Merge pull request #9703 from valeriosetti/fix-9690-workarounds
Revert & fix #9690 workarounds
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b6fcd68..46d06c2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -150,7 +150,7 @@
find_package(Threads)
# If this is the root project add longer list of available CMAKE_BUILD_TYPE values
-if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR)
+if(NOT MBEDTLS_AS_SUBPROJECT)
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg"
FORCE)
@@ -324,10 +324,6 @@
endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
-if(LIB_INSTALL_DIR)
- set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
-endif()
-
if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
endif()
diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt
new file mode 100644
index 0000000..d61ba19
--- /dev/null
+++ b/ChangeLog.d/9302.txt
@@ -0,0 +1,6 @@
+Features
+ * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which
+ uses static storage for keys, enabling malloc-less use of key slots.
+ The size of each buffer is given by the option
+ MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the
+ largest PSA key enabled in the build.
diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
new file mode 100644
index 0000000..213cf55
--- /dev/null
+++ b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
+ and 'mbedtls_net_connect' to prevent possible double close fd
+ problems. Fixes #9711.
diff --git a/framework b/framework
index 1de0641..d68446c 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 1de0641e789d3c38b3ce99d7922002992cbe816c
+Subproject commit d68446c9da02e536279a7aaa5a3c9850742ba30c
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 20b0ed6..a710208 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -694,6 +694,11 @@
#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
#endif
+#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) && \
+ defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+#error "MBEDTLS_PSA_KEY_STORE_DYNAMIC and MBEDTLS_PSA_STATIC_KEY_SLOTS cannot be defined simultaneously"
+#endif
+
#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
!defined(MBEDTLS_FS_IO)
#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 80009c0..02dc8fd 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3067,6 +3067,26 @@
#define MBEDTLS_PSA_ITS_FILE_C
/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOTS
+ *
+ * Statically preallocate memory to store keys' material in PSA instead
+ * of allocating it dynamically when required. This allows builds without a
+ * heap, if none of the enabled cryptographic implementations or other features
+ * require it.
+ * This feature affects both volatile and persistent keys which means that
+ * it's not possible to persistently store a key which is larger than
+ * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE.
+ *
+ * \note This feature comes with a (potentially) higher RAM usage since:
+ * - All the key slots are allocated no matter if they are used or not.
+ * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOTS
+
+/**
* \def MBEDTLS_RIPEMD160_C
*
* Enable the RIPEMD-160 hash algorithm.
@@ -3867,6 +3887,19 @@
*/
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+ *
+ * Define the size (in bytes) of each static key buffer when
+ * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not
+ * explicitly defined then it's automatically guessed from available PSA keys
+ * enabled in the build through PSA_WANT_xxx symbols.
+ * If required by the application this parameter can be set to higher values
+ * in order to store larger objects (ex: raw keys), but please note that this
+ * will increase RAM usage.
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256
+
/* RSA OPTIONS */
//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index ca48a75..5b75b64 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,10 +1,3 @@
-# Set the project root directory if it's not already defined, as may happen if
-# the library folder is included directly by a parent project, without
-# including the top level CMakeLists.txt.
-if(NOT DEFINED MBEDTLS_DIR)
- set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
-endif()
-
set(src_x509
pkcs7.c
x509.c
@@ -61,11 +54,11 @@
${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py
--mbedtls-root ${CMAKE_CURRENT_SOURCE_DIR}/..
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py
${tls_error_headers}
)
else()
diff --git a/library/Makefile b/library/Makefile
index 9490aa7..e9c908e 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -364,11 +364,11 @@
echo " Gen $@"
$(PERL) ../scripts/generate_errors.pl
-ssl_debug_helpers_generated.c: $(gen_file_dep) ../scripts/generate_ssl_debug_helpers.py
+ssl_debug_helpers_generated.c: $(gen_file_dep) ../framework/scripts/generate_ssl_debug_helpers.py
ssl_debug_helpers_generated.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
ssl_debug_helpers_generated.c:
echo " Gen $@"
- $(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
+ $(PYTHON) ../framework/scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 33616bc..f752d13 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -190,7 +190,7 @@
break;
}
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
}
@@ -237,13 +237,13 @@
n = 1;
if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &n, sizeof(n)) != 0) {
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) {
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_BIND_FAILED;
continue;
}
@@ -251,7 +251,7 @@
/* Listen only makes sense for TCP */
if (proto == MBEDTLS_NET_PROTO_TCP) {
if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) {
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
continue;
}
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 00f3107..d72e2fb 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -679,8 +679,8 @@
}
if (*p != end) {
- return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
return 0;
diff --git a/scripts/config.py b/scripts/config.py
index beeb5e2..9667f4d 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -110,6 +110,8 @@
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
'MBEDTLS_X509_REMOVE_INFO', # removes a feature
+ 'MBEDTLS_PSA_STATIC_KEY_SLOTS', # only relevant for embedded devices
+ 'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices
*PSA_UNSUPPORTED_FEATURE,
*PSA_DEPRECATED_FEATURE,
*PSA_UNSTABLE_FEATURE
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
deleted file mode 100755
index df3d9b9..0000000
--- a/scripts/generate_ssl_debug_helpers.py
+++ /dev/null
@@ -1,416 +0,0 @@
-#!/usr/bin/env python3
-
-"""Generate library/ssl_debug_helpers_generated.c
-
-The code generated by this module includes debug helper functions that can not be
-implemented by fixed codes.
-
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-import sys
-import re
-import os
-import textwrap
-import argparse
-
-import framework_scripts_path # pylint: disable=unused-import
-from mbedtls_framework import build_tree
-
-
-def remove_c_comments(string):
- """
- Remove C style comments from input string
- """
- string_pattern = r"(?P<string>\".*?\"|\'.*?\')"
- comment_pattern = r"(?P<comment>/\*.*?\*/|//[^\r\n]*$)"
- pattern = re.compile(string_pattern + r'|' + comment_pattern,
- re.MULTILINE | re.DOTALL)
-
- def replacer(match):
- if match.lastgroup == 'comment':
- return ""
- return match.group()
- return pattern.sub(replacer, string)
-
-
-class CondDirectiveNotMatch(Exception):
- pass
-
-
-def preprocess_c_source_code(source, *classes):
- """
- Simple preprocessor for C source code.
-
- Only processes condition directives without expanding them.
- Yield object according to the classes input. Most match firstly
-
- If the directive pair does not match , raise CondDirectiveNotMatch.
-
- Assume source code does not include comments and compile pass.
-
- """
-
- pattern = re.compile(r"^[ \t]*#[ \t]*" +
- r"(?P<directive>(if[ \t]|ifndef[ \t]|ifdef[ \t]|else|endif))" +
- r"[ \t]*(?P<param>(.*\\\n)*.*$)",
- re.MULTILINE)
- stack = []
-
- def _yield_objects(s, d, p, st, end):
- """
- Output matched source piece
- """
- nonlocal stack
- start_line, end_line = '', ''
- if stack:
- start_line = '#{} {}'.format(d, p)
- if d == 'if':
- end_line = '#endif /* {} */'.format(p)
- elif d == 'ifdef':
- end_line = '#endif /* defined({}) */'.format(p)
- else:
- end_line = '#endif /* !defined({}) */'.format(p)
- has_instance = False
- for cls in classes:
- for instance in cls.extract(s, st, end):
- if has_instance is False:
- has_instance = True
- yield pair_start, start_line
- yield instance.span()[0], instance
- if has_instance:
- yield start, end_line
-
- for match in pattern.finditer(source):
-
- directive = match.groupdict()['directive'].strip()
- param = match.groupdict()['param']
- start, end = match.span()
-
- if directive in ('if', 'ifndef', 'ifdef'):
- stack.append((directive, param, start, end))
- continue
-
- if not stack:
- raise CondDirectiveNotMatch()
-
- pair_directive, pair_param, pair_start, pair_end = stack.pop()
- yield from _yield_objects(source,
- pair_directive,
- pair_param,
- pair_end,
- start)
-
- if directive == 'endif':
- continue
-
- if pair_directive == 'if':
- directive = 'if'
- param = "!( {} )".format(pair_param)
- elif pair_directive == 'ifdef':
- directive = 'ifndef'
- param = pair_param
- else:
- directive = 'ifdef'
- param = pair_param
-
- stack.append((directive, param, start, end))
- assert not stack, len(stack)
-
-
-class EnumDefinition:
- """
- Generate helper functions around enumeration.
-
- Currently, it generate translation function from enum value to string.
- Enum definition looks like:
- [typedef] enum [prefix name] { [body] } [suffix name];
-
- Known limitation:
- - the '}' and ';' SHOULD NOT exist in different macro blocks. Like
- ```
- enum test {
- ....
- #if defined(A)
- ....
- };
- #else
- ....
- };
- #endif
- ```
- """
-
- @classmethod
- def extract(cls, source_code, start=0, end=-1):
- enum_pattern = re.compile(r'enum\s*(?P<prefix_name>\w*)\s*' +
- r'{\s*(?P<body>[^}]*)}' +
- r'\s*(?P<suffix_name>\w*)\s*;',
- re.MULTILINE | re.DOTALL)
-
- for match in enum_pattern.finditer(source_code, start, end):
- yield EnumDefinition(source_code,
- span=match.span(),
- group=match.groupdict())
-
- def __init__(self, source_code, span=None, group=None):
- assert isinstance(group, dict)
- prefix_name = group.get('prefix_name', None)
- suffix_name = group.get('suffix_name', None)
- body = group.get('body', None)
- assert prefix_name or suffix_name
- assert body
- assert span
- # If suffix_name exists, it is a typedef
- self._prototype = suffix_name if suffix_name else 'enum ' + prefix_name
- self._name = suffix_name if suffix_name else prefix_name
- self._body = body
- self._source = source_code
- self._span = span
-
- def __repr__(self):
- return 'Enum({},{})'.format(self._name, self._span)
-
- def __str__(self):
- return repr(self)
-
- def span(self):
- return self._span
-
- def generate_translation_function(self):
- """
- Generate function for translating value to string
- """
- translation_table = []
-
- for line in self._body.splitlines():
-
- if line.strip().startswith('#'):
- # Preprocess directive, keep it in table
- translation_table.append(line.strip())
- continue
-
- if not line.strip():
- continue
-
- for field in line.strip().split(','):
- if not field.strip():
- continue
- member = field.strip().split()[0]
- translation_table.append(
- '{space}case {member}:\n{space} return "{member}";'
- .format(member=member, space=' '*8)
- )
-
- body = textwrap.dedent('''\
- const char *{name}_str( {prototype} in )
- {{
- switch (in) {{
- {translation_table}
- default:
- return "UNKNOWN_VALUE";
- }}
- }}
- ''')
- body = body.format(translation_table='\n'.join(translation_table),
- name=self._name,
- prototype=self._prototype)
- return body
-
-
-class SignatureAlgorithmDefinition:
- """
- Generate helper functions for signature algorithms.
-
- It generates translation function from signature algorithm define to string.
- Signature algorithm definition looks like:
- #define MBEDTLS_TLS1_3_SIG_[ upper case signature algorithm ] [ value(hex) ]
-
- Known limitation:
- - the definitions SHOULD exist in same macro blocks.
- """
-
- @classmethod
- def extract(cls, source_code, start=0, end=-1):
- sig_alg_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_TLS1_3_SIG_\w+)\s+' +
- r'(?P<value>0[xX][0-9a-fA-F]+)$',
- re.MULTILINE | re.DOTALL)
- matches = list(sig_alg_pattern.finditer(source_code, start, end))
- if matches:
- yield SignatureAlgorithmDefinition(source_code, definitions=matches)
-
- def __init__(self, source_code, definitions=None):
- if definitions is None:
- definitions = []
- assert isinstance(definitions, list) and definitions
- self._definitions = definitions
- self._source = source_code
-
- def __repr__(self):
- return 'SigAlgs({})'.format(self._definitions[0].span())
-
- def span(self):
- return self._definitions[0].span()
-
- def __str__(self):
- """
- Generate function for translating value to string
- """
- translation_table = []
- for m in self._definitions:
- name = m.groupdict()['name']
- return_val = name[len('MBEDTLS_TLS1_3_SIG_'):].lower()
- translation_table.append(
- ' case {}:\n return "{}";'.format(name, return_val))
-
- body = textwrap.dedent('''\
- const char *mbedtls_ssl_sig_alg_to_str( uint16_t in )
- {{
- switch( in )
- {{
- {translation_table}
- }};
-
- return "UNKNOWN";
- }}''')
- body = body.format(translation_table='\n'.join(translation_table))
- return body
-
-
-class NamedGroupDefinition:
- """
- Generate helper functions for named group
-
- It generates translation function from named group define to string.
- Named group definition looks like:
- #define MBEDTLS_SSL_IANA_TLS_GROUP_[ upper case named group ] [ value(hex) ]
-
- Known limitation:
- - the definitions SHOULD exist in same macro blocks.
- """
-
- @classmethod
- def extract(cls, source_code, start=0, end=-1):
- named_group_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_SSL_IANA_TLS_GROUP_\w+)\s+' +
- r'(?P<value>0[xX][0-9a-fA-F]+)$',
- re.MULTILINE | re.DOTALL)
- matches = list(named_group_pattern.finditer(source_code, start, end))
- if matches:
- yield NamedGroupDefinition(source_code, definitions=matches)
-
- def __init__(self, source_code, definitions=None):
- if definitions is None:
- definitions = []
- assert isinstance(definitions, list) and definitions
- self._definitions = definitions
- self._source = source_code
-
- def __repr__(self):
- return 'NamedGroup({})'.format(self._definitions[0].span())
-
- def span(self):
- return self._definitions[0].span()
-
- def __str__(self):
- """
- Generate function for translating value to string
- """
- translation_table = []
- for m in self._definitions:
- name = m.groupdict()['name']
- iana_name = name[len('MBEDTLS_SSL_IANA_TLS_GROUP_'):].lower()
- translation_table.append(' case {}:\n return "{}";'.format(name, iana_name))
-
- body = textwrap.dedent('''\
- const char *mbedtls_ssl_named_group_to_str( uint16_t in )
- {{
- switch( in )
- {{
- {translation_table}
- }};
-
- return "UNKNOWN";
- }}''')
- body = body.format(translation_table='\n'.join(translation_table))
- return body
-
-
-OUTPUT_C_TEMPLATE = '''\
-/* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */
-
-/**
- * \\file ssl_debug_helpers_generated.c
- *
- * \\brief Automatically generated helper functions for debugging
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- *
- */
-
-#include "ssl_misc.h"
-
-#if defined(MBEDTLS_DEBUG_C)
-
-#include "ssl_debug_helpers.h"
-
-{functions}
-
-#endif /* MBEDTLS_DEBUG_C */
-/* End of automatically generated file. */
-
-'''
-
-
-def generate_ssl_debug_helpers(output_directory, mbedtls_root):
- """
- Generate functions of debug helps
- """
- mbedtls_root = os.path.abspath(
- mbedtls_root or build_tree.guess_mbedtls_root())
- with open(os.path.join(mbedtls_root, 'include/mbedtls/ssl.h')) as f:
- source_code = remove_c_comments(f.read())
-
- definitions = dict()
- for start, instance in preprocess_c_source_code(source_code,
- EnumDefinition,
- SignatureAlgorithmDefinition,
- NamedGroupDefinition):
- if start in definitions:
- continue
- if isinstance(instance, EnumDefinition):
- definition = instance.generate_translation_function()
- else:
- definition = instance
- definitions[start] = definition
-
- function_definitions = [str(v) for _, v in sorted(definitions.items())]
- if output_directory == sys.stdout:
- sys.stdout.write(OUTPUT_C_TEMPLATE.format(
- functions='\n'.join(function_definitions)))
- else:
- with open(os.path.join(output_directory, 'ssl_debug_helpers_generated.c'), 'w') as f:
- f.write(OUTPUT_C_TEMPLATE.format(
- functions='\n'.join(function_definitions)))
-
-
-def main():
- """
- Command line entry
- """
- parser = argparse.ArgumentParser()
- parser.add_argument('--mbedtls-root', nargs='?', default=None,
- help='root directory of mbedtls source code')
- parser.add_argument('output_directory', nargs='?',
- default='library', help='source/header files location')
-
- args = parser.parse_args()
-
- generate_ssl_debug_helpers(args.output_directory, args.mbedtls_root)
- return 0
-
-
-if __name__ == '__main__':
- sys.exit(main())
diff --git a/scripts/lcov.sh b/scripts/lcov.sh
index 2d2f42b..79c5c9f 100755
--- a/scripts/lcov.sh
+++ b/scripts/lcov.sh
@@ -51,8 +51,8 @@
# Ubuntu 16.04 is affected, 18.04 and above are not.
# https://github.com/linux-test-project/lcov/commit/632c25a0d1f5e4d2f4fd5b28ce7c8b86d388c91f
COVTMP=$PWD/Coverage/tmp
- lcov --capture --initial --directory $library_dir -o "$COVTMP/files.info"
- lcov --rc lcov_branch_coverage=1 --capture --directory $library_dir -o "$COVTMP/tests.info"
+ lcov --capture --initial ${lcov_dirs} -o "$COVTMP/files.info"
+ lcov --rc lcov_branch_coverage=1 --capture ${lcov_dirs} -o "$COVTMP/tests.info"
lcov --rc lcov_branch_coverage=1 --add-tracefile "$COVTMP/files.info" --add-tracefile "$COVTMP/tests.info" -o "$COVTMP/all.info"
lcov --rc lcov_branch_coverage=1 --remove "$COVTMP/all.info" -o "$COVTMP/final.info" '*.h'
gendesc tests/Descriptions.txt -o "$COVTMP/descriptions"
@@ -64,9 +64,13 @@
# Reset the traces to 0.
lcov_reset_traces () {
# Location with plain make
- rm -f $library_dir/*.gcda
+ for dir in ${library_dirs}; do
+ rm -f ${dir}/*.gcda
+ done
# Location with CMake
- rm -f $library_dir/CMakeFiles/*.dir/*.gcda
+ for dir in ${library_dirs}; do
+ rm -f ${dir}/CMakeFiles/*.dir/*.gcda
+ done
}
if [ $# -gt 0 ] && [ "$1" = "--help" ]; then
@@ -75,13 +79,18 @@
fi
if in_mbedtls_repo; then
- library_dir='library'
+ library_dirs='library tf-psa-crypto/core tf-psa-crypto/drivers/builtin'
title='Mbed TLS'
else
- library_dir='core'
+ library_dirs='core drivers/builtin'
title='TF-PSA-Crypto'
fi
+lcov_dirs=""
+for dir in ${library_dirs}; do
+ lcov_dirs="${lcov_dirs} --directory ${dir}"
+done
+
main=lcov_library_report
while getopts r OPTLET; do
case $OPTLET in
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index ba1a497..735cc7d 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -13,7 +13,7 @@
perl scripts\generate_errors.pl || exit /b 1
perl scripts\generate_query_config.pl || exit /b 1
perl scripts\generate_features.pl || exit /b 1
-python scripts\generate_ssl_debug_helpers.py || exit /b 1
+python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1
@rem @@@@ Build @@@@
perl scripts\generate_visualc_files.pl || exit /b 1
@@ -29,4 +29,4 @@
python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1
python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1
python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
-python tests\scripts\generate_tls13_compat_tests.py || exit /b 1
+python framework\scripts\generate_tls13_compat_tests.py || exit /b 1
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 5b68503..a9d5c84 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -3,13 +3,6 @@
${CMAKE_THREAD_LIBS_INIT}
)
-# Set the project root directory if it's not already defined, as may happen if
-# the tests folder is included directly by a parent project, without including
-# the top level CMakeLists.txt.
-if(NOT DEFINED MBEDTLS_DIR)
- set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
-endif()
-
if(NOT MBEDTLS_PYTHON_EXECUTABLE)
message(FATAL_ERROR "Cannot build test suites without Python 3")
endif()
@@ -71,9 +64,9 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
- "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_tls13_compat_tests.py"
+ "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py"
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_tls13_compat_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py
)
add_custom_target(tls13-compat.sh
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh)
diff --git a/tests/Makefile b/tests/Makefile
index 66bb1cd..c6d8e2c 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -62,9 +62,9 @@
# Generated files needed to (fully) run ssl-opt.sh
.PHONY: ssl-opt
-opt-testcases/tls13-compat.sh: scripts/generate_tls13_compat_tests.py
+opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py
echo " Gen $@"
- $(PYTHON) scripts/generate_tls13_compat_tests.py -o $@
+ $(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@
GENERATED_FILES += opt-testcases/tls13-compat.sh
ssl-opt: opt-testcases/tls13-compat.sh
diff --git a/tests/compat.sh b/tests/compat.sh
index 52f75e0..22da5ee 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -290,7 +290,7 @@
# list of entries of the form "STANDARD_NAME=PROGRAM_NAME".
translate_ciphers()
{
- ciphers=$(scripts/translate_ciphers.py "$@")
+ ciphers=$(../framework/scripts/translate_ciphers.py "$@")
if [ $? -ne 0 ]; then
echo "translate_ciphers.py failed with exit code $1" >&2
echo "$2" >&2
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 30f2e0f..a54e125 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -461,4 +461,43 @@
#define MBEDTLS_TEST_PSA_INTERNAL_KEYS \
MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG
+/* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is
+ * large enough to contain an RSA key pair of the given size. This is meant to be
+ * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+
+#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096))
+#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096
+#endif
+
+#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(2048))
+#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048
+#endif
+
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+
+/* Helper macro to get the size of the each key slot buffer. */
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+#else
+#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX
+#endif
+
+/* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+ * is large enough to contain 4096-bit RSA key pairs. Of course this check is only
+ * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage
+ * the key. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || \
+ defined(MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096)
+#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
+#endif
+
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+
+#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#endif /* PSA_CRYPTO_HELPERS_H */
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 2bd47d5..cc6a31d 100644
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -922,6 +922,7 @@
# ephemeral then ticket based scenario we use for early data testing the first
# handshake fails. The following skipped test is here to illustrate the kind
# of testing we would like to do.
+# https://github.com/Mbed-TLS/mbedtls/issues/9582
skip_next_test
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_CLI_C
diff --git a/tests/scripts/all-core.sh b/tests/scripts/all-core.sh
new file mode 100644
index 0000000..ccd7e59
--- /dev/null
+++ b/tests/scripts/all-core.sh
@@ -0,0 +1,1023 @@
+# all-core.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+################################################################
+#### Documentation
+################################################################
+
+# Purpose
+# -------
+#
+# To run all tests possible or available on the platform.
+#
+# Files structure
+# ---------------
+#
+# The executable entry point for users and the CI is tests/scripts/all.sh.
+#
+# The actual content is in the following files:
+# - all-core.sh contains the core logic for running test components,
+# processing command line options, reporting results, etc.
+# - all-helpers.sh contains helper functions used by more than 1 component.
+# - components-*.sh contain the definitions of the various components.
+#
+# The first two parts are shared between repos and branches;
+# the component files are repo&branch-specific.
+#
+# The files all-*.sh and components-*.sh should only define functions and not
+# run code when sourced; the only exception being that all-core.sh runs
+# 'shopt' because that is necessary for the rest of the file to parse.
+#
+# Notes for users
+# ---------------
+#
+# Warning: the test is destructive. It includes various build modes and
+# configurations, and can and will arbitrarily change the current CMake
+# configuration. The following files must be committed into git:
+# * include/mbedtls/mbedtls_config.h
+# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
+# programs/fuzz/Makefile
+# After running this script, the CMake cache will be lost and CMake
+# will no longer be initialised.
+#
+# The script assumes the presence of a number of tools:
+# * Basic Unix tools (Windows users note: a Unix-style find must be before
+# the Windows find in the PATH)
+# * Perl
+# * GNU Make
+# * CMake
+# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
+# * G++
+# * arm-gcc and mingw-gcc
+# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
+# * OpenSSL and GnuTLS command line tools, in suitable versions for the
+# interoperability tests. The following are the official versions at the
+# time of writing:
+# * GNUTLS_{CLI,SERV} = 3.4.10
+# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
+# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
+# * OPENSSL_NEXT = 3.1.2
+# See the invocation of check_tools below for details.
+#
+# This script must be invoked from the toplevel directory of a git
+# working copy of Mbed TLS.
+#
+# The behavior on an error depends on whether --keep-going (alias -k)
+# is in effect.
+# * Without --keep-going: the script stops on the first error without
+# cleaning up. This lets you work in the configuration of the failing
+# component.
+# * With --keep-going: the script runs all requested components and
+# reports failures at the end. In particular the script always cleans
+# up on exit.
+#
+# Note that the output is not saved. You may want to run
+# script -c tests/scripts/all.sh
+# or
+# tests/scripts/all.sh >all.log 2>&1
+#
+# Notes for maintainers
+# ---------------------
+#
+# The bulk of the code is organized into functions that follow one of the
+# following naming conventions:
+# * in all-core.sh:
+# * pre_XXX: things to do before running the tests, in order.
+# * post_XXX: things to do after running the tests.
+# * in components-*.sh:
+# * component_XXX: independent components. They can be run in any order.
+# * component_check_XXX: quick tests that aren't worth parallelizing.
+# * component_build_XXX: build things but don't run them.
+# * component_test_XXX: build and test.
+# * component_release_XXX: tests that the CI should skip during PR testing.
+# * support_XXX: if support_XXX exists and returns false then
+# component_XXX is not run by default.
+# * in various files:
+# * other: miscellaneous support functions.
+#
+# Each component must start by invoking `msg` with a short informative message.
+#
+# Warning: due to the way bash detects errors, the failure of a command
+# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
+#
+# Each component is executed in a separate shell process. The component
+# fails if any command in it returns a non-zero status.
+#
+# The framework performs some cleanup tasks after each component. This
+# means that components can assume that the working directory is in a
+# cleaned-up state, and don't need to perform the cleanup themselves.
+# * Run `make clean`.
+# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
+# the component.
+# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
+# `tests/Makefile` and `programs/fuzz/Makefile` from git.
+# This cleans up after an in-tree use of CMake.
+
+
+################################################################
+#### Initialization and command line parsing
+################################################################
+
+# Enable ksh/bash extended file matching patterns.
+# Must come before function definitions or some of them wouldn't parse.
+shopt -s extglob
+
+pre_set_shell_options () {
+ # Abort on errors (even on the left-hand side of a pipe).
+ # Treat uninitialised variables as errors.
+ set -e -o pipefail -u
+}
+
+# For project detection
+in_mbedtls_repo () {
+ test "$PROJECT_NAME" = "Mbed TLS"
+}
+
+in_tf_psa_crypto_repo () {
+ test "$PROJECT_NAME" = "TF-PSA-Crypto"
+}
+
+pre_check_environment () {
+ # For project detection
+ PROJECT_NAME_FILE='./scripts/project_name.txt'
+ if read -r PROJECT_NAME < "$PROJECT_NAME_FILE"; then :; else
+ echo "$PROJECT_NAME_FILE does not exist... Exiting..." >&2
+ exit 1
+ fi
+
+ if in_mbedtls_repo || in_tf_psa_crypto_repo; then :; else
+ echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
+ exit 1
+ fi
+}
+
+# Must be called before pre_initialize_variables which sets ALL_COMPONENTS.
+pre_load_components () {
+ # Include the components from components.sh
+ test_script_dir="${0%/*}"
+ for file in "$test_script_dir"/components-*.sh; do
+ source $file
+ done
+}
+
+pre_initialize_variables () {
+ if in_mbedtls_repo; then
+ CONFIG_H='include/mbedtls/mbedtls_config.h'
+ if [ -d tf-psa-crypto ]; then
+ CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
+ PSA_CORE_PATH='tf-psa-crypto/core'
+ BUILTIN_SRC_PATH='tf-psa-crypto/drivers/builtin/src'
+ else
+ CRYPTO_CONFIG_H='include/psa/crypto_config.h'
+ # helper_armc6_build_test() relies on these being defined,
+ # but empty if the paths don't exist (as in 3.6).
+ PSA_CORE_PATH=''
+ BUILTIN_SRC_PATH=''
+ fi
+ else
+ CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
+ CRYPTO_CONFIG_H='include/psa/crypto_config.h'
+ PSA_CORE_PATH='core'
+ BUILTIN_SRC_PATH='drivers/builtin/src'
+ fi
+ CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
+
+ # Files that are clobbered by some jobs will be backed up. Use a different
+ # suffix from auxiliary scripts so that all.sh and auxiliary scripts can
+ # independently decide when to remove the backup file.
+ backup_suffix='.all.bak'
+ # Files clobbered by config.py
+ files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
+ if in_mbedtls_repo; then
+ # Files clobbered by in-tree cmake
+ files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
+ fi
+
+ append_outcome=0
+ MEMORY=0
+ FORCE=0
+ QUIET=0
+ KEEP_GOING=0
+
+ # Seed value used with the --release-test option.
