Merge pull request #8057 from mpg/cipher-study
[G2] Tentative definition of Cipher light
diff --git a/.gitignore b/.gitignore
index 185bd7a..4f29d5b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -63,5 +63,7 @@
/cscope*.out
/tags
-# Clangd compilation database
+# clangd compilation database
compile_commands.json
+# clangd index files
+/.cache/clangd/index/
diff --git a/.travis.yml b/.travis.yml
index bf5ccd9..3b4132e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,149 +1,24 @@
# Declare python as our language. This way we get our chosen Python version,
# and pip is available. Gcc and clang are available anyway.
+dist: jammy
+os: linux
language: python
-python: 3.5
-sudo: false
+python: 3.10
+
cache: ccache
-jobs:
- include:
- - name: basic checks and reference configurations
- addons:
- apt:
- packages:
- - gnutls-bin
- - doxygen
- - graphviz
- - gcc-arm-none-eabi
- - libnewlib-arm-none-eabi
- - gcc-arm-linux-gnueabi
- - libc6-dev-armel-cross
- script:
- - tests/scripts/all.sh -k 'check_*'
- - tests/scripts/all.sh -k test_default_out_of_box
- - tests/scripts/all.sh -k test_ref_configs
- - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
-
- - name: full configuration
- os: linux
- dist: focal
- addons:
- apt:
- packages:
- - clang-10
- - gnutls-bin
- script:
- # Do a manual build+test sequence rather than using all.sh,
- # because there's no all.sh component that does what we want,
- # which is a build with Clang >= 10 and ASan, running all the SSL
- # testing.
- # - The clang executable in the default PATH is Clang 7 on
- # Travis's focal instances, but we want Clang >= 10.
- # - Running all the SSL testing requires a specific set of
- # OpenSSL and GnuTLS versions and we don't want to bother
- # with those on Travis.
- # So we explicitly select clang-10 as the compiler, and we
- # have ad hoc restrictions on SSL testing based on what is
- # passing at the time of writing. We will remove these limitations
- # gradually.
- - make generated_files
- - make CC=clang-10 CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all -O2' LDFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
- - make test
- - programs/test/selftest
- - tests/scripts/test_psa_constant_names.py
- - tests/ssl-opt.sh
- # Modern OpenSSL does not support null ciphers.
- - tests/compat.sh -p OpenSSL -e 'NULL'
- - tests/scripts/travis-log-failure.sh
- # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
- - tests/compat.sh -p GnuTLS -e 'CAMELLIA'
- - tests/scripts/travis-log-failure.sh
- - tests/context-info.sh
-
- - name: Windows
- os: windows
- # The language 'python' is currently unsupported on the
- # Windows Build Environment. And 'generic' causes the job to get stuck
- # on "Booting virtual machine".
- language: c
- before_install:
- - choco install python --version=3.5.4
- env:
- # Add the directory where the Choco packages go
- - PATH=/c/Python35:/c/Python35/Scripts:$PATH
- - PYTHON=python.exe
- script:
- - type perl; perl --version
- - type python; python --version
- - scripts/make_generated_files.bat
- # Logs appear out of sequence on Windows. Give time to catch up.
- - sleep 5
- - scripts/windows_msbuild.bat v141 # Visual Studio 2017
- - visualc/VS2013/x64/Release/selftest.exe
-
- - name: full configuration on arm64
- os: linux
- dist: focal
- arch: arm64
- addons:
- apt:
- packages:
- - gcc
- script:
- # Do a manual build+test sequence rather than using all.sh.
- #
- # On Arm64 host of Travis CI, the time of `test_full_cmake_*` exceeds
- # limitation of Travis CI. Base on `test_full_cmake_*`, we removed
- # `ssl-opt.sh` and GnuTLS compat.sh here to meet the time limitation.
- - scripts/config.py full
- - make generated_files
- - make CFLAGS='-O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
- - make test
- - programs/test/selftest
- - tests/scripts/test_psa_constant_names.py
- # Modern OpenSSL does not support fixed ECDH or null ciphers.
- - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH_'
- - tests/scripts/travis-log-failure.sh
- - tests/context-info.sh
-
- - name: full configuration(GnuTLS compat tests) on arm64
- os: linux
- dist: focal
- arch: arm64
- addons:
- apt:
- packages:
- - clang
- - gnutls-bin
- script:
- # Do a manual build+test sequence rather than using all.sh.
- #
- # On Arm64 host of Travis CI, the time of `test_full_cmake_*` exceeds
- # limitation of Travis CI. Base on `test_full_cmake_*`, we removed
- # `ssl-opt.sh` and OpenSSl compat.sh here to meet the time limitation.
- - scripts/config.py full
- - make generated_files
- - make CC=clang CFLAGS='-O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
- # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
- - tests/compat.sh -p GnuTLS -e 'CAMELLIA'
- - tests/scripts/travis-log-failure.sh
- - tests/context-info.sh
-
-after_failure:
-- tests/scripts/travis-log-failure.sh
-
-env:
- global:
- - SEED=1
- - secure: "JECCru6HASpKZ0OLfHh8f/KXhKkdrCwjquZghd/qbA4ksxsWImjR7KEPERcaPndXEilzhDbKwuFvJiQX2duVgTGoq745YGhLZIjzo1i8tySkceCVd48P8WceYGz+F/bmY7r+m6fFNuxDSoGGSVeA4Lnjvmm8PFUP45YodDV9no4="
+branches:
+ only:
+ coverity_scan
install:
- $PYTHON scripts/min_requirements.py
+env:
+ global:
+ - SEED=1
+ - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo="
addons:
- apt:
- packages:
- - gnutls-bin
coverity_scan:
project:
name: "ARMmbed/mbedtls"
