From f24933dc175e0faf44a3cce3330c256a59649ca6 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Tue, 19 Jul 2022 23:01:17 -0400
Subject: [PATCH 4/7] tests/Makefile make run-tests with CONFIG_TLS=...

add test-crypto_module.c to run crypto_module_tests()

adjust some tests/hwsim/*.py for mbed TLS (work in progress)

option to build and run-tests with CONFIG_TLS=internal # (default)
$ cd tests; make clean
$ make run-tests

option to build and run-tests with CONFIG_TLS=gnutls
$ cd tests; make clean CONFIG_TLS=gnutls
$ make run-tests CONFIG_TLS=gnutls

option to build and run-tests with CONFIG_TLS=mbedtls
$ cd tests; make clean CONFIG_TLS=mbedtls
$ make run-tests CONFIG_TLS=mbedtls

option to build and run-tests with CONFIG_TLS=openssl
$ cd tests; make clean CONFIG_TLS=openssl
$ make run-tests CONFIG_TLS=openssl

option to build and run-tests with CONFIG_TLS=wolfssl
$ cd tests; make clean CONFIG_TLS=wolfssl
$ make run-tests CONFIG_TLS=wolfssl

RFE: Makefile logic for crypto objects should be centralized
     instead of being duplicated in hostapd/Makefile,
     wpa_supplicant/Makefile, src/crypto/Makefile,
     tests/Makefile, ...

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
 hostapd/Makefile                          |   6 +
 src/crypto/Makefile                       | 129 ++++++++++++++++++++-
 src/crypto/crypto_module_tests.c          | 134 ++++++++++++++++++++++
 src/tls/Makefile                          |  11 ++
 tests/Makefile                            |  75 +++++++++---
 tests/hwsim/example-hostapd.config        |  11 +-
 tests/hwsim/example-wpa_supplicant.config |  12 +-
 tests/hwsim/test_ap_eap.py                | 114 +++++++++++++-----
 tests/hwsim/test_ap_ft.py                 |   4 +-
 tests/hwsim/test_authsrv.py               |   9 +-
 tests/hwsim/test_dpp.py                   |  19 ++-
 tests/hwsim/test_erp.py                   |  16 +--
 tests/hwsim/test_fils.py                  |   5 +-
 tests/hwsim/test_pmksa_cache.py           |   4 +-
 tests/hwsim/test_sae.py                   |   7 ++
 tests/hwsim/test_suite_b.py               |   3 +
 tests/hwsim/test_wpas_ctrl.py             |   2 +-
 tests/hwsim/utils.py                      |   8 +-
 tests/test-crypto_module.c                |  16 +++
 tests/test-https.c                        |  12 +-
 tests/test-https_server.c                 |  12 +-
 wpa_supplicant/Makefile                   |   6 +
 22 files changed, 524 insertions(+), 91 deletions(-)
 create mode 100644 tests/test-crypto_module.c

--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -696,6 +696,7 @@ CFLAGS += -DCONFIG_TLSV12
 endif
 
 ifeq ($(CONFIG_TLS), wolfssl)
+CFLAGS += -DCONFIG_TLS_WOLFSSL
 CONFIG_CRYPTO=wolfssl
 ifdef TLS_FUNCS
 OBJS += ../src/crypto/tls_wolfssl.o
@@ -716,6 +717,7 @@ endif
 endif
 
 ifeq ($(CONFIG_TLS), openssl)
+CFLAGS += -DCONFIG_TLS_OPENSSL
 CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
 CONFIG_CRYPTO=openssl
 ifdef TLS_FUNCS
@@ -746,6 +748,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
 endif
 
 ifeq ($(CONFIG_TLS), mbedtls)
+CFLAGS += -DCONFIG_TLS_MBEDTLS
 ifndef CONFIG_CRYPTO
 CONFIG_CRYPTO=mbedtls
 endif
@@ -776,6 +779,7 @@ endif
 endif
 
 ifeq ($(CONFIG_TLS), gnutls)
+CFLAGS += -DCONFIG_TLS_GNUTLS
 ifndef CONFIG_CRYPTO
 # default to libgcrypt
 CONFIG_CRYPTO=gnutls
@@ -806,6 +810,7 @@ endif
 endif
 
 ifeq ($(CONFIG_TLS), internal)
+CFLAGS += -DCONFIG_TLS_INTERNAL
 ifndef CONFIG_CRYPTO
 CONFIG_CRYPTO=internal
 endif
@@ -884,6 +889,7 @@ endif
 endif
 
 ifeq ($(CONFIG_TLS), linux)
+CFLAGS += -DCONFIG_TLS_INTERNAL
 OBJS += ../src/crypto/crypto_linux.o
 ifdef TLS_FUNCS
 OBJS += ../src/crypto/crypto_internal-rsa.o
--- a/src/crypto/Makefile
+++ b/src/crypto/Makefile
@@ -1,10 +1,121 @@
-CFLAGS += -DCONFIG_CRYPTO_INTERNAL
-CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
-CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
 #CFLAGS += -DALL_DH_GROUPS
 CFLAGS += -DCONFIG_SHA256
 CFLAGS += -DCONFIG_SHA384
+CFLAGS += -DCONFIG_HMAC_SHA256_KDF
 CFLAGS += -DCONFIG_HMAC_SHA384_KDF
+
+# crypto_module_tests.c
+CFLAGS += -DCONFIG_MODULE_TESTS
+CFLAGS += -DCONFIG_DPP
+#CFLAGS += -DCONFIG_DPP2
+#CFLAGS += -DCONFIG_DPP3
+CFLAGS += -DCONFIG_ECC
+CFLAGS += -DCONFIG_MESH
+CFLAGS += -DEAP_PSK
+CFLAGS += -DEAP_FAST
+
+ifeq ($(CONFIG_TLS),mbedtls)
+
+# (enable features for 'cd tests; make run-tests CONFIG_TLS=mbedtls')
+CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
+CFLAGS += -DCONFIG_DES
+CFLAGS += -DEAP_IKEV2
+CFLAGS += -DEAP_MSCHAPv2
+CFLAGS += -DEAP_SIM
+
+LIB_OBJS = tls_mbedtls.o crypto_mbedtls.o
+LIB_OBJS+= \
+	aes-eax.o \
+	aes-siv.o \
+	dh_groups.o \
+	milenage.o \
+	ms_funcs.o
+
+else
+ifeq ($(CONFIG_TLS),openssl)
+
+# (enable features for 'cd tests; make run-tests CONFIG_TLS=openssl')
+ifndef CONFIG_TLS_DEFAULT_CIPHERS
+CONFIG_TLS_DEFAULT_CIPHERS = "DEFAULT:!EXP:!LOW"
+endif
+CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
+CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
+CFLAGS += -DEAP_TLS_OPENSSL
+
+LIB_OBJS = tls_openssl.o fips_prf_openssl.o crypto_openssl.o
+LIB_OBJS+= \
+	aes-ctr.o \
+	aes-eax.o \
+	aes-encblock.o \
+	aes-siv.o \
+	dh_groups.o \
+	milenage.o \
+	ms_funcs.o \
+	sha1-prf.o \
+	sha1-tlsprf.o \
+	sha1-tprf.o \
+	sha256-kdf.o \
+	sha256-prf.o \
+	sha256-tlsprf.o
+
+else
+ifeq ($(CONFIG_TLS),wolfssl)
+
+# (wolfssl libraries must be built with ./configure --enable-wpas)
+# (enable features for 'cd tests; make run-tests CONFIG_TLS=wolfssl')
+CFLAGS += -DWOLFSSL_DER_LOAD
+CFLAGS += -DCONFIG_DES
+
+LIB_OBJS = tls_wolfssl.o fips_prf_wolfssl.o crypto_wolfssl.o
+LIB_OBJS+= \
+	aes-ctr.o \
+	aes-eax.o \
+	aes-encblock.o \
+	aes-siv.o \
+	dh_groups.o \
+	milenage.o \
+	ms_funcs.o \
+	sha1-prf.o \
+	sha1-tlsprf.o \
+	sha1-tprf.o \
+	sha256-kdf.o \
+	sha256-prf.o \
+	sha256-tlsprf.o
+
+else
+ifeq ($(CONFIG_TLS),gnutls)
+
+# (enable features for 'cd tests; make run-tests CONFIG_TLS=gnutls')
+LIB_OBJS = tls_gnutls.o crypto_gnutls.o
+LIB_OBJS+= \
+	aes-cbc.o \
+	aes-ctr.o \
+	aes-eax.o \
+	aes-encblock.o \
+	aes-omac1.o \
+	aes-siv.o \
+	aes-unwrap.o \
+	aes-wrap.o \
+	dh_group5.o \
+	dh_groups.o \
+	milenage.o \
+	ms_funcs.o \
+	rc4.o \
+	sha1-pbkdf2.o \
+	sha1-prf.o \
+	fips_prf_internal.o \
+	sha1-internal.o \
+	sha1-tlsprf.o \
+	sha1-tprf.o \
+	sha256-kdf.o \
+	sha256-prf.o \
+	sha256-tlsprf.o
+
+else
+
+CFLAGS += -DCONFIG_CRYPTO_INTERNAL
+CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
+CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
 CFLAGS += -DCONFIG_INTERNAL_SHA384
 