+ #
+ # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
+ # both values are kept in sync. If you change the value here because it
+ # breaks some tests, you'll definitely want to change it in
+ # basic-build-test.sh as well.
+ RELEASE_SEED=1
+
+ # Specify character collation for regular expressions and sorting with C locale
+ export LC_COLLATE=C
+
+ : ${MBEDTLS_TEST_OUTCOME_FILE=}
+ : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
+ export MBEDTLS_TEST_OUTCOME_FILE
+ export MBEDTLS_TEST_PLATFORM
+
+ # Default commands, can be overridden by the environment
+ : ${OPENSSL:="openssl"}
+ : ${OPENSSL_NEXT:="$OPENSSL"}
+ : ${GNUTLS_CLI:="gnutls-cli"}
+ : ${GNUTLS_SERV:="gnutls-serv"}
+ : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
+ : ${ARMC5_BIN_DIR:=/usr/bin}
+ : ${ARMC6_BIN_DIR:=/usr/bin}
+ : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
+ : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
+ : ${CLANG_LATEST:="clang-latest"}
+ : ${CLANG_EARLIEST:="clang-earliest"}
+ : ${GCC_LATEST:="gcc-latest"}
+ : ${GCC_EARLIEST:="gcc-earliest"}
+ # if MAKEFLAGS is not set add the -j option to speed up invocations of make
+ if [ -z "${MAKEFLAGS+set}" ]; then
+ export MAKEFLAGS="-j$(all_sh_nproc)"
+ fi
+ # if CC is not set, use clang by default (if present) to improve build times
+ if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then
+ export CC="clang"
+ fi
+
+ if [ -n "${OPENSSL_3+set}" ]; then
+ export OPENSSL_NEXT="$OPENSSL_3"
+ fi
+
+ # Include more verbose output for failing tests run by CMake or make
+ export CTEST_OUTPUT_ON_FAILURE=1
+
+ # CFLAGS and LDFLAGS for Asan builds that don't use CMake
+ # default to -O2, use -Ox _after_ this if you want another level
+ ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
+ # Normally, tests should use this compiler for ASAN testing
+ ASAN_CC=clang
+
+ # Platform tests have an allocation that returns null
+ export ASAN_OPTIONS="allocator_may_return_null=1"
+ export MSAN_OPTIONS="allocator_may_return_null=1"
+
+ # Gather the list of available components. These are the functions
+ # defined in this script whose name starts with "component_".
+ ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
+
+ PSASIM_PATH='tests/psa-client-server/psasim/'
+
+ # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
+ # the commands set by the environment
+}
+
+setup_quiet_wrappers()
+{
+ # Pick up "quiet" wrappers for make and cmake, which don't output very much
+ # unless there is an error. This reduces logging overhead in the CI.
+ #
+ # Note that the cmake wrapper breaks unless we use an absolute path here.
+ if [[ -e ${PWD}/tests/scripts/quiet ]]; then
+ export PATH=${PWD}/tests/scripts/quiet:$PATH
+ fi
+}
+
+# Test whether the component $1 is included in the command line patterns.
+is_component_included()
+{
+ # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
+ # only does word splitting.
+ set -f
+ for pattern in $COMMAND_LINE_COMPONENTS; do
+ set +f
+ case ${1#component_} in $pattern) return 0;; esac
+ done
+ set +f
+ return 1
+}
+
+usage()
+{
+ cat <<EOF
+Usage: $0 [OPTION]... [COMPONENT]...
+Run mbedtls release validation tests.
+By default, run all tests. With one or more COMPONENT, run only those.
+COMPONENT can be the name of a component or a shell wildcard pattern.
+
+Examples:
+ $0 "check_*"
+ Run all sanity checks.
+ $0 --no-armcc --except test_memsan
+ Run everything except builds that require armcc and MemSan.
+
+Special options:
+ -h|--help Print this help and exit.
+ --list-all-components List all available test components and exit.
+ --list-components List components supported on this platform and exit.
+
+General options:
+ -q|--quiet Only output component names, and errors if any.
+ -f|--force Force the tests to overwrite any modified files.
+ -k|--keep-going Run all tests and report errors at the end.
+ -m|--memory Additional optional memory tests.
+ --append-outcome Append to the outcome file (if used).
+ --arm-none-eabi-gcc-prefix=<string>
+ Prefix for a cross-compiler for arm-none-eabi
+ (default: "${ARM_NONE_EABI_GCC_PREFIX}")
+ --arm-linux-gnueabi-gcc-prefix=<string>
+ Prefix for a cross-compiler for arm-linux-gnueabi
+ (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
+ --armcc Run ARM Compiler builds (on by default).
+ --restore First clean up the build tree, restoring backed up
+ files. Do not run any components unless they are
+ explicitly specified.
+ --error-test Error test mode: run a failing function in addition
+ to any specified component. May be repeated.
+ --except Exclude the COMPONENTs listed on the command line,
+ instead of running only those.
+ --no-append-outcome Write a new outcome file and analyze it (default).
+ --no-armcc Skip ARM Compiler builds.
+ --no-force Refuse to overwrite modified files (default).
+ --no-keep-going Stop at the first error (default).
+ --no-memory No additional memory tests (default).
+ --no-quiet Print full output from components.
+ --out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
+ --outcome-file=<path> File where test outcomes are written (not done if
+ empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
+ --random-seed Use a random seed value for randomized tests (default).
+ -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
+ -s|--seed Integer seed value to use for this test run.
+
+Tool path options:
+ --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
+ --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
+ --clang-earliest=<Clang_earliest_path> Earliest version of clang available
+ --clang-latest=<Clang_latest_path> Latest version of clang available
+ --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
+ --gcc-latest=<GCC_latest_path> Latest version of GCC available
+ --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
+ --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
+ --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
+ --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
+EOF
+}
+
+# Cleanup before/after running a component.
+# Remove built files as well as the cmake cache/config.
+# Does not remove generated source files.
+cleanup()
+{
+ if in_mbedtls_repo; then
+ command make clean
+ fi
+
+ # Remove CMake artefacts
+ find . -name .git -prune -o \
+ -iname CMakeFiles -exec rm -rf {} \+ -o \
+ \( -iname cmake_install.cmake -o \
+ -iname CTestTestfile.cmake -o \
+ -iname CMakeCache.txt -o \
+ -path './cmake/*.cmake' \) -exec rm -f {} \+
+ # Remove Makefiles generated by in-tree CMake builds
+ # (Not all files will exist in all branches, but that's OK.)
+ rm -f 3rdparty/Makefile 3rdparty/*/Makefile
+ rm -f pkgconfig/Makefile framework/Makefile
+ rm -f include/Makefile programs/!(fuzz)/Makefile
+ rm -f tf-psa-crypto/Makefile tf-psa-crypto/include/Makefile
+ rm -f tf-psa-crypto/core/Makefile tf-psa-crypto/drivers/Makefile
+ rm -f tf-psa-crypto/tests/Makefile
+ rm -f tf-psa-crypto/drivers/everest/Makefile
+ rm -f tf-psa-crypto/drivers/p256-m/Makefile
+ rm -f tf-psa-crypto/drivers/builtin/Makefile
+ rm -f tf-psa-crypto/drivers/builtin/src/Makefile
+
+ # Remove any artifacts from the component_test_cmake_as_subdirectory test.
+ rm -rf programs/test/cmake_subproject/build
+ rm -f programs/test/cmake_subproject/Makefile
+ rm -f programs/test/cmake_subproject/cmake_subproject
+
+ # Remove any artifacts from the component_test_cmake_as_package test.
+ rm -rf programs/test/cmake_package/build
+ rm -f programs/test/cmake_package/Makefile
+ rm -f programs/test/cmake_package/cmake_package
+
+ # Remove any artifacts from the component_test_cmake_as_installed_package test.
+ rm -rf programs/test/cmake_package_install/build
+ rm -f programs/test/cmake_package_install/Makefile
+ rm -f programs/test/cmake_package_install/cmake_package_install
+
+ # Restore files that may have been clobbered by the job
+ restore_backed_up_files
+}
+
+# Restore files that may have been clobbered
+restore_backed_up_files () {
+ for x in $files_to_back_up; do
+ if [[ -e "$x$backup_suffix" ]]; then
+ cp -p "$x$backup_suffix" "$x"
+ fi
+ done
+}
+
+# Final cleanup when this script exits (except when exiting on a failure
+# in non-keep-going mode).
+final_cleanup () {
+ cleanup
+
+ for x in $files_to_back_up; do
+ rm -f "$x$backup_suffix"
+ done
+}
+
+# Executed on exit. May be redefined depending on command line options.
+final_report () {
+ :
+}
+
+fatal_signal () {
+ final_cleanup
+ final_report $1
+ trap - $1
+ kill -$1 $$
+}
+
+pre_set_signal_handlers () {
+ trap 'fatal_signal HUP' HUP
+ trap 'fatal_signal INT' INT
+ trap 'fatal_signal TERM' TERM
+}
+
+# Number of processors on this machine. Used as the default setting
+# for parallel make.
+all_sh_nproc ()
+{
+ {
+ nproc || # Linux
+ sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
+ sysctl -n hw.ncpu || # FreeBSD
+ echo 1
+ } 2>/dev/null
+}
+
+msg()
+{
+ if [ -n "${current_component:-}" ]; then
+ current_section="${current_component#component_}: $1"
+ else
+ current_section="$1"
+ fi
+
+ if [ $QUIET -eq 1 ]; then
+ return
+ fi
+
+ echo ""
+ echo "******************************************************************"
+ echo "* $current_section "
+ printf "* "; date
+ echo "******************************************************************"
+}
+
+err_msg()
+{
+ echo "$1" >&2
+}
+
+check_tools()
+{
+ for tool in "$@"; do
+ if ! `type "$tool" >/dev/null 2>&1`; then
+ err_msg "$tool not found!"
+ exit 1
+ fi
+ done
+}
+
+pre_parse_command_line () {
+ COMMAND_LINE_COMPONENTS=
+ all_except=0
+ error_test=0
+ list_components=0
+ restore_first=0
+ no_armcc=
+
+ # Note that legacy options are ignored instead of being omitted from this
+ # list of options, so invocations that worked with previous version of
+ # all.sh will still run and work properly.
+ while [ $# -gt 0 ]; do
+ case "$1" in
+ --append-outcome) append_outcome=1;;
+ --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
+ --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
+ --armcc) no_armcc=;;
+ --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
+ --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ --clang-earliest) shift; CLANG_EARLIEST="$1";;
+ --clang-latest) shift; CLANG_LATEST="$1";;
+ --error-test) error_test=$((error_test + 1));;
+ --except) all_except=1;;
+ --force|-f) FORCE=1;;
+ --gcc-earliest) shift; GCC_EARLIEST="$1";;
+ --gcc-latest) shift; GCC_LATEST="$1";;
+ --gnutls-cli) shift; GNUTLS_CLI="$1";;
+ --gnutls-legacy-cli) shift;; # ignored for backward compatibility
+ --gnutls-legacy-serv) shift;; # ignored for backward compatibility
+ --gnutls-serv) shift; GNUTLS_SERV="$1";;
+ --help|-h) usage; exit;;
+ --keep-going|-k) KEEP_GOING=1;;
+ --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
+ --list-components) list_components=1;;
+ --memory|-m) MEMORY=1;;
+ --no-append-outcome) append_outcome=0;;
+ --no-armcc) no_armcc=1;;
+ --no-force) FORCE=0;;
+ --no-keep-going) KEEP_GOING=0;;
+ --no-memory) MEMORY=0;;
+ --no-quiet) QUIET=0;;
+ --openssl) shift; OPENSSL="$1";;
+ --openssl-next) shift; OPENSSL_NEXT="$1";;
+ --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
+ --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
+ --quiet|-q) QUIET=1;;
+ --random-seed) unset SEED;;
+ --release-test|-r) SEED=$RELEASE_SEED;;
+ --restore) restore_first=1;;
+ --seed|-s) shift; SEED="$1";;
+ -*)
+ echo >&2 "Unknown option: $1"
+ echo >&2 "Run $0 --help for usage."
+ exit 120
+ ;;
+ *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
+ esac
+ shift
+ done
+
+ # Exclude components that are not supported on this platform.
+ SUPPORTED_COMPONENTS=
+ for component in $ALL_COMPONENTS; do
+ case $(type "support_$component" 2>&1) in
+ *' function'*)
+ if ! support_$component; then continue; fi;;
+ esac
+ SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
+ done
+
+ if [ $list_components -eq 1 ]; then
+ printf '%s\n' $SUPPORTED_COMPONENTS
+ exit
+ fi
+
+ # With no list of components, run everything.
+ if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
+ all_except=1
+ fi
+
+ # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
+ # Ignore it if components are listed explicitly on the command line.
+ if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
+ COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
+ fi
+
+ # Error out if an explicitly requested component doesn't exist.
+ if [ $all_except -eq 0 ]; then
+ unsupported=0
+ # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
+ # only does word splitting.
+ set -f
+ for component in $COMMAND_LINE_COMPONENTS; do
+ set +f
+ # If the requested name includes a wildcard character, don't
+ # check it. Accept wildcard patterns that don't match anything.
+ case $component in
+ *[*?\[]*) continue;;
+ esac
+ case " $SUPPORTED_COMPONENTS " in
+ *" $component "*) :;;
+ *)
+ echo >&2 "Component $component was explicitly requested, but is not known or not supported."
+ unsupported=$((unsupported + 1));;
+ esac
+ done
+ set +f
+ if [ $unsupported -ne 0 ]; then
+ exit 2
+ fi
+ fi
+
+ # Build the list of components to run.
+ RUN_COMPONENTS=
+ for component in $SUPPORTED_COMPONENTS; do
+ if is_component_included "$component"; [ $? -eq $all_except ]; then
+ RUN_COMPONENTS="$RUN_COMPONENTS $component"
+ fi
+ done
+
+ unset all_except
+ unset no_armcc
+}
+
+pre_check_git () {
+ if [ $FORCE -eq 1 ]; then
+ rm -rf "$OUT_OF_SOURCE_DIR"
+ git checkout-index -f -q $CONFIG_H
+ cleanup
+ else
+
+ if [ -d "$OUT_OF_SOURCE_DIR" ]; then
+ echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
+ echo "You can either delete this directory manually, or force the test by rerunning"
+ echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
+ exit 1
+ fi
+
+ if ! git diff --quiet "$CONFIG_H"; then
+ err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
+ echo "You can either delete or preserve your work, or force the test by rerunning the"
+ echo "script as: $0 --force"
+ exit 1
+ fi
+ fi
+}
+
+pre_restore_files () {
+ # If the makefiles have been generated by a framework such as cmake,
+ # restore them from git. If the makefiles look like modifications from
+ # the ones checked into git, take care not to modify them. Whatever
+ # this function leaves behind is what the script will restore before
+ # each component.
+ case "$(head -n1 Makefile)" in
+ *[Gg]enerated*)
+ git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+ git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+ ;;
+ esac
+}
+
+pre_back_up () {
+ for x in $files_to_back_up; do
+ cp -p "$x" "$x$backup_suffix"
+ done
+}
+
+pre_setup_keep_going () {
+ failure_count=0 # Number of failed components
+ last_failure_status=0 # Last failure status in this component
+
+ # See err_trap
+ previous_failure_status=0
+ previous_failed_command=
+ previous_failure_funcall_depth=0
+ unset report_failed_command
+
+ start_red=
+ end_color=
+ if [ -t 1 ]; then
+ case "${TERM:-}" in
+ *color*|cygwin|linux|rxvt*|screen|[Eex]term*)
+ start_red=$(printf '\033[31m')
+ end_color=$(printf '\033[0m')
+ ;;
+ esac
+ fi
+
+ # Keep a summary of failures in a file. We'll print it out at the end.
+ failure_summary_file=$PWD/all-sh-failures-$$.log
+ : >"$failure_summary_file"
+
+ # Whether it makes sense to keep a component going after the specified
+ # command fails (test command) or not (configure or build).
+ # This function normally receives the failing simple command
+ # ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
+ # this is passed instead.
+ # This doesn't have to be 100% accurate: all failures are recorded anyway.
+ # False positives result in running things that can't be expected to
+ # work. False negatives result in things not running after something else
+ # failed even though they might have given useful feedback.
+ can_keep_going_after_failure () {
+ case "$1" in
+ "msg "*) false;;
+ "cd "*) false;;
+ "diff "*) true;;
+ *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
+ *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
+ *make*check*) true;;
+ "grep "*) true;;
+ "[ "*) true;;
+ "! "*) true;;
+ *) false;;
+ esac
+ }
+
+ # This function runs if there is any error in a component.
+ # It must either exit with a nonzero status, or set
+ # last_failure_status to a nonzero value.
+ err_trap () {
+ # Save $? (status of the failing command). This must be the very
+ # first thing, before $? is overridden.
+ last_failure_status=$?
+ failed_command=${report_failed_command-$BASH_COMMAND}
+
+ if [[ $last_failure_status -eq $previous_failure_status &&
+ "$failed_command" == "$previous_failed_command" &&
+ ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
+ then
+ # The same command failed twice in a row, but this time one level
+ # less deep in the function call stack. This happens when the last
+ # command of a function returns a nonzero status, and the function
+ # returns that same status. Ignore the second failure.
+ previous_failure_funcall_depth=${#FUNCNAME[@]}
+ return
+ fi
+ previous_failure_status=$last_failure_status
+ previous_failed_command=$failed_command
+ previous_failure_funcall_depth=${#FUNCNAME[@]}
+
+ text="$current_section: $failed_command -> $last_failure_status"
+ echo "${start_red}^^^^$text^^^^${end_color}" >&2
+ echo "$text" >>"$failure_summary_file"
+
+ # If the command is fatal (configure or build command), stop this
+ # component. Otherwise (test command) keep the component running
+ # (run more tests from the same build).
+ if ! can_keep_going_after_failure "$failed_command"; then
+ exit $last_failure_status
+ fi
+ }
+
+ final_report () {
+ if [ $failure_count -gt 0 ]; then
+ echo
+ echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+ echo "${start_red}FAILED: $failure_count components${end_color}"
+ cat "$failure_summary_file"
+ echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+ elif [ -z "${1-}" ]; then
+ echo "SUCCESS :)"
+ fi
+ if [ -n "${1-}" ]; then
+ echo "Killed by SIG$1."
+ fi
+ rm -f "$failure_summary_file"
+ if [ $failure_count -gt 0 ]; then
+ exit 1
+ fi
+ }
+}
+
+# '! true' does not trigger the ERR trap. Arrange to trigger it, with
+# a reasonably informative error message (not just "$@").
+not () {
+ if "$@"; then
+ report_failed_command="! $*"
+ false
+ unset report_failed_command
+ fi
+}
+
+pre_prepare_outcome_file () {
+ case "$MBEDTLS_TEST_OUTCOME_FILE" in
+ [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
+ esac
+ if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
+ rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
+ fi
+}
+
+pre_print_configuration () {
+ if [ $QUIET -eq 1 ]; then
+ return
+ fi
+
+ msg "info: $0 configuration"
+ echo "MEMORY: $MEMORY"
+ echo "FORCE: $FORCE"
+ echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
+ echo "SEED: ${SEED-"UNSET"}"
+ echo
+ echo "OPENSSL: $OPENSSL"
+ echo "OPENSSL_NEXT: $OPENSSL_NEXT"
+ echo "GNUTLS_CLI: $GNUTLS_CLI"
+ echo "GNUTLS_SERV: $GNUTLS_SERV"
+ echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
+ echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
+}
+
+# Make sure the tools we need are available.
+pre_check_tools () {
+ # Build the list of variables to pass to output_env.sh.
+ set env
+
+ case " $RUN_COMPONENTS " in
+ # Require OpenSSL and GnuTLS if running any tests (as opposed to
+ # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
+ # is a good enough approximation in practice.
+ *" test_"* | *" release_test_"*)
+ # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
+ # and ssl-opt.sh, we just export the variables they require.
+ export OPENSSL="$OPENSSL"
+ export GNUTLS_CLI="$GNUTLS_CLI"
+ export GNUTLS_SERV="$GNUTLS_SERV"
+ # Avoid passing --seed flag in every call to ssl-opt.sh
+ if [ -n "${SEED-}" ]; then
+ export SEED
+ fi
+ set "$@" OPENSSL="$OPENSSL"
+ set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
+ check_tools "$OPENSSL" "$OPENSSL_NEXT" \
+ "$GNUTLS_CLI" "$GNUTLS_SERV"
+ ;;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_doxygen[_\ ]*) check_tools "doxygen" "dot";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *" test_zeroize "*) check_tools "gdb";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_armcc*)
+ ARMC5_CC="$ARMC5_BIN_DIR/armcc"
+ ARMC5_AR="$ARMC5_BIN_DIR/armar"
+ ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
+ ARMC6_CC="$ARMC6_BIN_DIR/armclang"
+ ARMC6_AR="$ARMC6_BIN_DIR/armar"
+ ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
+ check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
+ "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
+ esac
+
+ # past this point, no call to check_tool, only printing output
+ if [ $QUIET -eq 1 ]; then
+ return
+ fi
+
+ msg "info: output_env.sh"
+ case $RUN_COMPONENTS in
+ *_armcc*)
+ set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
+ *) set "$@" RUN_ARMCC=0;;
+ esac
+ "$@" scripts/output_env.sh
+}
+
+pre_generate_files() {
+ # since make doesn't have proper dependencies, remove any possibly outdate
+ # file that might be around before generating fresh ones
+ make neat
+ if [ $QUIET -eq 1 ]; then
+ make generated_files >/dev/null
+ else
+ make generated_files
+ fi
+}
+
+pre_load_helpers () {
+ # The path is going to change when this is moved to the framework
+ test_script_dir="${0%/*}"
+ source "$test_script_dir"/all-helpers.sh
+}
+
+################################################################
+#### Termination
+################################################################
+
+post_report () {
+ msg "Done, cleaning up"
+ final_cleanup
+
+ final_report
+}
+
+################################################################
+#### Run all the things
+################################################################
+
+# Function invoked by --error-test to test error reporting.
+pseudo_component_error_test () {
+ msg "Testing error reporting $error_test_i"
+ if [ $KEEP_GOING -ne 0 ]; then
+ echo "Expect three failing commands."
+ fi
+ # If the component doesn't run in a subshell, changing error_test_i to an
+ # invalid integer will cause an error in the loop that runs this function.
+ error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
+ # Expected error: 'grep non_existent /dev/null -> 1'
+ grep non_existent /dev/null
+ # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
+ not grep -q . "$0"
+ # Expected error: 'make unknown_target -> 2'
+ make unknown_target
+ false "this should not be executed"
+}
+
+# Run one component and clean up afterwards.
+run_component () {
+ current_component="$1"
+ export MBEDTLS_TEST_CONFIGURATION="$current_component"
+
+ # Unconditionally create a seedfile that's sufficiently long.
+ # Do this before each component, because a previous component may
+ # have messed it up or shortened it.
+ local dd_cmd
+ dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
+ case $OSTYPE in
+ linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
+ esac
+ "${dd_cmd[@]}"
+
+ if [ -d tf-psa-crypto ]; then
+ dd_cmd=(dd if=/dev/urandom of=./tf-psa-crypto/tests/seedfile bs=64 count=1)
+ case $OSTYPE in
+ linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
+ esac
+ "${dd_cmd[@]}"
+ fi
+
+ # Run the component in a subshell, with error trapping and output
+ # redirection set up based on the relevant options.
+ if [ $KEEP_GOING -eq 1 ]; then
+ # We want to keep running if the subshell fails, so 'set -e' must
+ # be off when the subshell runs.
+ set +e
+ fi
+ (
+ if [ $QUIET -eq 1 ]; then
+ # msg() will be silenced, so just print the component name here.
+ echo "${current_component#component_}"
+ exec >/dev/null
+ fi
+ if [ $KEEP_GOING -eq 1 ]; then
+ # Keep "set -e" off, and run an ERR trap instead to record failures.
+ set -E
+ trap err_trap ERR
+ fi
+ # The next line is what runs the component
+ "$@"
+ if [ $KEEP_GOING -eq 1 ]; then
+ trap - ERR
+ exit $last_failure_status
+ fi
+ )
+ component_status=$?
+ if [ $KEEP_GOING -eq 1 ]; then
+ set -e
+ if [ $component_status -ne 0 ]; then
+ failure_count=$((failure_count + 1))
+ fi
+ fi
+
+ # Restore the build tree to a clean state.
+ cleanup
+ unset current_component
+}
+
+################################################################
+#### Main
+################################################################
+
+main () {
+ # Preliminary setup
+ pre_set_shell_options
+ pre_set_signal_handlers
+ pre_check_environment
+ pre_load_helpers
+ pre_load_components
+ pre_initialize_variables
+ pre_parse_command_line "$@"
+
+ setup_quiet_wrappers
+ pre_check_git
+ pre_restore_files
+ pre_back_up
+
+ build_status=0
+ if [ $KEEP_GOING -eq 1 ]; then
+ pre_setup_keep_going
+ fi
+ pre_prepare_outcome_file
+ pre_print_configuration
+ pre_check_tools
+ cleanup
+ if in_mbedtls_repo; then
+ pre_generate_files
+ fi
+
+ # Run the requested tests.
+ for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
+ run_component pseudo_component_error_test
+ done
+ unset error_test_i
+ for component in $RUN_COMPONENTS; do
+ run_component "component_$component"
+ done
+
+ # We're done.
+ post_report
+}
diff --git a/tests/scripts/all-helpers.sh b/tests/scripts/all-helpers.sh
new file mode 100644
index 0000000..0e97f39
--- /dev/null
+++ b/tests/scripts/all-helpers.sh
@@ -0,0 +1,267 @@
+# all-helpers.sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+# This file contains helpers for test components that are executed by all.sh.
+# See "Files structure" in all-core.sh for other files used by all.sh.
+#
+# This file is the right place for helpers:
+# - that are used by more than one component living in more than one file;
+# - or (inclusive) that we want to share accross repos or branches.
+#
+# Helpers that are used in a single component file that is
+# repo&branch-specific can be defined in the file where they are used.
+
+################################################################
+#### Helpers for components using libtestdriver1
+################################################################
+
+# How to use libtestdriver1
+# -------------------------
+#
+# 1. Define the list algorithms and key types to accelerate,
+# designated the same way as PSA_WANT_ macros but without PSA_WANT_.
+# Examples:
+# - loc_accel_list="ALG_JPAKE"
+# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
+# 2. Make configurations changes for the driver and/or main libraries.
+# 2a. Call helper_libtestdriver1_adjust_config <base>, where the argument
+# can be either "default" to start with the default config, or a name
+# supported by scripts/config.py (for example, "full"). This selects
+# the base to use, and makes common adjustments.
+# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h.
+# These changes affect both the driver and the main libraries.
+# (Note: they need to have the same set of PSA_WANT symbols, as that
+# determines the ABI between them.)
+# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the
+# main libraries. Typically, you want to disable the module(s) that are
+# being accelerated. You may need to also disable modules that depend
+# on them or options that are not supported with drivers.
+# 2d. On top of psa/crypto_config.h, the driver library uses its own config
+# file: tests/include/test/drivers/config_test_driver.h. You usually
+# don't need to edit it: using loc_extra_list (see below) is preferred.
+# However, when there's no PSA symbol for what you want to enable,
+# calling scripts/config.py on this file remains the only option.
+# 3. Build the driver library, then the main libraries, test, and programs.
+# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may
+# need to enable more algorithms here, typically hash algorithms when
+# accelerating some signature algorithms (ECDSA, RSAv2). This is done
+# by passing a 2nd argument listing the extra algorithms.
+# Example:
+# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
+# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
+# additional arguments will be passed to make: this can be useful if
+# you don't want to build everything when iterating during development.
+# Example:
+# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
+# 4. Run the tests you want.
+
+# Adjust the configuration - for both libtestdriver1 and main library,
+# as they should have the same PSA_WANT macros.
+helper_libtestdriver1_adjust_config() {
+ base_config=$1
+ # Select the base configuration
+ if [ "$base_config" != "default" ]; then
+ scripts/config.py "$base_config"
+ fi
+
+ # Enable PSA-based config (necessary to use drivers)
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+
+ # Dynamic secure element support is a deprecated feature and needs to be disabled here.
+ # This is done to have the same form of psa_key_attributes_s for libdriver and library.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+
+ # If threading is enabled on the normal build, then we need to enable it in the drivers as well,
+ # otherwise we will end up running multithreaded tests without mutexes to protect them.
