Gilles Peskine

Fixes #8300. Requires https://github.com/Mbed-TLS/mbedtls-test/pull/166 (before that, we wouldn't have the necessary Python environment to run `make generated_files`). ## PR checklist - [x] **changelog** no: test only - [ ] **3.6...

Fully analyze test cases that are not executed

3

The goal of this task is to fully analyze the test cases that are not executed by the CI, as reported by `tests/scripts/analyze_outcomes.py` ("Result analysis" CI report), for all supported...

In some configurations, we use platform functions without including the header that declares them. The exact set of configurations where this happens is probably hard to describe. Presumably, it's certain...

Including `mbedtls/check_config.h` from `mbedtls/config.h` is optional. If done, `limits.h` gets included. If not done, we were missing the inclusion of `limits.h` in several source files. Fix this and add a...

In Mbed TLS 2.x, including `mbedtls/check_config.h` is optional. We do it in the default configuration file, but users can provide their own configuration file that doesn't include it. The general...

Multiple projects using Mbed TLS are defining or have defined derived configuration symbols manually. I think that came up as a workaround for consuming `mbedtls_config.h` instead of `build_info.h`, e.g. because...

It's technically possible to `#include` those headers, so users are doing it, and then complaining about the consequences. Resolve #9147. Including `*adjust*` directly, as several projects have done, may lead...

Alert if all tests are filtered out or skipped: that probably indicates a test script that set up an unintended configuration or an overly strict filter. You can pass `--min...

Remove the legacy HKDF implementation (`hkdf.h`, `hkdf.c`, `test_suite_hkdf.*`). PSA has its own independent implementation and no module uses the legacy implementation.

**Summary for Mbed TLS users: in Mbed TLS 3.x, don't include `mbedtls/check_config.h` any longer.** Some users had an Mbed TLS 2.x `mbedtls/config.h` (or alternate name given via `MBEDTLS_CONFIG_FILE`) included `mbedtls/check_config.h`...