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     peer_pk = &ssl->handshake->peer_pubkey;
 #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -2580,20 +2584,34 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
         goto cleanup;
     }
 
-    peer_key = mbedtls_pk_ec( *peer_pk );
+    /* Extract ECDH parameters from peer's PK context. */
 
-    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
-                                 MBEDTLS_ECDH_THEIRS ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
-        goto cleanup;
-    }
+#if defined(MBEDTLS_USE_TINYCRYPT)
+        mbedtls_uecc_keypair *peer_key =
+            mbedtls_pk_uecc( *peer_pk );
 
-    if( ssl_check_server_ecdh_params( ssl ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
-        ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
-        goto cleanup;
+        memcpy( ssl->handshake->ecdh_peerkey,
+                peer_key->public_key,
+                sizeof( ssl->handshake->ecdh_peerkey ) );
+#else /* MBEDTLS_USE_TINYCRYPT */
+        const mbedtls_ecp_keypair *peer_key;
+        peer_key = mbedtls_pk_ec( *peer_pk );
+
+        if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
+                                             MBEDTLS_ECDH_THEIRS ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
+            goto cleanup;
+        }
+
+        if( ssl_check_server_ecdh_params( ssl ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
+            ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
+            goto cleanup;
+        }
+#endif /* MBEDTLS_USE_TINYCRYPT */
     }
 
 cleanup:
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 6d2d82fbd..ecbfc852f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3198,6 +3198,26 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+
+#if defined(MBEDTLS_USE_TINYCRYPT)
+static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+{
+    mbedtls_uecc_keypair *own_key =
+        mbedtls_pk_uecc( *mbedtls_ssl_own_key( ssl ) );
+
+    if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
+        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+    }
+
+    memcpy( ssl->handshake->ecdh_privkey,
+            own_key->private_key,
+            sizeof( ssl->handshake->ecdh_privkey ) );
+
+    return( 0 );
+}
+#else /* MBEDTLS_USE_TINYCRYPT */
 static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
 {
     int ret;
@@ -3218,6 +3238,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
 
     return( 0 );
 }
+#endif /* MBEDTLS_USE_TINYCRYPT */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
 

From 8ea7da22503bfebbcfd65e9ad895b10f5d936cdd Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Sep 2019 07:48:52 +0100
Subject: [PATCH 75/93] TinyCrypt SSL: Extend scope of TC-based SrvKeyExch
 writing

Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the writing of the ServerKeyExchange message.
---
 library/ssl_srv.c | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ecbfc852f..de3d57c5d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3415,10 +3415,6 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
          */
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
-        if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-            == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
-            mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-            == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
         {
             static const unsigned char ecdh_param_hdr[] = {
                 MBEDTLS_SSL_EC_TLS_NAMED_CURVE,
@@ -3446,13 +3442,6 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
 
             ssl->out_msglen += 2*NUM_ECC_BYTES;
         }
-        else
-#endif /* MBEDTLS_TINYCRYPT_C */
-#if !defined(MBEDTLS_ECDH_C)
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
 #else
         {
             const mbedtls_ecp_curve_info *curve =

From b42e2388ff644166e037079834f81bb7f69e0563 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Sep 2019 07:49:04 +0100
Subject: [PATCH 76/93] TinyCrypt SSL: Extend scope of CliKeyExchange parsing

Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the parsing of the ClientKeyExchange message.
---
 library/ssl_srv.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index de3d57c5d..1c1ca32f5 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4219,9 +4219,13 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
 #if defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA                    ||
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
     {
         ((void) ret);
         if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 )

From 40ee0d450d5f81c251ce50ef1bf3b6b03e83ce26 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Sep 2019 09:40:53 +0100
Subject: [PATCH 77/93] Fixup: Correct #else and #endif comments in SrvKeyExch
 writing