+ if scripts/config.py get MBEDTLS_THREADING_C; then
+ scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
+ fi
+
+ if scripts/config.py get MBEDTLS_THREADING_PTHREAD; then
+ scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
+ fi
+}
+
+# Build the drivers library libtestdriver1.a (with ASan).
+#
+# Parameters:
+# 1. a space-separated list of things to accelerate;
+# 2. optional: a space-separate list of things to also support.
+# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
+helper_libtestdriver1_make_drivers() {
+ loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+}
+
+# Build the main libraries, programs and tests,
+# linking to the drivers library (with ASan).
+#
+# Parameters:
+# 1. a space-separated list of things to accelerate;
+# *. remaining arguments if any are passed directly to make
+# (examples: lib, -C tests test_suite_xxx, etc.)
+# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
+helper_libtestdriver1_make_main() {
+ loc_accel_list=$1
+ shift
+
+ # we need flags both with and without the LIBTESTDRIVER1_ prefix
+ loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
+}
+
+################################################################
+#### Helpers for components using psasim
+################################################################
+
+# Set some default values $CONFIG_H in order to build server or client sides
+# in PSASIM. There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_config() {
+ TARGET=$1
+
+ if [ "$TARGET" == "client" ]; then
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ # Dynamic secure element support is a deprecated feature and it is not
+ # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ # Disable potentially problematic features
+ scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ else
+ scripts/config.py crypto_full
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ # We need to match the client with MBEDTLS_PSA_CRYPTO_SE_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ # Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client)
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ fi
+}
+
+# This is a helper function to be used in psasim builds. It is meant to clean
+# up the library's workspace after the server build and before the client
+# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be
+# already copied to psasim folder at this point.
+helper_psasim_cleanup_before_client() {
+ # Clean up library files
+ make -C library clean
+
+ # Restore files that were backup before building library files. This
+ # includes $CONFIG_H and $CRYPTO_CONFIG_H.
+ restore_backed_up_files
+}
+
+# Helper to build the libraries for client/server in PSASIM. If the server is
+# being built, then it builds also the final executable.
+# There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_build() {
+ TARGET=$1
+ shift
+ TARGET_LIB=${TARGET}_libs
+
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
+
+ # Build also the server application after its libraries have been built.
+ if [ "$TARGET" == "server" ]; then
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server
+ fi
+}
+
+################################################################
+#### Configuration helpers
+################################################################
+
+# When called with no parameter this function disables all builtin curves.
+# The function optionally accepts 1 parameter: a space-separated list of the
+# curves that should be kept enabled.
+helper_disable_builtin_curves() {
+ allowed_list="${1:-}"
+ scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
+
+ for curve in $allowed_list; do
+ scripts/config.py set $curve
+ done
+}
+
+# Helper returning the list of supported elliptic curves from CRYPTO_CONFIG_H,
+# without the "PSA_WANT_" prefix. This becomes handy for accelerating curves
+# in the following helpers.
+helper_get_psa_curve_list () {
+ loc_list=""
+ for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ loc_list="$loc_list $item"
+ done
+
+ echo "$loc_list"
+}
+
+# Helper returning the list of supported DH groups from CRYPTO_CONFIG_H,
+# without the "PSA_WANT_" prefix. This becomes handy for accelerating DH groups
+# in the following helpers.
+helper_get_psa_dh_group_list () {
+ loc_list=""
+ for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ loc_list="$loc_list $item"
+ done
+
+ echo "$loc_list"
+}
+
+# Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
+# is useful to easily get a list of key type symbols to accelerate.
+# The function accepts a single argument which is the key type: ECC, DH, RSA.
+helper_get_psa_key_type_list() {
+ key_type="$1"
+ loc_list=""
+ for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
+ # Skip DERIVE for elliptic keys since there is no driver dispatch for
+ # it so it cannot be accelerated.
+ if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
+ loc_list="$loc_list $item"
+ fi
+ done
+
+ echo "$loc_list"
+}
+
+################################################################
+#### Misc. helpers for components
+################################################################
+
+helper_armc6_build_test()
+{
+ FLAGS="$1"
+
+ msg "build: ARM Compiler 6 ($FLAGS)"
+ make clean
+ ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
+ WARNING_CFLAGS='-Werror -xc -std=c99' make lib
+
+ msg "size: ARM Compiler 6 ($FLAGS)"
+ "$ARMC6_FROMELF" -z library/*.o
+ if [ -n "${PSA_CORE_PATH}" ]; then
+ "$ARMC6_FROMELF" -z ${PSA_CORE_PATH}/*.o
+ fi
+ if [ -n "${BUILTIN_SRC_PATH}" ]; then
+ "$ARMC6_FROMELF" -z ${BUILTIN_SRC_PATH}/*.o
+ fi
+}
+
+clang_version() {
+ if command -v clang > /dev/null ; then
+ clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
+ else
+ echo 0 # report version 0 for "no clang"
+ fi
+}
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index db8d637..6708de1 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -5,1231 +5,11 @@
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+# This file is executable; it is the entry point for users and the CI.
+# See "Files structure" in all-core.sh for other files used.
-
-################################################################
-#### Documentation
-################################################################
-
-# Purpose
-# -------
-#
-# To run all tests possible or available on the platform.
-#
-# Notes for users
-# ---------------
-#
-# Warning: the test is destructive. It includes various build modes and
-# configurations, and can and will arbitrarily change the current CMake
-# configuration. The following files must be committed into git:
-# * include/mbedtls/mbedtls_config.h
-# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
-# programs/fuzz/Makefile
-# After running this script, the CMake cache will be lost and CMake
-# will no longer be initialised.
-#
-# The script assumes the presence of a number of tools:
-# * Basic Unix tools (Windows users note: a Unix-style find must be before
-# the Windows find in the PATH)
-# * Perl
-# * GNU Make
-# * CMake
-# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
-# * G++
-# * arm-gcc and mingw-gcc
-# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
-# * OpenSSL and GnuTLS command line tools, in suitable versions for the
-# interoperability tests. The following are the official versions at the
-# time of writing:
-# * GNUTLS_{CLI,SERV} = 3.4.10
-# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
-# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
-# * OPENSSL_NEXT = 3.1.2
-# See the invocation of check_tools below for details.
-#
-# This script must be invoked from the toplevel directory of a git
-# working copy of Mbed TLS.
-#
-# The behavior on an error depends on whether --keep-going (alias -k)
-# is in effect.
-# * Without --keep-going: the script stops on the first error without
-# cleaning up. This lets you work in the configuration of the failing
-# component.
-# * With --keep-going: the script runs all requested components and
-# reports failures at the end. In particular the script always cleans
-# up on exit.
-#
-# Note that the output is not saved. You may want to run
-# script -c tests/scripts/all.sh
-# or
-# tests/scripts/all.sh >all.log 2>&1
-#
-# Notes for maintainers
-# ---------------------
-#
-# The bulk of the code is organized into functions that follow one of the
-# following naming conventions:
-# * pre_XXX: things to do before running the tests, in order.
-# * component_XXX: independent components. They can be run in any order.
-# * component_check_XXX: quick tests that aren't worth parallelizing.
-# * component_build_XXX: build things but don't run them.
-# * component_test_XXX: build and test.
-# * component_release_XXX: tests that the CI should skip during PR testing.
-# * support_XXX: if support_XXX exists and returns false then
-# component_XXX is not run by default.
-# * post_XXX: things to do after running the tests.
-# * other: miscellaneous support functions.
-#
-# Each component must start by invoking `msg` with a short informative message.
-#
-# Warning: due to the way bash detects errors, the failure of a command
-# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
-#
-# Each component is executed in a separate shell process. The component
-# fails if any command in it returns a non-zero status.
-#
-# The framework performs some cleanup tasks after each component. This
-# means that components can assume that the working directory is in a
-# cleaned-up state, and don't need to perform the cleanup themselves.
-# * Run `make clean`.
-# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
-# the component.
-# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
-# `tests/Makefile` and `programs/fuzz/Makefile` from git.
-# This cleans up after an in-tree use of CMake.
-#
-# The tests are roughly in order from fastest to slowest. This doesn't
-# have to be exact, but in general you should add slower tests towards
-# the end and fast checks near the beginning.
-
-
-
-################################################################
-#### Initialization and command line parsing
-################################################################
-
-# Abort on errors (even on the left-hand side of a pipe).
-# Treat uninitialised variables as errors.
-set -e -o pipefail -u
-
-# Enable ksh/bash extended file matching patterns
-shopt -s extglob
-
-# For project detection
-in_mbedtls_repo () {
- test "$PROJECT_NAME" = "Mbed TLS"
-}
-
-in_tf_psa_crypto_repo () {
- test "$PROJECT_NAME" = "TF-PSA-Crypto"
-}
-
-pre_check_environment () {
- # For project detection
- PROJECT_NAME_FILE='./scripts/project_name.txt'
- if read -r PROJECT_NAME < "$PROJECT_NAME_FILE"; then :; else
- echo "$PROJECT_NAME_FILE does not exist... Exiting..." >&2
- exit 1
- fi
-
- if in_mbedtls_repo || in_tf_psa_crypto_repo; then :; else
- echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
- exit 1
- fi
-}
-
-pre_initialize_variables () {
- if in_mbedtls_repo; then
- CONFIG_H='include/mbedtls/mbedtls_config.h'
- if [ -d tf-psa-crypto ]; then
- CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
- PSA_CORE_PATH='tf-psa-crypto/core'
- BUILTIN_SRC_PATH='tf-psa-crypto/drivers/builtin/src'
- else
- CRYPTO_CONFIG_H='include/psa/crypto_config.h'
- fi
- else
- CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
- CRYPTO_CONFIG_H='include/psa/crypto_config.h'
- PSA_CORE_PATH='core'
- BUILTIN_SRC_PATH='drivers/builtin/src'
- fi
- CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
-
- # Files that are clobbered by some jobs will be backed up. Use a different
- # suffix from auxiliary scripts so that all.sh and auxiliary scripts can
- # independently decide when to remove the backup file.
- backup_suffix='.all.bak'
- # Files clobbered by config.py
- files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
- if in_mbedtls_repo; then
- # Files clobbered by in-tree cmake
- files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
- fi
-
- append_outcome=0
- MEMORY=0
- FORCE=0
- QUIET=0
- KEEP_GOING=0
-
- # Seed value used with the --release-test option.
- #
- # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
- # both values are kept in sync. If you change the value here because it
- # breaks some tests, you'll definitely want to change it in
- # basic-build-test.sh as well.
- RELEASE_SEED=1
-
- # Specify character collation for regular expressions and sorting with C locale
- export LC_COLLATE=C
-
- : ${MBEDTLS_TEST_OUTCOME_FILE=}
- : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
- export MBEDTLS_TEST_OUTCOME_FILE
- export MBEDTLS_TEST_PLATFORM
-
- # Default commands, can be overridden by the environment
- : ${OPENSSL:="openssl"}
- : ${OPENSSL_NEXT:="$OPENSSL"}
- : ${GNUTLS_CLI:="gnutls-cli"}
- : ${GNUTLS_SERV:="gnutls-serv"}
- : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
- : ${ARMC5_BIN_DIR:=/usr/bin}
- : ${ARMC6_BIN_DIR:=/usr/bin}
- : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
- : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
- : ${CLANG_LATEST:="clang-latest"}
- : ${CLANG_EARLIEST:="clang-earliest"}
- : ${GCC_LATEST:="gcc-latest"}
- : ${GCC_EARLIEST:="gcc-earliest"}
- # if MAKEFLAGS is not set add the -j option to speed up invocations of make
- if [ -z "${MAKEFLAGS+set}" ]; then
- export MAKEFLAGS="-j$(all_sh_nproc)"
- fi
- # if CC is not set, use clang by default (if present) to improve build times
- if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then
- export CC="clang"
- fi
-
- if [ -n "${OPENSSL_3+set}" ]; then
- export OPENSSL_NEXT="$OPENSSL_3"
- fi
-
- # Include more verbose output for failing tests run by CMake or make
- export CTEST_OUTPUT_ON_FAILURE=1
-
- # CFLAGS and LDFLAGS for Asan builds that don't use CMake
- # default to -O2, use -Ox _after_ this if you want another level
- ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
- # Normally, tests should use this compiler for ASAN testing
- ASAN_CC=clang
-
- # Platform tests have an allocation that returns null
- export ASAN_OPTIONS="allocator_may_return_null=1"
- export MSAN_OPTIONS="allocator_may_return_null=1"
-
- # Gather the list of available components. These are the functions
- # defined in this script whose name starts with "component_".
- ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
-
- PSASIM_PATH='tests/psa-client-server/psasim/'
-
- # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
- # the commands set by the environment
-}
-
-setup_quiet_wrappers()
-{
- # Pick up "quiet" wrappers for make and cmake, which don't output very much
- # unless there is an error. This reduces logging overhead in the CI.
- #
- # Note that the cmake wrapper breaks unless we use an absolute path here.
- if [[ -e ${PWD}/tests/scripts/quiet ]]; then
- export PATH=${PWD}/tests/scripts/quiet:$PATH
- fi
-}
-
-# Test whether the component $1 is included in the command line patterns.
-is_component_included()
-{
- # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
- # only does word splitting.
- set -f
- for pattern in $COMMAND_LINE_COMPONENTS; do
- set +f
- case ${1#component_} in $pattern) return 0;; esac
- done
- set +f
- return 1
-}
-
-usage()
-{
- cat <<EOF
-Usage: $0 [OPTION]... [COMPONENT]...
-Run mbedtls release validation tests.
-By default, run all tests. With one or more COMPONENT, run only those.
-COMPONENT can be the name of a component or a shell wildcard pattern.
-
-Examples:
- $0 "check_*"
- Run all sanity checks.
- $0 --no-armcc --except test_memsan
- Run everything except builds that require armcc and MemSan.
-
-Special options:
- -h|--help Print this help and exit.
- --list-all-components List all available test components and exit.
- --list-components List components supported on this platform and exit.
-
-General options:
- -q|--quiet Only output component names, and errors if any.
- -f|--force Force the tests to overwrite any modified files.
- -k|--keep-going Run all tests and report errors at the end.
- -m|--memory Additional optional memory tests.
- --append-outcome Append to the outcome file (if used).
- --arm-none-eabi-gcc-prefix=<string>
- Prefix for a cross-compiler for arm-none-eabi
- (default: "${ARM_NONE_EABI_GCC_PREFIX}")
- --arm-linux-gnueabi-gcc-prefix=<string>
- Prefix for a cross-compiler for arm-linux-gnueabi
- (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
- --armcc Run ARM Compiler builds (on by default).
- --restore First clean up the build tree, restoring backed up
- files. Do not run any components unless they are
- explicitly specified.
- --error-test Error test mode: run a failing function in addition
- to any specified component. May be repeated.
- --except Exclude the COMPONENTs listed on the command line,
- instead of running only those.
- --no-append-outcome Write a new outcome file and analyze it (default).
- --no-armcc Skip ARM Compiler builds.
- --no-force Refuse to overwrite modified files (default).
- --no-keep-going Stop at the first error (default).
- --no-memory No additional memory tests (default).
- --no-quiet Print full output from components.
- --out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
- --outcome-file=<path> File where test outcomes are written (not done if
- empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
- --random-seed Use a random seed value for randomized tests (default).
- -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
- -s|--seed Integer seed value to use for this test run.
-
-Tool path options:
- --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
- --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
- --clang-earliest=<Clang_earliest_path> Earliest version of clang available
- --clang-latest=<Clang_latest_path> Latest version of clang available
- --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
- --gcc-latest=<GCC_latest_path> Latest version of GCC available
- --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
- --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
- --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
- --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
-EOF
-}
-
-# Cleanup before/after running a component.
-# Remove built files as well as the cmake cache/config.
-# Does not remove generated source files.
-cleanup()
-{
- if in_mbedtls_repo; then
- command make clean
- fi
-
- # Remove CMake artefacts
- find . -name .git -prune -o \
- -iname CMakeFiles -exec rm -rf {} \+ -o \
- \( -iname cmake_install.cmake -o \
- -iname CTestTestfile.cmake -o \
- -iname CMakeCache.txt -o \
- -path './cmake/*.cmake' \) -exec rm -f {} \+
- # Remove Makefiles generated by in-tree CMake builds
- rm -f pkgconfig/Makefile framework/Makefile
- rm -f include/Makefile programs/!(fuzz)/Makefile
- rm -f tf-psa-crypto/Makefile tf-psa-crypto/include/Makefile
- rm -f tf-psa-crypto/core/Makefile tf-psa-crypto/drivers/Makefile
- rm -f tf-psa-crypto/tests/Makefile
- rm -f tf-psa-crypto/drivers/everest/Makefile
- rm -f tf-psa-crypto/drivers/p256-m/Makefile
- rm -f tf-psa-crypto/drivers/builtin/Makefile
- rm -f tf-psa-crypto/drivers/builtin/src/Makefile
-
- # Remove any artifacts from the component_test_cmake_as_subdirectory test.
- rm -rf programs/test/cmake_subproject/build
- rm -f programs/test/cmake_subproject/Makefile
- rm -f programs/test/cmake_subproject/cmake_subproject
-
- # Remove any artifacts from the component_test_cmake_as_package test.
- rm -rf programs/test/cmake_package/build
- rm -f programs/test/cmake_package/Makefile
- rm -f programs/test/cmake_package/cmake_package
-
- # Remove any artifacts from the component_test_cmake_as_installed_package test.
- rm -rf programs/test/cmake_package_install/build
- rm -f programs/test/cmake_package_install/Makefile
- rm -f programs/test/cmake_package_install/cmake_package_install
-
- # Restore files that may have been clobbered by the job
- for x in $files_to_back_up; do
- if [[ -e "$x$backup_suffix" ]]; then
- cp -p "$x$backup_suffix" "$x"
- fi
- done
-}
-
-# This is a helper function to be used in psasim builds. It is meant to clean
-# up the library's workspace after the server build and before the client
-# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be
-# already copied to psasim folder at this point.
-helper_psasim_cleanup_before_client() {
- # Clean up library files
- make -C library clean
-
- # Restore files that were backup before building library files. This
- # includes $CONFIG_H and $CRYPTO_CONFIG_H.
- for x in $files_to_back_up; do
- if [[ -e "$x$backup_suffix" ]]; then
- cp -p "$x$backup_suffix" "$x"
- fi
- done
-}
-
-# Final cleanup when this script exits (except when exiting on a failure
-# in non-keep-going mode).
-final_cleanup () {
- cleanup
-
- for x in $files_to_back_up; do
- rm -f "$x$backup_suffix"
- done
-}
-
-# Executed on exit. May be redefined depending on command line options.
-final_report () {
- :
-}
-
-fatal_signal () {
- final_cleanup
- final_report $1
- trap - $1
- kill -$1 $$
-}
-
-trap 'fatal_signal HUP' HUP
-trap 'fatal_signal INT' INT
-trap 'fatal_signal TERM' TERM
-
-# Number of processors on this machine. Used as the default setting
-# for parallel make.
-all_sh_nproc ()
-{
- {
- nproc || # Linux
- sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
- sysctl -n hw.ncpu || # FreeBSD
- echo 1
- } 2>/dev/null
-}
-
-msg()
-{
- if [ -n "${current_component:-}" ]; then
- current_section="${current_component#component_}: $1"
- else
- current_section="$1"
- fi
-
- if [ $QUIET -eq 1 ]; then
- return
- fi
-
- echo ""
- echo "******************************************************************"
- echo "* $current_section "
- printf "* "; date
- echo "******************************************************************"
-}
-
-armc6_build_test()
-{
- FLAGS="$1"
-
- msg "build: ARM Compiler 6 ($FLAGS)"
- make clean
- ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
- WARNING_CFLAGS='-Werror -xc -std=c99' make lib
-
- msg "size: ARM Compiler 6 ($FLAGS)"
- "$ARMC6_FROMELF" -z library/*.o
- if [ -n ${PSA_CORE_PATH} ]; then
- "$ARMC6_FROMELF" -z ${PSA_CORE_PATH}/*.o
- fi
- if [ -n ${BUILTIN_SRC_PATH} ]; then
- "$ARMC6_FROMELF" -z ${BUILTIN_SRC_PATH}/*.o
- fi
-}
-
-err_msg()
-{
- echo "$1" >&2
-}
-
-check_tools()
-{
- for tool in "$@"; do
- if ! `type "$tool" >/dev/null 2>&1`; then
- err_msg "$tool not found!"
- exit 1
- fi
- done
-}
-
-pre_parse_command_line () {
- COMMAND_LINE_COMPONENTS=
- all_except=0
- error_test=0
- list_components=0
- restore_first=0
- no_armcc=
-
- # Note that legacy options are ignored instead of being omitted from this
- # list of options, so invocations that worked with previous version of
- # all.sh will still run and work properly.
- while [ $# -gt 0 ]; do
- case "$1" in
- --append-outcome) append_outcome=1;;
- --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
- --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
- --armcc) no_armcc=;;
- --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
- --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
- --clang-earliest) shift; CLANG_EARLIEST="$1";;
- --clang-latest) shift; CLANG_LATEST="$1";;
- --error-test) error_test=$((error_test + 1));;
- --except) all_except=1;;
- --force|-f) FORCE=1;;
- --gcc-earliest) shift; GCC_EARLIEST="$1";;
- --gcc-latest) shift; GCC_LATEST="$1";;
- --gnutls-cli) shift; GNUTLS_CLI="$1";;
- --gnutls-legacy-cli) shift;; # ignored for backward compatibility
- --gnutls-legacy-serv) shift;; # ignored for backward compatibility
- --gnutls-serv) shift; GNUTLS_SERV="$1";;
- --help|-h) usage; exit;;
- --keep-going|-k) KEEP_GOING=1;;
- --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
- --list-components) list_components=1;;
- --memory|-m) MEMORY=1;;
- --no-append-outcome) append_outcome=0;;
- --no-armcc) no_armcc=1;;
- --no-force) FORCE=0;;
- --no-keep-going) KEEP_GOING=0;;
- --no-memory) MEMORY=0;;
- --no-quiet) QUIET=0;;
- --openssl) shift; OPENSSL="$1";;
- --openssl-next) shift; OPENSSL_NEXT="$1";;
- --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
- --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
- --quiet|-q) QUIET=1;;
- --random-seed) unset SEED;;
- --release-test|-r) SEED=$RELEASE_SEED;;
- --restore) restore_first=1;;
- --seed|-s) shift; SEED="$1";;
- -*)
- echo >&2 "Unknown option: $1"
- echo >&2 "Run $0 --help for usage."
- exit 120
- ;;
- *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
- esac
- shift
- done
-
- # Exclude components that are not supported on this platform.
- SUPPORTED_COMPONENTS=
- for component in $ALL_COMPONENTS; do
- case $(type "support_$component" 2>&1) in
- *' function'*)
- if ! support_$component; then continue; fi;;
- esac
- SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
- done
-
- if [ $list_components -eq 1 ]; then
- printf '%s\n' $SUPPORTED_COMPONENTS
- exit
- fi
-
- # With no list of components, run everything.
- if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
- all_except=1
- fi
-
- # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
- # Ignore it if components are listed explicitly on the command line.
- if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
- COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
- fi
-
- # Error out if an explicitly requested component doesn't exist.
- if [ $all_except -eq 0 ]; then
- unsupported=0
- # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
- # only does word splitting.
- set -f
- for component in $COMMAND_LINE_COMPONENTS; do
- set +f
- # If the requested name includes a wildcard character, don't
- # check it. Accept wildcard patterns that don't match anything.
- case $component in
- *[*?\[]*) continue;;
- esac
- case " $SUPPORTED_COMPONENTS " in
- *" $component "*) :;;
- *)
- echo >&2 "Component $component was explicitly requested, but is not known or not supported."
- unsupported=$((unsupported + 1));;
- esac
- done
- set +f
- if [ $unsupported -ne 0 ]; then
- exit 2
- fi
- fi
-
- # Build the list of components to run.
- RUN_COMPONENTS=
- for component in $SUPPORTED_COMPONENTS; do
- if is_component_included "$component"; [ $? -eq $all_except ]; then
- RUN_COMPONENTS="$RUN_COMPONENTS $component"
- fi
- done
-
- unset all_except
- unset no_armcc
-}
-
-pre_check_git () {
- if [ $FORCE -eq 1 ]; then
- rm -rf "$OUT_OF_SOURCE_DIR"
- git checkout-index -f -q $CONFIG_H
- cleanup
- else
-
- if [ -d "$OUT_OF_SOURCE_DIR" ]; then
- echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
- echo "You can either delete this directory manually, or force the test by rerunning"
- echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
- exit 1
- fi
-
- if ! git diff --quiet "$CONFIG_H"; then
- err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
- echo "You can either delete or preserve your work, or force the test by rerunning the"
- echo "script as: $0 --force"
- exit 1
- fi
- fi
-}
-
-pre_restore_files () {
- # If the makefiles have been generated by a framework such as cmake,
- # restore them from git. If the makefiles look like modifications from
- # the ones checked into git, take care not to modify them. Whatever
- # this function leaves behind is what the script will restore before
- # each component.
- case "$(head -n1 Makefile)" in
- *[Gg]enerated*)
- git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
- git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
- ;;
- esac
-}
-
-pre_back_up () {
- for x in $files_to_back_up; do
- cp -p "$x" "$x$backup_suffix"
- done
-}
-
-pre_setup_keep_going () {
- failure_count=0 # Number of failed components
- last_failure_status=0 # Last failure status in this component
-
- # See err_trap
- previous_failure_status=0
- previous_failed_command=
- previous_failure_funcall_depth=0
- unset report_failed_command
-
- start_red=
- end_color=
- if [ -t 1 ]; then
- case "${TERM:-}" in
- *color*|cygwin|linux|rxvt*|screen|[Eex]term*)
- start_red=$(printf '\033[31m')
- end_color=$(printf '\033[0m')
- ;;
- esac
- fi
-
- # Keep a summary of failures in a file. We'll print it out at the end.
- failure_summary_file=$PWD/all-sh-failures-$$.log
- : >"$failure_summary_file"
-
- # Whether it makes sense to keep a component going after the specified
- # command fails (test command) or not (configure or build).
- # This function normally receives the failing simple command
- # ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
- # this is passed instead.
- # This doesn't have to be 100% accurate: all failures are recorded anyway.
- # False positives result in running things that can't be expected to
- # work. False negatives result in things not running after something else
- # failed even though they might have given useful feedback.
- can_keep_going_after_failure () {
- case "$1" in
- "msg "*) false;;
- "cd "*) false;;
- "diff "*) true;;
- *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
- *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
- *make*check*) true;;
- "grep "*) true;;
- "[ "*) true;;
- "! "*) true;;
- *) false;;
- esac
- }
-
- # This function runs if there is any error in a component.
- # It must either exit with a nonzero status, or set
- # last_failure_status to a nonzero value.
- err_trap () {
- # Save $? (status of the failing command). This must be the very
- # first thing, before $? is overridden.
- last_failure_status=$?
- failed_command=${report_failed_command-$BASH_COMMAND}
-
- if [[ $last_failure_status -eq $previous_failure_status &&
- "$failed_command" == "$previous_failed_command" &&
- ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
- then
- # The same command failed twice in a row, but this time one level
- # less deep in the function call stack. This happens when the last
- # command of a function returns a nonzero status, and the function
- # returns that same status. Ignore the second failure.
- previous_failure_funcall_depth=${#FUNCNAME[@]}
- return
- fi
- previous_failure_status=$last_failure_status
- previous_failed_command=$failed_command
- previous_failure_funcall_depth=${#FUNCNAME[@]}
-
- text="$current_section: $failed_command -> $last_failure_status"
- echo "${start_red}^^^^$text^^^^${end_color}" >&2
- echo "$text" >>"$failure_summary_file"
-
- # If the command is fatal (configure or build command), stop this
- # component. Otherwise (test command) keep the component running
- # (run more tests from the same build).
- if ! can_keep_going_after_failure "$failed_command"; then
- exit $last_failure_status
- fi
- }
-
- final_report () {
- if [ $failure_count -gt 0 ]; then
- echo
- echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
- echo "${start_red}FAILED: $failure_count components${end_color}"
- cat "$failure_summary_file"
- echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
- elif [ -z "${1-}" ]; then
- echo "SUCCESS :)"
- fi
- if [ -n "${1-}" ]; then
- echo "Killed by SIG$1."
- fi
- rm -f "$failure_summary_file"
- if [ $failure_count -gt 0 ]; then
- exit 1
- fi
- }
-}
-
-# record_status() and if_build_succeeded() are kept temporarily for backward
-# compatibility. Don't use them in new components.
-record_status () {
- "$@"
-}
-if_build_succeeded () {
- "$@"
-}
-
-# '! true' does not trigger the ERR trap. Arrange to trigger it, with
-# a reasonably informative error message (not just "$@").