 LIB_OBJS= \
@@ -13,7 +124,6 @@ LIB_OBJS= \
 	aes-ctr.o \
 	aes-eax.o \
 	aes-encblock.o \
-	aes-gcm.o \
 	aes-internal.o \
 	aes-internal-dec.o \
 	aes-internal-enc.o \
@@ -37,6 +147,7 @@ LIB_OBJS= \
 	sha1-tlsprf.o \
 	sha1-tprf.o \
 	sha256.o \
+	sha256-kdf.o \
 	sha256-prf.o \
 	sha256-tlsprf.o \
 	sha256-internal.o \
@@ -53,6 +164,16 @@ LIB_OBJS += crypto_internal-modexp.o
 LIB_OBJS += crypto_internal-rsa.o
 LIB_OBJS += tls_internal.o
 LIB_OBJS += fips_prf_internal.o
+
+endif
+endif
+endif
+endif
+
+
+# (used by wlantest/{bip,gcmp,rx_mgmt}.c and tests/test-aes.c)
+LIB_OBJS += aes-gcm.o
+
 ifndef TEST_FUZZ
 LIB_OBJS += random.o
 endif
--- a/src/crypto/crypto_module_tests.c
+++ b/src/crypto/crypto_module_tests.c
@@ -2469,6 +2469,139 @@ static int test_hpke(void)
 }
 
 
+static int test_ecc(void)
+{
+#ifdef CONFIG_ECC
+#ifndef CONFIG_TLS_INTERNAL
+#ifndef CONFIG_TLS_GNUTLS
+#if defined(CONFIG_TLS_MBEDTLS) \
+ || defined(CONFIG_TLS_OPENSSL) \
+ || defined(CONFIG_TLS_WOLFSSL)
+	wpa_printf(MSG_INFO, "Testing ECC");
+	/* Note: some tests below are valid on supported Short Weierstrass
+	 * curves, but not on Montgomery curves (e.g. IKE groups 31 and 32)
+	 * (e.g. deriving and comparing y^2 test below not valid on Montgomery)
+	 */
+#ifdef CONFIG_TLS_MBEDTLS
+	const int grps[] = {19, 20, 21, 25, 26, 28};
+#endif
+#ifdef CONFIG_TLS_OPENSSL
+	const int grps[] = {19, 20, 21, 26};
+#endif
+#ifdef CONFIG_TLS_WOLFSSL
+	const int grps[] = {19, 20, 21, 26};
+#endif
+	uint32_t i;
+	struct crypto_ec *e = NULL;
+	struct crypto_ec_point *p = NULL, *q = NULL;
+	struct crypto_bignum *x = NULL, *y = NULL;
+#ifdef CONFIG_DPP
+	u8 bin[4096];
+#endif
+	for (i = 0; i < ARRAY_SIZE(grps); ++i) {
+		e = crypto_ec_init(grps[i]);
+		if (e == NULL
+		    || crypto_ec_prime_len(e) == 0
+		    || crypto_ec_prime_len_bits(e) == 0
+		    || crypto_ec_order_len(e) == 0
+		    || crypto_ec_get_prime(e) == NULL
+		    || crypto_ec_get_order(e) == NULL
+		    || crypto_ec_get_a(e) == NULL
+		    || crypto_ec_get_b(e) == NULL
+		    || crypto_ec_get_generator(e) == NULL) {
+			break;
+		}
+#ifdef CONFIG_DPP
+		struct crypto_ec_key *key = crypto_ec_key_gen(grps[i]);
+		if (key == NULL)
+			break;
+		p = crypto_ec_key_get_public_key(key);
+		q = crypto_ec_key_get_public_key(key);
+		crypto_ec_key_deinit(key);
+		if (p == NULL || q == NULL)
+			break;
+		if (!crypto_ec_point_is_on_curve(e, p))
+			break;
+
+		/* inverted point should not match original;
+		 * double-invert should match */
+		if (crypto_ec_point_invert(e, q) != 0
+		    || crypto_ec_point_cmp(e, p, q) == 0
+		    || crypto_ec_point_invert(e, q) != 0
+		    || crypto_ec_point_cmp(e, p, q) != 0) {
+			break;
+		}
+
+		/* crypto_ec_point_to_bin() and crypto_ec_point_from_bin()
+		 * imbalanced interfaces? */
+		size_t prime_len = crypto_ec_prime_len(e);
+		if (prime_len * 2 > sizeof(bin))
+			break;
+		if (crypto_ec_point_to_bin(e, p, bin, bin+prime_len) != 0)
+			break;
+		struct crypto_ec_point *tmp = crypto_ec_point_from_bin(e, bin);
+		if (tmp == NULL)
+			break;
+		if (crypto_ec_point_cmp(e, p, tmp) != 0) {
+			crypto_ec_point_deinit(tmp, 0);
+			break;
+		}
+		crypto_ec_point_deinit(tmp, 0);
+
+		x = crypto_bignum_init();
+		y = crypto_bignum_init_set(bin+prime_len, prime_len);
+		if (x == NULL || y == NULL || crypto_ec_point_x(e, p, x) != 0)
+			break;
+		struct crypto_bignum *y2 = crypto_ec_point_compute_y_sqr(e, x);
+		if (y2 == NULL)
+			break;
+		if (crypto_bignum_sqrmod(y, crypto_ec_get_prime(e), y) != 0
+		    || crypto_bignum_cmp(y, y2) != 0) {
+			crypto_bignum_deinit(y2, 0);
+			break;
+		}
+		crypto_bignum_deinit(y2, 0);
+		crypto_bignum_deinit(x, 0);
+		crypto_bignum_deinit(y, 0);
+		x = NULL;
+		y = NULL;
+
+		x = crypto_bignum_init();
+		if (x == NULL)
+			break;
+		if (crypto_bignum_rand(x, crypto_ec_get_prime(e)) != 0)
+			break;
+		crypto_bignum_deinit(x, 0);
+		x = NULL;
+
+		crypto_ec_point_deinit(p, 0);
+		p = NULL;
+		crypto_ec_point_deinit(q, 0);
+		q = NULL;
+#endif /* CONFIG_DPP */
+		crypto_ec_deinit(e);
+		e = NULL;
+	}
+	if (i != ARRAY_SIZE(grps)) {
+		crypto_bignum_deinit(x, 0);
+		crypto_bignum_deinit(y, 0);
+		crypto_ec_point_deinit(p, 0);
+		crypto_ec_point_deinit(q, 0);
+		crypto_ec_deinit(e);
+		wpa_printf(MSG_INFO,
+		           "ECC test case failed tls_id:%d", grps[i]);
+		return -1;
+	}
+
+	wpa_printf(MSG_INFO, "ECC test cases passed");
+#endif
+#endif /* !CONFIG_TLS_GNUTLS */
+#endif /* !CONFIG_TLS_INTERNAL */
+#endif /* CONFIG_ECC */
+	return 0;
+}
+
+
 static int test_ms_funcs(void)
 {
 #ifndef CONFIG_FIPS
@@ -2590,6 +2723,7 @@ int crypto_module_tests(void)
 	    test_fips186_2_prf() ||
 	    test_extract_expand_hkdf() ||
 	    test_hpke() ||
+	    test_ecc() ||
 	    test_ms_funcs())
 		ret = -1;
 