---
 library/ssl_srv.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1c1ca32f5..c6d099df1 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3442,7 +3442,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
 
             ssl->out_msglen += 2*NUM_ECC_BYTES;
         }
-#else
+#else /* MBEDTLS_USE_TINYCRYPT */
         {
             const mbedtls_ecp_curve_info *curve =
                 mbedtls_ecp_curve_info_from_tls_id( ssl->handshake->curve_tls_id );
@@ -3483,7 +3483,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
             MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
                                     MBEDTLS_DEBUG_ECDH_Q );
         }
-#endif /* MBEDTLS_ECDH_C */
+#endif /* MBEDTLS_USE_TINYCRYPT */
     }
 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
 

From 7352bd141e09b076f5876b46ac7d3f7bf3dd8d9d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Sep 2019 07:49:40 +0100
Subject: [PATCH 78/93] TinyCrypt SSL: Extend scope of SrvKeyExchange parsing

Extend scope of TC in ECDH-param extraction from CRT

Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the parsing of the ServerKeyExchange message.
---
 library/ssl_cli.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 22d28c959..6a90259c8 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2830,9 +2830,11 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
           MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
 #if defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA                         ||
         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK                         ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
     {
         static const unsigned char ecdh_group[] = {
             MBEDTLS_SSL_EC_TLS_NAMED_CURVE,

From c7effc04c165fe5a805dce4c912dbcd7abb39569 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 1 Sep 2019 07:49:50 +0100
Subject: [PATCH 79/93] TinyCrypt SSL: Extend scope use of TC in CliKeyExchange
 writing

Extend scope of TC in ECDH-param extraction from CRT

Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the writing of the ClientKeyExchange message.
---
 library/ssl_cli.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 6a90259c8..ad30ba4e3 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3595,9 +3595,14 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
 #if defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
         == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
+        == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
+
     {
         const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
         ((void) n);

From d91ede14c43b6dc5c46298aac8fdf1a17bfa2567 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 09:47:05 +0100
Subject: [PATCH 80/93] TinyCrypt ECDHE-PSK: Implement ClientKeyExchange
 writing

---
 library/ssl_cli.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ad30ba4e3..5c2d87073 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3758,6 +3758,24 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
         if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
             == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
         {
+#if defined(MBEDTLS_USE_TINYCRYPT)
+            const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
+            ((void) n);
+            ((void) ret);
+
+            if( (size_t)( end - p ) < 2 * NUM_ECC_BYTES + 2 )
+                return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+            *p++ = 2 * NUM_ECC_BYTES + 1;
+            *p++ = 0x04; /* uncompressed point presentation */
+
+            if( !uECC_make_key( p, ssl->handshake->ecdh_privkey,
+                                uecc_curve ) )
+            {
+                return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+            }
+            p += 2 * NUM_ECC_BYTES;
+#else /* MBEDTLS_USE_TINYCRYPT */
             /*
              * ClientECDiffieHellmanPublic public;
              */
@@ -3773,6 +3791,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
             MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
 
             p += n;
+#endif /* MBEDTLS_USE_TINYCRYPT */
         }
         else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */

From 982da7ee0a15738378f7f7358c453ddae56779f1 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 09:47:39 +0100
Subject: [PATCH 81/93] TinyCrypt ECDHE-PSK: Implement
 mbedtls_ssl_psk_derive_premaster()

---
 library/ssl_tls.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 75d199a64..e47c45657 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2158,6 +2158,20 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
         int ret;
         size_t zlen;
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+        const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
+        ((void) ret);
+
+        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
+                                 ssl->handshake->ecdh_privkey,
+                                 p + 2,
+                                 uecc_curve ) )
+        {
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+
+        zlen = NUM_ECC_BYTES;
+#else /* MBEDTLS_USE_TINYCRYPT */
         if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
                                        p + 2, end - ( p + 2 ),
                                        mbedtls_ssl_conf_get_frng( ssl->conf ),
@@ -2167,12 +2181,14 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
             return( ret );
         }
 