-not () {
- if "$@"; then
- report_failed_command="! $*"
- false
- unset report_failed_command
- fi
-}
-
-pre_prepare_outcome_file () {
- case "$MBEDTLS_TEST_OUTCOME_FILE" in
- [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
- esac
- if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
- rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
- fi
-}
-
-pre_print_configuration () {
- if [ $QUIET -eq 1 ]; then
- return
- fi
-
- msg "info: $0 configuration"
- echo "MEMORY: $MEMORY"
- echo "FORCE: $FORCE"
- echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
- echo "SEED: ${SEED-"UNSET"}"
- echo
- echo "OPENSSL: $OPENSSL"
- echo "OPENSSL_NEXT: $OPENSSL_NEXT"
- echo "GNUTLS_CLI: $GNUTLS_CLI"
- echo "GNUTLS_SERV: $GNUTLS_SERV"
- echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
- echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
-}
-
-# Make sure the tools we need are available.
-pre_check_tools () {
- # Build the list of variables to pass to output_env.sh.
- set env
-
- case " $RUN_COMPONENTS " in
- # Require OpenSSL and GnuTLS if running any tests (as opposed to
- # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
- # is a good enough approximation in practice.
- *" test_"* | *" release_test_"*)
- # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
- # and ssl-opt.sh, we just export the variables they require.
- export OPENSSL="$OPENSSL"
- export GNUTLS_CLI="$GNUTLS_CLI"
- export GNUTLS_SERV="$GNUTLS_SERV"
- # Avoid passing --seed flag in every call to ssl-opt.sh
- if [ -n "${SEED-}" ]; then
- export SEED
- fi
- set "$@" OPENSSL="$OPENSSL"
- set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
- check_tools "$OPENSSL" "$OPENSSL_NEXT" \
- "$GNUTLS_CLI" "$GNUTLS_SERV"
- ;;
- esac
-
- case " $RUN_COMPONENTS " in
- *_doxygen[_\ ]*) check_tools "doxygen" "dot";;
- esac
-
- case " $RUN_COMPONENTS " in
- *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
- esac
-
- case " $RUN_COMPONENTS " in
- *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
- esac
-
- case " $RUN_COMPONENTS " in
- *" test_zeroize "*) check_tools "gdb";;
- esac
-
- case " $RUN_COMPONENTS " in
- *_armcc*)
- ARMC5_CC="$ARMC5_BIN_DIR/armcc"
- ARMC5_AR="$ARMC5_BIN_DIR/armar"
- ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
- ARMC6_CC="$ARMC6_BIN_DIR/armclang"
- ARMC6_AR="$ARMC6_BIN_DIR/armar"
- ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
- check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
- "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
- esac
-
- # past this point, no call to check_tool, only printing output
- if [ $QUIET -eq 1 ]; then
- return
- fi
-
- msg "info: output_env.sh"
- case $RUN_COMPONENTS in
- *_armcc*)
- set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
- *) set "$@" RUN_ARMCC=0;;
- esac
- "$@" scripts/output_env.sh
-}
-
-pre_generate_files() {
- # since make doesn't have proper dependencies, remove any possibly outdate
- # file that might be around before generating fresh ones
- make neat
- if [ $QUIET -eq 1 ]; then
- make generated_files >/dev/null
- else
- make generated_files
- fi
-}
-
-clang_version() {
- if command -v clang > /dev/null ; then
- clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
- else
- echo 0 # report version 0 for "no clang"
- fi
-}
-
-################################################################
-#### Helpers for components using libtestdriver1
-################################################################
-
-# How to use libtestdriver1
-# -------------------------
-#
-# 1. Define the list algorithms and key types to accelerate,
-# designated the same way as PSA_WANT_ macros but without PSA_WANT_.
-# Examples:
-# - loc_accel_list="ALG_JPAKE"
-# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
-# 2. Make configurations changes for the driver and/or main libraries.
-# 2a. Call helper_libtestdriver1_adjust_config <base>, where the argument
-# can be either "default" to start with the default config, or a name
-# supported by scripts/config.py (for example, "full"). This selects
-# the base to use, and makes common adjustments.
-# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h.
-# These changes affect both the driver and the main libraries.
-# (Note: they need to have the same set of PSA_WANT symbols, as that
-# determines the ABI between them.)
-# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the
-# main libraries. Typically, you want to disable the module(s) that are
-# being accelerated. You may need to also disable modules that depend
-# on them or options that are not supported with drivers.
-# 2d. On top of psa/crypto_config.h, the driver library uses its own config
-# file: tests/include/test/drivers/config_test_driver.h. You usually
-# don't need to edit it: using loc_extra_list (see below) is preferred.
-# However, when there's no PSA symbol for what you want to enable,
-# calling scripts/config.py on this file remains the only option.
-# 3. Build the driver library, then the main libraries, test, and programs.
-# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may
-# need to enable more algorithms here, typically hash algorithms when
-# accelerating some signature algorithms (ECDSA, RSAv2). This is done
-# by passing a 2nd argument listing the extra algorithms.
-# Example:
-# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
-# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
-# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
-# additional arguments will be passed to make: this can be useful if
-# you don't want to build everything when iterating during development.
-# Example:
-# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
-# 4. Run the tests you want.
-
-# Adjust the configuration - for both libtestdriver1 and main library,
-# as they should have the same PSA_WANT macros.
-helper_libtestdriver1_adjust_config() {
- base_config=$1
- # Select the base configuration
- if [ "$base_config" != "default" ]; then
- scripts/config.py "$base_config"
- fi
-
- # Enable PSA-based config (necessary to use drivers)
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
-
- # Dynamic secure element support is a deprecated feature and needs to be disabled here.
- # This is done to have the same form of psa_key_attributes_s for libdriver and library.
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
-
- # If threading is enabled on the normal build, then we need to enable it in the drivers as well,
- # otherwise we will end up running multithreaded tests without mutexes to protect them.
- if scripts/config.py get MBEDTLS_THREADING_C; then
- scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
- fi
-
- if scripts/config.py get MBEDTLS_THREADING_PTHREAD; then
- scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
- fi
-}
-
-# Build the drivers library libtestdriver1.a (with ASan).
-#
-# Parameters:
-# 1. a space-separated list of things to accelerate;
-# 2. optional: a space-separate list of things to also support.
-# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
-helper_libtestdriver1_make_drivers() {
- loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
- make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# Build the main libraries, programs and tests,
-# linking to the drivers library (with ASan).
-#
-# Parameters:
-# 1. a space-separated list of things to accelerate;
-# *. remaining arguments if any are passed directly to make
-# (examples: lib, -C tests test_suite_xxx, etc.)
-# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
-helper_libtestdriver1_make_main() {
- loc_accel_list=$1
- shift
-
- # we need flags both with and without the LIBTESTDRIVER1_ prefix
- loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
- loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
-}
-
-# Set some default values $CONFIG_H in order to build server or client sides
-# in PSASIM. There is only 1 mandatory parameter:
-# - $1: target which can be "client" or "server"
-helper_psasim_config() {
- TARGET=$1
-
- if [ "$TARGET" == "client" ]; then
- scripts/config.py full
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- # Dynamic secure element support is a deprecated feature and it is not
- # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
- # Disable potentially problematic features
- scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- else
- scripts/config.py crypto_full
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
- # We need to match the client with MBEDTLS_PSA_CRYPTO_SE_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
- # Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client)
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- fi
-}
-
-# Helper to build the libraries for client/server in PSASIM. If the server is
-# being built, then it builds also the final executable.
-# There is only 1 mandatory parameter:
-# - $1: target which can be "client" or "server"
-helper_psasim_build() {
- TARGET=$1
- shift
- TARGET_LIB=${TARGET}_libs
-
- make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
-
- # Build also the server application after its libraries have been built.
- if [ "$TARGET" == "server" ]; then
- make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server
- fi
-}
-
-################################################################
-#### Configuration helpers
-################################################################
-
-# When called with no parameter this function disables all builtin curves.
-# The function optionally accepts 1 parameter: a space-separated list of the
-# curves that should be kept enabled.
-helper_disable_builtin_curves() {
- allowed_list="${1:-}"
- scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
-
- for curve in $allowed_list; do
- scripts/config.py set $curve
- done
-}
-
-# Helper returning the list of supported elliptic curves from CRYPTO_CONFIG_H,
-# without the "PSA_WANT_" prefix. This becomes handy for accelerating curves
-# in the following helpers.
-helper_get_psa_curve_list () {
- loc_list=""
- for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- loc_list="$loc_list $item"
- done
-
- echo "$loc_list"
-}
-
-# Helper returning the list of supported DH groups from CRYPTO_CONFIG_H,
-# without the "PSA_WANT_" prefix. This becomes handy for accelerating DH groups
-# in the following helpers.
-helper_get_psa_dh_group_list () {
- loc_list=""
- for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- loc_list="$loc_list $item"
- done
-
- echo "$loc_list"
-}
-
-# Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
-# is useful to easily get a list of key type symbols to accelerate.
-# The function accepts a single argument which is the key type: ECC, DH, RSA.
-helper_get_psa_key_type_list() {
- key_type="$1"
- loc_list=""
- for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
- # Skip DERIVE for elliptic keys since there is no driver dispatch for
- # it so it cannot be accelerated.
- if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
- loc_list="$loc_list $item"
- fi
- done
-
- echo "$loc_list"
-}
-
-# Include the components from components.sh
+# The path is going to change when this is moved to the framework
test_script_dir="${0%/*}"
-for file in "$test_script_dir"/components*.sh; do
- source $file
-done
+source "$test_script_dir"/all-core.sh
-
-################################################################
-#### Termination
-################################################################
-
-post_report () {
- msg "Done, cleaning up"
- final_cleanup
-
- final_report
-}
-
-################################################################
-#### Run all the things
-################################################################
-
-# Function invoked by --error-test to test error reporting.
-pseudo_component_error_test () {
- msg "Testing error reporting $error_test_i"
- if [ $KEEP_GOING -ne 0 ]; then
- echo "Expect three failing commands."
- fi
- # If the component doesn't run in a subshell, changing error_test_i to an
- # invalid integer will cause an error in the loop that runs this function.
- error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
- # Expected error: 'grep non_existent /dev/null -> 1'
- grep non_existent /dev/null
- # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
- not grep -q . "$0"
- # Expected error: 'make unknown_target -> 2'
- make unknown_target
- false "this should not be executed"
-}
-
-# Run one component and clean up afterwards.
-run_component () {
- current_component="$1"
- export MBEDTLS_TEST_CONFIGURATION="$current_component"
-
- # Unconditionally create a seedfile that's sufficiently long.
- # Do this before each component, because a previous component may
- # have messed it up or shortened it.
- local dd_cmd
- dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
- case $OSTYPE in
- linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
- esac
- "${dd_cmd[@]}"
-
- if [ -d tf-psa-crypto ]; then
- dd_cmd=(dd if=/dev/urandom of=./tf-psa-crypto/tests/seedfile bs=64 count=1)
- case $OSTYPE in
- linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
- esac
- "${dd_cmd[@]}"
- fi
-
- # Run the component in a subshell, with error trapping and output
- # redirection set up based on the relevant options.
- if [ $KEEP_GOING -eq 1 ]; then
- # We want to keep running if the subshell fails, so 'set -e' must
- # be off when the subshell runs.
- set +e
- fi
- (
- if [ $QUIET -eq 1 ]; then
- # msg() will be silenced, so just print the component name here.
- echo "${current_component#component_}"
- exec >/dev/null
- fi
- if [ $KEEP_GOING -eq 1 ]; then
- # Keep "set -e" off, and run an ERR trap instead to record failures.
- set -E
- trap err_trap ERR
- fi
- # The next line is what runs the component
- "$@"
- if [ $KEEP_GOING -eq 1 ]; then
- trap - ERR
- exit $last_failure_status
- fi
- )
- component_status=$?
- if [ $KEEP_GOING -eq 1 ]; then
- set -e
- if [ $component_status -ne 0 ]; then
- failure_count=$((failure_count + 1))
- fi
- fi
-
- # Restore the build tree to a clean state.
- cleanup
- unset current_component
-}
-
-# Preliminary setup
-pre_check_environment
-pre_initialize_variables
-pre_parse_command_line "$@"
-
-setup_quiet_wrappers
-pre_check_git
-pre_restore_files
-pre_back_up
-
-build_status=0
-if [ $KEEP_GOING -eq 1 ]; then
- pre_setup_keep_going
-fi
-pre_prepare_outcome_file
-pre_print_configuration
-pre_check_tools
-cleanup
-if in_mbedtls_repo; then
- pre_generate_files
-fi
-
-# Run the requested tests.
-for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
- run_component pseudo_component_error_test
-done
-unset error_test_i
-for component in $RUN_COMPONENTS; do
- run_component "component_$component"
-done
-
-# We're done.
-post_report
+main "$@"
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 72dba99..c2ec34e 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -7,15 +7,273 @@
"""
import re
+import typing
import scripts_path # pylint: disable=unused-import
from mbedtls_framework import outcome_analysis
class CoverageTask(outcome_analysis.CoverageTask):
- # We'll populate IGNORED_TESTS soon. In the meantime, lack of coverage
- # is just a warning.
- outcome_analysis.FULL_COVERAGE_BY_DEFAULT = False
+ """Justify test cases that are never executed."""
+
+ @staticmethod
+ def _has_word_re(words: typing.Iterable[str],
+ exclude: typing.Optional[str] = None) -> typing.Pattern:
+ """Construct a regex that matches if any of the words appears.
+
+ The occurrence must start and end at a word boundary.
+
+ If exclude is specified, strings containing a match for that
+ regular expression will not match the returned pattern.
+ """
+ exclude_clause = r''
+ if exclude:
+ exclude_clause = r'(?!.*' + exclude + ')'
+ return re.compile(exclude_clause +
+ r'.*\b(?:' + r'|'.join(words) + r')\b.*',
+ re.DOTALL)
+
+ # generate_psa_tests.py generates test cases involving cryptographic
+ # mechanisms (key types, families, algorithms) that are declared but
+ # not implemented. Until we improve the Python scripts, ignore those
+ # test cases in the analysis.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9572
+ _PSA_MECHANISMS_NOT_IMPLEMENTED = [
+ r'CBC_MAC',
+ r'DETERMINISTIC_DSA',
+ r'DET_DSA',
+ r'DSA',
+ r'ECC_KEY_PAIR\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit',
+ r'ECC_KEY_PAIR\(SECP_K1\) 225-bit',
+ r'ECC_PAIR\(BP_R1\) (?:160|192|224|320)-bit',
+ r'ECC_PAIR\(SECP_K1\) 225-bit',
+ r'ECC_PUBLIC_KEY\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit',
+ r'ECC_PUBLIC_KEY\(SECP_K1\) 225-bit',
+ r'ECC_PUB\(BP_R1\) (?:160|192|224|320)-bit',
+ r'ECC_PUB\(SECP_K1\) 225-bit',
+ r'ED25519PH',
+ r'ED448PH',
+ r'PEPPER',
+ r'PURE_EDDSA',
+ r'SECP_R2',
+ r'SECT_K1',
+ r'SECT_R1',
+ r'SECT_R2',
+ r'SHAKE256_512',
+ r'SHA_512_224',
+ r'SHA_512_256',
+ r'TWISTED_EDWARDS',
+ r'XTS',
+ ]
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE = \
+ _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED)
+
+ IGNORED_TESTS = {
+ 'ssl-opt': [
+ # We don't run ssl-opt.sh with Valgrind on the CI because
+ # it's extremely slow. We don't intend to change this.
+ 'DTLS client reconnect from same port: reconnect, nbio, valgrind',
+ # We don't have IPv6 in our CI environment.
+ # https://github.com/Mbed-TLS/mbedtls-test/issues/176
+ 'DTLS cookie: enabled, IPv6',
+ # Disabled due to OpenSSL bug.
+ # https://github.com/openssl/openssl/issues/18887
+ 'DTLS fragmenting: 3d, openssl client, DTLS 1.2',
+ # We don't run ssl-opt.sh with Valgrind on the CI because
+ # it's extremely slow. We don't intend to change this.
+ 'DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)',
+ # TLS doesn't use restartable ECDH yet.
+ # https://github.com/Mbed-TLS/mbedtls/issues/7294
+ re.compile(r'EC restart:.*no USE_PSA.*'),
+ # It seems that we don't run `ssl-opt.sh` with
+ # `MBEDTLS_USE_PSA_CRYPTO` enabled but `MBEDTLS_SSL_ASYNC_PRIVATE`
+ # disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9581
+ 'Opaque key for server authentication: invalid key: decrypt with ECC key, no async',
+ 'Opaque key for server authentication: invalid key: ecdh with RSA key, no async',
+ ],
+ 'test_suite_config.mbedtls_boolean': [
+ # https://github.com/Mbed-TLS/mbedtls/issues/9583
+ 'Config: !MBEDTLS_ECP_NIST_OPTIM',
+ # We never test without the PSA client code. Should we?
+ # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/112
+ 'Config: !MBEDTLS_PSA_CRYPTO_CLIENT',
+ # Missing coverage of test configurations.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9585
+ 'Config: !MBEDTLS_SSL_DTLS_ANTI_REPLAY',
+ # Missing coverage of test configurations.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9585
+ 'Config: !MBEDTLS_SSL_DTLS_HELLO_VERIFY',
+ # We don't run test_suite_config when we test this.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9586
+ 'Config: !MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED',
+ # We only test multithreading with pthreads.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9584
+ 'Config: !MBEDTLS_THREADING_PTHREAD',
+ # Built but not tested.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9587
+ 'Config: MBEDTLS_AES_USE_HARDWARE_ONLY',
+ # Untested platform-specific optimizations.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9588
+ 'Config: MBEDTLS_HAVE_SSE2',
+ # Obsolete configuration option, to be replaced by
+ # PSA entropy drivers.
+ # https://github.com/Mbed-TLS/mbedtls/issues/8150
+ 'Config: MBEDTLS_NO_PLATFORM_ENTROPY',
+ # Untested aspect of the platform interface.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9589
+ 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
+ # In a client-server build, test_suite_config runs in the
+ # client configuration, so it will never report
+ # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok.
+ 'Config: MBEDTLS_PSA_CRYPTO_SPM',
+ # We don't test on armv8 yet.
+ 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
+ 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
+ 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
+ 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY',
+ # We don't run test_suite_config when we test this.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9586
+ 'Config: MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND',
+ ],
+ 'test_suite_config.psa_boolean': [
+ # We don't test with HMAC disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9591
+ 'Config: !PSA_WANT_ALG_HMAC',
+ # The DERIVE key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_DERIVE',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT',
+ 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE',
+ 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT',
+ 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT',
+ # We don't test with HMAC disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9591
+ 'Config: !PSA_WANT_KEY_TYPE_HMAC',
+ # The PASSWORD key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_PASSWORD',
+ # The PASSWORD_HASH key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_PASSWORD_HASH',
+ # The RAW_DATA key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_RAW_DATA',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT',
+ 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT',
+ # Algorithm declared but not supported.
+ 'Config: PSA_WANT_ALG_CBC_MAC',
+ # Algorithm declared but not supported.
+ 'Config: PSA_WANT_ALG_XTS',
+ # Family declared but not supported.
+ 'Config: PSA_WANT_ECC_SECP_K1_224',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE',
+ 'Config: PSA_WANT_KEY_TYPE_ECC_KEY_PAIR',
+ 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR',
+ 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE',
+ ],
+ 'test_suite_config.psa_combinations': [
+ # We don't test this unusual, but sensible configuration.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9592
+ 'Config: PSA_WANT_ALG_DETERMINSTIC_ECDSA without PSA_WANT_ALG_ECDSA',
+ ],
+ 'test_suite_pkcs12': [
+ # We never test with CBC/PKCS5/PKCS12 enabled but
+ # PKCS7 padding disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9580
+ 'PBE Decrypt, (Invalid padding & PKCS7 padding disabled)',
+ 'PBE Encrypt, pad = 8 (PKCS7 padding disabled)',
+ ],
+ 'test_suite_pkcs5': [
+ # We never test with CBC/PKCS5/PKCS12 enabled but
+ # PKCS7 padding disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9580
+ 'PBES2 Decrypt (Invalid padding & PKCS7 padding disabled)',
+ 'PBES2 Encrypt, pad=6 (PKCS7 padding disabled)',
+ 'PBES2 Encrypt, pad=8 (PKCS7 padding disabled)',
+ ],
+ 'test_suite_psa_crypto_generate_key.generated': [
+ # Ignore mechanisms that are not implemented, except
+ # for public keys for which we always test that
+ # psa_generate_key() returns PSA_ERROR_INVALID_ARGUMENT
+ # regardless of whether the specific key type is supported.
+ _has_word_re((mech
+ for mech in _PSA_MECHANISMS_NOT_IMPLEMENTED
+ if not mech.startswith('ECC_PUB')),
+ exclude=r'ECC_PUB'),
+ ],
+ 'test_suite_psa_crypto_metadata': [
+ # Algorithms declared but not supported.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9579
+ 'Asymmetric signature: Ed25519ph',
+ 'Asymmetric signature: Ed448ph',
+ 'Asymmetric signature: pure EdDSA',
+ 'Cipher: XTS',
+ 'MAC: CBC_MAC-3DES',
+ 'MAC: CBC_MAC-AES-128',
+ 'MAC: CBC_MAC-AES-192',
+ 'MAC: CBC_MAC-AES-256',
+ ],
+ 'test_suite_psa_crypto_not_supported.generated': [
+ # It is a bug that not-supported test cases aren't getting
+ # run for never-implemented key types.
+ # https://github.com/Mbed-TLS/mbedtls/issues/7915
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
+ # We never test with DH key support disabled but support
+ # for a DH group enabled. The dependencies of these test
+ # cases don't really make sense.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9574
+ re.compile(r'PSA \w+ DH_.*type not supported'),
+ # We only test partial support for DH with the 2048-bit group
+ # enabled and the other groups disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9575
+ 'PSA generate DH_KEY_PAIR(RFC7919) 2048-bit group not supported',
+ 'PSA import DH_KEY_PAIR(RFC7919) 2048-bit group not supported',
+ 'PSA import DH_PUBLIC_KEY(RFC7919) 2048-bit group not supported',
+ ],
+ 'test_suite_psa_crypto_op_fail.generated': [
+ # Ignore mechanisms that are not implemented, except
+ # for test cases that assume the mechanism is not supported.
+ _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED,
+ exclude=(r'.*: !(?:' +
+ r'|'.join(_PSA_MECHANISMS_NOT_IMPLEMENTED) +
+ r')\b')),
+ # Incorrect dependency generation. To be fixed as part of the
+ # resolution of https://github.com/Mbed-TLS/mbedtls/issues/9167
+ # by forward-porting the commit
+ # "PSA test case generation: dependency inference class: operation fail"
+ # from https://github.com/Mbed-TLS/mbedtls/pull/9025 .
+ re.compile(r'.* with (?:DH|ECC)_(?:KEY_PAIR|PUBLIC_KEY)\(.*'),
+
+ # We never test with the HMAC algorithm enabled but the HMAC
+ # key type disabled. Those dependencies don't really make sense.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9573
+ re.compile(r'.* !HMAC with HMAC'),
+ ],
+ 'test_suite_psa_crypto_storage_format.current': [
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
+ ],
+ 'test_suite_psa_crypto_storage_format.v0': [
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
+ ],
+ 'tls13-misc': [
+ # Disabled due to OpenSSL bug.
+ # https://github.com/openssl/openssl/issues/10714
+ 'TLS 1.3 O->m: resumption',
+ # Disabled due to OpenSSL command line limitation.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9582
+ 'TLS 1.3 m->O: resumption with early data',
+ ],
+ }
# The names that we give to classes derived from DriverVSReference do not
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 2a11207..583c26e 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -173,8 +173,8 @@
check scripts/generate_errors.pl ${builtin_drivers_dir}/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c
- check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
- check tests/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
+ check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+ check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't
# care about their content, but the files must exist. So it must run after
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index e937202..87326e8 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -446,6 +446,25 @@
return False
+class ErrorAddIssueTracker(LineIssueTracker):
+ """Signal direct additions of error codes.
+
+ Adding a low-level error code with a high-level error code is deprecated
+ and should use MBEDTLS_ERROR_ADD.
+ """
+
+ heading = "Direct addition of error codes"
+
+ _ERR_PLUS_RE = re.compile(br'MBEDTLS_ERR_\w+ *\+|'
+ br'\+ *MBEDTLS_ERR_')
+ _EXCLUDE_RE = re.compile(br' *case ')
+
+ def issue_with_line(self, line, filepath, line_number):
+ if self._ERR_PLUS_RE.search(line) and not self._EXCLUDE_RE.match(line):
+ return True
+ return False
+
+
class IntegrityChecker:
"""Sanity-check files under the current directory."""
@@ -467,6 +486,7 @@
TabIssueTracker(),
MergeArtifactIssueTracker(),
LicenseIssueTracker(),
+ ErrorAddIssueTracker(),
]
def setup_logger(self, log_file, level=logging.INFO):
diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index 86951f7..e9bfe5c 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh
@@ -109,6 +109,9 @@
# the test code and that's probably the most convenient way of achieving
# the test's goal.
echo "MBEDTLS_ASN1_WRITE_C" >> $expected
+ # No PSA equivalent - used in test_suite_psa_crypto to get some "known" size
+ # for raw key generation.
+ echo "MBEDTLS_CTR_DRBG_MAX_REQUEST" >> $expected
# No PSA equivalent - we should probably have one in the future.
echo "MBEDTLS_ECP_RESTARTABLE" >> $expected
# No PSA equivalent - needed by some init tests
@@ -160,6 +163,5 @@
./framework/scripts/test_generate_test_code.py 2>&1
msg "unit test: translate_ciphers.py"
- python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
+ python3 -m unittest framework/scripts/translate_ciphers.py 2>&1
}
-
diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh
index a2c32f7..3047e76 100644
--- a/tests/scripts/components-build-system.sh
+++ b/tests/scripts/components-build-system.sh
@@ -135,7 +135,32 @@
make
./cmake_package
if [[ "$OSTYPE" == linux* ]]; then
- PKG_CONFIG_PATH="${build_variant_dir}/mbedtls/pkgconfig" ${root_dir}/tests/scripts/pkgconfig.sh
+ PKG_CONFIG_PATH="${build_variant_dir}/mbedtls/pkgconfig" \
+ ${root_dir}/tests/scripts/pkgconfig.sh \
+ mbedtls mbedx509 mbedcrypto
+ # These are the EXPECTED package names. Renaming these could break
+ # consumers of pkg-config, consider carefully.
+ fi
+}
+
+component_test_tf_psa_crypto_cmake_as_package () {
+ # Remove existing generated files so that we use the ones CMake
+ # generates
+ make neat
+
+ msg "build: cmake 'as-package' build"
+ root_dir="$(pwd)"
+ cd tf-psa-crypto/programs/test/cmake_package
+ build_variant_dir="$(pwd)"
+ cmake .
+ make
+ ./cmake_package
+ if [[ "$OSTYPE" == linux* ]]; then
+ PKG_CONFIG_PATH="${build_variant_dir}/tf-psa-crypto/pkgconfig" \
+ ${root_dir}/tests/scripts/pkgconfig.sh \
+ tfpsacrypto
+ # This is the EXPECTED package name. Renaming it could break consumers
+ # of pkg-config, consider carefully.
fi
}
diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index 5badabb..d89bbed 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -18,7 +18,7 @@
cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, armclang armv7-m thumb2"
- armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
+ helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
}
test_build_opt () {
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index de8ab2d..5ce69b5 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -31,6 +31,25 @@
make test
}
+component_test_crypto_with_static_key_slots() {
+ msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
+ scripts/config.py crypto_full
+ scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
+ # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to a value that
+ # is enough to contain:
+ # - all RSA public keys up to 4096 bits (max of PSA_VENDOR_RSA_MAX_KEY_BITS).
+ # - RSA key pairs up to 1024 bits, but not 2048 or larger.
+ # - all FFDH key pairs and public keys up to 8192 bits (max of PSA_VENDOR_FFDH_MAX_KEY_BITS).
+ # - all EC key pairs and public keys up to 521 bits (max of PSA_VENDOR_ECC_MAX_CURVE_BITS).
+ scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1212
+ # Disable the fully dynamic key store (default on) since it conflicts
+ # with the static behavior that we're testing here.
+ scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC
+
+ msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
+ make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test
+}
+
# check_renamed_symbols HEADER LIB
# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
# name in LIB.
@@ -56,6 +75,68 @@
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
}
+# The goal of this component is to build a configuration where:
+# - test code and libtestdriver1 can make use of calloc/free and
+# - core library (including PSA core) cannot use calloc/free.