diff --git a/.uncrustify.cfg b/.uncrustify.cfg
index 92b8ce9..8dc9db0 100644
--- a/.uncrustify.cfg
+++ b/.uncrustify.cfg
@@ -4,19 +4,7 @@
# to Mbed TLS.
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
# Wrap lines at 100 characters
diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt
index 67db68d..fa149bd 100644
--- a/3rdparty/CMakeLists.txt
+++ b/3rdparty/CMakeLists.txt
@@ -1,10 +1,2 @@
-execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE everest_result)
-execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED RESULT_VARIABLE p256m_result)
-
-if(${everest_result} EQUAL 0)
- add_subdirectory(everest)
-endif()
-
-if(${p256m_result} EQUAL 0)
- add_subdirectory(p256-m)
-endif()
+add_subdirectory(everest)
+add_subdirectory(p256-m)
diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc
index 80dc126..70f316b 100644
--- a/3rdparty/Makefile.inc
+++ b/3rdparty/Makefile.inc
@@ -1,3 +1,3 @@
-THIRDPARTY_DIR = $(dir $(word 2, $(MAKEFILE_LIST)))
+THIRDPARTY_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
include $(THIRDPARTY_DIR)/everest/Makefile.inc
include $(THIRDPARTY_DIR)/p256-m/Makefile.inc
diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt
index 4ad367e..e0e5ade 100644
--- a/3rdparty/everest/CMakeLists.txt
+++ b/3rdparty/everest/CMakeLists.txt
@@ -1,9 +1,11 @@
-add_library(everest
+set(everest_target "${MBEDTLS_TARGET_PREFIX}everest")
+
+add_library(${everest_target}
library/everest.c
library/x25519.c
library/Hacl_Curve25519_joined.c)
-target_include_directories(everest
+target_include_directories(${everest_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<INSTALL_INTERFACE:include>
@@ -11,6 +13,19 @@
include/everest/kremlib
${MBEDTLS_DIR}/library/)
+# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
+# This must be duplicated from library/CMakeLists.txt because
+# everest is not directly linked against any mbedtls targets
+# so does not inherit the compile definitions.
+if(MBEDTLS_CONFIG_FILE)
+ target_compile_definitions(${everest_target}
+ PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
+endif()
+if(MBEDTLS_USER_CONFIG_FILE)
+ target_compile_definitions(${everest_target}
+ PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
+endif()
+
if(INSTALL_MBEDTLS_HEADERS)
install(DIRECTORY include/everest
@@ -21,7 +36,7 @@
endif(INSTALL_MBEDTLS_HEADERS)
-install(TARGETS everest
+install(TARGETS ${everest_target}
EXPORT MbedTLSTargets
DESTINATION ${CMAKE_INSTALL_LIBDIR}
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/3rdparty/everest/include/everest/vs2013/inttypes.h b/3rdparty/everest/include/everest/vs2013/inttypes.h
index d53f87f..77003be 100644
--- a/3rdparty/everest/include/everest/vs2013/inttypes.h
+++ b/3rdparty/everest/include/everest/vs2013/inttypes.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _INTTYPES_H_VS2010
diff --git a/3rdparty/everest/include/everest/vs2013/stdbool.h b/3rdparty/everest/include/everest/vs2013/stdbool.h
index 5b7039c..dcae6d8 100644
--- a/3rdparty/everest/include/everest/vs2013/stdbool.h
+++ b/3rdparty/everest/include/everest/vs2013/stdbool.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _STDBOOL_H_VS2010
diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h
index 7a973dc..ef314d2 100644
--- a/3rdparty/everest/include/everest/x25519.h
+++ b/3rdparty/everest/include/everest/x25519.h
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_X25519_H
diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c
index 957294f..a778160 100644
--- a/3rdparty/everest/library/Hacl_Curve25519_joined.c
+++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _BSD_SOURCE
/* Required to get htole64() from gcc/glibc's endian.h (older systems)
diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c
index 9faa9ab..83064dc 100644
--- a/3rdparty/everest/library/x25519.c
+++ b/3rdparty/everest/library/x25519.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#include "common.h"
diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt
index 0001dd2..2ef0d48 100644
--- a/3rdparty/p256-m/CMakeLists.txt
+++ b/3rdparty/p256-m/CMakeLists.txt
@@ -1,14 +1,29 @@
-add_library(p256m
+set(p256m_target ${MBEDTLS_TARGET_PREFIX}p256m)
+
+add_library(${p256m_target}
p256-m_driver_entrypoints.c
p256-m/p256-m.c)
-target_include_directories(p256m
+target_include_directories(${p256m_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/p256-m>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<INSTALL_INTERFACE:include>
PRIVATE ${MBEDTLS_DIR}/library/)
+# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
+# This must be duplicated from library/CMakeLists.txt because
+# p256m is not directly linked against any mbedtls targets
+# so does not inherit the compile definitions.
+if(MBEDTLS_CONFIG_FILE)
+ target_compile_definitions(${p256m_target}
+ PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
+endif()
+if(MBEDTLS_USER_CONFIG_FILE)
+ target_compile_definitions(${p256m_target}
+ PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
+endif()
+
if(INSTALL_MBEDTLS_HEADERS)
install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR}
@@ -19,7 +34,7 @@
endif(INSTALL_MBEDTLS_HEADERS)
-install(TARGETS p256m
+install(TARGETS ${p256m_target}
EXPORT MbedTLSTargets
DESTINATION ${CMAKE_INSTALL_LIBDIR}
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/3rdparty/p256-m/README.md b/3rdparty/p256-m/README.md
index 89648d4..ec90f34 100644
--- a/3rdparty/p256-m/README.md
+++ b/3rdparty/p256-m/README.md
@@ -1,4 +1,4 @@
-The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m), which is distributed under the Apache 2.0 license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project.
+The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m). They are distributed here under a dual Apache-2.0 OR GPL-2.0-or-later license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project.
-The files `p256-m.c` and `.h`, along with the license, have been taken from the `p256-m` repository.
+The files `p256-m.c`, `p256-m.h` and `README.md` have been taken from the `p256-m` repository.
It should be noted that p256-m deliberately does not supply its own cryptographically secure RNG function. As a result, the PSA RNG is used, with `p256_generate_random()` wrapping `psa_generate_random()`.
diff --git a/3rdparty/p256-m/p256-m/LICENSE b/3rdparty/p256-m/p256-m/LICENSE
deleted file mode 100644
index d645695..0000000
--- a/3rdparty/p256-m/p256-m/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c
index 53d306f..42c35b5 100644
--- a/3rdparty/p256-m/p256-m/p256-m.c
+++ b/3rdparty/p256-m/p256-m/p256-m.c
@@ -3,26 +3,22 @@
*
* Copyright The Mbed TLS Contributors
* Author: Manuel Pégourié-Gonnard.
- * SPDX-License-Identifier: Apache-2.0
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "p256-m.h"
+#include "mbedtls/platform_util.h"
#include "psa/crypto.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
/*
* Zeroize memory - this should not be optimized away
*/
-static void zeroize(void *d, size_t n)
-{
- volatile char *p = d;
- while( n-- )
- *p++ = 0;
-}
+#define zeroize mbedtls_platform_zeroize
/*
* Helpers to test constant-time behaviour with valgrind or MemSan.
@@ -199,10 +195,12 @@
* Currently assembly optimisations are only supported with GCC/Clang for
* Arm's Cortex-A and Cortex-M lines of CPUs, which start with the v6-M and
* v7-M architectures. __ARM_ARCH_PROFILE is not defined for v6 and earlier.