--- a/src/tls/Makefile
+++ b/src/tls/Makefile
@@ -1,3 +1,10 @@
+LIB_OBJS= asn1.o
+
+ifneq ($(CONFIG_TLS),gnutls)
+ifneq ($(CONFIG_TLS),mbedtls)
+ifneq ($(CONFIG_TLS),openssl)
+ifneq ($(CONFIG_TLS),wolfssl)
+
 CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
 CFLAGS += -DCONFIG_CRYPTO_INTERNAL
 CFLAGS += -DCONFIG_TLSV11
@@ -21,5 +28,9 @@ LIB_OBJS= \
 	tlsv1_server_read.o \
 	tlsv1_server_write.o \
 	x509v3.o
+endif
+endif
+endif
+endif
 
 include ../lib.rules
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -1,8 +1,10 @@
-ALL=test-base64 test-md4 test-milenage \
-	test-rsa-sig-ver \
-	test-sha1 \
-	test-https test-https_server \
-	test-sha256 test-aes test-x509v3 test-list test-rc4
+RUN_TESTS= \
+	test-list \
+	test-md4 test-rc4 test-sha1 test-sha256 \
+	test-milenage test-aes \
+	test-crypto_module
+
+ALL=$(RUN_TESTS) test-base64 test-https test-https_server
 
 include ../src/build.rules
 
@@ -24,13 +26,27 @@ CFLAGS += -DCONFIG_IEEE80211R_AP
 CFLAGS += -DCONFIG_IEEE80211R
 CFLAGS += -DCONFIG_TDLS
 
+# test-crypto_module
+CFLAGS += -DCONFIG_MODULE_TESTS
+CFLAGS += -DCONFIG_DPP
+#CFLAGS += -DCONFIG_DPP2
+#CFLAGS += -DCONFIG_DPP3
+CFLAGS += -DCONFIG_ECC
+CFLAGS += -DCONFIG_HMAC_SHA256_KDF
+CFLAGS += -DCONFIG_HMAC_SHA384_KDF
+CFLAGS += -DCONFIG_MESH
+CFLAGS += -DCONFIG_SHA256
+CFLAGS += -DCONFIG_SHA384
+CFLAGS += -DEAP_PSK
+CFLAGS += -DEAP_FAST
+
 CFLAGS += -I../src
 CFLAGS += -I../src/utils
 
 SLIBS = ../src/utils/libutils.a
 
-DLIBS = ../src/crypto/libcrypto.a \
-	../src/tls/libtls.a
+DLIBS = ../src/tls/libtls.a \
+	../src/crypto/libcrypto.a
 
 _OBJS_VAR := LLIBS
 include ../src/objs.mk
@@ -42,12 +58,43 @@ include ../src/objs.mk
 LIBS = $(SLIBS) $(DLIBS)
 LLIBS = -Wl,--start-group $(DLIBS) -Wl,--end-group $(SLIBS)
 
+ifeq ($(CONFIG_TLS),mbedtls)
+CFLAGS += -DCONFIG_TLS_MBEDTLS
+LLIBS += -lmbedtls -lmbedx509 -lmbedcrypto
+else
+ifeq ($(CONFIG_TLS),openssl)
+CFLAGS += -DCONFIG_TLS_OPENSSL
+LLIBS += -lssl -lcrypto
+else
+ifeq ($(CONFIG_TLS),gnutls)
+CFLAGS += -DCONFIG_TLS_GNUTLS
+LLIBS += -lgnutls -lgpg-error -lgcrypt
+else
+ifeq ($(CONFIG_TLS),wolfssl)
+CFLAGS += -DCONFIG_TLS_WOLFSSL
+LLIBS += -lwolfssl -lm
+else
+CFLAGS += -DCONFIG_TLS_INTERNAL
+CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
+ALL += test-rsa-sig-ver
+ALL += test-x509v3
+clean-config_tls_internal:
+	rm -f test_x509v3_nist.out.*
+	rm -f test_x509v3_nist2.out.*
+endif
+endif
+endif
+endif
+
 # glibc < 2.17 needs -lrt for clock_gettime()
 LLIBS += -lrt
 
 test-aes: $(call BUILDOBJ,test-aes.o) $(LIBS)
 	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
 
+test-crypto_module: $(call BUILDOBJ,test-crypto_module.o) $(LIBS)
+	$(LDO) $(LDFLAGS) -o $@ $< $(LLIBS)
+
 test-base64: $(call BUILDOBJ,test-base64.o) $(LIBS)
 	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
 
@@ -83,17 +130,11 @@ test-x509v3: $(call BUILDOBJ,test-x509v3
 
 
 run-tests: $(ALL)
-	./test-aes
-	./test-list
-	./test-md4
-	./test-milenage
-	./test-rsa-sig-ver
-	./test-sha1
-	./test-sha256
+	@set -ex; for i in $(RUN_TESTS); do ./$$i; done
 	@echo
 	@echo All tests completed successfully.
 