+component_test_psa_crypto_without_heap() {
+ msg "crypto without heap: build libtestdriver1"
+ # Disable PSA features that cannot be accelerated and whose builtin support
+ # requires calloc/free.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF"
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_"
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_"
+ # RSA key support requires ASN1 parse/write support for testing, but ASN1
+ # is disabled below.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_"
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_"
+ # DES requires built-in support for key generation (parity check) so it
+ # cannot be accelerated
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+ # EC-JPAKE use calloc/free in PSA core
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+
+ # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H).
+ PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT)
+ loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g')
+
+ helper_libtestdriver1_adjust_config crypto
+ helper_libtestdriver1_make_drivers "$loc_accel_list"
+
+ msg "crypto without heap: build main library"
+ # Disable all legacy MBEDTLS_xxx symbols.
+ scripts/config.py unset-all "^MBEDTLS_"
+ # Build the PSA core using the proper config file.
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ # Enable fully-static key slots in PSA core.
+ scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
+ # Prevent PSA core from creating a copy of input/output buffers.
+ scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+ # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation.
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+ # Set calloc/free as null pointer functions. Calling them would crash
+ # the program so we can use this as a "sentinel" for being sure no module
+ # is making use of these functions in the library.
+ scripts/config.py set MBEDTLS_PLATFORM_C
+ scripts/config.py set MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL
+ scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL
+
+ helper_libtestdriver1_make_main "$loc_accel_list" lib
+
+ msg "crypto without heap: build test suites and helpers"
+ # Reset calloc/free functions to normal operations so that test code can
+ # freely use them.
+ scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE
+ helper_libtestdriver1_make_main "$loc_accel_list" tests
+
+ msg "crypto without heap: test"
+ make test
+}
+
component_test_no_rsa_key_pair_generation () {
msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
@@ -545,62 +626,31 @@
# depends.py family of tests
component_test_depends_py_cipher_id () {
msg "test/build: depends.py cipher_id (gcc)"
- tests/scripts/depends.py cipher_id --unset-use-psa
+ tests/scripts/depends.py cipher_id
}
component_test_depends_py_cipher_chaining () {
msg "test/build: depends.py cipher_chaining (gcc)"
- tests/scripts/depends.py cipher_chaining --unset-use-psa
+ tests/scripts/depends.py cipher_chaining
}
component_test_depends_py_cipher_padding () {
msg "test/build: depends.py cipher_padding (gcc)"
- tests/scripts/depends.py cipher_padding --unset-use-psa
+ tests/scripts/depends.py cipher_padding
}
component_test_depends_py_curves () {
msg "test/build: depends.py curves (gcc)"
- tests/scripts/depends.py curves --unset-use-psa
+ tests/scripts/depends.py curves
}
component_test_depends_py_hashes () {
msg "test/build: depends.py hashes (gcc)"
- tests/scripts/depends.py hashes --unset-use-psa
+ tests/scripts/depends.py hashes
}
component_test_depends_py_pkalgs () {
msg "test/build: depends.py pkalgs (gcc)"
- tests/scripts/depends.py pkalgs --unset-use-psa
-}
-
-# PSA equivalents of the depends.py tests
-component_test_depends_py_cipher_id_psa () {
- msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py cipher_id
-}
-
-component_test_depends_py_cipher_chaining_psa () {
- msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py cipher_chaining
-}
-
-component_test_depends_py_cipher_padding_psa () {
- msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py cipher_padding
-}
-
-component_test_depends_py_curves_psa () {
- msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py curves
-}
-
-component_test_depends_py_hashes_psa () {
- msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py hashes
-}
-
-component_test_depends_py_pkalgs_psa () {
- msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
tests/scripts/depends.py pkalgs
}
@@ -2392,12 +2442,12 @@
msg "AESCE, build with default configuration."
scripts/config.py set MBEDTLS_AESCE_C
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
msg "AESCE, build AESCE only"
scripts/config.py set MBEDTLS_AESCE_C
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
}
component_test_aes_only_128_bit_keys () {
@@ -2601,7 +2651,7 @@
# test AESCE baremetal build
scripts/config.py set MBEDTLS_AESCE_C
msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
# Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o
@@ -2744,5 +2794,3 @@
msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
make test
}
-
-
diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index e1d33ad..b8834d6 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -721,11 +721,6 @@
component_test_depends_py_kex () {
msg "test/build: depends.py kex (gcc)"
- tests/scripts/depends.py kex --unset-use-psa
-}
-
-component_test_depends_py_kex_psa () {
- msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
tests/scripts/depends.py kex
}
diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh
index 4e12883..fd858a7 100644
--- a/tests/scripts/components-platform.sh
+++ b/tests/scripts/components-platform.sh
@@ -468,32 +468,32 @@
# Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
# ARM Compiler 6 - Target ARMv7-A
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
# ARM Compiler 6 - Target ARMv7-M
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
# ARM Compiler 6 - Target ARMv7-M+DSP
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
# ARM Compiler 6 - Target ARMv8-A - AArch32
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
# ARM Compiler 6 - Target ARMv8-M
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
# ARM Compiler 6 - Target Cortex-M0 - no optimisation
- armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
+ helper_armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
# ARM Compiler 6 - Target Cortex-M0
- armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
+ helper_armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
# ARM Compiler 6 - Target ARMv8.2-A - AArch64
#
# Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
# that we have in our CI
scripts/config.py set MBEDTLS_AESCE_C
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
}
support_build_armcc () {
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 5098099..5eddaae 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -47,7 +47,6 @@
import argparse
import os
import re
-import shutil
import subprocess
import sys
import traceback
@@ -56,6 +55,7 @@
# Add the Mbed TLS Python library directory to the module search path
import scripts_path # pylint: disable=unused-import
import config
+from mbedtls_framework import c_build_helper
class Colors: # pylint: disable=too-few-public-methods
"""Minimalistic support for colored output.
@@ -99,24 +99,6 @@
cmd is a list of strings: a command name and its arguments."""
log_line(' '.join(cmd), prefix='+')
-def backup_config(options):
- """Back up the library configuration file (mbedtls_config.h).
-If the backup file already exists, it is presumed to be the desired backup,
-so don't make another backup."""
- if os.path.exists(options.config_backup):
- options.own_backup = False
- else:
- options.own_backup = True
- shutil.copy(options.config, options.config_backup)
-
-def restore_config(options):
- """Restore the library configuration file (mbedtls_config.h).
-Remove the backup file if it was saved earlier."""
- if options.own_backup:
- shutil.move(options.config_backup, options.config)
- else:
- shutil.copy(options.config_backup, options.config)
-
def option_exists(conf, option):
return option in conf.settings
@@ -139,7 +121,7 @@
conf.set(option, value)
return True
-def set_reference_config(conf, options, colors):
+def set_reference_config(conf, colors):
"""Change the library configuration file (mbedtls_config.h) to the reference state.
The reference state is the one from which the tested configurations are
derived."""
@@ -147,9 +129,6 @@
log_command(['config.py', 'full'])
conf.adapt(config.full_adapter)
set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False)
- set_config_option_value(conf, 'MBEDTLS_PSA_CRYPTO_CONFIG', colors, False)
- if options.unset_use_psa:
- set_config_option_value(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors, False)
class Job:
"""A job builds the library in a specific configuration and runs some tests."""
@@ -179,15 +158,57 @@
else:
log_line('starting ' + self.name, color=colors.cyan)
- def configure(self, conf, options, colors):
+ def configure(self, conf, colors):
'''Set library configuration options as required for the job.'''
- set_reference_config(conf, options, colors)
+ set_reference_config(conf, colors)
for key, value in sorted(self.config_settings.items()):
ret = set_config_option_value(conf, key, colors, value)
if ret is False:
return False
return True
+ def _consistency_check(self):
+ '''Check if the testable option is consistent with the goal.
+
+ The purpose of this function to ensure that every option is set or unset according to
+ the settings.
+ '''
+ log_command(['consistency check'])
+ c_name = None
+ exe_name = None
+ header = '#include "mbedtls/build_info.h"\n'
+
+ # Generate a C error directive for each setting to test if it is active
+ for option, value in sorted(self.config_settings.items()):
+ header += '#if '
+ if value:
+ header += '!'
+ header += f'defined({option})\n'
+ header += f'#error "{option}"\n'
+ header += '#endif\n'
+ include_path = ['include', 'tf-psa-crypto/include',
+ 'tf-psa-crypto/drivers/builtin/include']
+
+ try:
+ # Generate a C file, build and run it
+ c_file, c_name, exe_name = c_build_helper.create_c_file(self.name)
+ c_build_helper.generate_c_file(c_file, 'depends.py', header, lambda x: '')
+ c_file.close()
+ c_build_helper.compile_c_file(c_name, exe_name, include_path)
+ return True
+
+ except c_build_helper.CompileError as e:
+ # Read the command line output to find out which setting has been failed
+ failed = {m.group(1) for m in re.finditer('.*#error "(.*)"', e.message) if m}
+ log_line('Inconsistent config option(s):')
+ for option in sorted(failed):
+ log_line(' ' + option)
+ return False
+
+ finally:
+ c_build_helper.remove_file_if_exists(c_name)
+ c_build_helper.remove_file_if_exists(exe_name)
+
def test(self, options):
'''Run the job's build and test commands.
Return True if all the commands succeed and False otherwise.
@@ -195,6 +216,8 @@
run all the commands, except that if the first command fails, none of the
other commands are run (typically, the first command is a build command
and subsequent commands are tests that cannot run if the build failed).'''
+ if not self._consistency_check():
+ return False
built = False
success = True
for command in self.commands:
@@ -214,54 +237,118 @@
# If the configuration option A requires B, make sure that
# B in REVERSE_DEPENDENCIES[A].
-# All the information here should be contained in check_config.h. This
-# file includes a copy because it changes rarely and it would be a pain
+# All the information here should be contained in check_config.h or check_crypto_config.h.
+# This file includes a copy because it changes rarely and it would be a pain
# to extract automatically.
REVERSE_DEPENDENCIES = {
'MBEDTLS_AES_C': ['MBEDTLS_CTR_DRBG_C',
- 'MBEDTLS_NIST_KW_C'],
- 'MBEDTLS_CHACHA20_C': ['MBEDTLS_CHACHAPOLY_C'],
+ 'MBEDTLS_NIST_KW_C',
+ 'PSA_WANT_KEY_TYPE_AES',
+ 'PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'],
+ 'MBEDTLS_ARIA_C': ['PSA_WANT_KEY_TYPE_ARIA'],
+ 'MBEDTLS_CAMELLIA_C': ['PSA_WANT_KEY_TYPE_CAMELLIA'],
+ 'MBEDTLS_CCM_C': ['PSA_WANT_ALG_CCM',
+ 'PSA_WANT_ALG_CCM_STAR_NO_TAG'],
+ 'MBEDTLS_CHACHA20_C': ['MBEDTLS_CHACHAPOLY_C',
+ 'PSA_WANT_KEY_TYPE_CHACHA20',
+ 'PSA_WANT_ALG_CHACHA20_POLY1305',
+ 'PSA_WANT_ALG_STREAM_CIPHER'],
+ 'MBEDTLS_CMAC_C': ['PSA_WANT_ALG_CMAC',
+ 'PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'],
+ 'MBEDTLS_DES_C': ['PSA_WANT_KEY_TYPE_DES'],
+ 'MBEDTLS_GCM_C': ['PSA_WANT_ALG_GCM'],
+
+ 'MBEDTLS_CIPHER_MODE_CBC': ['PSA_WANT_ALG_CBC_PKCS7',
+ 'PSA_WANT_ALG_CBC_NO_PADDING'],
+ 'MBEDTLS_CIPHER_MODE_CFB': ['PSA_WANT_ALG_CFB'],
+ 'MBEDTLS_CIPHER_MODE_CTR': ['PSA_WANT_ALG_CTR'],
+ 'MBEDTLS_CIPHER_MODE_OFB': ['PSA_WANT_ALG_OFB'],
+
+ 'MBEDTLS_CIPHER_PADDING_PKCS7': ['MBEDTLS_PKCS5_C',
+ 'MBEDTLS_PKCS12_C',
+ 'PSA_WANT_ALG_CBC_PKCS7'],
+
+ 'MBEDTLS_ECP_DP_BP256R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_256'],
+ 'MBEDTLS_ECP_DP_BP384R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_384'],
+ 'MBEDTLS_ECP_DP_BP512R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_512'],
+ 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_255'],
+ 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_448'],
+ 'MBEDTLS_ECP_DP_SECP192R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_192'],
+ 'MBEDTLS_ECP_DP_SECP224R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_224'],
+ 'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_256',
+ 'PSA_WANT_ALG_JPAKE',
+ 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
+ 'MBEDTLS_ECP_DP_SECP384R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_384'],
+ 'MBEDTLS_ECP_DP_SECP512R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_512'],
+ 'MBEDTLS_ECP_DP_SECP521R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_521'],
+ 'MBEDTLS_ECP_DP_SECP192K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_192'],
+ 'MBEDTLS_ECP_DP_SECP256K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_256'],
+
'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED'],
+ 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+ 'PSA_WANT_ALG_ECDSA',
+ 'PSA_WANT_ALG_DETERMINISTIC_ECDSA'],
'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C',
- 'MBEDTLS_ECDH_C',
+ 'MBEDTLS_ECDH_C', 'PSA_WANT_ALG_ECDH',
'MBEDTLS_ECJPAKE_C',
'MBEDTLS_ECP_RESTARTABLE',
'MBEDTLS_PK_PARSE_EC_EXTENDED',
'MBEDTLS_PK_PARSE_EC_COMPRESSED',
- 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED',
- 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED'],
- 'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
- 'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
+ 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED',
+ 'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY',
+ 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC',
+ 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT',
+ 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT',
+ 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE',
+ 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE'],
+ 'MBEDTLS_ECJPAKE_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
+ 'PSA_WANT_ALG_JPAKE'],
+ 'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT',
+ 'PSA_WANT_ALG_RSA_OAEP',
+ 'PSA_WANT_ALG_RSA_PSS'],
'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
- 'MBEDTLS_RSA_C': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT',
- 'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
- 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
+ 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
+ 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT',
+ 'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'],
+ 'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15',
+ 'MBEDTLS_PKCS1_V21',
+ 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
+ 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY',
+ 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC',
+ 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT',
+ 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT',
+ 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE'],
+
+ 'MBEDTLS_MD5_C' : ['PSA_WANT_ALG_MD5'],
+ 'MBEDTLS_RIPEMD160_C' : ['PSA_WANT_ALG_RIPEMD160'],
+ 'MBEDTLS_SHA1_C' : ['PSA_WANT_ALG_SHA_1'],
+ 'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
+ 'MBEDTLS_ENTROPY_FORCE_SHA256',
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
+ 'PSA_WANT_ALG_SHA_224'],
'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
'MBEDTLS_LMS_C',
- 'MBEDTLS_LMS_PRIVATE'],
+ 'MBEDTLS_LMS_PRIVATE',
+ 'PSA_WANT_ALG_SHA_256',
+ 'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'],
+ 'MBEDTLS_SHA384_C' : ['PSA_WANT_ALG_SHA_384'],
'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
- 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'],
- 'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
- 'MBEDTLS_ENTROPY_FORCE_SHA256',
- 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
- 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'],
- 'MBEDTLS_X509_RSASSA_PSS_SUPPORT': []
+ 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY',
+ 'PSA_WANT_ALG_SHA_512'],
+ 'MBEDTLS_SHA3_C' : ['PSA_WANT_ALG_SHA3_224',
+ 'PSA_WANT_ALG_SHA3_256',
+ 'PSA_WANT_ALG_SHA3_384',
+ 'PSA_WANT_ALG_SHA3_512'],
}
# If an option is tested in an exclusive test, alter the following defines.
@@ -272,19 +359,20 @@
'-MBEDTLS_SSL_TLS_C'],
'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
'-MBEDTLS_ECDSA_DETERMINISTIC',
- '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
- '-MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
- '-MBEDTLS_ECJPAKE_C',
- '-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
+ '-MBEDTLS_ECJPAKE_C',],
'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C',
'-MBEDTLS_ECDSA_DETERMINISTIC',
- '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
- '-MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
- '-MBEDTLS_ECJPAKE_C',
- '-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
- 'MBEDTLS_ARIA_C': ['-MBEDTLS_CMAC_C'],
+ '-MBEDTLS_ECJPAKE_C'],
+ 'MBEDTLS_ARIA_C': ['-MBEDTLS_CMAC_C',
+ '-MBEDTLS_CCM_C',
+ '-MBEDTLS_GCM_C',
+ '-MBEDTLS_SSL_TICKET_C',
+ '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'],
'MBEDTLS_CAMELLIA_C': ['-MBEDTLS_CMAC_C'],
- 'MBEDTLS_CHACHA20_C': ['-MBEDTLS_CMAC_C', '-MBEDTLS_CCM_C', '-MBEDTLS_GCM_C'],
+ 'MBEDTLS_CHACHA20_C': ['-MBEDTLS_CMAC_C',
+ '-MBEDTLS_CCM_C',
+ '-MBEDTLS_GCM_C',
+ '-PSA_WANT_ALG_ECB_NO_PADDING'],
'MBEDTLS_DES_C': ['-MBEDTLS_CCM_C',
'-MBEDTLS_GCM_C',
'-MBEDTLS_SSL_TICKET_C',
@@ -300,12 +388,23 @@
def turn_off_dependencies(config_settings):
"""For every option turned off config_settings, also turn off what depends on it.
-An option O is turned off if config_settings[O] is False."""
+
+ An option O is turned off if config_settings[O] is False.
+ Handle the dependencies recursively.
+ """
for key, value in sorted(config_settings.items()):
if value is not False:
continue
- for dep in REVERSE_DEPENDENCIES.get(key, []):
+
+ # Save the processed settings to handle cross referencies
+ revdep = set(REVERSE_DEPENDENCIES.get(key, []))
+ history = set()
+ while revdep:
+ dep = revdep.pop()
+ history.add(dep)
config_settings[dep] = False
+ # Do not add symbols which are already processed
+ revdep.update(set(REVERSE_DEPENDENCIES.get(dep, [])) - history)
class BaseDomain: # pylint: disable=too-few-public-methods, unused-argument
"""A base class for all domains."""
@@ -451,7 +550,7 @@
"""Run the specified job (a Job instance)."""
subprocess.check_call([options.make_command, 'clean'])
job.announce(colors, None)
- if not job.configure(conf, options, colors):
+ if not job.configure(conf, colors):
job.announce(colors, False)
return False
conf.write()
@@ -464,15 +563,13 @@
domain_data should be a DomainData instance that describes the available
domains and jobs.
Run the jobs listed in options.tasks."""
- if not hasattr(options, 'config_backup'):
- options.config_backup = options.config + '.bak'
colors = Colors(options)
jobs = []
failures = []
successes = []
for name in options.tasks:
jobs += domain_data.get_jobs(name)
- backup_config(options)
+ conf.backup()
try:
for job in jobs:
success = run(options, job, conf, colors=colors)
@@ -483,13 +580,13 @@
return False
else:
successes.append(job.name)
- restore_config(options)
+ conf.restore()
except:
# Restore the configuration, except in stop-on-error mode if there
# was an error, where we leave the failing configuration up for
# developer convenience.
if options.keep_going:
- restore_config(options)
+ conf.restore()
raise
if successes:
log_line('{} passed'.format(' '.join(successes)), color=colors.bold_green)
@@ -514,7 +611,10 @@
choices=['always', 'auto', 'never'], default='auto')
parser.add_argument('-c', '--config', metavar='FILE',
help='Configuration file to modify',
- default='include/mbedtls/mbedtls_config.h')
+ default=config.MbedTLSConfigFile.default_path[0])
+ parser.add_argument('-r', '--crypto-config', metavar='FILE',
+ help='Crypto configuration file to modify',
+ default=config.CryptoConfigFile.default_path[0])
parser.add_argument('-C', '--directory', metavar='DIR',
help='Change to this directory before anything else',
default='.')
@@ -533,15 +633,13 @@
parser.add_argument('--make-command', metavar='CMD',
help='Command to run instead of make (e.g. gmake)',
action='store', default='make')
- parser.add_argument('--unset-use-psa',
- help='Unset MBEDTLS_USE_PSA_CRYPTO before any test',
- action='store_true', dest='unset_use_psa')
parser.add_argument('tasks', metavar='TASKS', nargs='*',
help='The domain(s) or job(s) to test (default: all).',
default=True)
options = parser.parse_args()
os.chdir(options.directory)
- conf = config.MbedTLSConfig(options.config)
+ conf = config.CombinedConfig(config.MbedTLSConfigFile(options.config),
+ config.CryptoConfigFile(options.crypto_config))
domain_data = DomainData(options, conf)
if options.tasks is True:
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
deleted file mode 100755
index b9dcff4..0000000
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ /dev/null
@@ -1,649 +0,0 @@
-#!/usr/bin/env python3
-
-# generate_tls13_compat_tests.py
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-"""
-Generate TLSv1.3 Compat test cases
-
-"""
-
-import sys
-import os
-import argparse
-import itertools
-from collections import namedtuple
-
-# define certificates configuration entry
-Certificate = namedtuple("Certificate", ['cafile', 'certfile', 'keyfile'])
-# define the certificate parameters for signature algorithms
-CERTIFICATES = {
- 'ecdsa_secp256r1_sha256': Certificate('$DATA_FILES_PATH/test-ca2.crt',
- '$DATA_FILES_PATH/ecdsa_secp256r1.crt',
- '$DATA_FILES_PATH/ecdsa_secp256r1.key'),
- 'ecdsa_secp384r1_sha384': Certificate('$DATA_FILES_PATH/test-ca2.crt',
- '$DATA_FILES_PATH/ecdsa_secp384r1.crt',
- '$DATA_FILES_PATH/ecdsa_secp384r1.key'),
- 'ecdsa_secp521r1_sha512': Certificate('$DATA_FILES_PATH/test-ca2.crt',
- '$DATA_FILES_PATH/ecdsa_secp521r1.crt',
- '$DATA_FILES_PATH/ecdsa_secp521r1.key'),
- 'rsa_pss_rsae_sha256': Certificate('$DATA_FILES_PATH/test-ca_cat12.crt',
- '$DATA_FILES_PATH/server2-sha256.crt',
- '$DATA_FILES_PATH/server2.key')
-}
-
-CIPHER_SUITE_IANA_VALUE = {
- "TLS_AES_128_GCM_SHA256": 0x1301,
- "TLS_AES_256_GCM_SHA384": 0x1302,
- "TLS_CHACHA20_POLY1305_SHA256": 0x1303,
- "TLS_AES_128_CCM_SHA256": 0x1304,
- "TLS_AES_128_CCM_8_SHA256": 0x1305
-}
-
-SIG_ALG_IANA_VALUE = {
- "ecdsa_secp256r1_sha256": 0x0403,
- "ecdsa_secp384r1_sha384": 0x0503,
- "ecdsa_secp521r1_sha512": 0x0603,
- 'rsa_pss_rsae_sha256': 0x0804,
-}
-
-NAMED_GROUP_IANA_VALUE = {
- 'secp256r1': 0x17,
- 'secp384r1': 0x18,
- 'secp521r1': 0x19,
- 'x25519': 0x1d,
- 'x448': 0x1e,
- # Only one finite field group to keep testing time within reasonable bounds.
- 'ffdhe2048': 0x100,
-}
-
-class TLSProgram:
- """
- Base class for generate server/client command.
- """
-
- # pylint: disable=too-many-arguments
- def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
- cert_sig_alg=None):
- self._ciphers = []
- self._sig_algs = []
- self._named_groups = []
- self._cert_sig_algs = []
- if ciphersuite:
- self.add_ciphersuites(ciphersuite)
- if named_group:
- self.add_named_groups(named_group)
- if signature_algorithm:
- self.add_signature_algorithms(signature_algorithm)
- if cert_sig_alg:
- self.add_cert_signature_algorithms(cert_sig_alg)
-
- # add_ciphersuites should not override by sub class
- def add_ciphersuites(self, *ciphersuites):
- self._ciphers.extend(
- [cipher for cipher in ciphersuites if cipher not in self._ciphers])
-
- # add_signature_algorithms should not override by sub class
- def add_signature_algorithms(self, *signature_algorithms):
- self._sig_algs.extend(
- [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._sig_algs])
-
- # add_named_groups should not override by sub class
- def add_named_groups(self, *named_groups):
- self._named_groups.extend(
- [named_group for named_group in named_groups if named_group not in self._named_groups])
-
- # add_cert_signature_algorithms should not override by sub class
- def add_cert_signature_algorithms(self, *signature_algorithms):
- self._cert_sig_algs.extend(
- [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._cert_sig_algs])
-
- # pylint: disable=no-self-use
- def pre_checks(self):
- return []
-
- # pylint: disable=no-self-use
- def cmd(self):
- if not self._cert_sig_algs:
- self._cert_sig_algs = list(CERTIFICATES.keys())
- return self.pre_cmd()
-
- # pylint: disable=no-self-use
- def post_checks(self):
- return []
-
- # pylint: disable=no-self-use
- def pre_cmd(self):
- return ['false']
-
- # pylint: disable=unused-argument,no-self-use
- def hrr_post_checks(self, named_group):
- return []
-
-
-class OpenSSLBase(TLSProgram):
- """
- Generate base test commands for OpenSSL.
- """
-
- NAMED_GROUP = {
- 'secp256r1': 'P-256',
- 'secp384r1': 'P-384',
- 'secp521r1': 'P-521',
- 'x25519': 'X25519',
- 'x448': 'X448',
- 'ffdhe2048': 'ffdhe2048',
- }
-
- def cmd(self):
- ret = super().cmd()
-
- if self._ciphers:
- ciphersuites = ':'.join(self._ciphers)
- ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)]
-
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- signature_algorithms = ':'.join(signature_algorithms)
- ret += ["-sigalgs {signature_algorithms}".format(
- signature_algorithms=signature_algorithms)]
-
- if self._named_groups:
- named_groups = ':'.join(
- map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups))
- ret += ["-groups {named_groups}".format(named_groups=named_groups)]
-
- ret += ['-msg -tls1_3']
-
- return ret
-
- def pre_checks(self):
- ret = ["requires_openssl_tls1_3"]
-
- # ffdh groups require at least openssl 3.0
- ffdh_groups = ['ffdhe2048']
-
- if any(x in ffdh_groups for x in self._named_groups):
- ret = ["requires_openssl_tls1_3_with_ffdh"]
-
- return ret
-
-
-class OpenSSLServ(OpenSSLBase):
- """
- Generate test commands for OpenSSL server.
- """
-
- def cmd(self):
- ret = super().cmd()
- ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache']
- return ret
-
- def post_checks(self):
- return ['-c "HTTP/1.0 200 ok"']
-
- def pre_cmd(self):
- ret = ['$O_NEXT_SRV_NO_CERT']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
- return ret
-
-
-class OpenSSLCli(OpenSSLBase):
- """
- Generate test commands for OpenSSL client.
- """
-
- def pre_cmd(self):
- return ['$O_NEXT_CLI_NO_CERT',
- '-CAfile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
-
-class GnuTLSBase(TLSProgram):
- """
- Generate base test commands for GnuTLS.