+ * Thumb and 32-bit assembly is supported; aarch64 is not supported.
*/
#if defined(__GNUC__) &&\
defined(__ARM_ARCH) && __ARM_ARCH >= 6 && defined(__ARM_ARCH_PROFILE) && \
- ( __ARM_ARCH_PROFILE == 77 || __ARM_ARCH_PROFILE == 65 ) /* 'M' or 'A' */
+ ( __ARM_ARCH_PROFILE == 77 || __ARM_ARCH_PROFILE == 65 ) /* 'M' or 'A' */ && \
+ !defined(__aarch64__)
/*
* This set of CPUs is conveniently partitioned as follows:
@@ -1468,4 +1466,49 @@
return P256_INVALID_SIGNATURE;
}
+/**********************************************************************
+ *
+ * Key management utilities
+ *
+ **********************************************************************/
+
+int p256_validate_pubkey(const uint8_t pub[64])
+{
+ uint32_t x[8], y[8];
+ int ret = point_from_bytes(x, y, pub);
+
+ return ret == 0 ? P256_SUCCESS : P256_INVALID_PUBKEY;
+}
+
+int p256_validate_privkey(const uint8_t priv[32])
+{
+ uint32_t s[8];
+ int ret = scalar_from_bytes(s, priv);
+ zeroize(s, sizeof(s));
+
+ return ret == 0 ? P256_SUCCESS : P256_INVALID_PRIVKEY;
+}
+
+int p256_public_from_private(uint8_t pub[64], const uint8_t priv[32])
+{
+ int ret;
+ uint32_t s[8];
+
+ ret = scalar_from_bytes(s, priv);
+ if (ret != 0)
+ return P256_INVALID_PRIVKEY;
+
+ /* compute and ouput the associated public key */
+ uint32_t x[8], y[8];
+ scalar_mult(x, y, p256_gx, p256_gy, s);
+
+ /* the associated public key is not a secret, the scalar was */
+ CT_UNPOISON(x, 32);
+ CT_UNPOISON(y, 32);
+ zeroize(s, sizeof(s));
+
+ point_to_bytes(pub, x, y);
+ return P256_SUCCESS;
+}
+
#endif
diff --git a/3rdparty/p256-m/p256-m/p256-m.h b/3rdparty/p256-m/p256-m/p256-m.h
index 398c846..c267800 100644
--- a/3rdparty/p256-m/p256-m/p256-m.h
+++ b/3rdparty/p256-m/p256-m/p256-m.h
@@ -3,7 +3,7 @@
*
* Copyright The Mbed TLS Contributors
* Author: Manuel Pégourié-Gonnard.
- * SPDX-License-Identifier: Apache-2.0
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef P256_M_H
#define P256_M_H
@@ -89,6 +89,45 @@
int p256_ecdsa_verify(const uint8_t sig[64], const uint8_t pub[64],
const uint8_t *hash, size_t hlen);
+/*
+ * Public key validation
+ *
+ * Note: you never need to call this function, as all other functions always
+ * validate their input; however it's availabe if you want to validate the key
+ * without performing an operation.
+ *
+ * [in] pub: the public key, as two big-endian integers
+ *
+ * return: P256_SUCCESS if the key is valid
+ * P256_INVALID_PUBKEY if pub is invalid
+ */
+int p256_validate_pubkey(const uint8_t pub[64]);
+
+/*
+ * Private key validation
+ *
+ * Note: you never need to call this function, as all other functions always
+ * validate their input; however it's availabe if you want to validate the key
+ * without performing an operation.
+ *
+ * [in] priv: the private key, as a big-endian integer
+ *
+ * return: P256_SUCCESS if the key is valid
+ * P256_INVALID_PRIVKEY if priv is invalid
+ */
+int p256_validate_privkey(const uint8_t priv[32]);
+
+/*
+ * Compute public key from private key
+ *
+ * [out] pub: the associated public key, as two big-endian integers
+ * [in] priv: the private key, as a big-endian integer
+ *
+ * return: P256_SUCCESS on success
+ * P256_INVALID_PRIVKEY if priv is invalid
+ */
+int p256_public_from_private(uint8_t pub[64], const uint8_t priv[32]);
+
#ifdef __cplusplus
}
#endif
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c
index 8828909..d272dcb 100644
--- a/3rdparty/p256-m/p256-m_driver_entrypoints.c
+++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c
@@ -3,29 +3,18 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/platform.h"
#include "p256-m_driver_entrypoints.h"
#include "p256-m/p256-m.h"
#include "psa/crypto.h"
-#include "psa_crypto_driver_wrappers.h"
#include <stddef.h>
+#include <string.h>
+#include "psa_crypto_driver_wrappers_no_static.h"
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
/* INFORMATION ON PSA KEY EXPORT FORMATS:
*
@@ -37,10 +26,20 @@
* total of 65 bytes.
*
* p256-m's internal format for private keys matches PSA. Its format for public
- * keys is only 64 bytes; the same as PSA but without the leading byte (0x04).
+ * keys is only 64 bytes: the same as PSA but without the leading byte (0x04).
* Hence, when passing public keys from PSA to p256-m, the leading byte is
* removed.
+ *
+ * Shared secret and signature have the same format between PSA and p256-m.