-clean: common-clean
+clean: common-clean clean-config_tls_internal
 	rm -f *~
-	rm -f test_x509v3_nist.out.*
-	rm -f test_x509v3_nist2.out.*
+
+.PHONY: run-tests clean-config_tls_internal
--- a/tests/hwsim/example-hostapd.config
+++ b/tests/hwsim/example-hostapd.config
@@ -34,15 +34,7 @@ CONFIG_EAP_TNC=y
 CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
 LIBS += -rdynamic
 CONFIG_EAP_UNAUTH_TLS=y
-ifeq ($(CONFIG_TLS), openssl)
-CONFIG_EAP_PWD=y
-endif
-ifeq ($(CONFIG_TLS), wolfssl)
-CONFIG_EAP_PWD=y
-endif
-ifeq ($(CONFIG_TLS), mbedtls)
-CONFIG_EAP_PWD=y
-endif
+CONFIG_EAP_PWD=$(if $(filter openssl wolfssl mbedtls,$(CONFIG_TLS)),y,)
 CONFIG_EAP_EKE=y
 CONFIG_PKCS12=y
 CONFIG_RADIUS_SERVER=y
@@ -89,6 +81,7 @@ CFLAGS += -DCONFIG_RADIUS_TEST
 CONFIG_MODULE_TESTS=y
 
 CONFIG_SUITEB=y
+CONFIG_SUITEB192=$(if $(filter openssl mbedtls,$(CONFIG_TLS)),y,)
 
 # AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
 # This can be used as a more efficient memory error detector than valgrind
--- a/tests/hwsim/example-wpa_supplicant.config
+++ b/tests/hwsim/example-wpa_supplicant.config
@@ -35,16 +35,7 @@ LIBS += -rdynamic
 CONFIG_EAP_FAST=y
 CONFIG_EAP_TEAP=y
 CONFIG_EAP_IKEV2=y
-
-ifeq ($(CONFIG_TLS), openssl)
-CONFIG_EAP_PWD=y
-endif
-ifeq ($(CONFIG_TLS), wolfssl)
-CONFIG_EAP_PWD=y
-endif
-ifeq ($(CONFIG_TLS), mbedtls)
-CONFIG_EAP_PWD=y
-endif
+CONFIG_EAP_PWD=$(if $(filter openssl wolfssl mbedtls,$(CONFIG_TLS)),y,)
 
 CONFIG_USIM_SIMULATOR=y
 CONFIG_SIM_SIMULATOR=y
@@ -137,6 +128,7 @@ CONFIG_TESTING_OPTIONS=y
 CONFIG_MODULE_TESTS=y
 
 CONFIG_SUITEB=y
+CONFIG_SUITEB192=$(if $(filter openssl mbedtls,$(CONFIG_TLS)),y,)
 
 # AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
 # This can be used as a more efficient memory error detector than valgrind
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -42,20 +42,42 @@ def check_eap_capa(dev, method):
     res = dev.get_capability("eap")
     if method not in res:
         raise HwsimSkip("EAP method %s not supported in the build" % method)
+    if method == "FAST" or method == "TEAP":
+        tls = dev.request("GET tls_library")
+        if tls.startswith("mbed TLS"):
+            raise HwsimSkip("EAP-%s not supported with this TLS library: " % method + tls)
 
 def check_subject_match_support(dev):
     tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"):
+    if tls.startswith("OpenSSL"):
+        return
+    elif tls.startswith("wolfSSL"):
+        return
+    elif tls.startswith("mbed TLS"):
+        return
+    else:
         raise HwsimSkip("subject_match not supported with this TLS library: " + tls)
 
 def check_check_cert_subject_support(dev):
     tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"):
+    if tls.startswith("OpenSSL"):
+        return
+    elif tls.startswith("wolfSSL"):
+        return
+    elif tls.startswith("mbed TLS"):
+        return
+    else:
         raise HwsimSkip("check_cert_subject not supported with this TLS library: " + tls)
 
 def check_altsubject_match_support(dev):
     tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"):
+    if tls.startswith("OpenSSL"):
+        return
+    elif tls.startswith("wolfSSL"):
+        return
+    elif tls.startswith("mbed TLS"):
+        return
+    else:
         raise HwsimSkip("altsubject_match not supported with this TLS library: " + tls)
 
 def check_domain_match(dev):
@@ -70,7 +92,13 @@ def check_domain_suffix_match(dev):
 
 def check_domain_match_full(dev):
     tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"):
+    if tls.startswith("OpenSSL"):
+        return
+    elif tls.startswith("wolfSSL"):
+        return
+    elif tls.startswith("mbed TLS"):
+        return
+    else:
         raise HwsimSkip("domain_suffix_match requires full match with this TLS library: " + tls)
 
 def check_cert_probe_support(dev):
@@ -79,8 +107,15 @@ def check_cert_probe_support(dev):
         raise HwsimSkip("Certificate probing not supported with this TLS library: " + tls)
 
 def check_ext_cert_check_support(dev):
+    if not openssl_imported:
+        raise HwsimSkip("OpenSSL python method not available")
+
     tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
+    if tls.startswith("OpenSSL"):
+        return
+    elif tls.startswith("mbed TLS"):
+        return
+    else:
         raise HwsimSkip("ext_cert_check not supported with this TLS library: " + tls)
 
 def check_ocsp_support(dev):
@@ -91,14 +126,18 @@ def check_ocsp_support(dev):
     #    raise HwsimSkip("OCSP not supported with this TLS library: " + tls)
     #if tls.startswith("wolfSSL"):
     #    raise HwsimSkip("OCSP not supported with this TLS library: " + tls)
+    if tls.startswith("mbed TLS"):
+        raise HwsimSkip("OCSP not supported with this TLS library: " + tls)
 
 def check_pkcs5_v15_support(dev):
     tls = dev.request("GET tls_library")
-    if "BoringSSL" in tls or "GnuTLS" in tls:
+    if "BoringSSL" in tls or "GnuTLS" in tls or "mbed TLS" in tls:
         raise HwsimSkip("PKCS#5 v1.5 not supported with this TLS library: " + tls)
 
 def check_tls13_support(dev):
     tls = dev.request("GET tls_library")
+    if tls.startswith("mbed TLS"):
+        raise HwsimSkip("TLS v1.3 not supported")
     if "run=OpenSSL 1.1.1" not in tls and "run=OpenSSL 3.0" not in tls and "wolfSSL" not in tls:
         raise HwsimSkip("TLS v1.3 not supported")
 