+        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+                                MBEDTLS_DEBUG_ECDH_Z );
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
         *(p++) = (unsigned char)( zlen >> 8 );
         *(p++) = (unsigned char)( zlen      );
         p += zlen;
 
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_Z );
     }
     else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */

From 358b3006eeb5509f20f14657de0aa3e80ba1e622 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 09:48:02 +0100
Subject: [PATCH 82/93] TinyCrypt ECDHE-PSK: Implement CliKeyExchange parsing

---
 library/ssl_srv.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index c6d099df1..fd1ece0d8 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4345,6 +4345,10 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
             return( ret );
         }
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+        if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 )
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+#else /* MBEDTLS_USE_TINYCRYPT */
         if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
                                        p, end - p ) ) != 0 )
         {
@@ -4353,6 +4357,7 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
         }
 
         MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
+#endif /* MBEDTLS_USE_TINYCRYPT */
     }
     else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */

From 6f7680491b283863160e4ab53f76d540e4786c3d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 11:42:24 +0100
Subject: [PATCH 83/93] TinyCrypt ECDHE-PSK: Adapt dummy structure
 approximating PMS length

---
 include/mbedtls/ssl.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index a23003cd7..74d7e40a1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -519,7 +519,7 @@ union mbedtls_ssl_premaster_secret
 #endif
 #if defined(MBEDTLS_USE_TINYCRYPT)
     unsigned char _pms_ecdh_uecc[ NUM_ECC_BYTES ];
-#endif
+#endif /* MBEDTLS_USE_TINYCRYPT */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
     unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
@@ -532,6 +532,10 @@ union mbedtls_ssl_premaster_secret
     unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];      /* RFC 4279 4 */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    unsigned char _pms_ecdhe_psk_uecc[4 + NUM_ECC_BYTES +
+                                      + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
+#endif /* MBEDTLS_USE_TINYCRYPT */
     unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
                                    + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
 #endif

From 6f212d0a166bc2c4620fbdd66bbeb2b293ccf0a2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 13:05:27 +0100
Subject: [PATCH 84/93] TinyCrypt ECDH/ECDHE-PSK: Allow TinyCrypt-based ECDH
 and ECDHE-PSK

---
 include/mbedtls/check_config.h | 10 ++++++----
 include/mbedtls/ssl.h          |  2 ++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index e2c04af19..6807ff33b 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -270,12 +270,14 @@
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+    ( !( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_USE_TINYCRYPT) ) || \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) )
 #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                   \
+    ( !( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_USE_TINYCRYPT) ) || \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) )
 #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
@@ -284,7 +286,7 @@
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
-    !defined(MBEDTLS_ECDH_C)
+    !(defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_USE_TINYCRYPT) )
 #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
 #endif
 
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 74d7e40a1..9282fbcf1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -536,9 +536,11 @@ union mbedtls_ssl_premaster_secret
     unsigned char _pms_ecdhe_psk_uecc[4 + NUM_ECC_BYTES +
                                       + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
 #endif /* MBEDTLS_USE_TINYCRYPT */
+#if defined(MBEDTLS_ECP_C)
     unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
                                    + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
 #endif
+#endif
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     unsigned char _pms_ecjpake[32];     /* Thread spec: SHA-256 output */
 #endif

From fe08844bacd8886ec10136b528609f60776fee1b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 13:07:20 +0100
Subject: [PATCH 85/93] TinyCrypt Test: Include ECDH and ECDHE-PSK in all.sh
 TinyCrypt test