*/
+#define PSA_PUBKEY_SIZE 65
+#define PSA_PUBKEY_HEADER_BYTE 0x04
+#define P256_PUBKEY_SIZE 64
+#define PRIVKEY_SIZE 32
+#define SHARED_SECRET_SIZE 32
+#define SIGNATURE_SIZE 64
+
+#define CURVE_BITS 256
/* Convert between p256-m and PSA error codes */
static psa_status_t p256_to_psa_error(int ret)
@@ -59,6 +58,83 @@
}
}
+psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length,
+ size_t *bits)
+{
+ /* Check the key size */
+ if (*bits != 0 && *bits != CURVE_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ /* Validate the key (and its type and size) */
+ psa_key_type_t type = psa_get_key_type(attributes);
+ if (type == PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) {
+ if (data_length != PSA_PUBKEY_SIZE) {
+ return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT;
+ }
+ /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
+ if (p256_validate_pubkey(data + 1) != P256_SUCCESS) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ } else if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ if (data_length != PRIVKEY_SIZE) {
+ return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (p256_validate_privkey(data) != P256_SUCCESS) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ } else {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ *bits = CURVE_BITS;
+
+ /* We only support the export format for input, so just copy. */
+ if (key_buffer_size < data_length) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+ memcpy(key_buffer, data, data_length);
+ *key_buffer_length = data_length;
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
+{
+ /* Is this the right curve? */
+ size_t bits = psa_get_key_bits(attributes);
+ psa_key_type_t type = psa_get_key_type(attributes);
+ if (bits != CURVE_BITS || type != PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PRIVKEY_SIZE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (data_size < PSA_PUBKEY_SIZE) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+
+ /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
+ data[0] = PSA_PUBKEY_HEADER_BYTE;
+ int ret = p256_public_from_private(data + 1, key_buffer);
+ if (ret == P256_SUCCESS) {
+ *data_length = PSA_PUBKEY_SIZE;
+ }
+
+ return p256_to_psa_error(ret);
+}
+
psa_status_t p256_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer,
@@ -69,13 +145,9 @@
* of driver entry-points. (void) used to avoid compiler warning. */
(void) attributes;
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
-
- /*
- * p256-m generates a 32 byte private key, and expects to write to a buffer
- * that is of that size. */
- if (key_buffer_size != 32) {
- return status;
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PRIVKEY_SIZE) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
}
/*
@@ -83,15 +155,14 @@
* keys. Allocate a buffer to which the public key will be written. The
* private key will be written to key_buffer, which is passed to this
* function as an argument. */
- uint8_t public_key_buffer[64];
+ uint8_t public_key_buffer[P256_PUBKEY_SIZE];
- status = p256_to_psa_error(
- p256_gen_keypair(key_buffer, public_key_buffer));
- if (status == PSA_SUCCESS) {
- *key_buffer_length = 32;
+ int ret = p256_gen_keypair(key_buffer, public_key_buffer);
+ if (ret == P256_SUCCESS) {
+ *key_buffer_length = PRIVKEY_SIZE;
}
- return status;
+ return p256_to_psa_error(ret);
}
psa_status_t p256_transparent_key_agreement(
@@ -111,25 +182,22 @@
(void) attributes;
(void) alg;
- /*
- * Check that private key = 32 bytes, peer public key = 65 bytes,
- * and that the shared secret buffer is big enough. */
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
- if (key_buffer_size != 32 || shared_secret_size < 32 ||
- peer_key_length != 65) {
- return status;
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PRIVKEY_SIZE || peer_key_length != PSA_PUBKEY_SIZE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (shared_secret_size < SHARED_SECRET_SIZE) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
}
- /* We add 1 to peer_key pointer to omit the leading byte of the public key
- * representation (0x04). See information about PSA key formats at the top
- * of the file. */
- status = p256_to_psa_error(
- p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key+1));
- if (status == PSA_SUCCESS) {
- *shared_secret_length = 32;
+ /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
+ const uint8_t *peer_key_p256m = peer_key + 1;
+ int ret = p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key_p256m);
+ if (ret == P256_SUCCESS) {
+ *shared_secret_length = SHARED_SECRET_SIZE;
}
- return status;
+ return p256_to_psa_error(ret);
}
psa_status_t p256_transparent_sign_hash(
@@ -149,21 +217,23 @@
(void) attributes;
(void) alg;
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
- if (key_buffer_size != 32 || signature_size != 64) {
- return status;
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PRIVKEY_SIZE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (signature_size < SIGNATURE_SIZE) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
}
- status = p256_to_psa_error(
- p256_ecdsa_sign(signature, key_buffer, hash, hash_length));
- if (status == PSA_SUCCESS) {
- *signature_length = 64;
+ int ret = p256_ecdsa_sign(signature, key_buffer, hash, hash_length);
+ if (ret == P256_SUCCESS) {
+ *signature_length = SIGNATURE_SIZE;
}
- return status;
+ return p256_to_psa_error(ret);
}
-/* This function expects the key buffer to contain a 65 byte public key,
+/* This function expects the key buffer to contain a PSA public key,
* as exported by psa_export_public_key() */
static psa_status_t p256_verify_hash_with_public_key(
const uint8_t *key_buffer,
@@ -173,19 +243,19 @@
const uint8_t *signature,
size_t signature_length)
{
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
- if (key_buffer_size != 65 || signature_length != 64 || *key_buffer != 0x04) {
- return status;
+ /* Validate sizes, as p256-m expects fixed-size buffers */
+ if (key_buffer_size != PSA_PUBKEY_SIZE || *key_buffer != PSA_PUBKEY_HEADER_BYTE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ if (signature_length != SIGNATURE_SIZE) {
+ return PSA_ERROR_INVALID_SIGNATURE;
}
- /* We add 1 to public_key_buffer pointer to omit the leading byte of the
- * public key representation (0x04). See information about PSA key formats
- * at the top of the file. */
- const uint8_t *public_key_buffer = key_buffer + 1;
- status = p256_to_psa_error(
- p256_ecdsa_verify(signature, public_key_buffer, hash, hash_length));
+ /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
+ const uint8_t *public_key_p256m = key_buffer + 1;
+ int ret = p256_ecdsa_verify(signature, public_key_p256m, hash, hash_length);
- return status;
+ return p256_to_psa_error(ret);
}
psa_status_t p256_transparent_verify_hash(
@@ -203,10 +273,10 @@
(void) alg;
psa_status_t status;
- uint8_t public_key_buffer[65];
- size_t public_key_buffer_size = 65;
+ uint8_t public_key_buffer[PSA_PUBKEY_SIZE];
+ size_t public_key_buffer_size = PSA_PUBKEY_SIZE;
- size_t public_key_length = 65;
+ size_t public_key_length = PSA_PUBKEY_SIZE;
/* As p256-m doesn't require dynamic allocation, we want to avoid it in
* the entrypoint functions as well. psa_driver_wrapper_export_public_key()
* requires size_t*, so we use a pointer to a stack variable. */
@@ -239,4 +309,4 @@
return status;
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h
index 18c677a..c740c45 100644
--- a/3rdparty/p256-m/p256-m_driver_entrypoints.h
+++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h
@@ -3,35 +3,83 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef P256M_DRIVER_ENTRYPOINTS_H
#define P256M_DRIVER_ENTRYPOINTS_H
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
#include "psa/crypto_types.h"
+/** Import SECP256R1 key.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] data The raw key material. For private keys
+ * this must be a big-endian integer of 32
+ * bytes; for public key this must be an
+ * uncompressed ECPoint (65 bytes).
+ * \param[in] data_length The size of the raw key material.
+ * \param[out] key_buffer The buffer to contain the key data in
+ * output format upon successful return.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[out] key_buffer_length The length of the data written in \p
+ * key_buffer in bytes.
+ * \param[out] bits The bitsize of the key.