@@ -118,11 +157,15 @@ def check_pkcs12_support(dev):
     #    raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls)
     if tls.startswith("wolfSSL"):
         raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls)
+    if tls.startswith("mbed TLS"):
+        raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls)
 
 def check_dh_dsa_support(dev):
     tls = dev.request("GET tls_library")
     if tls.startswith("internal"):
         raise HwsimSkip("DH DSA not supported with this TLS library: " + tls)
+    if tls.startswith("mbed TLS"):
+        raise HwsimSkip("DH DSA not supported with this TLS library: " + tls)
 
 def check_ec_support(dev):
     tls = dev.request("GET tls_library")
@@ -1595,7 +1638,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma
     eap_connect(dev[0], hapd, "TTLS", "pap user",
                 anonymous_identity="ttls", password="password",
                 ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
-                subject_match="/C=FI/O=w1.fi/CN=server.w1.fi",
+                check_cert_subject="/C=FI/O=w1.fi/CN=server.w1.fi",
                 altsubject_match="EMAIL:noone@example.com;DNS:server.w1.fi;URI:http://example.com/")
     eap_reauth(dev[0], "TTLS")
 
@@ -2830,6 +2873,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc
 
 def test_ap_wpa2_eap_tls_neg_subject_match(dev, apdev):
     """WPA2-Enterprise negative test - subject mismatch"""
+    check_subject_match_support(dev[0])
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hostapd.add_ap(apdev[0], params)
     dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
@@ -2890,6 +2934,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat
 
 def test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev):
     """WPA2-Enterprise negative test - altsubject mismatch"""
+    check_altsubject_match_support(dev[0])
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hostapd.add_ap(apdev[0], params)
 
@@ -3430,7 +3475,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde
             dev[0].request("REMOVE_NETWORK all")
 
     tls = dev[0].request("GET tls_library")
-    if not tls.startswith("wolfSSL"):
+    if not tls.startswith("wolfSSL") and not tls.startswith("mbed TLS"):
         tests = [(1, "os_get_random;dh_init")]
     else:
         tests = [(1, "crypto_dh_init;dh_init")]
@@ -4744,7 +4789,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
     params["private_key"] = "auth_serv/iCA-server/server.key"
     hostapd.add_ap(apdev[0], params)
     tls = dev[0].request("GET tls_library")
-    if "GnuTLS" in tls or "wolfSSL" in tls:
+    if "GnuTLS" in tls or "wolfSSL" in tls or "mbed TLS" in tls:
         ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
         client_cert = "auth_serv/iCA-user/user_and_ica.pem"
     else:
@@ -4810,6 +4855,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
     run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, "-sha1")
 
 def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md):
+    check_ocsp_support(dev[0])
     params = int_eap_server_params()
     params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
     params["server_cert"] = "auth_serv/iCA-server/server.pem"
@@ -4819,7 +4865,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
     try:
         hostapd.add_ap(apdev[0], params)
         tls = dev[0].request("GET tls_library")
-        if "GnuTLS" in tls or "wolfSSL" in tls:
+        if "GnuTLS" in tls or "wolfSSL" in tls or "mbed TLS" in tls:
             ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
             client_cert = "auth_serv/iCA-user/user_and_ica.pem"
         else:
@@ -4855,7 +4901,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
     try:
         hostapd.add_ap(apdev[0], params)
         tls = dev[0].request("GET tls_library")
-        if "GnuTLS" in tls or "wolfSSL" in tls:
+        if "GnuTLS" in tls or "wolfSSL" in tls or "mbed TLS" in tls:
             ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
             client_cert = "auth_serv/iCA-user/user_and_ica.pem"
         else:
@@ -4905,7 +4951,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
     try:
         hostapd.add_ap(apdev[0], params)
         tls = dev[0].request("GET tls_library")
-        if "GnuTLS" in tls or "wolfSSL" in tls:
+        if "GnuTLS" in tls or "wolfSSL" in tls or "mbed TLS" in tls:
             ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
             client_cert = "auth_serv/iCA-user/user_and_ica.pem"
         else:
@@ -4972,7 +5018,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
 
         hostapd.add_ap(apdev[0], params)
         tls = dev[0].request("GET tls_library")
-        if "GnuTLS" in tls or "wolfSSL" in tls:
+        if "GnuTLS" in tls or "wolfSSL" in tls or "mbed TLS" in tls:
             ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
             client_cert = "auth_serv/iCA-user/user_and_ica.pem"
         else:
@@ -5230,6 +5276,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek
 
 def test_ap_wpa2_eap_ttls_server_pkcs12(dev, apdev):
     """WPA2-Enterprise using EAP-TTLS and server PKCS#12 file"""
+    check_pkcs12_support(dev[0])
     skip_with_fips(dev[0])
     params = int_eap_server_params()
     del params["server_cert"]
@@ -5242,6 +5289,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12(
 
 def test_ap_wpa2_eap_ttls_server_pkcs12_extra(dev, apdev):
     """EAP-TTLS and server PKCS#12 file with extra certs"""
+    check_pkcs12_support(dev[0])
     skip_with_fips(dev[0])
     params = int_eap_server_params()
     del params["server_cert"]
@@ -5264,6 +5312,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv
 
 def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev):
     """WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)"""
+    check_dh_dsa_support(dev[0])
     params = int_eap_server_params()
     params["dh_file"] = "auth_serv/dsaparam.pem"
     hapd = hostapd.add_ap(apdev[0], params)
@@ -5575,8 +5624,8 @@ def test_ap_wpa2_eap_non_ascii_identity2
 def test_openssl_cipher_suite_config_wpas(dev, apdev):
     """OpenSSL cipher suite configuration on wpa_supplicant"""
     tls = dev[0].request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("TLS library is not OpenSSL: " + tls)
+    if not tls.startswith("OpenSSL") and not tls.startswith("mbed TLS"):
+        raise HwsimSkip("TLS library is not OpenSSL or mbed TLS: " + tls)
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0], params)
     eap_connect(dev[0], hapd, "TTLS", "pap user",
@@ -5602,14 +5651,14 @@ def test_openssl_cipher_suite_config_wpa
 def test_openssl_cipher_suite_config_hapd(dev, apdev):
     """OpenSSL cipher suite configuration on hostapd"""
     tls = dev[0].request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("wpa_supplicant TLS library is not OpenSSL: " + tls)
+    if not tls.startswith("OpenSSL") and not tls.startswith("mbed TLS"):
+        raise HwsimSkip("wpa_supplicant TLS library is not OpenSSL or mbed TLS: " + tls)
     params = int_eap_server_params()
     params['openssl_ciphers'] = "AES256"
     hapd = hostapd.add_ap(apdev[0], params)
     tls = hapd.request("GET tls_library")
-    if not tls.startswith("OpenSSL"):
-        raise HwsimSkip("hostapd TLS library is not OpenSSL: " + tls)
+    if not tls.startswith("OpenSSL") and not tls.startswith("mbed TLS"):
+        raise HwsimSkip("hostapd TLS library is not OpenSSL or mbed TLS: " + tls)
     eap_connect(dev[0], hapd, "TTLS", "pap user",
                 anonymous_identity="ttls", password="password",
                 ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
@@ -6051,13 +6100,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a
             check_tls_ver(dev[0], hapd,
                           "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1",
                           "TLSv1.2")
-    elif tls.startswith("internal"):
+    elif tls.startswith("internal") or tls.startswith("mbed TLS"):
         check_tls_ver(dev[0], hapd,
                       "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1", "TLSv1.2")
-    check_tls_ver(dev[1], hapd,
-                  "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1")
-    check_tls_ver(dev[2], hapd,
-                  "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
+    if tls.startswith("mbed TLS"):
+        check_tls_ver(dev[2], hapd,
+                      "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1.0")
+    else:
+        check_tls_ver(dev[1], hapd,
+                      "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1")
+        check_tls_ver(dev[2], hapd,
+                      "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
     if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls:
         check_tls_ver(dev[0], hapd,
                       "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
@@ -6079,6 +6132,11 @@ def test_ap_wpa2_eap_tls_versions_server
     tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
              ("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
              ("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")]
+    tls = dev[0].request("GET tls_library")
+    if tls.startswith("mbed TLS"):
+        tests = [#("TLSv1.0", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
+                 #("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
+                 ("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")]
     for exp, flags in tests:
         hapd.disable()
         hapd.set("tls_flags", flags)
@@ -7115,6 +7173,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde
 def test_eap_tls_ext_cert_check(dev, apdev):
     """EAP-TLS and external server certification validation"""
     # With internal server certificate chain validation
+    check_ext_cert_check_support(dev[0])
     id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
                         identity="tls user",
                         ca_cert="auth_serv/ca.pem",
@@ -7127,6 +7186,7 @@ def test_eap_tls_ext_cert_check(dev, apd
 def test_eap_ttls_ext_cert_check(dev, apdev):
     """EAP-TTLS and external server certification validation"""
     # Without internal server certificate chain validation
+    check_ext_cert_check_support(dev[0])
     id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                         identity="pap user", anonymous_identity="ttls",
                         password="password", phase2="auth=PAP",
@@ -7137,6 +7197,7 @@ def test_eap_ttls_ext_cert_check(dev, ap
 def test_eap_peap_ext_cert_check(dev, apdev):
     """EAP-PEAP and external server certification validation"""
     # With internal server certificate chain validation
+    check_ext_cert_check_support(dev[0])
     id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
                         identity="user", anonymous_identity="peap",
                         ca_cert="auth_serv/ca.pem",
@@ -7147,6 +7208,7 @@ def test_eap_peap_ext_cert_check(dev, ap
 