- """
-
- CIPHER_SUITE = {
- 'TLS_AES_256_GCM_SHA384': [
- 'AES-256-GCM',
- 'SHA384',
- 'AEAD'],
- 'TLS_AES_128_GCM_SHA256': [
- 'AES-128-GCM',
- 'SHA256',
- 'AEAD'],
- 'TLS_CHACHA20_POLY1305_SHA256': [
- 'CHACHA20-POLY1305',
- 'SHA256',
- 'AEAD'],
- 'TLS_AES_128_CCM_SHA256': [
- 'AES-128-CCM',
- 'SHA256',
- 'AEAD'],
- 'TLS_AES_128_CCM_8_SHA256': [
- 'AES-128-CCM-8',
- 'SHA256',
- 'AEAD']}
-
- SIGNATURE_ALGORITHM = {
- 'ecdsa_secp256r1_sha256': ['SIGN-ECDSA-SECP256R1-SHA256'],
- 'ecdsa_secp521r1_sha512': ['SIGN-ECDSA-SECP521R1-SHA512'],
- 'ecdsa_secp384r1_sha384': ['SIGN-ECDSA-SECP384R1-SHA384'],
- 'rsa_pss_rsae_sha256': ['SIGN-RSA-PSS-RSAE-SHA256']}
-
- NAMED_GROUP = {
- 'secp256r1': ['GROUP-SECP256R1'],
- 'secp384r1': ['GROUP-SECP384R1'],
- 'secp521r1': ['GROUP-SECP521R1'],
- 'x25519': ['GROUP-X25519'],
- 'x448': ['GROUP-X448'],
- 'ffdhe2048': ['GROUP-FFDHE2048'],
- }
-
- def pre_checks(self):
- return ["requires_gnutls_tls1_3",
- "requires_gnutls_next_no_ticket"]
-
- def cmd(self):
- ret = super().cmd()
-
- priority_string_list = []
-
- def update_priority_string_list(items, map_table):
- for item in items:
- for i in map_table[item]:
- if i not in priority_string_list:
- yield i
-
- if self._ciphers:
- priority_string_list.extend(update_priority_string_list(
- self._ciphers, self.CIPHER_SUITE))
- else:
- priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL'])
-
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- priority_string_list.extend(update_priority_string_list(
- signature_algorithms, self.SIGNATURE_ALGORITHM))
- else:
- priority_string_list.append('SIGN-ALL')
-
-
- if self._named_groups:
- priority_string_list.extend(update_priority_string_list(
- self._named_groups, self.NAMED_GROUP))
- else:
- priority_string_list.append('GROUP-ALL')
-
- priority_string_list = ['NONE'] + \
- priority_string_list + ['VERS-TLS1.3']
-
- priority_string = ':+'.join(priority_string_list)
- priority_string += ':%NO_TICKETS'
-
- ret += ['--priority={priority_string}'.format(
- priority_string=priority_string)]
- return ret
-
-class GnuTLSServ(GnuTLSBase):
- """
- Generate test commands for GnuTLS server.
- """
-
- def pre_cmd(self):
- ret = ['$G_NEXT_SRV_NO_CERT', '--http', '--disable-client-cert', '--debug=4']
-
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
- cert=cert, key=key)]
- return ret
-
- def post_checks(self):
- return ['-c "HTTP/1.0 200 OK"']
-
-
-class GnuTLSCli(GnuTLSBase):
- """
- Generate test commands for GnuTLS client.
- """
-
- def pre_cmd(self):
- return ['$G_NEXT_CLI_NO_CERT', '--debug=4', '--single-key-share',
- '--x509cafile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
-
-class MbedTLSBase(TLSProgram):
- """
- Generate base test commands for mbedTLS.
- """
-
- CIPHER_SUITE = {
- 'TLS_AES_256_GCM_SHA384': 'TLS1-3-AES-256-GCM-SHA384',
- 'TLS_AES_128_GCM_SHA256': 'TLS1-3-AES-128-GCM-SHA256',
- 'TLS_CHACHA20_POLY1305_SHA256': 'TLS1-3-CHACHA20-POLY1305-SHA256',
- 'TLS_AES_128_CCM_SHA256': 'TLS1-3-AES-128-CCM-SHA256',
- 'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'}
-
- def cmd(self):
- ret = super().cmd()
- ret += ['debug_level=4']
-
-
- if self._ciphers:
- ciphers = ','.join(
- map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers))
- ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)]
-
- if self._sig_algs + self._cert_sig_algs:
- ret += ['sig_algs={sig_algs}'.format(
- sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))]
-
- if self._named_groups:
- named_groups = ','.join(self._named_groups)
- ret += ["groups={named_groups}".format(named_groups=named_groups)]
- return ret
-
- #pylint: disable=missing-function-docstring
- def add_ffdh_group_requirements(self, requirement_list):
- if 'ffdhe2048' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe3072' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe4096' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe6144' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe8192' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
-
- def pre_checks(self):
- ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
- 'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED']
-
- if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
- ret.append(
- 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
-
- ec_groups = ['secp256r1', 'secp384r1', 'secp521r1', 'x25519', 'x448']
- ffdh_groups = ['ffdhe2048', 'ffdhe3072', 'ffdhe4096', 'ffdhe6144', 'ffdhe8192']
-
- if any(x in ec_groups for x in self._named_groups):
- ret.append('requires_config_enabled PSA_WANT_ALG_ECDH')
-
- if any(x in ffdh_groups for x in self._named_groups):
- ret.append('requires_config_enabled PSA_WANT_ALG_FFDH')
- self.add_ffdh_group_requirements(ret)
-
- return ret
-
-
-class MbedTLSServ(MbedTLSBase):
- """
- Generate test commands for mbedTLS server.
- """
-
- def cmd(self):
- ret = super().cmd()
- ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0']
- return ret
-
- def pre_checks(self):
- return ['requires_config_enabled MBEDTLS_SSL_SRV_C'] + super().pre_checks()
-
- def post_checks(self):
- check_strings = ["Protocol is TLSv1.3"]
- if self._ciphers:
- check_strings.append(
- "server hello, chosen ciphersuite: {} ( id={:04d} )".format(
- self.CIPHER_SUITE[self._ciphers[0]],
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]]))
- if self._sig_algs:
- check_strings.append(
- "received signature algorithm: 0x{:x}".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
-
- for named_group in self._named_groups:
- check_strings += ['got named group: {named_group}({iana_value:04x})'.format(
- named_group=named_group,
- iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
-
- check_strings.append("Certificate verification was skipped")
- return ['-s "{}"'.format(i) for i in check_strings]
-
- def pre_cmd(self):
- ret = ['$P_SRV']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)]
- return ret
-
- def hrr_post_checks(self, named_group):
- return ['-s "HRR selected_group: {:s}"'.format(named_group)]
-
-
-class MbedTLSCli(MbedTLSBase):
- """
- Generate test commands for mbedTLS client.
- """
-
- def pre_cmd(self):
- return ['$P_CLI',
- 'ca_file={cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
- def pre_checks(self):
- return ['requires_config_enabled MBEDTLS_SSL_CLI_C'] + super().pre_checks()
-
- def hrr_post_checks(self, named_group):
- ret = ['-c "received HelloRetryRequest message"']
- ret += ['-c "selected_group ( {:d} )"'.format(NAMED_GROUP_IANA_VALUE[named_group])]
- return ret
-
- def post_checks(self):
- check_strings = ["Protocol is TLSv1.3"]
- if self._ciphers:
- check_strings.append(
- "server hello, chosen ciphersuite: ( {:04x} ) - {}".format(
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]],
- self.CIPHER_SUITE[self._ciphers[0]]))
- if self._sig_algs:
- check_strings.append(
- "Certificate Verify: Signature algorithm ( {:04x} )".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
-
- for named_group in self._named_groups:
- check_strings += ['NamedGroup: {named_group} ( {iana_value:x} )'.format(
- named_group=named_group,
- iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
-
- check_strings.append("Verifying peer X.509 certificate... ok")
- return ['-c "{}"'.format(i) for i in check_strings]
-
-
-SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ, 'mbedTLS': MbedTLSServ}
-CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli}
-
-
-def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None):
- """
- Generate test case with `ssl-opt.sh` format.
- """
- name = 'TLS 1.3 {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format(
- client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group)
-
- server_object = SERVER_CLASSES[server](ciphersuite=cipher,
- named_group=named_group,
- signature_algorithm=sig_alg,
- cert_sig_alg=sig_alg)
- client_object = CLIENT_CLASSES[client](ciphersuite=cipher,
- named_group=named_group,
- signature_algorithm=sig_alg,
- cert_sig_alg=sig_alg)
-
- cmd = ['run_test "{}"'.format(name),
- '"{}"'.format(' '.join(server_object.cmd())),
- '"{}"'.format(' '.join(client_object.cmd())),
- '0']
- cmd += server_object.post_checks()
- cmd += client_object.post_checks()
- cmd += ['-C "received HelloRetryRequest message"']
- prefix = ' \\\n' + (' '*9)
- cmd = prefix.join(cmd)
- return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
-
-
-def generate_hrr_compat_test(client=None, server=None,
- client_named_group=None, server_named_group=None,
- cert_sig_alg=None):
- """
- Generate Hello Retry Request test case with `ssl-opt.sh` format.
- """
- name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {c_named_group} -> {s_named_group}'.format(
- client=client, server=server, c_named_group=client_named_group,
- s_named_group=server_named_group)
- server_object = SERVER_CLASSES[server](named_group=server_named_group,
- cert_sig_alg=cert_sig_alg)
-
- client_object = CLIENT_CLASSES[client](named_group=client_named_group,
- cert_sig_alg=cert_sig_alg)
- client_object.add_named_groups(server_named_group)
-
- cmd = ['run_test "{}"'.format(name),
- '"{}"'.format(' '.join(server_object.cmd())),
- '"{}"'.format(' '.join(client_object.cmd())),
- '0']
- cmd += server_object.post_checks()
- cmd += client_object.post_checks()
- cmd += server_object.hrr_post_checks(server_named_group)
- cmd += client_object.hrr_post_checks(server_named_group)
- prefix = ' \\\n' + (' '*9)
- cmd = prefix.join(cmd)
- return '\n'.join(server_object.pre_checks() +
- client_object.pre_checks() +
- [cmd])
-
-SSL_OUTPUT_HEADER = '''\
-# TLS 1.3 interoperability test cases (equivalent of compat.sh for TLS 1.3).
-#
-# Automatically generated by {cmd}. Do not edit!
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-'''
-DATA_FILES_PATH_VAR = '''
-DATA_FILES_PATH=../framework/data_files
-'''
-
-def main():
- """
- Main function of this program
- """
- parser = argparse.ArgumentParser()
-
- parser.add_argument('-o', '--output',
- default='tests/opt-testcases/tls13-compat.sh',
- help='Output file path (not used with -1)')
-
- parser.add_argument('-1', '--single', action='store_true',
- help='Print a single test case')
- # Single mode used to be the default.
- parser.add_argument('-a', '--generate-all-tls13-compat-tests',
- action='store_false', dest='single',
- help='Generate all test cases (negates -1) (default)')
-
- parser.add_argument('--list-ciphers', action='store_true',
- default=False, help='List supported ciphersuites')
-
- parser.add_argument('--list-sig-algs', action='store_true',
- default=False, help='List supported signature algorithms')
-
- parser.add_argument('--list-named-groups', action='store_true',
- default=False, help='List supported named groups')
-
- parser.add_argument('--list-servers', action='store_true',
- default=False, help='List supported TLS servers')
-
- parser.add_argument('--list-clients', action='store_true',
- default=False, help='List supported TLS Clients')
-
- parser.add_argument('server', choices=SERVER_CLASSES.keys(), nargs='?',
- default=list(SERVER_CLASSES.keys())[0],
- help='Choose TLS server program for test')
- parser.add_argument('client', choices=CLIENT_CLASSES.keys(), nargs='?',
- default=list(CLIENT_CLASSES.keys())[0],
- help='Choose TLS client program for test')
- parser.add_argument('cipher', choices=CIPHER_SUITE_IANA_VALUE.keys(), nargs='?',
- default=list(CIPHER_SUITE_IANA_VALUE.keys())[0],
- help='Choose cipher suite for test')
- parser.add_argument('sig_alg', choices=SIG_ALG_IANA_VALUE.keys(), nargs='?',
- default=list(SIG_ALG_IANA_VALUE.keys())[0],
- help='Choose cipher suite for test')
- parser.add_argument('named_group', choices=NAMED_GROUP_IANA_VALUE.keys(), nargs='?',
- default=list(NAMED_GROUP_IANA_VALUE.keys())[0],
- help='Choose cipher suite for test')
-
- args = parser.parse_args()
-
- def get_all_test_cases():
- # Generate normal compat test cases
- for client, server, cipher, named_group, sig_alg in \
- itertools.product(CLIENT_CLASSES.keys(),
- SERVER_CLASSES.keys(),
- CIPHER_SUITE_IANA_VALUE.keys(),
- NAMED_GROUP_IANA_VALUE.keys(),
- SIG_ALG_IANA_VALUE.keys()):
- if server == 'mbedTLS' or client == 'mbedTLS':
- yield generate_compat_test(client=client, server=server,
- cipher=cipher, named_group=named_group,
- sig_alg=sig_alg)
-
-
- # Generate Hello Retry Request compat test cases
- for client, server, client_named_group, server_named_group in \
- itertools.product(CLIENT_CLASSES.keys(),
- SERVER_CLASSES.keys(),
- NAMED_GROUP_IANA_VALUE.keys(),
- NAMED_GROUP_IANA_VALUE.keys()):
-
- if (client == 'mbedTLS' or server == 'mbedTLS') and \
- client_named_group != server_named_group:
- yield generate_hrr_compat_test(client=client, server=server,
- client_named_group=client_named_group,
- server_named_group=server_named_group,
- cert_sig_alg="ecdsa_secp256r1_sha256")
-
- if not args.single:
- if args.output:
- with open(args.output, 'w', encoding="utf-8") as f:
- f.write(SSL_OUTPUT_HEADER.format(
- filename=os.path.basename(args.output),
- cmd=os.path.basename(sys.argv[0])))
- f.write(DATA_FILES_PATH_VAR)
- f.write('\n\n'.join(get_all_test_cases()))
- f.write('\n')
- else:
- print('\n\n'.join(get_all_test_cases()))
- return 0
-
- if args.list_ciphers or args.list_sig_algs or args.list_named_groups \
- or args.list_servers or args.list_clients:
- if args.list_ciphers:
- print(*CIPHER_SUITE_IANA_VALUE.keys())
- if args.list_sig_algs:
- print(*SIG_ALG_IANA_VALUE.keys())
- if args.list_named_groups:
- print(*NAMED_GROUP_IANA_VALUE.keys())
- if args.list_servers:
- print(*SERVER_CLASSES.keys())
- if args.list_clients:
- print(*CLIENT_CLASSES.keys())
- return 0
-
- print(generate_compat_test(server=args.server, client=args.client, sig_alg=args.sig_alg,
- cipher=args.cipher, named_group=args.named_group))
- return 0
-
-
-if __name__ == "__main__":
- sys.exit(main())
diff --git a/tests/scripts/pkgconfig.sh b/tests/scripts/pkgconfig.sh
index 2702bfa..07a73b3 100755
--- a/tests/scripts/pkgconfig.sh
+++ b/tests/scripts/pkgconfig.sh
@@ -18,11 +18,14 @@
set -e -u
-# These are the EXPECTED package names. Renaming these could break
-# consumers of pkg-config, consider carefully.
-all_pcs="mbedtls mbedx509 mbedcrypto"
+if [ $# -le 0 ]
+then
+ echo " [!] No package names specified" >&2
+ echo "Usage: $0 <package name 1> <package name 2> ..." >&2
+ exit 1
+fi
-for pc in $all_pcs; do
+for pc in "$@"; do
printf "testing package config file: ${pc} ... "
pkg-config --validate "${pc}"
version="$(pkg-config --modversion "${pc}")"
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
deleted file mode 100755
index 90514fc..0000000
--- a/tests/scripts/translate_ciphers.py
+++ /dev/null
@@ -1,180 +0,0 @@
-#!/usr/bin/env python3
-
-# translate_ciphers.py
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-"""
-Translate standard ciphersuite names to GnuTLS, OpenSSL and Mbed TLS standards.
-
-To test the translation functions run:
-python3 -m unittest translate_cipher.py
-"""
-
-import re
-import argparse
-import unittest
-
-class TestTranslateCiphers(unittest.TestCase):
- """
- Ensure translate_ciphers.py translates and formats ciphersuite names
- correctly
- """
- def test_translate_all_cipher_names(self):
- """
- Translate standard ciphersuite names to GnuTLS, OpenSSL and
- Mbed TLS counterpart. Use only a small subset of ciphers
- that exercise each step of the translation functions
- """
- ciphers = [
- ("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
- "+ECDHE-ECDSA:+NULL:+SHA1",
- "ECDHE-ECDSA-NULL-SHA",
- "TLS-ECDHE-ECDSA-WITH-NULL-SHA"),
- ("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
- "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
- "ECDHE-ECDSA-AES128-GCM-SHA256",
- "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"),
- ("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
- "+DHE-RSA:+3DES-CBC:+SHA1",
- "EDH-RSA-DES-CBC3-SHA",
- "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"),
- ("TLS_RSA_WITH_AES_256_CBC_SHA",
- "+RSA:+AES-256-CBC:+SHA1",
- "AES256-SHA",
- "TLS-RSA-WITH-AES-256-CBC-SHA"),
- ("TLS_PSK_WITH_3DES_EDE_CBC_SHA",
- "+PSK:+3DES-CBC:+SHA1",
- "PSK-3DES-EDE-CBC-SHA",
- "TLS-PSK-WITH-3DES-EDE-CBC-SHA"),
- ("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
- None,
- "ECDHE-ECDSA-CHACHA20-POLY1305",
- "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"),
- ("TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
- "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
- None,
- "TLS-ECDHE-ECDSA-WITH-AES-128-CCM"),
- ("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
- None,
- "ECDHE-ARIA256-GCM-SHA384",
- "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384"),
- ]
-
- for s, g_exp, o_exp, m_exp in ciphers:
-
- if g_exp is not None:
- g = translate_gnutls(s)
- self.assertEqual(g, g_exp)
-
- if o_exp is not None:
- o = translate_ossl(s)
- self.assertEqual(o, o_exp)
-
- if m_exp is not None:
- m = translate_mbedtls(s)
- self.assertEqual(m, m_exp)
-
-def translate_gnutls(s_cipher):
- """
- Translate s_cipher from standard ciphersuite naming convention
- and return the GnuTLS naming convention
- """
-
- # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
- # naming convention
- s_cipher = s_cipher.replace("_", "-")
-
- s_cipher = re.sub(r'\ATLS-', '+', s_cipher)
- s_cipher = s_cipher.replace("-WITH-", ":+")
- s_cipher = s_cipher.replace("-EDE", "")
-
- # SHA in Mbed TLS == SHA1 GnuTLS,
- # if the last 3 chars are SHA append 1
- if s_cipher[-3:] == "SHA":
- s_cipher = s_cipher+"1"
-
- # CCM or CCM-8 should be followed by ":+AEAD"
- # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
- if "CCM" in s_cipher or "GCM" in s_cipher:
- s_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", s_cipher)
- s_cipher = s_cipher+":+AEAD"
-
- # Replace the last "-" with ":+"
- else:
- index = s_cipher.rindex("-")
- s_cipher = s_cipher[:index] + ":+" + s_cipher[index+1:]
-
- return s_cipher
-
-def translate_ossl(s_cipher):
- """
- Translate s_cipher from standard ciphersuite naming convention
- and return the OpenSSL naming convention
- """
-
- # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
- # naming convention
- s_cipher = s_cipher.replace("_", "-")
-
- s_cipher = re.sub(r'^TLS-', '', s_cipher)
- s_cipher = s_cipher.replace("-WITH", "")
-
- # Remove the "-" from "ABC-xyz"
- s_cipher = s_cipher.replace("AES-", "AES")
- s_cipher = s_cipher.replace("CAMELLIA-", "CAMELLIA")
- s_cipher = s_cipher.replace("ARIA-", "ARIA")
-
- # Remove "RSA" if it is at the beginning
- s_cipher = re.sub(r'^RSA-', r'', s_cipher)
-
- # For all circumstances outside of PSK
- if "PSK" not in s_cipher:
- s_cipher = s_cipher.replace("-EDE", "")
- s_cipher = s_cipher.replace("3DES-CBC", "DES-CBC3")
-
- # Remove "CBC" if it is not prefixed by DES
- s_cipher = re.sub(r'(?<!DES-)CBC-', r'', s_cipher)
-
- # ECDHE-RSA-ARIA does not exist in OpenSSL
- s_cipher = s_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
-
- # POLY1305 should not be followed by anything
- if "POLY1305" in s_cipher:
- index = s_cipher.rindex("POLY1305")
- s_cipher = s_cipher[:index+8]
-
- # If DES is being used, Replace DHE with EDH
- if "DES" in s_cipher and "DHE" in s_cipher and "ECDHE" not in s_cipher:
- s_cipher = s_cipher.replace("DHE", "EDH")
-
- return s_cipher
-
-def translate_mbedtls(s_cipher):
- """
- Translate s_cipher from standard ciphersuite naming convention
- and return Mbed TLS ciphersuite naming convention
- """
-
- # Replace "_" with "-"
- s_cipher = s_cipher.replace("_", "-")
-
- return s_cipher
-
-def format_ciphersuite_names(mode, names):
- t = {"g": translate_gnutls,
- "o": translate_ossl,
- "m": translate_mbedtls
- }[mode]
- return " ".join(c + '=' + t(c) for c in names)
-
-def main(target, names):
- print(format_ciphersuite_names(target, names))
-
-if __name__ == "__main__":
- PARSER = argparse.ArgumentParser()
- PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g', 'm'])
- PARSER.add_argument('names', metavar='NAMES', nargs='+')
- ARGS = PARSER.parse_args()
- main(ARGS.target, ARGS.names)
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 358d7c2..c522459 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -565,7 +565,7 @@
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 143d676..15380b0 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -212,7 +212,7 @@
X509 SAN parsing two directoryNames, second DN OID malformed
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
-x509_parse_san:"../framework/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_san:"../framework/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -312,7 +312,7 @@
X509 CRL Unsupported critical extension (issuingDistributionPoint)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-idp.pem":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRL Unsupported non-critical extension (issuingDistributionPoint)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -529,7 +529,7 @@
# already allocated.
#
X509 Get Name Corrupted DN Mem Leak
-mbedtls_x509_get_name:"310B3009060355040613024E4C3111300F060355040A0C08506F6C617253534C3019301706035504030C10506F6C617253534C2054657374204341":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_get_name:"310B3009060355040613024E4C3111300F060355040A0C08506F6C617253534C3019301706035504030C10506F6C617253534C2054657374204341":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 Time Expired #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1
@@ -1285,56 +1285,56 @@
x509parse_crt:"3001":"":MBEDTLS_ERR_X509_INVALID_FORMAT
X509 CRT ASN1 (inv TBS, invalid tag)
-x509parse_crt:"30020500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30020500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (inv TBS, length missing)
-x509parse_crt:"300130":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"300130":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (inv TBS, invalid length encoding)
-x509parse_crt:"30023085":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30023085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (inv TBS, length data incomplete)
-x509parse_crt:"300430839999":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"300430839999":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (inv TBS, length out of bounds)
-x509parse_crt:"30023003":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30023003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS empty)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"30153000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30153000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, invalid version tag, serial missing)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"301730020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"301730020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, valid outer version tag, no outer length)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"30163001a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30163001a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv inner version tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"30193004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30193004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, valid inner version tag, no inner length)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"30183003a00102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30183003a00102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, valid inner version tag, inv inner length encoding)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"30193004a0020285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30193004a0020285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, valid inner version tag, inner length too large for int)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
# tbsCertificate.version = 0x01000000000000000000000000000000 rejected by mbedtls_asn1_get_int
-x509parse_crt:"30293014a012021001000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30293014a012021001000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, valid inner version tag, inner vs. outer length mismatch)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"301b3006a00402010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"301b3006a00402010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, valid version tag, length exceeds TBS)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"30293014a012021100000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30293014a012021100000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 3)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
@@ -1350,67 +1350,67 @@
X509 CRT ASN1 (TBS, serial missing)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"301a3005a003020102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"301a3005a003020102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv serial, tag wrong)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"301c3007a0030201020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"301c3007a0030201020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv serial, length missing)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"301b3006a00302010282300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"301b3006a00302010282300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv serial, inv length encoding)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"301c3007a0030201028285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"301c3007a0030201028285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv serial, length out of bounds)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"301c3007a0030201028201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"301c3007a0030201028201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, AlgID missing)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"3020300ba0030201028204deadbeef300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3020300ba0030201028204deadbeef300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv AlgID, tag wrong)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"3022300da0030201028204deadbeef0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3022300da0030201028204deadbeef0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv AlgID, OID missing)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff3000030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff3000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv AlgID, OID tag wrong)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020500030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv AlgID, OID inv length encoding)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020685030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv AlgID, OID length out of bounds)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020601030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv AlgID, OID empty)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
X509 CRT ASN1 (TBS, inv AlgID, OID unknown)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv AlgID, param length out of bounds)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv AlgID, param length mismatch)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv AlgID, params present but empty)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
@@ -1418,147 +1418,147 @@
X509 CRT ASN1 (TBS, inv AlgID, bad RSASSA-PSS params)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_X509_RSASSA_PSS_SUPPORT
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, Issuer missing)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"302f301aa0030201008204deadbeef300d06092a864886f70d01010b0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"302f301aa0030201008204deadbeef300d06092a864886f70d01010b0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length missing)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"3030301ba0030201008204deadbeef300d06092a864886f70d01010b050030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3030301ba0030201008204deadbeef300d06092a864886f70d01010b050030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv length encoding)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length out of bounds)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, RDNSequence empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, RDN inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Issuer, RDN inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Issuer, RDN length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, RDN empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv no length data)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length mismatch)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv Issuer, 2nd AttributeTypeValue empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, Validity missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"303d3028a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"303d3028a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Validity, inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Validity, length field missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"303e3029a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"303e3029a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Validity, inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Validity, length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Validity, notBefore missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Validity, notBefore inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Validity, notBefore no length)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Validity, notBefore inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Validity, notBefore length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Validity, notBefore empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1570,23 +1570,23 @@
X509 CRT ASN1 (TBS, inv Validity, notAfter missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Validity, notAfter inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Validity, notAfter length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Validity, notAfter inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Validity, notAfter length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Validity, notAfter empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1598,147 +1598,147 @@
X509 CRT ASN1 (TBS, inv Validity, data remaining after 'notAfter')
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, Subject missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"305b3046a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"305b3046a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353900300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353900300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Subject, RDNSequence length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Subject, RDNSequence length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, RDN inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Subject, RDN inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Subject, RDN length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, RDN empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv no length data)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type length out of bounds )
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length mismatch)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv Subject, 2nd AttributeTypeValue empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, SubPubKeyInfo missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30693054a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30693054a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"306a3055a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"306a3055a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv algorithm tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"306c3057a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"306c3057a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm unknown)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1746,31 +1746,31 @@
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307a3065a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"307a3065a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307b3066a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743010300d06092A864886F70D010101050003300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"307b3066a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743010300d06092A864886F70D010101050003300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, no bitstring data)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
+x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv bitstring start)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
+x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_DATA)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1778,15 +1778,15 @@
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301e300d06092A864886F70D0101010500030b0030080202ffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301e300d06092A864886F70D0101010500030b0030080202ffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -1803,239 +1803,239 @@