+ *
+ * \retval #PSA_SUCCESS
+ * Success. Keypair generated and stored in buffer.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The input is not supported by this driver (not SECP256R1).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p key_buffer_size is too small.
+ */
+psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length,
+ size_t *bits);
+
+/** Export SECP256R1 public key, from the private key.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The private key in the export format.
+ * \param[in] key_buffer_size The size of the private key in bytes.
+ * \param[out] data The buffer to contain the public key in
+ * the export format upon successful return.
+ * \param[in] data_size The size of the \p data buffer in bytes.
+ * \param[out] data_length The length written to \p data in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success. Keypair generated and stored in buffer.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The input is not supported by this driver (not SECP256R1).
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p key_buffer_size is too small.
+ */
+psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
+
/** Generate SECP256R1 ECC Key Pair.
* Interface function which calls the p256-m key generation function and
- * places it in the key buffer provided by the caller (mbed TLS) in the
+ * places it in the key buffer provided by the caller (Mbed TLS) in the
* correct format. For a SECP256R1 curve this is the 32 bit private key.
*
* \param[in] attributes The attributes of the key to use for the
@@ -44,9 +92,10 @@
*
* \retval #PSA_SUCCESS
* Success. Keypair generated and stored in buffer.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_GENERIC_ERROR
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p key_buffer_size is too small.
+ * \retval #PSA_ERROR_GENERIC_ERROR
+ * The internal RNG failed.
*/
psa_status_t p256_transparent_generate_key(
const psa_key_attributes_t *attributes,
@@ -72,9 +121,12 @@
* bytes.
* \param[out] shared_secret_length On success, the number of bytes that
* make up the returned shared secret.
- * \retval #PSA_SUCCESS
- * Success. Shared secret successfully calculated.
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_SUCCESS
+ * Success. Shared secret successfully calculated.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p shared_secret_size is too small.
*/
psa_status_t p256_transparent_key_agreement(
const psa_key_attributes_t *attributes,
@@ -103,10 +155,14 @@
* \param[out] signature_length On success, the number of bytes
* that make up the returned signature value.
*
- * \retval #PSA_SUCCESS
+ * \retval #PSA_SUCCESS
* Success. Hash was signed successfully.
- * respectively of the key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p signature_size is too small.
+ * \retval #PSA_ERROR_GENERIC_ERROR
+ * The internal RNG failed.
*/
psa_status_t p256_transparent_sign_hash(
const psa_key_attributes_t *attributes,
@@ -142,12 +198,13 @@
* \param[in] signature Buffer containing the signature to verify.
* \param[in] signature_length Size of the \p signature buffer in bytes.
*
- * \retval #PSA_SUCCESS
- * The signature is valid.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- * The calculation was performed successfully, but the passed
- * signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is invalid.
*/
psa_status_t p256_transparent_verify_hash(
const psa_key_attributes_t *attributes,
diff --git a/BRANCHES.md b/BRANCHES.md
index 0aaacb0..c085b16 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -106,6 +106,6 @@
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until at least the end of 2024, see
- <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.6>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9092c49..ad05646 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,14 +34,14 @@
cmake_policy(SET CMP0012 NEW)
if(TEST_CPP)
- project("mbed TLS" LANGUAGES C CXX)
+ project("Mbed TLS" LANGUAGES C CXX)
else()
- project("mbed TLS" LANGUAGES C)
+ project("Mbed TLS" LANGUAGES C)
endif()
include(GNUInstallDirs)
-# Determine if mbed TLS is being built as a subproject using add_subdirectory()
+# Determine if Mbed TLS is being built as a subproject using add_subdirectory()
if(NOT DEFINED MBEDTLS_AS_SUBPROJECT)
set(MBEDTLS_AS_SUBPROJECT ON)
if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR)
@@ -52,12 +52,15 @@
# Set the project root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
+option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
if(CMAKE_HOST_WIN32)
- option(GEN_FILES "Generate the auto-generated files as needed" OFF)
+ # N.B. The comment on the next line is significant! If you change it,
+ # edit the sed command in prepare_release.sh that modifies
+ # CMakeLists.txt.
+ option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development
else()
option(GEN_FILES "Generate the auto-generated files as needed" ON)
endif()
@@ -71,9 +74,9 @@
# the test suites currently have compile errors with MSVC
if(CMAKE_COMPILER_IS_MSVC)
- option(ENABLE_TESTING "Build mbed TLS tests." OFF)
+ option(ENABLE_TESTING "Build Mbed TLS tests." OFF)
else()
- option(ENABLE_TESTING "Build mbed TLS tests." ON)
+ option(ENABLE_TESTING "Build Mbed TLS tests." ON)
endif()
# Warning string - created as a list for compatibility with CMake 2.8
@@ -114,7 +117,7 @@
# If this is the root project add longer list of available CMAKE_BUILD_TYPE values
if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR)
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
- CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
+ CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg"
FORCE)
endif()
@@ -209,6 +212,8 @@
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
+ set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
+ set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
set(CMAKE_C_FLAGS_CHECK "-Os")
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
endif(CMAKE_COMPILER_IS_GNU)
@@ -222,11 +227,15 @@
set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3")
set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
+ set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
+ set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
set(CMAKE_C_FLAGS_CHECK "-Os")
endif(CMAKE_COMPILER_IS_CLANG)
if(CMAKE_COMPILER_IS_IAR)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts -Ohz")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts")
+ set(CMAKE_C_FLAGS_RELEASE "-Ohz")
+ set(CMAKE_C_FLAGS_DEBUG "--debug -On")
endif(CMAKE_COMPILER_IS_IAR)
if(CMAKE_COMPILER_IS_MSVC)
@@ -372,7 +381,7 @@
write_basic_package_version_file(
"cmake/MbedTLSConfigVersion.cmake"
COMPATIBILITY SameMajorVersion
- VERSION 3.4.1)
+ VERSION 3.5.1)
install(
FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3a8c5c6..d793434 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -84,8 +84,14 @@
License and Copyright
---------------------
-All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible. For licensing details, please see the [License section of the README](README.md#License).
+Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses. This means that users may choose which of these licenses they take the code under.
+
+Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses.
+
+All new files should include the standard SPDX license identifier where possible, i.e. "SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later".
The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors".
-When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and be subject to the same Apache 2.0 license. This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line.
+When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and is submitted under both the Apache-2.0 AND GPL-2.0-or-later licenses.
+
+This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line.
diff --git a/ChangeLog b/ChangeLog
index bc1d32e..28c45f7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,303 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 3.5.1 branch released 2023-11-06
+
+Changes
+ * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later
+ license. Users may choose which license they take the code under.