 def test_eap_fast_ext_cert_check(dev, apdev):
     """EAP-FAST and external server certification validation"""
+    check_ext_cert_check_support(dev[0])
     check_eap_capa(dev[0], "FAST")
     # With internal server certificate chain validation
     dev[0].request("SET blob fast_pac_auth_ext ")
@@ -7161,10 +7223,6 @@ def test_eap_fast_ext_cert_check(dev, ap
     run_ext_cert_check(dev, apdev, id)
 
 def run_ext_cert_check(dev, apdev, net_id):
-    check_ext_cert_check_support(dev[0])
-    if not openssl_imported:
-        raise HwsimSkip("OpenSSL python method not available")
-
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0], params)
 
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
@@ -2471,11 +2471,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
         # This will fail to roam
         dev[0].roam(bssid1, check_bssid=False)
 
-    with fail_test(hapd1, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
+    with fail_test(hapd1, 1, "sha256_prf;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
         # This will fail to roam
         dev[0].roam(bssid1, check_bssid=False)
 
-    with fail_test(hapd1, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
+    with fail_test(hapd1, 2, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
         # This will fail to roam
         dev[0].roam(bssid1, check_bssid=False)
 
--- a/tests/hwsim/test_authsrv.py
+++ b/tests/hwsim/test_authsrv.py
@@ -156,9 +156,12 @@ def test_authsrv_oom(dev, apdev):
         if "FAIL" not in authsrv.request("ENABLE"):
             raise Exception("ENABLE succeeded during OOM")
 
-    with alloc_fail(authsrv, 1, "tls_init;authsrv_init"):
-        if "FAIL" not in authsrv.request("ENABLE"):
-            raise Exception("ENABLE succeeded during OOM")
+    # tls_mbedtls.c:tls_init() does not alloc memory (no alloc fail trigger)
+    tls = dev[0].request("GET tls_library")
+    if not tls.startswith("mbed TLS"):
+        with alloc_fail(authsrv, 1, "tls_init;authsrv_init"):
+            if "FAIL" not in authsrv.request("ENABLE"):
+                raise Exception("ENABLE succeeded during OOM")
 
     for count in range(1, 3):
         with alloc_fail(authsrv, count, "eap_sim_db_init;authsrv_init"):
--- a/tests/hwsim/test_dpp.py
+++ b/tests/hwsim/test_dpp.py
@@ -39,7 +39,8 @@ def check_dpp_capab(dev, brainpool=False
         raise HwsimSkip("DPP not supported")
     if brainpool:
         tls = dev.request("GET tls_library")
-        if (not tls.startswith("OpenSSL") or "run=BoringSSL" in tls) and not tls.startswith("wolfSSL"):
+        if (not tls.startswith("OpenSSL") or "run=BoringSSL" in tls) and not tls.startswith("wolfSSL") \
+                                                                     and not tls.startswith("mbed TLS"):
             raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
     capa = dev.request("GET_CAPABILITY dpp")
     ver = 1
@@ -3892,6 +3893,9 @@ def test_dpp_proto_auth_req_no_i_proto_k
 
 def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
     """DPP protocol testing - invalid I-proto key in Auth Req"""
+    tls = dev[0].request("GET tls_library")
+    if tls.startswith("mbed TLS"):
+        raise HwsimSkip("mbed TLS crypto_ecdh_set_peerkey() properly detects invalid key; no response")
     run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
 
 def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
@@ -3987,7 +3991,12 @@ def test_dpp_proto_auth_resp_no_r_proto_
 
 def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
     """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
-    run_dpp_proto_auth_resp_missing(dev, 67, "Invalid Responder Protocol Key")
+    tls = dev[0].request("GET tls_library")
+    if tls.startswith("mbed TLS"):
+        # mbed TLS crypto_ecdh_set_peerkey() properly detects invalid key
+        run_dpp_proto_auth_resp_missing(dev, 67, "Failed to derive ECDH shared secret")
+    else:
+        run_dpp_proto_auth_resp_missing(dev, 67, "Invalid Responder Protocol Key")
 
 def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
     """DPP protocol testing - no R-nonce in Auth Resp"""
@@ -4349,11 +4358,17 @@ def test_dpp_proto_pkex_exchange_resp_in
 
 def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
     """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
+    tls = dev[0].request("GET tls_library")
+    if tls.startswith("mbed TLS"):
+        raise HwsimSkip("mbed TLS crypto_ecdh_set_peerkey() properly detects invalid key; no response")
     run_dpp_proto_pkex_req_missing(dev, 47,
                                    "Peer bootstrapping key is invalid")
 
 def test_dpp_proto_pkex_cr_resp_invalid_bootstrap_key(dev, apdev):
     """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Response"""
+    tls = dev[0].request("GET tls_library")
+    if tls.startswith("mbed TLS"):
+        raise HwsimSkip("mbed TLS crypto_ecdh_set_peerkey() properly detects invalid key; no response")
     run_dpp_proto_pkex_resp_missing(dev, 48,
                                     "Peer bootstrapping key is invalid")
 