---
 tests/scripts/all.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index a906c8c93..814496d00 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1435,7 +1435,7 @@ component_test_default_tinycrypt_without_legacy_ecc () {
     export CLI_ECDSA_CRT=data_files/cli3.crt.pem
     export CLI_ECDSA_KEY=data_files/cli3.key.pem
     export CA_FILE=data_files/test-ca3.crt.pem
-    if_build_succeeded tests/compat.sh -f 'TLS-ECDHE-ECDSA'
+    if_build_succeeded tests/compat.sh -f 'ECDHE-ECDSA\|ECDHE-PSK\|ECDH-ECDSA'
 }
 
 component_test_baremetal () {

From a007e0db472d669108a8d924084321b31e07663a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Sep 2019 16:24:00 +0100
Subject: [PATCH 86/93] baremetal.h: Use TinyCrypt curve identifier

---
 configs/baremetal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/baremetal.h b/configs/baremetal.h
index e39ceb58e..b65376332 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -46,7 +46,7 @@
 #define MBEDTLS_PK_PARSE_C
 
 #define MBEDTLS_SSL_CONF_SINGLE_EC
-#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
+#define MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
 #define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
 #define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH
 #define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_MD_ID MBEDTLS_MD_SHA256

From 82a7a21982f72267205e0ec9ad46c5d69a606c29 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 3 Sep 2019 08:41:38 +0100
Subject: [PATCH 87/93] Fixup: Correct inclusion of legacy ECP headers in ssl.h

Previously, ecp.h was included only if MBEDTLS_ECDH_C was set,
which broke the build in configurations using ECDSA, but not ECDH.
An example of such a config is configs/config-thread.h, which
uses ECJPAKE exclusively.

Moreover, the inclusion of ecdh.h isn't needed, because the header
only uses constants defined in the ECP module.
---
 include/mbedtls/ssl.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 9282fbcf1..79c68681c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -41,9 +41,8 @@
 #include "dhm.h"
 #endif
 
-#if defined(MBEDTLS_ECDH_C)
+#if defined(MBEDTLS_ECP_C)
 #include "ecp.h"
-#include "ecdh.h"
 #endif
 
 #if defined(MBEDTLS_USE_TINYCRYPT)

From 1b82685dc94ae55b16055d0362b5986712cb46f4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 3 Sep 2019 08:46:06 +0100
Subject: [PATCH 88/93] Fixup debug.h and ssl_internal.h: Add missing include
 of ecdh.h

Previously, this wasn't necessary because ecdh.h was included
through ssl.h, but now that this is no longer the case (because
ssl.h doesn't use ECDH), we have to include it explicitly.
---
 include/mbedtls/debug.h        | 4 ++++
 include/mbedtls/ssl_internal.h | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 0ca5a5b44..41cdd34a1 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -36,6 +36,10 @@
 #include "ecp.h"
 #endif
 
+#if defined(MBEDTLS_ECDH_C)
+#include "ecdh.h"
+#endif
+
 #if defined(MBEDTLS_DEBUG_C)
 
 #define MBEDTLS_DEBUG_STRIP_PARENS( ... )   __VA_ARGS__
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 0e38bc3c8..64138c53c 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -54,6 +54,14 @@
 #include "ecjpake.h"
 #endif
 
+#if defined(MBEDTLS_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(MBEDTLS_ECDH_C)
+#include "ecdh.h"
+#endif
+
 #if defined(MBEDTLS_USE_TINYCRYPT)
 #include "tinycrypt/ecc.h"
 #include "tinycrypt/ecc_dh.h"

From 96d34d57ec3f9a9d4041439011074a16a84b9d78 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 3 Sep 2019 10:01:26 +0100
Subject: [PATCH 89/93] TinyCrypt PK Wrap: Remove dependency on ASN.1 writing

The TinyCrypt PK signature wrapper uses ASN.1 writing functions
for length and tag, accounting for the only dependency of the
baremetal build on ASN.1 writing.