+
+Bugfix
+ * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules
+ in CMake.
+
+= Mbed TLS 3.5.0 branch released 2023-10-05
+
+API changes
+ * Mbed TLS 3.4 introduced support for omitting the built-in implementation
+ of ECDSA and/or EC J-PAKE when those are provided by a driver. However,
+ there was a flaw in the logic checking if the built-in implementation, in
+ that it failed to check if all the relevant curves were supported by the
+ accelerator. As a result, it was possible to declare no curves as
+ accelerated and still have the built-in implementation compiled out.
+ Starting with this release, it is necessary to declare which curves are
+ accelerated (using MBEDTLS_PSA_ACCEL_ECC_xxx macros), or they will be
+ considered not accelerated, and the built-in implementation of the curves
+ and any algorithm possible using them will be included in the build.
+ * Add new millisecond time type `mbedtls_ms_time_t` and `mbedtls_ms_time()`
+ function, needed for TLS 1.3 ticket lifetimes. Alternative implementations
+ can be created using an ALT interface.
+
+Requirement changes
+ * Officially require Python 3.8 now that earlier versions are out of support.
+ * Minimum required Windows version is now Windows Vista, or
+ Windows Server 2008.
+
+New deprecations
+ * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and
+ MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA,
+ are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
+ MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: BASIC,
+ IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about
+ the capabilities of the PSA side for either key.
+ * MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of
+ MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests:
+ maximum size of any supported block cipher) or the new name
+ MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics:
+ maximum size of a block cipher supported by the CMAC module).
+ * mbedtls_pkcs5_pbes2() and mbedtls_pkcs12_pbe() functions are now
+ deprecated in favor of mbedtls_pkcs5_pbes2_ext() and
+ mbedtls_pkcs12_pbe_ext() as they offer more security by checking
+ for overflow of the output buffer and reporting the actual length
+ of the output.
+
+Features
+ * All modules that use hashes or HMAC can now take advantage of PSA Crypto
+ drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has
+ been called. Previously (in 3.3), this was restricted to a few modules,
+ and only in builds where MBEDTLS_MD_C was disabled; in particular the
+ entropy module was not covered which meant an external RNG had to be
+ provided - these limitations are lifted in this version. A new set of
+ feature macros, MBEDTLS_MD_CAN_xxx, has been introduced that can be used
+ to check for availability of hash algorithms, regardless of whether
+ they're provided by a built-in implementation, a driver or both. See
+ docs/driver-only-builds.md.
+ * When a PSA driver for ECDH is present, it is now possible to disable
+ MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2
+ key exchanges based on ECDH(E) to work, this requires
+ MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in
+ TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet,
+ as PSA does not have an API for restartable ECDH yet.
+ * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by
+ a driver, it is possible to disable MBEDTLS_ECP_C (and MBEDTLS_BIGNUM_C
+ if not required by another module) and still get support for ECC keys and
+ algorithms in PSA, with some limitations. See docs/driver-only-builds.txt
+ for details.
+ * Add parsing of directoryName subtype for subjectAltName extension in
+ x509 certificates.
+ * Add support for server-side TLS version negotiation. If both TLS 1.2 and
+ TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or
+ TLS 1.3 depending on the capabilities and preferences of TLS clients.
+ Fixes #6867.
+ * X.509 hostname verification now supports IPAddress Subject Alternate Names.
+ * Add support for reading and writing X25519 and X448
+ public and private keys in RFC 8410 format using the existing PK APIs.
+ * When parsing X.509 certificates, support the extensions
+ SignatureKeyIdentifier and AuthorityKeyIdentifier.
+ * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc)
+ if no PAKE algorithms are requested
+ * Add support for the FFDH algorithm and DH key types in PSA, with
+ parameters from RFC 7919. This includes a built-in implementation based
+ on MBEDTLS_BIGNUM_C, and a driver dispatch layer enabling alternative
+ implementations of FFDH through the driver entry points.
+ * It is now possible to generate certificates with SubjectAltNames.
+ Currently supported subtypes: DnsName, UniformResourceIdentifier,
+ IP address, OtherName, and DirectoryName, as defined in RFC 5280.
+ See mbedtls_x509write_crt_set_subject_alternative_name for
+ more information.
+ * X.509 hostname verification now partially supports URI Subject Alternate
+ Names. Only exact matching, without any normalization procedures
+ described in 7.4 of RFC5280, will result in a positive URI verification.
+ * Add function mbedtls_oid_from_numeric_string() to parse an OID from a
+ string to a DER-encoded mbedtls_asn1_buf.
+ * Add SHA-3 family hash functions.
+ * Add support to restrict AES to 128-bit keys in order to save code size.
+ A new configuration option, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH, can be
+ used to enable this feature.
+ * AES performance improvements. Uplift varies by platform,
+ toolchain, optimisation flags and mode.
+ Aarch64, gcc -Os and CCM, GCM and XTS benefit the most.
+ On Aarch64, uplift is typically around 20 - 110%.
+ When compiling with gcc -Os on Aarch64, AES-XTS improves
+ by 4.5x.
+ * Add support for PBKDF2-HMAC through the PSA API.
+ * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
+ MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA
+ or DH) were introduced in order to have finer accuracy in defining the
+ PSA capabilities for each key. These capabilities, named yyy above, can be
+ any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE.
+ - DERIVE is only available for ECC keys, not for RSA or DH ones.
+ - implementations are free to enable more than what it was strictly
+ requested. For example BASIC internally enables IMPORT and EXPORT
+ (useful for testing purposes), but this might change in the future.
+ * Add support for FFDH key exchange in TLS 1.3.
+ This is automatically enabled as soon as PSA_WANT_ALG_FFDH
+ and the ephemeral or psk-ephemeral key exchange mode are enabled.
+ By default, all groups are offered; the list of groups can be
+ configured using the existing API function mbedtls_ssl_conf_groups().
+ * Improve mbedtls_x509_time performance and reduce memory use.
+ * Reduce syscalls to time() during certificate verification.
+ * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
+ setting the CMake variable of the same name at configuration time.
+ * Add getter (mbedtls_ssl_cache_get_timeout()) to access
+ `mbedtls_ssl_cache_context.timeout`.
+ * Add getter (mbedtls_ssl_get_hostname()) to access
+ `mbedtls_ssl_context.hostname`.
+ * Add getter (mbedtls_ssl_conf_get_endpoint()) to access
+ `mbedtls_ssl_config.endpoint`.