# and hence we obtain an INVALID_TAG error during extension parsing.
X509 CRT ASN1 (TBS, inv IssuerID, inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv IssuerID, length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv IssuerID, inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv IssuerID, length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv v3Ext, inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv v3Ext, outer length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, outer length inv encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv v3Ext, outer length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, outer length 0)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv v3Ext, inner length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, inner length inv encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv v3Ext, inner length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, inner/outer length mismatch)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv v3Ext, first ext inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv v3Ext, first ext length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, inv first ext length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv v3Ext, first ext length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, first ext empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, no extnValue)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, inv critical tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv v3Ext, critical length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, critical inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv v3Ext, critical length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, critical length 0)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv v3Ext, critical length 2)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv v3Ext, extnValue inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv v3Ext, extnValue length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, extnValue length inv encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv v3Ext, extnValue length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv v3Ext, data remaining after extnValue)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, invalid outer tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length inv encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, no policies)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length inv encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length inv encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2043,27 +2043,27 @@
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier no length)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1
-mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH:0
+mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen_int_max.crt":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH):0
X509 CRT ASN1 (pathlen is INT_MAX-1)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1
@@ -2071,175 +2071,175 @@
X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length mismatch)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage bad second tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubjectAltName, empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, inv tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubjectAltName, length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubjectAltName, length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, data remaining after name SEQUENCE)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv SubjectAltName, name component length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, name component inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubjectAltName, name component length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, name component unexpected tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubjectAltName, otherName component empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, otherName invalid OID tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName EXPLICIT tag missing
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected EXPLICIT tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inv outer length)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length 0)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner tag invalid)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length inv encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName empty)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected OID tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID no length)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data invalid tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #1)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #2)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #3)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2251,7 +2251,7 @@
X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT (TBS, valid v3Ext in v3 CRT)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2259,35 +2259,35 @@
X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1
-x509parse_crt:"308203723082025aa003020102020111300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3132303531303133323334315a170d3232303531313133323334315a303a310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c311830160603550403130f7777772e6578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b93c4ac5c8a38e9017a49e52aa7175266180e7c7b56d8cffaab64126b7be11ad5c73160c64114804ffd6e13b05db89bbb39709d51c14dd688739b03d71cbe276d01ad8182d801b54f6e5449af1cbaf612edf490d9d09b7edb1fd3cfd3cfa24cf5dbf7ce453e725b5ea4422e926d3ea20949ee66167ba2e07670b032fa209edf0338f0bce10ef67a4c608dac1edc23fd74add153df95e1c8160463eb5b33d2fa6de471cbc92aeebdf276b1656b7dcecd15557a56eec7525f5b77bdfabd23a5a91987d97170b130aa76b4a8bc14730fb3af84104d5c1dfb81dbf7b01a565a2e01e36b7a65ccc305af8cd6fcdf1196225ca01e3357ffa20f5dcfd69b26a007d17f70203010001a38181307f30090603551d1304023000301d0603551d0e041604147de49c6be6f9717d46d2123dad6b1dfdc2aa784c301f0603551d23041830168014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30320603551d11042b3029c20b6578616d706c652e636f6d820b6578616d706c652e6e6574820d2a2e6578616d706c652e6f7267300d06092a864886f70d010105050003820101004f09cb7ad5eef5ef620ddc7ba285d68cca95b46bda115b92007513b9ca0bceeafbc31fe23f7f217479e2e6bcda06e52f6ff655c67339cf48bc0d2f0cd27a06c34a4cd9485da0d07389e4d4851d969a0e5799c66f1d21271f8d0529e840ae823968c39707cf3c934c1adf2fa6a455487f7c8c1ac922da24cd9239c68aecb08df5698267cb04eede534196c127dc2ffe33fad30eb8d432a9842853a5f0d189d5a298e71691bb9cc0418e8c58acffe3dd2e7aabb0b97176ad0f2733f7a929d3c076c0bf06407c0ed5a47c8ae2326e16aeda641fb0557cdbddf1a4ba447cb39958d2346e00ea976c143af2101e0aa249107601f4f2c818fdcc6346128b091bf194e6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"308203723082025aa003020102020111300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3132303531303133323334315a170d3232303531313133323334315a303a310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c311830160603550403130f7777772e6578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b93c4ac5c8a38e9017a49e52aa7175266180e7c7b56d8cffaab64126b7be11ad5c73160c64114804ffd6e13b05db89bbb39709d51c14dd688739b03d71cbe276d01ad8182d801b54f6e5449af1cbaf612edf490d9d09b7edb1fd3cfd3cfa24cf5dbf7ce453e725b5ea4422e926d3ea20949ee66167ba2e07670b032fa209edf0338f0bce10ef67a4c608dac1edc23fd74add153df95e1c8160463eb5b33d2fa6de471cbc92aeebdf276b1656b7dcecd15557a56eec7525f5b77bdfabd23a5a91987d97170b130aa76b4a8bc14730fb3af84104d5c1dfb81dbf7b01a565a2e01e36b7a65ccc305af8cd6fcdf1196225ca01e3357ffa20f5dcfd69b26a007d17f70203010001a38181307f30090603551d1304023000301d0603551d0e041604147de49c6be6f9717d46d2123dad6b1dfdc2aa784c301f0603551d23041830168014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30320603551d11042b3029c20b6578616d706c652e636f6d820b6578616d706c652e6e6574820d2a2e6578616d706c652e6f7267300d06092a864886f70d010105050003820101004f09cb7ad5eef5ef620ddc7ba285d68cca95b46bda115b92007513b9ca0bceeafbc31fe23f7f217479e2e6bcda06e52f6ff655c67339cf48bc0d2f0cd27a06c34a4cd9485da0d07389e4d4851d969a0e5799c66f1d21271f8d0529e840ae823968c39707cf3c934c1adf2fa6a455487f7c8c1ac922da24cd9239c68aecb08df5698267cb04eede534196c127dc2ffe33fad30eb8d432a9842853a5f0d189d5a298e71691bb9cc0418e8c58acffe3dd2e7aabb0b97176ad0f2733f7a929d3c076c0bf06407c0ed5a47c8ae2326e16aeda641fb0557cdbddf1a4ba447cb39958d2346e00ea976c143af2101e0aa249107601f4f2c818fdcc6346128b091bf194e6":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (SignatureAlgorithm missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (inv SignatureAlgorithm, bad tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (inv SignatureAlgorithm, length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (inv SignatureAlgorithm, inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (inv SignatureAlgorithm, length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (inv SignatureAlgorithm, not the same as SignatureAlgorithm in TBS)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2295,33 +2295,33 @@
X509 CRT ASN1 (Signature missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (inv Signature, bad tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (inv Signature, length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (inv Signature, inv length encoding)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT ASN1 (inv Signature, length out of bounds)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRT ASN1 (inv Signature, inv data #1)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
# signature = bit string with invalid encoding (missing number of unused bits)
-x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA)
X509 CRT ASN1 (inv Signature, inv data #2)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
# signature = bit string with invalid encoding (number of unused bits too large)
-x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
+x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA)
X509 CRT ASN1 (empty Signature)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2337,11 +2337,11 @@
X509 CRT ASN1 (inv Signature: not octet-aligned)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
# signature = bit string "01100110011011110110111"
-x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
+x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA)
X509 CRT ASN1 (inv Signature, length mismatch)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT ASN1 (well-formed)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2409,7 +2409,7 @@
X509 CRT ASN1 (Unsupported critical extension)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (Unsupported critical extension recognized by callback)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2417,7 +2417,7 @@
X509 CRT ASN1 (Unsupported critical extension not recognized by callback)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT ASN1 (Unsupported non critical extension recognized by callback)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2447,16 +2447,16 @@
x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
X509 CRL ASN1 (Correct first tag, data length does not match)
-x509parse_crl:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crl:"300000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRL ASN1 (TBSCertList, tag missing)
-x509parse_crl:"3000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"3000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, version tag len missing)
-x509parse_crl:"3003300102":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"3003300102":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, version correct, alg missing)
-x509parse_crl:"30053003020100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"30053003020100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, alg correct, incorrect version)
x509parse_crl:"300b3009020102300406000500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
@@ -2469,15 +2469,15 @@
X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, issuer set missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
@@ -2485,11 +2485,11 @@
X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
@@ -2497,7 +2497,7 @@
X509 CRL ASN1 (TBSCertList, sig present, len mismatch)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
# 305c
# 3047 tbsCertList TBSCertList
@@ -2523,35 +2523,35 @@
X509 CRL ASN1 (TBSCertList, signatureValue missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, single empty entry at end)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, good entry then empty entry at end)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, missing time in entry)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, missing time in entry at end)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (TBSCertList, invalid tag for time in entry)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRL ASN1 (TBSCertList, invalid tag for serial)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
-x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRL ASN1 (TBSCertList, no entries)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO
@@ -2565,23 +2565,23 @@
X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO
@@ -2829,10 +2829,10 @@
x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (wrong initial tag)
-x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 RSASSA-PSS parameters ASN1 (unknown tag in top-level sequence)
-x509_parse_rsassa_pss_params:"a400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 RSASSA-PSS parameters ASN1 (good, HashAlg SHA256)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2843,17 +2843,17 @@
x509_parse_rsassa_pss_params:"a009300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #1)
-x509_parse_rsassa_pss_params:"a00a300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a00a300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #2)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1
-x509_parse_rsassa_pss_params:"a00a300706052b0e03021a00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a00a300706052b0e03021a00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters)
-x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_DATA
+x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_DATA)
X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID)
-x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2864,32 +2864,32 @@
x509_parse_rsassa_pss_params:"a116301406092a864886f70d010108300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #1)
-x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #2)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1)
-x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1)
-x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + MBEDTLS_ERR_OID_NOT_FOUND
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_OID_NOT_FOUND)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag)
-x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1a)
-x509_parse_rsassa_pss_params:"a10f300d06092a864886f70d0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a10f300d06092a864886f70d0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1b)
-x509_parse_rsassa_pss_params:"a11b301906092a864886f70d010108300c0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a11b301906092a864886f70d010108300c0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID)
-x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID)
-x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2897,14 +2897,14 @@
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params wrong tag)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1c)
-x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #2)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
-x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 RSASSA-PSS parameters ASN1 (good, saltLen = 94)
x509_parse_rsassa_pss_params:"a20302015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:0
@@ -2913,25 +2913,25 @@
x509_parse_rsassa_pss_params:"a203020114":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #1)
-x509_parse_rsassa_pss_params:"a20402015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a20402015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #2)
-x509_parse_rsassa_pss_params:"a20402015e00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a20402015e00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 RSASSA-PSS parameters ASN1 (saltLen not an int)
-x509_parse_rsassa_pss_params:"a2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 RSASSA-PSS parameters ASN1 (good, explicit trailerField = default)
x509_parse_rsassa_pss_params:"a303020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #1)
-x509_parse_rsassa_pss_params:"a304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #2)
-x509_parse_rsassa_pss_params:"a30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 RSASSA-PSS parameters ASN1 (trailerField not an int)
-x509_parse_rsassa_pss_params:"a3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 RSASSA-PSS parameters ASN1 (trailerField not 1)
x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG
@@ -2942,7 +2942,7 @@
X509 CSR ASN.1 (Unsupported critical extension, critical=true)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (Unsupported non-critical extension, critical=false)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO
@@ -2958,7 +2958,7 @@
X509 CSR ASN.1 (Unsupported critical extension rejected by callback, critical=true)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:0
+mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):0
X509 CSR ASN.1 (bad first tag)
mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT
@@ -2967,64 +2967,64 @@
mbedtls_x509_csr_parse:"3001":"":MBEDTLS_ERR_X509_INVALID_FORMAT
X509 CSR ASN.1 (total length mistmatch)
-mbedtls_x509_csr_parse:"30010000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+mbedtls_x509_csr_parse:"30010000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CSR ASN.1 (bad CRI: not a sequence)
-mbedtls_x509_csr_parse:"30023100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"30023100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (bad CRI: overlong)
-mbedtls_x509_csr_parse:"30023001":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"30023001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad CRI.Version: overlong)
-mbedtls_x509_csr_parse:"30053002020100":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"30053002020100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad CRI.Version: not v1)
mbedtls_x509_csr_parse:"30053003020101":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
X509 CSR ASN.1 (bad CRI.Name: not a sequence)
-mbedtls_x509_csr_parse:"300730050201003100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"300730050201003100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (bad CRI.Name: overlong)
-mbedtls_x509_csr_parse:"30083005020100300100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"30083005020100300100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad CRI.Name payload: not a set)
-mbedtls_x509_csr_parse:"3009300702010030023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"3009300702010030023000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (bad CRI.Name payload: overlong)
-mbedtls_x509_csr_parse:"300a30080201003002310100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"300a30080201003002310100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad SubjectPublicKeyInfo: missing)
-mbedtls_x509_csr_parse:"30143012020100300d310b3009060355040613024e4c":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"30143012020100300d310b3009060355040613024e4c":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad SubjectPublicKeyInfo: not a sequence)
-mbedtls_x509_csr_parse:"30163014020100300d310b3009060355040613024e4c3100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"30163014020100300d310b3009060355040613024e4c3100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong)
-mbedtls_x509_csr_parse:"30173014020100300d310b3009060355040613024e4c300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"30173014020100300d310b3009060355040613024e4c300100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad attributes: missing)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256
-mbedtls_x509_csr_parse:"3081973081940201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081973081940201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad attributes: bad tag)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256
-mbedtls_x509_csr_parse:"3081993081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"3081993081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (bad attributes: overlong)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256
-mbedtls_x509_csr_parse:"30819a3081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"30819a3081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa00100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad sigAlg: missing)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256
-mbedtls_x509_csr_parse:"3081c23081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081c23081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad sigAlg: not a sequence)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256
-mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (bad sigAlg: overlong)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256
-mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad sigAlg: unknown)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256
@@ -3032,19 +3032,19 @@
X509 CSR ASN.1 (bad sig: missing)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1
-mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d0401":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (bad sig: not a bit string)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1
-mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010400":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (bad sig: overlong)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1
-mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (extra data after signature)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1
-mbedtls_x509_csr_parse:"308201193081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+mbedtls_x509_csr_parse:"308201193081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf9724300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CSR ASN.1 (invalid version overflow)
mbedtls_x509_csr_parse:"3008300602047fffffff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
@@ -3053,11 +3053,11 @@
# Please see makefile for ../framework/data_files to check malformation details (test_csr_v3_all_malformed_xxx.csr files)
X509 CSR ASN.1 (attributes: invalid sequence tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (attributes: invalid attribute id)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (attributes: not extension request)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
@@ -3065,63 +3065,63 @@
X509 CSR ASN.1 (attributes: invalid extenstion request set tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (attributes: invalid extenstion request sequence tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (attributes: invalid len (len > data))
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (attributes: invalid len (len < data))
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CSR ASN.1 (attributes: extension request invalid len (len > data))
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (attributes: extension request invalid len (len < data))
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (extensions: invalid sequence tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (extensions: invalid extension id tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (extensions: invalid extension data tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (extensions: invalid extension data len (len > data))
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 CSR ASN.1 (extensions: invalid extension data len (len < data))
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CSR ASN.1 (extensions: invalid extension key usage bitstream tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (extensions: invalid extension subject alt name sequence tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (extensions: invalid extension ns cert bitstream tag)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CSR ASN.1 (extensions: duplicated extension)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_DATA
+mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_DATA)
X509 CSR ASN.1 (extensions: invalid extension type data)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
@@ -3137,7 +3137,7 @@
X509 File parse (all certificates fail)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_RSA_C
-mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER:0
+mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_all_space.crt":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, MBEDTLS_ERR_BASE64_INVALID_CHARACTER):0
X509 File parse (trailing spaces, OK)
depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
@@ -3217,7 +3217,7 @@
X509 Get time (Date with invalid tag)
depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_CONTEXT_SPECIFIC:"000229121212":MBEDTLS_ERR_X509_INVALID_DATE+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:0:0:0:0:0:0
+x509_get_time:MBEDTLS_ASN1_CONTEXT_SPECIFIC:"000229121212":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):0:0:0:0:0:0
X509 Get time (UTC, truncated)
depends_on:MBEDTLS_X509_USE_C
@@ -3381,11 +3381,11 @@
X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT parse Subject Key Id - Wrong OCTET_STRING length
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT parse Authority Key Id - Correct Authority Key ID
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
@@ -3405,40 +3405,40 @@
X509 CRT parse Authority Key Id - Wrong Length
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
X509 CRT parse Authority Key Id - Wrong Sequence tag
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT parse Authority Key Id - Wrong KeyId Tag
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT parse Authority Key Id - Wrong KeyId Tag Length
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH)
X509 CRT parse Authority Key Id - Wrong Issuer Tag
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT parse Authority Key Id - Wrong DirectoryName tag in issuer field
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT parse Authority Key Id - Wrong Serial Number Tag
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 CRT parse Authority Key Id - Wrong Serial Number Tag length
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
# clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer (see issue #7576)
X509 CRT parse Authority Key Id - Wrong Issuer sequence
depends_on:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C
-x509_crt_parse_authoritykeyid:"../framework/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_crt_parse_authoritykeyid:"../framework/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
OID get numeric string - hardware module name
oid_get_numeric_string:"2B06010505070804":0:"1.3.6.1.5.5.7.8.4"
diff --git a/tf-psa-crypto/CMakeLists.txt b/tf-psa-crypto/CMakeLists.txt
index 63a71fc..21eb64e 100644
--- a/tf-psa-crypto/CMakeLists.txt
+++ b/tf-psa-crypto/CMakeLists.txt
@@ -33,10 +33,6 @@
if(NOT (CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR))
-if(LIB_INSTALL_DIR)
- set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
-endif()
-
set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${MBEDTLS_PYTHON_EXECUTABLE})
set(USE_STATIC_TF_PSA_CRYPTO_LIBRARY ${USE_STATIC_MBEDTLS_LIBRARY})
set(USE_SHARED_TF_PSA_CRYPTO_LIBRARY ${USE_SHARED_MBEDTLS_LIBRARY})
@@ -57,15 +53,18 @@
else(NOT (CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR))
+set(TF_PSA_CRYPTO_VERSION 0.1.0)
+set(TF_PSA_CRYPTO_SOVERSION 0)
+
if(TEST_CPP)
project("TF-PSA-Crypto"
LANGUAGES C CXX
- VERSION 0.1.0
+ VERSION ${TF_PSA_CRYPTO_VERSION}
)
else()
project("TF-PSA-Crypto"
LANGUAGES C
- VERSION 0.1.0
+ VERSION ${TF_PSA_CRYPTO_VERSION}
)
endif()
diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake
index e520ad1..b96dab2 100644
--- a/tf-psa-crypto/TF-PSA-Crypto.cmake
+++ b/tf-psa-crypto/TF-PSA-Crypto.cmake
@@ -1,3 +1,4 @@
+include(CMakePackageConfigHelpers)
include(GNUInstallDirs)
# Determine if TF-PSA-Crypto is being built as a subproject using add_subdirectory()
@@ -13,6 +14,19 @@
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..)
set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../framework)
+# Put the version numbers into relevant files
+set(version_number_files
+ doxygen/input/doc_mainpage.h
+ doxygen/tfpsacrypto.doxyfile)
+foreach(file ${version_number_files})
+ configure_file(${file}.in
+ ${TF_PSA_CRYPTO_DIR}/${file})
+endforeach(file)
+
+ADD_CUSTOM_TARGET(${TF_PSA_CRYPTO_TARGET_PREFIX}apidoc
+ COMMAND doxygen tfpsacrypto.doxyfile
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen)
+
option(ENABLE_PROGRAMS "Build TF-PSA-Crypto programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
@@ -27,7 +41,7 @@
endif()
# Support for package config and install to be added later.
-option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ON)
+option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${TF_PSA_CRYPTO_AS_SUBPROJECT})
if (CMAKE_C_SIMULATE_ID)
set(COMPILER_ID ${CMAKE_C_SIMULATE_ID})
@@ -101,7 +115,7 @@
find_package(Threads)
# If this is the root project add longer list of available CMAKE_BUILD_TYPE values
-if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR)
+if(NOT TF_PSA_CRYPTO_AS_SUBPROJECT)
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg"
FORCE)
@@ -261,10 +275,6 @@
endif(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
-if(LIB_INSTALL_DIR)
- set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
-endif()
-
if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
endif()
@@ -272,6 +282,7 @@
add_subdirectory(include)
add_subdirectory(core)
add_subdirectory(drivers)
+add_subdirectory(pkgconfig)
#
# The C files in tests/src directory contain test code shared among test suites
@@ -356,6 +367,17 @@
# additional convenience targets for Unix only
if(UNIX)
+ # For coverage testing:
+ # 1. Build with:
+ # cmake -D CMAKE_BUILD_TYPE=Coverage /path/to/source && make
+ # 2. Run the relevant tests for the part of the code you're interested in.
+ # For the reference coverage measurement, see
+ # tests/scripts/basic-build-test.sh
+ # 3. Run scripts/lcov.sh to generate an HTML report.
+ ADD_CUSTOM_TARGET(lcov
+ COMMAND ${MBEDTLS_DIR}/scripts/lcov.sh
+ )
+
ADD_CUSTOM_TARGET(memcheck
COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl
COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
@@ -374,3 +396,39 @@
${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
endif()
endif()
+
+if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+ configure_package_config_file(
+ "cmake/TF-PSA-CryptoConfig.cmake.in"
+ "cmake/TF-PSA-CryptoConfig.cmake"
+ INSTALL_DESTINATION "cmake")
+
+ write_basic_package_version_file(
+ "cmake/TF-PSA-CryptoConfigVersion.cmake"
+ COMPATIBILITY SameMajorVersion
+ VERSION 0.1.0)
+
+ install(
+ FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/TF-PSA-CryptoConfig.cmake"
+ "${CMAKE_CURRENT_BINARY_DIR}/cmake/TF-PSA-CryptoConfigVersion.cmake"
+ DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/TF-PSA-Crypto")
+
+ export(
+ EXPORT MbedTLSTargets
+ NAMESPACE TF-PSA-Crypto::
+ FILE "cmake/TF-PSA-CryptoTargets.cmake")
+
+ install(
+ EXPORT MbedTLSTargets
+ NAMESPACE TF-PSA-Crypto::
+ DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/TF-PSA-Crypto"
+ FILE "TF-PSA-CryptoTargets.cmake")
+
+ if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
+ # Do not export the package by default
+ cmake_policy(SET CMP0090 NEW)
+
+ # Make this package visible to the system
+ export(PACKAGE TF-PSA-Crypto)
+ endif()
+endif()
diff --git a/tf-psa-crypto/cmake/.gitignore b/tf-psa-crypto/cmake/.gitignore
new file mode 100644
index 0000000..fc85262
--- /dev/null
+++ b/tf-psa-crypto/cmake/.gitignore
@@ -0,0 +1 @@
+TF-PSA-CryptoConfig.cmake
diff --git a/tf-psa-crypto/cmake/TF-PSA-CryptoConfig.cmake.in b/tf-psa-crypto/cmake/TF-PSA-CryptoConfig.cmake.in
new file mode 100644
index 0000000..94a9195
--- /dev/null
+++ b/tf-psa-crypto/cmake/TF-PSA-CryptoConfig.cmake.in
@@ -0,0 +1,3 @@
+@PACKAGE_INIT@
+
+include("${CMAKE_CURRENT_LIST_DIR}/TF-PSA-CryptoTargets.cmake")
diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c
index d1c93fd..0bd5820 100644
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c
@@ -705,6 +705,11 @@
psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
size_t buffer_length)
{
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+ if (buffer_length > ((size_t) MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+#else
if (slot->key.data != NULL) {
return PSA_ERROR_ALREADY_EXISTS;
}
@@ -713,6 +718,7 @@
if (slot->key.data == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
+#endif
slot->key.bytes = buffer_length;
return PSA_SUCCESS;
@@ -1177,11 +1183,18 @@
psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
{
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+ if (slot->key.bytes > 0) {
+ mbedtls_platform_zeroize(slot->key.data, MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE);
+ }
+#else
if (slot->key.data != NULL) {
mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes);
}
slot->key.data = NULL;
+#endif /* MBEDTLS_PSA_STATIC_KEY_SLOTS */
+
slot->key.bytes = 0;
return PSA_SUCCESS;
@@ -2096,7 +2109,7 @@
* storage ( thus not in the case of importing a key in a secure element
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the imported key material. */
- if (slot->key.data == NULL) {
+ if (slot->key.bytes == 0) {
if (psa_key_lifetime_is_external(attributes->lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size_from_key_data(
attributes, data, data_length, &storage_size);
@@ -8030,7 +8043,7 @@
* storage ( thus not in the case of generating a key in a secure element
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the generated key material. */
- if (slot->key.data == NULL) {
+ if (slot->key.bytes == 0) {
if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) ==
PSA_KEY_LOCATION_LOCAL_STORAGE) {
status = psa_validate_key_type_and_size_for_key_generation(
diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h
index 21e7559..df0ee50 100644
--- a/tf-psa-crypto/core/psa_crypto_core.h
+++ b/tf-psa-crypto/core/psa_crypto_core.h
@@ -155,7 +155,11 @@
/* Dynamically allocated key data buffer.
* Format as specified in psa_export_key(). */
struct key_data {
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+ uint8_t data[MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE];
+#else
uint8_t *data;
+#endif
size_t bytes;
} key;
} psa_key_slot_t;
diff --git a/tf-psa-crypto/core/psa_crypto_storage.h b/tf-psa-crypto/core/psa_crypto_storage.h
index d7f5b18..433ecdc 100644
--- a/tf-psa-crypto/core/psa_crypto_storage.h
+++ b/tf-psa-crypto/core/psa_crypto_storage.h
@@ -21,9 +21,16 @@
#include <stdint.h>
#include <string.h>
-/* Limit the maximum key size in storage. This should have no effect
- * since the key size is limited in memory. */
+/* Limit the maximum key size in storage. */
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+/* Reflect the maximum size for the key buffer. */
+#define PSA_CRYPTO_MAX_STORAGE_SIZE (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)
+#else
+/* Just set an upper boundary but it should have no effect since the key size
+ * is limited in memory. */
#define PSA_CRYPTO_MAX_STORAGE_SIZE (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS))
+#endif
+
/* Sanity check: a file size must fit in 32 bits. Allow a generous
* 64kB of metadata. */
#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
diff --git a/tf-psa-crypto/doxygen/.gitignore b/tf-psa-crypto/doxygen/.gitignore
new file mode 100644
index 0000000..3d1b31d
--- /dev/null
+++ b/tf-psa-crypto/doxygen/.gitignore
@@ -0,0 +1 @@
+tfpsacrypto.doxyfile
diff --git a/tf-psa-crypto/doxygen/input/.gitignore b/tf-psa-crypto/doxygen/input/.gitignore
new file mode 100644
index 0000000..b806578
--- /dev/null
+++ b/tf-psa-crypto/doxygen/input/.gitignore
@@ -0,0 +1 @@
+doc_mainpage.h
diff --git a/tf-psa-crypto/doxygen/input/doc_mainpage.h.in b/tf-psa-crypto/doxygen/input/doc_mainpage.h.in
new file mode 100644
index 0000000..7c6ccb6
--- /dev/null
+++ b/tf-psa-crypto/doxygen/input/doc_mainpage.h.in
@@ -0,0 +1,19 @@
+/**
+ * \file doc_mainpage.h
+ *
+ * \brief Main page documentation file.
+ */
+/*
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * @mainpage TF-PSA-Crypto v@TF-PSA-Crypto_VERSION@ source code documentation
+ *
+ * This documentation describes the internal structure of the TF-PSA-Crypto
+ * library. It was automatically generated from specially formatted comment
+ * blocks in TF-PSA-Crypto source code using Doxygen (see
+ * http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen).
+ */
diff --git a/tf-psa-crypto/doxygen/tfpsacrypto.doxyfile.in b/tf-psa-crypto/doxygen/tfpsacrypto.doxyfile.in
new file mode 100644
index 0000000..56de487
--- /dev/null
+++ b/tf-psa-crypto/doxygen/tfpsacrypto.doxyfile.in
@@ -0,0 +1,54 @@
+PROJECT_NAME = "TF-PSA-Crypto v@TF-PSA-Crypto_VERSION@"
+OUTPUT_DIRECTORY = ../apidoc/
+FULL_PATH_NAMES = NO
+OPTIMIZE_OUTPUT_FOR_C = YES
+EXTRACT_ALL = YES
+EXTRACT_PRIVATE = YES
+EXTRACT_STATIC = YES
+CASE_SENSE_NAMES = NO
+INPUT = ../include input
+FILE_PATTERNS = *.h
+EXCLUDE = ../include/psa/crypto_se_driver.h
+RECURSIVE = YES
+EXCLUDE_SYMLINKS = YES
+SOURCE_BROWSER = YES
+REFERENCED_BY_RELATION = YES
+REFERENCES_RELATION = YES
+ALPHABETICAL_INDEX = NO
+HTML_OUTPUT = .
+HTML_TIMESTAMP = YES
+SEARCHENGINE = YES
+GENERATE_LATEX = NO
+MACRO_EXPANSION = YES
+EXPAND_ONLY_PREDEF = YES
+INCLUDE_PATH = ../include
+EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
+CLASS_DIAGRAMS = NO
+HAVE_DOT = YES
+DOT_GRAPH_MAX_NODES = 200
+MAX_DOT_GRAPH_DEPTH = 1000
+DOT_TRANSPARENT = YES
+
+# We mostly use \retval declarations to document which error codes a function
+# can return. The reader can follow the hyperlink to the definition of the
+# constant to get the generic documentation of that error code. If we don't
+# have anything to say about the specific error code for the specific
+# function, we can leave the description part of the \retval command blank.
+# This is perfectly valid as far as Doxygen is concerned. However, with
+# Clang >=15, the -Wdocumentation option emits a warning for empty
+# descriptions.
+# https://github.com/Mbed-TLS/mbedtls/issues/6960
+# https://github.com/llvm/llvm-project/issues/60315
+# As a workaround, you can write something like
+# \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+# This avoids writing redundant text and keeps Clang happy.
+ALIASES += emptydescription=""
+
+# Define away macros that make parsing definitions difficult.
+# MBEDTLS_DEPRECATED is not included in this list as it's important to
+# display deprecated status in the documentation.