Since all lengths to be encoded are below 128 Bytes and are hence
ASN.1 encoded as single Bytes, the dependency on ASN.1 writing can
be removed at low complexity by writing the length and tags directly.
---
 configs/baremetal.h |  3 ---
 library/pk_wrap.c   | 34 +++++++++++++++++++++++-----------
 2 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/configs/baremetal.h b/configs/baremetal.h
index b65376332..815bd8f45 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -119,9 +119,6 @@
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
 
-/* X.509 CSR writing */
-#define MBEDTLS_ASN1_WRITE_C
-
 /* RNG and PRNG */
 #define MBEDTLS_NO_PLATFORM_ENTROPY
 #define MBEDTLS_ENTROPY_C
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 78318cb99..e667e3025 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -596,11 +596,13 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
  * p: pointer to the end of the output buffer
  * start: start of the output buffer, and also of the mpi to write at the end
  * n_len: length of the mpi to read from start
+ *
+ * Warning:
+ * The total length of the output buffer must be smaller than 128 Bytes.
  */
 static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
                               size_t n_len )
 {
-    int ret;
     size_t len = 0;
 
     if( (size_t)( *p - start ) < n_len )
@@ -634,9 +636,11 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
         len += 1;
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                                MBEDTLS_ASN1_INTEGER ) );
+    /* The ASN.1 length encoding is just a single Byte containing the length,
+     * as we assume that the total buffer length is smaller than 128 Bytes. */
+    *--(*p) = len;
+    *--(*p) = MBEDTLS_ASN1_INTEGER;
+    len += 2;
 
     return( (int) len );
 }
@@ -648,6 +652,8 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
  * [in/out] sig: the signature pre- and post-transcoding
  * [in/out] sig_len: signature length pre- and post-transcoding
  * [int] buf_len: the available size the in/out buffer
+ *
+ * Warning: buf_len must be smaller than 128 Bytes.
  */
 static int pk_ecdsa_sig_asn1_from_uecc( unsigned char *sig, size_t *sig_len,
                                         size_t buf_len )
@@ -660,9 +666,11 @@ static int pk_ecdsa_sig_asn1_from_uecc( unsigned char *sig, size_t *sig_len,
     MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
     MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
-                          MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+    /* The ASN.1 length encoding is just a single Byte containing the length,
+     * as we assume that the total buffer length is smaller than 128 Bytes. */
+    *--p = len;
+    *--p = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
+    len += 2;
 
     memmove( sig, p, len );
     *sig_len = len;
@@ -689,10 +697,11 @@ static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
      * Size is at most
      *    1 (tag) + 1 (len) + 1 (initial 0) + NUM_ECC_BYTES for each of r and s,
      *    twice that + 1 (tag) + 2 (len) for the sequence
-     * (assuming NUM_ECC_BYTES is less than 126 for r and s,
-     * and less than 124 (total len <= 255) for the sequence)
+     *
+     * (The ASN.1 length encodings are all 1-Byte encodings because
+     *  the total size is smaller than 128 Bytes).
      */
-    const size_t max_secp256r1_ecdsa_sig_len = 3 + 2 * ( 3 + NUM_ECC_BYTES );
+     #define MAX_SECP256R1_ECDSA_SIG_LEN ( 3 + 2 * ( 3 + NUM_ECC_BYTES ) )
 
     uECC_sign( keypair->private_key, hash, hash_len, sig, uecc_curve );
     *sig_len = 2 * NUM_ECC_BYTES;
@@ -702,7 +711,10 @@ static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
     (void) p_rng;
     (void) md_alg;
 
-    return( pk_ecdsa_sig_asn1_from_uecc( sig, sig_len, max_secp256r1_ecdsa_sig_len ) );
+    return( pk_ecdsa_sig_asn1_from_uecc( sig, sig_len,
+                                         MAX_SECP256R1_ECDSA_SIG_LEN ) );
+
+    #undef MAX_SECP256R1_ECDSA_SIG_LEN
 }
 
 static void *uecc_eckey_alloc_wrap( void )

From d2929b562628b3d15701aa13dcd5ed2aaf3ab675 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 4 Sep 2019 16:07:52 +0100
Subject: [PATCH 90/93] Fixup TinyCrypt PK wrap: Check TinyCrypt signature
 return code