+ * Support for "opaque" (PSA-held) ECC keys in the PK module has been
+ extended: it is now possible to use mbedtls_pk_write_key_der(),
+ mbedtls_pk_write_key_pem(), mbedtls_pk_check_pair(), and
+ mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes
+ allow it).
+ * The documentation of mbedtls_ecp_group now describes the optimized
+ representation of A for some curves. Fixes #8045.
+ * Add a possibility to generate CSR's with RCF822 and directoryName subtype
+ of subjectAltName extension in x509 certificates.
+ * Add support for PBKDF2-CMAC through the PSA API.
+ * New configuration option MBEDTLS_AES_USE_HARDWARE_ONLY introduced. When
+ using CPU-accelerated AES (e.g., Arm Crypto Extensions), this option
+ disables the plain C implementation and the run-time detection for the
+ CPU feature, which reduces code size and avoids the vulnerability of the
+ plain C implementation.
+ * Accept arbitrary AttributeType and AttributeValue in certificate
+ Distinguished Names using RFC 4514 syntax.
+ * Applications using ECC over secp256r1 through the PSA API can use a
+ new implementation with a much smaller footprint, but some minor
+ usage restrictions. See the documentation of the new configuration
+ option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details.
+
+Security
+ * Fix a case where potentially sensitive information held in memory would not
+ be completely zeroized during TLS 1.2 handshake, in both server and client
+ configurations.
+ * In configurations with ARIA or Camellia but not AES, the value of
+ MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
+ suggest. This did not affect any library code, because this macro was
+ only used in relation with CMAC which does not support these ciphers.
+ This may affect application code that uses this macro.
+ * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
+ review the size of the output buffer passed to this function, and note
+ that the output after decryption may include CBC padding. Consider moving
+ to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext()
+ which checks for overflow of the output buffer and reports the actual
+ length of the output.
+ * Improve padding calculations in CBC decryption, NIST key unwrapping and
+ RSA OAEP decryption. With the previous implementation, some compilers
+ (notably recent versions of Clang and IAR) could produce non-constant
+ time code, which could allow a padding oracle attack if the attacker
+ has access to precise timing measurements.
+ * Updates to constant-time C code so that compilers are less likely to use
+ conditional instructions, which can have an observable difference in
+ timing. (Clang has been seen to do this.) Also introduce assembly
+ implementations for 32- and 64-bit Arm and for x86 and x86-64, which are
+ guaranteed not to use conditional instructions.
+ * Fix definition of MBEDTLS_MD_MAX_BLOCK_SIZE, which was too
+ small when MBEDTLS_SHA384_C was defined and MBEDTLS_SHA512_C was
+ undefined. Mbed TLS itself was unaffected by this, but user code
+ which used MBEDTLS_MD_MAX_BLOCK_SIZE could be affected. The only
+ release containing this bug was Mbed TLS 3.4.0.
+ * Fix a buffer overread when parsing short TLS application data records in
+ null-cipher cipher suites. Credit to OSS-Fuzz.
+ * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing.
+ In TLS 1.3, all configurations are affected except PSK-only ones, and
+ both clients and servers are affected.
+ In TLS 1.2, the affected configurations are those with
+ MBEDTLS_USE_PSA_CRYPTO and ECDH enabled but DHM and RSA disabled,
+ and only servers are affected, not clients.
+ Credit to OSS-Fuzz.
+
+Bugfix
+ * Fix proper sizing for PSA_EXPORT_[KEY_PAIR/PUBLIC_KEY]_MAX_SIZE and
+ PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger
+ than all built-in ones and RSA is disabled.
+ Resolves #6622.
+ * Add missing md.h includes to some of the external programs from
+ the programs directory. Without this, even though the configuration
+ was sufficient for a particular program to work, it would only print
+ a message that one of the required defines is missing.
+ * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function
+ in the ecdsa.h header file. There was a build warning when the
+ configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined.
+ Resolves #7407.
+ * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
+ MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
+ * Fix missing PSA initialization in sample programs when
+ MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * Fix the J-PAKE driver interface for user and peer to accept any values
+ (previously accepted values were limited to "client" or "server").
+ * Fix clang and armclang compilation error when targeting certain Arm
+ M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
+ SecurCore SC000). Fixes #1077.
+ * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when
+ built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
+ way to detect the crypto extensions required. A warning is still issued.
+ * Fixed an issue that caused compile errors when using CMake and the IAR
+ toolchain.
+ * Fix very high stack usage in SSL debug code. Reported by Maximilian
+ Gerhardt in #7804.
+ * Fix a compilation failure in the constant_time module when
+ building for arm64_32 (e.g., for watchos). Reported by Paulo
+ Coutinho in #7787.
+ * Fix crypt_and_hash decryption fail when used with a stream cipher
+ mode of operation due to the input not being multiple of block size.
+ Resolves #7417.
+ * Fix a bug in which mbedtls_x509_string_to_names() would return success
+ when given a invalid name string if it did not contain '=' or ','.
+ * Fix compilation warnings in aes.c, which prevented the
+ example TF-M configuration in configs/ from building cleanly:
+ tfm_mbedcrypto_config_profile_medium.h with
+ crypto_config_profile_medium.h.
+ * In TLS 1.3, fix handshake failure when a client in its ClientHello
+ proposes an handshake based on PSK only key exchange mode or at least
+ one of the key exchange modes using ephemeral keys to a server that
+ supports only the PSK key exchange mode.
+ * Fix CCM* with no tag being not supported in a build with CCM as the only
+ symmetric encryption algorithm and the PSA configuration enabled.
+ * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
+ * Fix a compilation error on some platforms when including mbedtls/ssl.h
+ with all TLS support disabled. Fixes #6628.
+ * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
+ using ECC key. The certificate was rejected by some crypto frameworks.
+ Fixes #2924.
+ * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc()
+ is called with zero length and padlock is not enabled.
+ * Fix compile failure due to empty enum in cipher_wrap.c, when building
+ with a very minimal configuration. Fixes #7625.
+ * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
+ signature can silently return an incorrect result in low memory conditions.
+ * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
+ MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
+ * Fix IAR compiler warnings.
+ * Fix an issue when parsing an otherName subject alternative name into a
+ mbedtls_x509_san_other_name struct. The type-id of the otherName was not
+ copied to the struct. This meant that the struct had incomplete
+ information about the otherName SAN and contained uninitialized memory.
+ * Fix the detection of HardwareModuleName otherName SANs. These were being
+ detected by comparing the wrong field and the check was erroneously
+ inverted.
+ * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG
+ enabled, where some low-level modules required by requested PSA crypto
+ features were not getting automatically enabled. Fixes #7420.