+PREDEFINED = "MBEDTLS_CHECK_RETURN_CRITICAL=" \
+ "MBEDTLS_CHECK_RETURN_TYPICAL=" \
+ "MBEDTLS_CHECK_RETURN_OPTIONAL=" \
+ "MBEDTLS_PRINTF_ATTRIBUTE(a,b)=" \
+ "__DOXYGEN__" \
diff --git a/tf-psa-crypto/drivers/builtin/src/pk.c b/tf-psa-crypto/drivers/builtin/src/pk.c
index 28b4e7a..44760d0 100644
--- a/tf-psa-crypto/drivers/builtin/src/pk.c
+++ b/tf-psa-crypto/drivers/builtin/src/pk.c
@@ -35,10 +35,6 @@
#include <limits.h>
#include <stdint.h>
-#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \
- (PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \
- PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
-
/*
* Initialise a mbedtls_pk_context
*/
diff --git a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
index bc53a5e..ede2831 100644
--- a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
@@ -29,7 +29,7 @@
if(INSTALL_TF_PSA_CRYPTO_HEADERS)
- install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR}
+ install(DIRECTORY p256-m
DESTINATION include
FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
@@ -38,6 +38,6 @@
endif(INSTALL_TF_PSA_CRYPTO_HEADERS)
install(TARGETS ${p256m_target}
-EXPORT MbedTLSTargets
-DESTINATION ${CMAKE_INSTALL_LIBDIR}
-PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ EXPORT MbedTLSTargets
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/tf-psa-crypto/include/psa/crypto_extra.h b/tf-psa-crypto/include/psa/crypto_extra.h
index 0cf42c6..f48c087 100644
--- a/tf-psa-crypto/include/psa/crypto_extra.h
+++ b/tf-psa-crypto/include/psa/crypto_extra.h
@@ -32,6 +32,16 @@
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
#endif
+/* If the size of static key slots is not explicitly defined by the user, then
+ * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and
+ * PSA_CIPHER_MAX_KEY_LENGTH.
+ * See mbedtls_config.h for the definition. */
+#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)
+#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \
+ ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \
+ PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH)
+#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/
+
/** \addtogroup attributes
* @{
*/
diff --git a/tf-psa-crypto/include/psa/crypto_sizes.h b/tf-psa-crypto/include/psa/crypto_sizes.h
index 635ee98..87b8c39 100644
--- a/tf-psa-crypto/include/psa/crypto_sizes.h
+++ b/tf-psa-crypto/include/psa/crypto_sizes.h
@@ -1038,6 +1038,10 @@
PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
#endif
+#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \
+ ((PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+
/** Sufficient output buffer size for psa_raw_key_agreement().
*
* This macro returns a compile-time constant if its arguments are
@@ -1085,6 +1089,27 @@
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)
#endif
+/** Maximum key length for ciphers.
+ *
+ * Since there is no additional PSA_WANT_xxx symbol to specifiy the size of
+ * the key once a cipher is enabled (as it happens for asymmetric keys for
+ * example), the maximum key length is taken into account for each cipher.
+ * The resulting value will be the maximum cipher's key length given depending
+ * on which ciphers are enabled.
+ *
+ * Note: max value for AES used below would be doubled if XTS were enabled, but
+ * this mode is currently not supported in Mbed TLS implementation of PSA
+ * APIs.
+ */
+#if (defined(PSA_WANT_KEY_TYPE_AES) || defined(PSA_WANT_KEY_TYPE_ARIA) || \
+ defined(PSA_WANT_KEY_TYPE_CAMELLIA) || defined(PSA_WANT_KEY_TYPE_CHACHA20))
+#define PSA_CIPHER_MAX_KEY_LENGTH 32u
+#elif defined(PSA_WANT_KEY_TYPE_DES)
+#define PSA_CIPHER_MAX_KEY_LENGTH 24u
+#else
+#define PSA_CIPHER_MAX_KEY_LENGTH 0u
+#endif
+
/** The default IV size for a cipher algorithm, in bytes.
*
* The IV that is generated as part of a call to #psa_cipher_encrypt() is always
diff --git a/tf-psa-crypto/pkgconfig/.gitignore b/tf-psa-crypto/pkgconfig/.gitignore
new file mode 100644
index 0000000..5460c20
--- /dev/null
+++ b/tf-psa-crypto/pkgconfig/.gitignore
@@ -0,0 +1,2 @@
+Makefile
+*.pc
diff --git a/tf-psa-crypto/pkgconfig/CMakeLists.txt b/tf-psa-crypto/pkgconfig/CMakeLists.txt
new file mode 100644
index 0000000..4b62a04
--- /dev/null
+++ b/tf-psa-crypto/pkgconfig/CMakeLists.txt
@@ -0,0 +1,15 @@
+if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+ include(JoinPaths.cmake)
+ join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}")
+ join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}")
+
+ #define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below.
+ # Prefix with something that won't clash with newer versions of CMAKE.
+ set(PKGCONFIG_PROJECT_DESCRIPTION "TF-PSA-Crypto is a C library that implements cryptographic primitives. Its small code footprint makes it suitable for embedded systems.")
+ set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/")
+
+ configure_file(tfpsacrypto.pc.in tfpsacrypto.pc @ONLY)
+ install(FILES
+ ${CMAKE_CURRENT_BINARY_DIR}/tfpsacrypto.pc
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+endif()
diff --git a/tf-psa-crypto/pkgconfig/JoinPaths.cmake b/tf-psa-crypto/pkgconfig/JoinPaths.cmake
new file mode 100644
index 0000000..193caed
--- /dev/null
+++ b/tf-psa-crypto/pkgconfig/JoinPaths.cmake
@@ -0,0 +1,27 @@
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+# This module provides function for joining paths
+# known from most languages
+#
+# Copyright The Mbed TLS Contributors
+#
+# This script originates from:
+# - https://github.com/jtojnar/cmake-snips
+# Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and
+# allowed for the change of Copyright.
+#
+# Modelled after Python’s os.path.join
+# https://docs.python.org/3.7/library/os.path.html#os.path.join
+# Windows not supported
+function(join_paths joined_path first_path_segment)
+ set(temp_path "${first_path_segment}")
+ foreach(current_segment IN LISTS ARGN)
+ if(NOT ("${current_segment}" STREQUAL ""))
+ if(IS_ABSOLUTE "${current_segment}")
+ set(temp_path "${current_segment}")
+ else()
+ set(temp_path "${temp_path}/${current_segment}")
+ endif()
+ endif()
+ endforeach()
+ set(${joined_path} "${temp_path}" PARENT_SCOPE)
+endfunction()
diff --git a/tf-psa-crypto/pkgconfig/tfpsacrypto.pc.in b/tf-psa-crypto/pkgconfig/tfpsacrypto.pc.in
new file mode 100644
index 0000000..2d130ea
--- /dev/null
+++ b/tf-psa-crypto/pkgconfig/tfpsacrypto.pc.in
@@ -0,0 +1,10 @@
+prefix=@CMAKE_INSTALL_PREFIX@
+includedir=@PKGCONFIG_INCLUDEDIR@
+libdir=@PKGCONFIG_LIBDIR@
+
+Name: @PROJECT_NAME@
+Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+Version: @PROJECT_VERSION@
+Cflags: -I"${includedir}"
+Libs: -L"${libdir}" -lmbedcrypto -lbuiltin -leverest -lp256m
diff --git a/tf-psa-crypto/programs/test/cmake_package/.gitignore b/tf-psa-crypto/programs/test/cmake_package/.gitignore
new file mode 100644
index 0000000..fd34d2b
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_package/.gitignore
@@ -0,0 +1,3 @@
+Makefile
+cmake_package
+tf-psa-crypto
diff --git a/tf-psa-crypto/programs/test/cmake_package/CMakeLists.txt b/tf-psa-crypto/programs/test/cmake_package/CMakeLists.txt
new file mode 100644
index 0000000..20b7322
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_package/CMakeLists.txt
@@ -0,0 +1,35 @@
+cmake_minimum_required(VERSION 2.8.12)
+
+#
+# Simulate configuring and building TF-PSA-Crypto as the user might do it.
+# We'll skip installing it, and use the build directory directly instead.
+#
+
+set(TF-PSA-Crypto_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..")
+set(TF-PSA-Crypto_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/tf-psa-crypto")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ "-H${TF-PSA-Crypto_SOURCE_DIR}"
+ "-B${TF-PSA-Crypto_BINARY_DIR}"
+ "-DENABLE_PROGRAMS=NO"
+ "-DENABLE_TESTING=NO")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ --build "${TF-PSA-Crypto_BINARY_DIR}")
+
+#
+# Locate the package.
+#
+
+set(TF-PSA-Crypto_DIR "${TF-PSA-Crypto_BINARY_DIR}/cmake")
+find_package(TF-PSA-Crypto REQUIRED)
+
+#
+# At this point, the TF-PSA-Crypto targets should have been imported, and we
+# can now link to them from our own program.
+#
+
+add_executable(cmake_package cmake_package.c)
+target_link_libraries(cmake_package TF-PSA-Crypto::mbedcrypto)
diff --git a/tf-psa-crypto/programs/test/cmake_package/cmake_package.c b/tf-psa-crypto/programs/test/cmake_package/cmake_package.c
new file mode 100644
index 0000000..c12ae7b
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_package/cmake_package.c
@@ -0,0 +1,19 @@
+/*
+ * Simple program to test that TF-PSA-Crypto builds correctly as a CMake
+ * package.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <psa/crypto.h>
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a PSA cryptography API to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ psa_crypto_init();
+
+ return 0;
+}
diff --git a/tf-psa-crypto/tests/CMakeLists.txt b/tf-psa-crypto/tests/CMakeLists.txt
index 862d862..0e84bab 100644
--- a/tf-psa-crypto/tests/CMakeLists.txt
+++ b/tf-psa-crypto/tests/CMakeLists.txt
@@ -3,13 +3,6 @@
${CMAKE_THREAD_LIBS_INIT}
)
-# Set the project root directory if it's not already defined, as may happen if
-# the tests folder is included directly by a parent project, without including
-# the top level CMakeLists.txt.
-if(NOT DEFINED MBEDTLS_DIR)
- set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
-endif()
-
if(NOT TF_PSA_CRYPTO_PYTHON_EXECUTABLE)
message(FATAL_ERROR "Cannot build test suites without Python 3")
endif()
@@ -357,5 +350,6 @@
if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/seedfile")
link_to_source(seedfile)
endif()
+ link_to_source(Descriptions.txt)
link_to_source(../../framework/data_files)
endif()
diff --git a/tf-psa-crypto/tests/Descriptions.txt b/tf-psa-crypto/tests/Descriptions.txt
new file mode 100644
index 0000000..bc25056
--- /dev/null
+++ b/tf-psa-crypto/tests/Descriptions.txt
@@ -0,0 +1,5 @@
+test_suites
+ The various 'test_suite_XXX' programs from the 'tests' directory, executed
+ using 'make check' (Unix make) or 'make test' (Cmake), include test cases
+ (reference test vectors, sanity checks, malformed input for parsing
+ functions, etc.) for all modules except the SSL modules.
diff --git a/tf-psa-crypto/tests/suites/test_suite_dhm.data b/tf-psa-crypto/tests/suites/test_suite_dhm.data
index f909eb8..b036793 100644
--- a/tf-psa-crypto/tests/suites/test_suite_dhm.data
+++ b/tf-psa-crypto/tests/suites/test_suite_dhm.data
@@ -71,7 +71,7 @@
dhm_do_dhm:"301abc09a57b66a953bfcc206a32e9ab56724084e4b47635779ca35fee79ce1060cb4117":36:"15aa1039b4dd361ed1b5b88e52f2919d0cbcb15adbe5fc290dab13b34e7":0
Diffie-Hellman small modulus
-dhm_do_dhm:"3":1:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+dhm_do_dhm:"3":1:"5":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
Diffie-Hellman zero modulus
dhm_do_dhm:"0":1:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
@@ -107,7 +107,7 @@
dhm_make_public:MBEDTLS_MPI_MAX_SIZE:"5":0
Diffie-Hellman MPI_MAX_SIZE + 1 modulus
-dhm_make_public:MBEDTLS_MPI_MAX_SIZE + 1:"5":MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+dhm_make_public:MBEDTLS_MPI_MAX_SIZE + 1:"5":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
DH load parameters from PEM file (1024-bit, g=2)
depends_on:MBEDTLS_PEM_PARSE_C
diff --git a/tf-psa-crypto/tests/suites/test_suite_dhm.function b/tf-psa-crypto/tests/suites/test_suite_dhm.function
index bb64ef3..6c6f15b 100644
--- a/tf-psa-crypto/tests/suites/test_suite_dhm.function
+++ b/tf-psa-crypto/tests/suites/test_suite_dhm.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/dhm.h"
+#include "mbedtls/error.h"
static int check_get_value(const mbedtls_dhm_context *ctx,
mbedtls_dhm_parameter param,
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkcs5.data b/tf-psa-crypto/tests/suites/test_suite_pkcs5.data
index 5884acf..7fa517d 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkcs5.data
+++ b/tf-psa-crypto/tests/suites/test_suite_pkcs5.data
@@ -168,15 +168,15 @@
PBES2 Decrypt (bad params tag)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):""
PBES2 Decrypt (bad KDF AlgId: not a sequence)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"31":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"31":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):""
PBES2 Decrypt (bad KDF AlgId: overlong)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"3001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"3001":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA):""
PBES2 Decrypt (KDF != PBKDF2)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
@@ -184,27 +184,27 @@
PBES2 Decrypt (bad PBKDF2 params: not a sequence)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):""
PBES2 Decrypt (bad PBKDF2 params: overlong)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA):""
PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):""
PBES2 Decrypt (bad PBKDF2 params salt: overlong)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA):""
PBES2 Decrypt (bad PBKDF2 params iter: not an int)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):""
PBES2 Decrypt (bad PBKDF2 params iter: overlong)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA):""
PBES2 Decrypt (OK, PBKDF2 params explicit keylen)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
@@ -212,7 +212,7 @@
PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA):""
PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
@@ -220,11 +220,11 @@
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):""
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA):""
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
@@ -232,15 +232,15 @@
PBES2 Decrypt (bad, PBKDF2 params extra data)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH):""
PBES2 Decrypt (bad enc_scheme_alg: not a sequence)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):""
PBES2 Decrypt (bad enc_scheme_alg: overlong)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA):""
PBES2 Decrypt (bad enc_scheme_alg: unknown oid)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
@@ -252,7 +252,7 @@
PBES2 Decrypt (bad enc_scheme_alg params: overlong)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C
-pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":0:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA):""
PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)
depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkcs5.function b/tf-psa-crypto/tests/suites/test_suite_pkcs5.function
index afe9f38..f6be142 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkcs5.function
+++ b/tf-psa-crypto/tests/suites/test_suite_pkcs5.function
@@ -1,4 +1,5 @@
/* BEGIN_HEADER */
+#include "mbedtls/error.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/cipher.h"
/* END_HEADER */
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkparse.data b/tf-psa-crypto/tests/suites/test_suite_pkparse.data
index 70ca864..17a253d 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkparse.data
+++ b/tf-psa-crypto/tests/suites/test_suite_pkparse.data
@@ -51,23 +51,23 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0
Parse RSA Key #14 (4096-bit, DES Encrypted)
-depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_des.pem":"testkey":0
Parse RSA Key #15 (4096-bit, 3DES Encrypted)
-depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_3des.pem":"testkey":0
Parse RSA Key #16 (4096-bit, AES-128 Encrypted)
-depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0
Parse RSA Key #17 (4096-bit, AES-192 Encrypted)
-depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0
Parse RSA Key #18 (4096-bit, AES-256 Encrypted)
-depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0
Parse RSA Key #19 (PKCS#8 wrapped)
@@ -99,15 +99,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0
Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER)
@@ -119,7 +119,7 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0
Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0
Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES)
@@ -147,15 +147,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0
Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER)
@@ -167,7 +167,7 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0
Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0
Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)
@@ -195,15 +195,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0
Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER)
@@ -231,15 +231,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0
Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES)
@@ -267,15 +267,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0
Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER)
@@ -303,15 +303,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0
Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)
@@ -339,15 +339,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER)
@@ -375,15 +375,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0
Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224)
@@ -411,15 +411,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER)
@@ -447,15 +447,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0
Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256)
@@ -483,15 +483,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER)
@@ -519,15 +519,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0
Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256)
@@ -555,15 +555,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER)
@@ -591,15 +591,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0
Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384)
@@ -627,15 +627,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER)
@@ -663,15 +663,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0
Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384)
@@ -699,15 +699,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER)
@@ -735,15 +735,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0
Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512)
@@ -771,15 +771,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER)
@@ -807,15 +807,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0
Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512)
@@ -843,15 +843,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER)
@@ -879,15 +879,15 @@
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0
Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit)
@@ -1191,11 +1191,11 @@
Key ASN1 (Encrypted key PKCS5, trailing garbage data)
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_ALG_SHA_1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
-pk_parse_key_encrypted:"307C304006092A864886F70D01050D3033301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC3949100438AD100BAC552FD0AE70BECAFA60F5E519B6180C77E8DB0B9ECC6F23FEDD30AB9BDCA2AF9F97BC470FC3A82DCA2364E22642DE0AF9275A82CB":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+pk_parse_key_encrypted:"307C304006092A864886F70D01050D3033301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC3949100438AD100BAC552FD0AE70BECAFA60F5E519B6180C77E8DB0B9ECC6F23FEDD30AB9BDCA2AF9F97BC470FC3A82DCA2364E22642DE0AF9275A82CB":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
Key ASN1 (Encrypted key PKCS12, trailing garbage data)
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_ALG_SHA_1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
-pk_parse_key_encrypted:"3058301C060A2A864886F70D010C0103300E0409CCCCCCCCCCCCCCCCCC02010A04380A8CAF39C4FA001884D0583B323C5E70942444FBE1F650B92F8ADF4AD7BD5049B4748F53A2531139EBF253FE01E8FC925C82C759C944B4D0":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+pk_parse_key_encrypted:"3058301C060A2A864886F70D010C0103300E0409CCCCCCCCCCCCCCCCCC02010A04380A8CAF39C4FA001884D0583B323C5E70942444FBE1F650B92F8ADF4AD7BD5049B4748F53A2531139EBF253FE01E8FC925C82C759C944B4D0":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH)
# From RFC8410 Appendix A but made into version 0
OneAsymmetricKey X25519, doesn't match masking requirements #1
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkparse.function b/tf-psa-crypto/tests/suites/test_suite_pkparse.function
index 2aea1b8..1cd6e2b 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkparse.function
+++ b/tf-psa-crypto/tests/suites/test_suite_pkparse.function
@@ -1,4 +1,5 @@
/* BEGIN_HEADER */
+#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data
index 67a846b..ff9d4ec 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data
+++ b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data
@@ -7,11 +7,11 @@
pk_write_pubkey_check:"../../framework/data_files/server1.pubkey.der":TEST_DER
Public key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_pubkey_check:"../../framework/data_files/rsa4096_pub.pem":TEST_PEM
Public key write check RSA 4096 (DER)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_pubkey_check:"../../framework/data_files/rsa4096_pub.der":TEST_DER
Public key write check EC 192 bits
@@ -63,11 +63,11 @@
pk_write_key_check:"../../framework/data_files/server1.key.der":TEST_DER
Private key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_key_check:"../../framework/data_files/rsa4096_prv.pem":TEST_PEM
Private key write check RSA 4096 (DER)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_key_check:"../../framework/data_files/rsa4096_prv.der":TEST_DER
Private key write check EC 192 bits
@@ -131,7 +131,7 @@
pk_write_public_from_private:"../../framework/data_files/server1.key.der":"../../framework/data_files/server1.pubkey.der"
Derive public key RSA 4096
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_public_from_private:"../../framework/data_files/rsa4096_prv.der":"../../framework/data_files/rsa4096_pub.der"
Derive public key EC 192 bits
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
index c2deaa5..87fec19 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
@@ -7158,7 +7158,7 @@
# and not expected to be raised any time soon) is less than the maximum
# output from HKDF-SHA512 (255*64 = 16320 bytes).
PSA key derivation: largest possible key
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS)
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS:1
PSA key derivation: key too large
@@ -7402,12 +7402,15 @@
generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0
PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0
PSA generate key: raw data, 65528 bits (large key, ok if it fits)
+depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(65528)
generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1
PSA generate key: raw data, 65536 bits (not supported)
@@ -7478,6 +7481,17 @@
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
+# Following 2 tests are meant to be tested from the component_test_crypto_with_static_key_slots()
+# test component. There MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is intentionally set to a value
+# that is OK for all public RSA key bit sizes, but only valid up to 2048 bits for key pairs.
+PSA generate key: RSA, key pair size does not fit in static key buffer
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:!MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096:PSA_VENDOR_RSA_MAX_KEY_BITS>=4096
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA generate key: RSA, key pair size fits in static key buffer
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048:PSA_VENDOR_RSA_MAX_KEY_BITS>=2048
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
+
PSA generate key: ECC, SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
@@ -7619,15 +7633,15 @@
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5
PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
-depends_on:MBEDTLS_THREADING_PTHREAD
+depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5
PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
-depends_on:MBEDTLS_THREADING_PTHREAD
+depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5
PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits)
-depends_on:MBEDTLS_THREADING_PTHREAD
+depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > PSA_BITS_TO_BYTES(65528)
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5
PSA concurrent key generation: raw data, 65536 bits (not supported)
@@ -7820,9 +7834,7 @@
depends_on:PSA_WANT_ECC_SECP_K1_192
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192
-ECP group ID <-> PSA family - SECP224K1
-depends_on:PSA_WANT_ECC_SECP_K1_224
-ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224
+# No test case for SECP224K1, which is not implemented in the PSA API.
ECP group ID <-> PSA family - SECP256K1
depends_on:PSA_WANT_ECC_SECP_K1_256
@@ -7837,4 +7849,3 @@
ECP group ID <-> PSA family - Wrong values
ecc_conversion_functions_fail
-
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
index cee73b0..b1c662f 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
@@ -1236,7 +1236,7 @@
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C)
static int rsa_test_e(mbedtls_svc_key_id_t key,
size_t bits,
const data_t *e_arg)
@@ -1615,7 +1615,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on: !MBEDTLS_PSA_STATIC_KEY_SLOTS*/
/* Construct and attempt to import a large unstructured key. */
void import_large_key(int type_arg, int byte_size_arg,
int expected_status_arg)
@@ -10180,7 +10180,7 @@
TEST_EQUAL(psa_get_key_type(&got_attributes), type);
TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C)
if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
TEST_ASSERT(rsa_test_e(key, bits, custom_data));
}
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 84611fa..49b1c15 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -6,13 +6,14 @@
size_t pake_expected_hit_count = 0;
int pake_in_driver = 0;
+#if defined(PSA_WANT_ALG_JPAKE) && \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+ defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256)
+
/* The only two JPAKE user/peer identifiers supported for the time being. */
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
-#if defined(PSA_WANT_ALG_JPAKE) && \
- defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
- defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256)
static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
psa_pake_operation_t *server,
psa_pake_operation_t *client,
@@ -437,6 +438,11 @@
mbedtls_mpi_init(&D);
mbedtls_mpi_init(&C);
mbedtls_mpi_init(&X);
+#else /* MBEDTLS_BIGNUM_C */
+ (void) alg;
+ (void) private_exponent;
+ (void) input_data;
+ (void) buf;
#endif /* MBEDTLS_BIGNUM_C */
int ok = 0;
@@ -843,7 +849,7 @@
{
psa_key_lifetime_t lifetime =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
- PSA_KEY_PERSISTENCE_DEFAULT, location);
+ PSA_KEY_PERSISTENCE_VOLATILE, location);
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg);
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function
index efaaba5..5788742 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -1,14 +1,16 @@
/* BEGIN_HEADER */
#include <psa/crypto.h>
+#include <psa_crypto_storage.h>
#include <test/psa_crypto_helpers.h>
#include <test/psa_exercise_key.h>
#include <psa_crypto_its.h>
-#define TEST_FLAG_EXERCISE 0x00000001
-#define TEST_FLAG_READ_ONLY 0x00000002
+#define TEST_FLAG_EXERCISE 0x00000001
+#define TEST_FLAG_READ_ONLY 0x00000002
+#define TEST_FLAG_OVERSIZED_KEY 0x00000004
/** Write a key with the given attributes and key material to storage.
* Test that it has the expected representation.
@@ -158,6 +160,12 @@
/* Prime the storage with a key file. */
PSA_ASSERT(psa_its_set(uid, representation->len, representation->x, 0));
+ if (flags & TEST_FLAG_OVERSIZED_KEY) {
+ TEST_EQUAL(psa_get_key_attributes(key_id, &actual_attributes), PSA_ERROR_DATA_INVALID);
+ ok = 1;
+ goto exit;
+ }
+
/* Check that the injected key exists and looks as expected. */
PSA_ASSERT(psa_get_key_attributes(key_id, &actual_attributes));
TEST_ASSERT(mbedtls_svc_key_id_equal(key_id,
@@ -281,6 +289,7 @@
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 1);
psa_storage_uid_t uid = 1;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t *custom_key_data = NULL, *custom_storage_data = NULL;
PSA_INIT();
TEST_USES_KEY_ID(key_id);
@@ -293,6 +302,23 @@
psa_set_key_algorithm(&attributes, alg);
psa_set_key_enrollment_algorithm(&attributes, alg2);
+ /* Create a persistent key which is intentionally larger than the specified
+ * bit size. */
+ if (flags & TEST_FLAG_OVERSIZED_KEY) {
+ TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits));
+ memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits));
+ material->len = PSA_BITS_TO_BYTES(bits);
+ material->x = custom_key_data;
+
+ /* 36 bytes are the overhead of psa_persistent_key_storage_format */
+ TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 36);
+ representation->len = PSA_BITS_TO_BYTES(bits) + 36;
+ representation->x = custom_storage_data;
+
+ psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits),
+ &attributes, custom_storage_data);
+ }
+
/* Test that we can use a key with the given representation. This
* guarantees backward compatibility with keys that were stored by
* past versions of Mbed TLS. */
@@ -300,6 +326,8 @@
uid, representation, flags));
exit:
+ mbedtls_free(custom_key_data);
+ mbedtls_free(custom_storage_data);
psa_reset_key_attributes(&attributes);
PSA_DONE();
}
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data
index 48e3804..359053e 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data
@@ -9,3 +9,9 @@
PSA storage save: AES-GCM+CTR
depends_on:PSA_WANT_KEY_TYPE_AES
key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:PSA_ALG_CTR:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800001010000000250050010c00410000000404142434445464748494a4b4c4d4e4f"
+
+# Create a persistent key which is larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+# so that when psa_get_key_attributes() tries to load it from the storage it will fail.
+PSA storage read: key larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOTS
+key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:PSA_BYTES_TO_BITS(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + 1):PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY
diff --git a/tf-psa-crypto/tests/suites/test_suite_rsa.data b/tf-psa-crypto/tests/suites/test_suite_rsa.data
index 61e07cd..8be8b58 100644
--- a/tf-psa-crypto/tests/suites/test_suite_rsa.data
+++ b/tf-psa-crypto/tests/suites/test_suite_rsa.data
@@ -270,7 +270,7 @@
RSA PKCS1 Decrypt #2 (Data too small)
depends_on:MBEDTLS_PKCS1_V15
-mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":32:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":32:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PRIVATE_FAILED, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
RSA PKCS1 Decrypt #4 (Output buffer too small)
depends_on:MBEDTLS_PKCS1_V15
@@ -371,7 +371,7 @@
mbedtls_rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f8700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
RSA Private (Data larger than N)
-mbedtls_rsa_private:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_rsa_private:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PRIVATE_FAILED, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
RSA Private (Data = 0 )
mbedtls_rsa_private:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0
@@ -380,7 +380,7 @@
mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f8700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"1f5e927c13ff231090b0f18c8c3526428ed0f4a7561457ee5afe4d22d5d9220c34ef5b9a34d0c07f7248a1f3d57f95d10f7936b3063e40660b3a7ca3e73608b013f85a6e778ac7c60d576e9d9c0c5a79ad84ceea74e4722eb3553bdb0c2d7783dac050520cb27ca73478b509873cb0dcbd1d51dd8fccb96c29ad314f36d67cc57835d92d94defa0399feb095fd41b9f0b2be10f6041079ed4290040449f8a79aba50b0a1f8cf83c9fb8772b0686ec1b29cb1814bb06f9c024857db54d395a8da9a2c6f9f53b94bec612a0cb306a3eaa9fc80992e85d9d232e37a50cabe48c9343f039601ff7d95d60025e582aec475d031888310e8ec3833b394a5cf0599101e":0
RSA Public (Data larger than N)
-mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PUBLIC_FAILED, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
RSA Public (Data = 0)
mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0
diff --git a/tf-psa-crypto/tests/suites/test_suite_rsa.function b/tf-psa-crypto/tests/suites/test_suite_rsa.function
index 98ea9ef..b84848b 100644
--- a/tf-psa-crypto/tests/suites/test_suite_rsa.function
+++ b/tf-psa-crypto/tests/suites/test_suite_rsa.function
@@ -1,4 +1,5 @@
/* BEGIN_HEADER */
+#include "mbedtls/error.h"
#include "mbedtls/rsa.h"
#include "bignum_core.h"
#include "rsa_alt_helpers.h"