--- a/tests/hwsim/test_erp.py
+++ b/tests/hwsim/test_erp.py
@@ -12,7 +12,7 @@ import time
 
 import hostapd
 from utils import *
-from test_ap_eap import int_eap_server_params, check_tls13_support
+from test_ap_eap import int_eap_server_params, check_tls13_support, check_eap_capa
 from test_ap_psk import find_wpas_process, read_process_memory, verify_not_present, get_key_locations
 
 def test_erp_initiate_reauth_start(dev, apdev):
@@ -276,6 +276,7 @@ def test_erp_radius_eap_methods(dev, apd
     params['erp_domain'] = 'example.com'
     params['disable_pmksa_caching'] = '1'
     hapd = hostapd.add_ap(apdev[0], params)
+    tls = dev[0].request("GET tls_library")
 
     erp_test(dev[0], hapd, eap="AKA", identity="0232010000000000@example.com",
              password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
@@ -289,7 +290,7 @@ def test_erp_radius_eap_methods(dev, apd
              password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
     erp_test(dev[0], hapd, eap="EKE", identity="erp-eke@example.com",
              password="hello")
-    if "FAST" in eap_methods:
+    if "FAST" in eap_methods and check_eap_capa(dev[0], "FAST"):
         erp_test(dev[0], hapd, eap="FAST", identity="erp-fast@example.com",
                  password="password", ca_cert="auth_serv/ca.pem",
                  phase2="auth=GTC",
@@ -301,13 +302,14 @@ def test_erp_radius_eap_methods(dev, apd
              password="password")
     erp_test(dev[0], hapd, eap="PAX", identity="erp-pax@example.com",
              password_hex="0123456789abcdef0123456789abcdef")
-    if "MSCHAPV2" in eap_methods:
+    if "MSCHAPV2" in eap_methods and check_eap_capa(dev[0], "MSCHAPV2"):
         erp_test(dev[0], hapd, eap="PEAP", identity="erp-peap@example.com",
                  password="password", ca_cert="auth_serv/ca.pem",
                  phase2="auth=MSCHAPV2")
-        erp_test(dev[0], hapd, eap="TEAP", identity="erp-teap@example.com",
-                 password="password", ca_cert="auth_serv/ca.pem",
-                 phase2="auth=MSCHAPV2", pac_file="blob://teap_pac")
+        if check_eap_capa(dev[0], "TEAP"):
+            erp_test(dev[0], hapd, eap="TEAP", identity="erp-teap@example.com",
+                     password="password", ca_cert="auth_serv/ca.pem",
+                     phase2="auth=MSCHAPV2", pac_file="blob://teap_pac")
     erp_test(dev[0], hapd, eap="PSK", identity="erp-psk@example.com",
              password_hex="0123456789abcdef0123456789abcdef")
     if "PWD" in eap_methods:
@@ -640,7 +642,7 @@ def test_erp_local_errors(dev, apdev):
         dev[0].request("REMOVE_NETWORK all")
         dev[0].wait_disconnected()
 
-    for count in range(1, 6):
+    for count in range(1, 4):
         dev[0].request("ERP_FLUSH")
         with fail_test(dev[0], count, "hmac_sha256_kdf;eap_peer_erp_init"):
             dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
--- a/tests/hwsim/test_fils.py
+++ b/tests/hwsim/test_fils.py
@@ -1422,7 +1422,10 @@ def run_fils_sk_pfs(dev, apdev, group, p
     check_erp_capa(dev[0])
 
     tls = dev[0].request("GET tls_library")
-    if not tls.startswith("wolfSSL"):
+    if tls.startswith("mbed TLS"):
+        if int(group) == 27:
+            raise HwsimSkip("Brainpool EC group 27 not supported by mbed TLS")
+    elif not tls.startswith("wolfSSL"):
         if int(group) in [25]:
             if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
                 raise HwsimSkip("EC group not supported")
--- a/tests/hwsim/test_pmksa_cache.py
+++ b/tests/hwsim/test_pmksa_cache.py
@@ -955,7 +955,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
     eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
                 password_hex="0123456789abcdef0123456789abcdef",
                 bssid=apdev[0]['bssid'])
-    for i in range(1, 11):
+    for i in range(1, 10):
         with alloc_fail(dev[0], i, "rsn_preauth_init"):
             res = dev[0].request("PREAUTH f2:11:22:33:44:55").strip()
             logger.info("Iteration %d - PREAUTH command results: %s" % (i, res))
@@ -963,7 +963,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
                 state = dev[0].request('GET_ALLOC_FAIL')
                 if state.startswith('0:'):
                     break
-                time.sleep(0.05)
+                time.sleep(0.10)
 
 def test_pmksa_cache_ctrl(dev, apdev):
     """PMKSA cache control interface operations"""
--- a/tests/hwsim/test_sae.py
+++ b/tests/hwsim/test_sae.py
@@ -177,6 +177,11 @@ def test_sae_groups(dev, apdev):
     if tls.startswith("OpenSSL") and "run=OpenSSL 1." in tls:
         logger.info("Add Brainpool EC groups since OpenSSL is new enough")
         sae_groups += [27, 28, 29, 30]
+    if tls.startswith("mbed TLS"):
+        # secp224k1 and secp224r1 (26) have prime p = 1 mod 4, and mbedtls
+        # does not have code to derive y from compressed format for those curves
+        sae_groups = [19, 25, 20, 21, 1, 2, 5, 14, 15, 16, 22, 23, 24]
+        sae_groups += [27, 28, 29, 30]
     heavy_groups = [14, 15, 16]
     suitable_groups = [15, 16, 17, 18, 19, 20, 21]
     groups = [str(g) for g in sae_groups]
@@ -2188,6 +2193,8 @@ def run_sae_pwe_group(dev, apdev, group)
             logger.info("Add Brainpool EC groups since OpenSSL is new enough")
         elif tls.startswith("wolfSSL"):
             logger.info("Make sure Brainpool EC groups were enabled when compiling wolfSSL")
+        elif tls.startswith("mbed TLS"):
+            logger.info("Make sure Brainpool EC groups were enabled when compiling mbed TLS")
         else:
             raise HwsimSkip("Brainpool curve not supported")
     start_sae_pwe_ap(apdev[0], group, 2)
--- a/tests/hwsim/test_suite_b.py
+++ b/tests/hwsim/test_suite_b.py
@@ -27,6 +27,8 @@ def check_suite_b_tls_lib(dev, dhe=False
         return
     if tls.startswith("wolfSSL"):
         return
+    if tls.startswith("mbed TLS"):
+        return
     if not tls.startswith("OpenSSL"):
         raise HwsimSkip("TLS library not supported for Suite B: " + tls)
     supported = False
@@ -520,6 +522,7 @@ def test_suite_b_192_rsa_insufficient_dh
 
     dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
                    ieee80211w="2",
+                   openssl_ciphers="DHE-RSA-AES256-GCM-SHA384",
                    phase1="tls_suiteb=1",
                    eap="TLS", identity="tls user",
                    ca_cert="auth_serv/rsa3072-ca.pem",
--- a/tests/hwsim/test_wpas_ctrl.py
+++ b/tests/hwsim/test_wpas_ctrl.py
@@ -1842,7 +1842,7 @@ def _test_wpas_ctrl_oom(dev):
     tls = dev[0].request("GET tls_library")
     if not tls.startswith("internal"):
         tests.append(('NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG', 'FAIL',
-                      4, 'wpas_ctrl_nfc_get_handover_sel_p2p'))
+                      3, 'wpas_ctrl_nfc_get_handover_sel_p2p'))
     for cmd, exp, count, func in tests:
         with alloc_fail(dev[0], count, func):
             res = dev[0].request(cmd)
--- a/tests/hwsim/utils.py
+++ b/tests/hwsim/utils.py
@@ -141,7 +141,13 @@ def check_imsi_privacy_support(dev):
 
 def check_tls_tod(dev):
     tls = dev.request("GET tls_library")
-    if not tls.startswith("OpenSSL") and not tls.startswith("internal"):
+    if tls.startswith("OpenSSL"):
+        return
+    elif tls.startswith("internal"):
+        return
+    elif tls.startswith("mbed TLS"):
+        return
+    else:
         raise HwsimSkip("TLS TOD-TOFU/STRICT not supported with this TLS library: " + tls)
 
 def vht_supported():
--- /dev/null
+++ b/tests/test-crypto_module.c
@@ -0,0 +1,16 @@
+/*
+ * crypto module tests - test program
+ * Copyright (c) 2022, Glenn Strauss <gstrauss@gluelogic.com>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#include "utils/module_tests.h"
+#include "crypto/crypto_module_tests.c"
+
+int main(int argc, char *argv[])
+{
+	return crypto_module_tests();
+}
--- a/tests/test-https.c
+++ b/tests/test-https.c
@@ -75,7 +75,7 @@ static int https_client(int s, const cha
 	struct tls_connection *conn;
 	struct wpabuf *in, *out, *appl;
 	int res = -1;
-	int need_more_data;
+	int need_more_data = 0;
 
 	os_memset(&conf, 0, sizeof(conf));
 	conf.event_cb = https_tls_event_cb;
@@ -93,8 +93,12 @@ static int https_client(int s, const cha
 
 	for (;;) {
 		appl = NULL;
+#ifdef CONFIG_TLS_INTERNAL_SERVER
 		out = tls_connection_handshake2(tls, conn, in, &appl,
 						&need_more_data);
+#else
+		out = tls_connection_handshake(tls, conn, in, &appl);
+#endif
 		wpabuf_free(in);
 		in = NULL;
 		if (out == NULL) {
@@ -152,11 +156,15 @@ static int https_client(int s, const cha
 
 	wpa_printf(MSG_INFO, "Reading HTTP response");
 	for (;;) {
-		int need_more_data;
+		int need_more_data = 0;
 		in = https_recv(s);
 		if (in == NULL)
 			goto done;
+#ifdef CONFIG_TLS_INTERNAL_SERVER
 		out = tls_connection_decrypt2(tls, conn, in, &need_more_data);
+#else
+		out = tls_connection_decrypt(tls, conn, in);
+#endif
 		if (need_more_data)
 			wpa_printf(MSG_DEBUG, "HTTP: Need more data");
 		wpabuf_free(in);
--- a/tests/test-https_server.c
+++ b/tests/test-https_server.c
@@ -67,10 +67,12 @@ static struct wpabuf * https_recv(int s,
 }
 
 
+#ifdef CONFIG_TLS_INTERNAL_SERVER
 static void https_tls_log_cb(void *ctx, const char *msg)
 {
 	wpa_printf(MSG_DEBUG, "TLS: %s", msg);
 }
+#endif
 
 
 static int https_server(int s)
@@ -79,7 +81,7 @@ static int https_server(int s)
 	void *tls;
 	struct tls_connection_params params;
 	struct tls_connection *conn;
-	struct wpabuf *in, *out, *appl;
+	struct wpabuf *in = NULL, *out = NULL, *appl = NULL;
 	int res = -1;
 
 	os_memset(&conf, 0, sizeof(conf));
@@ -106,7 +108,9 @@ static int https_server(int s)
 		return -1;
 	}
 
+#ifdef CONFIG_TLS_INTERNAL_SERVER
 	tls_connection_set_log_cb(conn, https_tls_log_cb, NULL);
+#endif
 
 	for (;;) {
 		in = https_recv(s, 5000);
@@ -147,12 +151,16 @@ static int https_server(int s)
 
 	wpa_printf(MSG_INFO, "Reading HTTP request");
 	for (;;) {
-		int need_more_data;
+		int need_more_data = 0;
 
 		in = https_recv(s, 5000);
 		if (!in)
 			goto done;
+#ifdef CONFIG_TLS_INTERNAL_SERVER
 		out = tls_connection_decrypt2(tls, conn, in, &need_more_data);
+#else
+		out = tls_connection_decrypt(tls, conn, in);
+#endif
 		wpabuf_free(in);
 		in = NULL;
 		if (need_more_data) {
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -1122,6 +1122,7 @@ CFLAGS += -DCONFIG_TLSV12
 endif
 
 ifeq ($(CONFIG_TLS), wolfssl)
+CFLAGS += -DCONFIG_TLS_WOLFSSL
 ifdef TLS_FUNCS
 CFLAGS += -DWOLFSSL_DER_LOAD
 OBJS += ../src/crypto/tls_wolfssl.o
@@ -1137,6 +1138,7 @@ LIBS_p += -lwolfssl -lm
 endif
 
 ifeq ($(CONFIG_TLS), openssl)
+CFLAGS += -DCONFIG_TLS_OPENSSL
 CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
 ifdef TLS_FUNCS
 CFLAGS += -DEAP_TLS_OPENSSL
@@ -1164,6 +1166,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
 endif
 
 ifeq ($(CONFIG_TLS), mbedtls)
+CFLAGS += -DCONFIG_TLS_MBEDTLS
 ifndef CONFIG_CRYPTO
 CONFIG_CRYPTO=mbedtls
 endif
@@ -1183,6 +1186,7 @@ endif
 endif
 
 ifeq ($(CONFIG_TLS), gnutls)
+CFLAGS += -DCONFIG_TLS_GNUTLS
 ifndef CONFIG_CRYPTO
 # default to libgcrypt
 CONFIG_CRYPTO=gnutls
@@ -1213,6 +1217,7 @@ endif
 endif
 
 ifeq ($(CONFIG_TLS), internal)
+CFLAGS += -DCONFIG_TLS_INTERNAL
 ifndef CONFIG_CRYPTO
 CONFIG_CRYPTO=internal
 endif
@@ -1293,6 +1298,7 @@ endif
 endif
 
 ifeq ($(CONFIG_TLS), linux)
+CFLAGS += -DCONFIG_TLS_INTERNAL
 OBJS += ../src/crypto/crypto_linux.o
 OBJS_p += ../src/crypto/crypto_linux.o
 ifdef TLS_FUNCS