---
 library/pk_wrap.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index e667e3025..2bcc947f7 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -685,6 +685,7 @@ static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 {
     const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
     const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
+    int ret;
 
     /*
      * RFC-4492 page 20:
@@ -703,7 +704,11 @@ static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
      */
      #define MAX_SECP256R1_ECDSA_SIG_LEN ( 3 + 2 * ( 3 + NUM_ECC_BYTES ) )
 
-    uECC_sign( keypair->private_key, hash, hash_len, sig, uecc_curve );
+    ret = uECC_sign( keypair->private_key, hash, hash_len, sig, uecc_curve );
+    /* TinyCrypt uses 0 to signal errors. */
+    if( ret == 0 )
+        return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+
     *sig_len = 2 * NUM_ECC_BYTES;
 
     /* uECC owns its rng function pointer */

From f45d9da8787ce859838fe92037186d1a938bfef2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 4 Sep 2019 16:09:56 +0100
Subject: [PATCH 91/93] Fixup certs.c: Remove redundant TinyCrypt guard

---
 library/certs.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/library/certs.c b/library/certs.c
index da534a3c5..0fc8852f6 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -45,7 +45,7 @@
 /* Use CRTs with Secp256r1-only if Secp384r1 is disabled.
  * Otherwise, fall back to previous test CRTs using both
  * Secp256r1 and Secp384r1. */
-#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(MBEDTLS_USE_TINYCRYPT)
+#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
 
 /* This is taken from tests/data_files/test-ca3.crt.pem */
 /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca3.crt.pem */
@@ -135,7 +135,7 @@
 }
 /* END FILE */
 
-#else /* !MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
+#else /* !MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
 /* This is taken from tests/data_files/test-ca2.crt */
 /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */
@@ -241,7 +241,7 @@
 }
 /* END FILE */
 
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
 #define TEST_CA_PWD_EC_PEM "PolarSSLTest"
 
@@ -607,7 +607,7 @@
 /* Use CRTs with Secp256r1-only if Secp384r1 is disabled.
  * Otherwise, fall back to previous test CRTs using both
  * Secp256r1 and Secp384r1. */
-#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(MBEDTLS_USE_TINYCRYPT)
+#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
 
 /* This is taken from tests/data_files/server11.crt.pem. */
 /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server11.crt.pem */
@@ -696,7 +696,7 @@
 }
 /* END FILE */
 
-#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
+#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
 /* This is taken from tests/data_files/server5.crt. */
 /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */
@@ -796,7 +796,7 @@
 }
 /* END FILE */
 
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
 /* This is taken from tests/data_files/server2-sha256.crt. */
 /* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */
@@ -1152,7 +1152,7 @@
 /* Use CRTs with Secp256r1-only if Secp384r1 is disabled.
  * Otherwise, fall back to previous test CRTs using both
  * Secp256r1 and Secp384r1. */
-#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(MBEDTLS_USE_TINYCRYPT)
+#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
 
 /* This is taken from tests/data_files/cli3.crt. */
 /* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli3.crt.pem */
@@ -1242,7 +1242,7 @@
 }
 /* END FILE */
 
-#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
+#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
 /* This is taken from tests/data_files/cli2.crt. */
 /* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */
@@ -1336,7 +1336,7 @@
 }
 /* END FILE */
 
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
 /* This is taken from tests/data_files/cli-rsa-sha256.crt. */
 /* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */

From 683d84a5d73b3db528c795e78d75ddcd2706a451 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 4 Sep 2019 16:10:46 +0100
Subject: [PATCH 92/93] Fixup TinyCrypt PK parse: Correct function name in
 comment

---
 library/pkparse.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index d03695b63..1a73101f9 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -969,7 +969,8 @@ static int pk_parse_key_sec1_der( mbedtls_uecc_keypair *keypair,
             else
             {
                 /*
-                 * The only acceptable failure mode of pk_get_ecpubkey() above
+                 * The only acceptable failure mode of
+                 * uecc_public_key_read_binary() above
                  * is if the point format is not recognized.
                  */
                 if( ret != MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE )

From d601854548c1830bf02f5758bd95559ce019bdf9 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 4 Sep 2019 16:12:36 +0100
Subject: [PATCH 93/93] Fixup TinyCrypt Tests: Remove redundant guards

---
 tests/suites/test_suite_pkparse.data | 60 ++++++++++++++--------------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 335d76413..bb26e4e9c 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -953,19 +953,19 @@ Parse Public RSA Key #4 (PKCS#1 wrapped, DER)
 pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0
 
 Parse Public EC Key #1 (RFC 5480, DER)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0
 
 Parse Public EC Key #2 (RFC 5480, PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0
 
 Parse Public EC Key #3 (RFC 5480, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
 pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
 
 Parse Public EC Key #4 (RFC 5480, secp256r1, legacy ECC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
 
 Parse Public EC Key #4 (RFC 5480, secp256r1, TinyCrypt)
@@ -973,43 +973,43 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
 
 Parse Public EC Key #5 (RFC 5480, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
 pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
 
 Parse Public EC Key #6 (RFC 5480, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
 pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0
 
 Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
 pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0
 
 Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
 pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0
 
 Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
 
 Parse EC Key #1 (SEC1 DER)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
 
 Parse EC Key #2 (SEC1 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
 
 Parse EC Key #3 (SEC1 PEM encrypted)
-depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
 
 Parse EC Key #4 (PKCS8 DER)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
 
 Parse EC Key #4a (PKCS8 DER, no public key, legacy ECC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
 
 Parse EC Key #4a (PKCS8 DER, no public key, TinyCrypt)
@@ -1017,7 +1017,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
 
 Parse EC Key #4b (PKCS8 DER, no public key, with parameters, legacy ECC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
 
 Parse EC Key #4b (PKCS8 DER, no public key, with parameters, TinyCrypt)
@@ -1025,15 +1025,15 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
 
 Parse EC Key #4c (PKCS8 DER, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
 
 Parse EC Key #5 (PKCS8 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
 
 Parse EC Key #5a (PKCS8 PEM, no public key, legacy ECC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
 
 Parse EC Key #5a (PKCS8 PEM, no public key, TinyCrypt)
@@ -1041,7 +1041,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
 
 Parse EC Key #5b (PKCS8 PEM, no public key, with parameters, legacy ECC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
 
 Parse EC Key #5b (PKCS8 PEM, no public key, with parameters, TinyCrypt)
@@ -1049,7 +1049,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
 
 Parse EC Key #5c (PKCS8 PEM, with parameters, legacy ECC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
 
 Parse EC Key #5c (PKCS8 PEM, with parameters, TinyCrypt)
@@ -1057,19 +1057,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
 
 Parse EC Key #6 (PKCS8 encrypted DER)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
 
 Parse EC Key #7 (PKCS8 encrypted PEM)
-depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0
 
 Parse EC Key #8 (SEC1 PEM, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
 
 Parse EC Key #9 (SEC1 PEM, secp256r1, legacy ECC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
 
 Parse EC Key #9 (SEC1 PEM, secp256r1, TinyCrypt)
@@ -1077,27 +1077,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_USE_TINYCRYPT
 pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
 
 Parse EC Key #10 (SEC1 PEM, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
 
 Parse EC Key #11 (SEC1 PEM, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
 
 Parse EC Key #12 (SEC1 PEM, bp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0
 
 Parse EC Key #13 (SEC1 PEM, bp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0
 
 Parse EC Key #14 (SEC1 PEM, bp512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
 
 Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED:!MBEDTLS_USE_TINYCRYPT
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
 pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
 
 Key ASN1 (Incorrect first tag)