+ * Fix undefined symbols in some builds using TLS 1.3 with a custom
+ configuration file.
+ * Fix log level for the got supported group message. Fixes #6765
+ * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
+ error code on failure. Before, they returned 1 to indicate failure in
+ some cases involving a missing entry or a full cache.
+ * mbedtls_pk_parse_key() now rejects trailing garbage in encrypted keys.
+ * Fix the build with CMake when Everest or P256-m is enabled through
+ a user configuration file or the compiler command line. Fixes #8165.
+
+Changes
+ * Enable Arm / Thumb bignum assembly for most Arm platforms when
+ compiling with gcc, clang or armclang and -O0.
+ * Enforce minimum RSA key size when generating a key
+ to avoid accidental misuse.
+ * Use heap memory to allocate DER encoded RSA private key.
+ This reduces stack usage significantly for RSA signature
+ operations when MBEDTLS_PSA_CRYPTO_C is defined.
+ * Update Windows code to use BCryptGenRandom and wcslen, and
+ ensure that conversions between size_t, ULONG, and int are
+ always done safely. Original contribution by Kevin Kane #635, #730
+ followed by Simon Butcher #1453.
+ * Users integrating their own PSA drivers should be aware that
+ the file library/psa_crypto_driver_wrappers.c has been renamed
+ to psa_crypto_driver_wrappers_no_static.c.
+ * When using CBC with the cipher module, the requirement to call
+ mbedtls_cipher_set_padding_mode() is now enforced. Previously, omitting
+ this call accidentally applied a default padding mode chosen at compile
+ time.
+
= Mbed TLS 3.4.1 branch released 2023-08-04
Bugfix
diff --git a/ChangeLog.d/8060.txt b/ChangeLog.d/8060.txt
new file mode 100644
index 0000000..a5fd93c
--- /dev/null
+++ b/ChangeLog.d/8060.txt
@@ -0,0 +1,4 @@
+Features
+ * The CCM and GCM modules no longer depend on MBEDTLS_CIPHER_C. People who
+ use CCM and GCM but don't need the Cipher API can now disable
+ MBEDTLS_CIPHER_C in order to save code size.
diff --git a/ChangeLog.d/8357.txt b/ChangeLog.d/8357.txt
new file mode 100644
index 0000000..9cae396
--- /dev/null
+++ b/ChangeLog.d/8357.txt
@@ -0,0 +1,8 @@
+Features
+ * It is now possible to have AEADs support (CCM, GCM and ChaChaPoly) without
+ MBEDTLS_CIPHER_C. This holds both for the builtin suport (MBEDTLS_CCM_C,
+ MBEDTLS_GCM_C and MBEDTLS_CHACHAPOLY_C) as well as the PSA one
+ (PSA_WANT_ALG_CCM, PSA_WANT_ALG_GCM, PSA_WANT_ALG_CHACHA20_POLY1305).
+ On the PSA side this means that it is possible to enable
+ MBEDTLS_PSA_CRYPTO_C without MBEDTLS_CIPHER_C if none of the
+ non-authenticated ciphers is enabled.
diff --git a/ChangeLog.d/8372.txt b/ChangeLog.d/8372.txt
new file mode 100644
index 0000000..4a72edf
--- /dev/null
+++ b/ChangeLog.d/8372.txt
@@ -0,0 +1,3 @@
+Features
+ * AES-NI is now supported in Windows builds with clang and clang-cl.
+ Resolves #8372.
diff --git a/ChangeLog.d/8482.txt b/ChangeLog.d/8482.txt
new file mode 100644
index 0000000..a392232
--- /dev/null
+++ b/ChangeLog.d/8482.txt
@@ -0,0 +1,6 @@
+Changes
+ * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and
+ they are now treated separately. This means that they should be
+ individually enabled in order to enable respective support; also the
+ corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case
+ acceleration is required.
diff --git a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt b/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt
deleted file mode 100644
index 014eec6..0000000
--- a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-New deprecations
- * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and
- MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA,
- are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
- MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: BASIC,
- IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about
- the capabilities of the PSA side for either key.
-
-Features
- * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
- MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA
- or DH) were introduced in order to have finer accuracy in defining the
- PSA capabilities for each key. These capabilities, named yyy above, can be
- any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE.
- - DERIVE is only available for ECC keys, not for RSA or DH ones.
- - implementations are free to enable more than what it was strictly
- requested. For example BASIC internally enables IMPORT and EXPORT
- (useful for testing purposes), but this might change in the future.
diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
deleted file mode 100644
index 9aa3ff9..0000000
--- a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * When parsing X.509 certificates, support the extensions
- SignatureKeyIdentifier and AuthorityKeyIdentifier.
diff --git a/ChangeLog.d/add-aes-128bit-only.txt b/ChangeLog.d/add-aes-128bit-only.txt
deleted file mode 100644
index b080cac..0000000
--- a/ChangeLog.d/add-aes-128bit-only.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add support to restrict AES to 128-bit keys in order to save code size.
- A new configuration option, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH, can be
- used to enable this feature.
diff --git a/ChangeLog.d/add-block-cipher-no-decrypt.txt b/ChangeLog.d/add-block-cipher-no-decrypt.txt
new file mode 100644
index 0000000..d05bf86
--- /dev/null
+++ b/ChangeLog.d/add-block-cipher-no-decrypt.txt
@@ -0,0 +1,6 @@
+Features
+ * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit
+ the decryption direction of block ciphers (AES, ARIA, Camellia).
+ This affects both the low-level modules and the high-level APIs
+ (the cipher and PSA interfaces). This option is incompatible with modes
+ that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES.
diff --git a/ChangeLog.d/add-directoryname-san.txt b/ChangeLog.d/add-directoryname-san.txt
deleted file mode 100644
index e116298..0000000
--- a/ChangeLog.d/add-directoryname-san.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add parsing of directoryName subtype for subjectAltName extension in
- x509 certificates.
diff --git a/ChangeLog.d/add-getters-for-some-fields.txt b/ChangeLog.d/add-getters-for-some-fields.txt
deleted file mode 100644
index 6a6fbad..0000000
--- a/ChangeLog.d/add-getters-for-some-fields.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Features
- * Add getter (mbedtls_ssl_cache_get_timeout()) to access
- `mbedtls_ssl_cache_context.timeout`.
- * Add getter (mbedtls_ssl_get_hostname()) to access
- `mbedtls_ssl_context.hostname`.
- * Add getter (mbedtls_ssl_conf_get_endpoint()) to access
- `mbedtls_ssl_config.endpoint`.
diff --git a/ChangeLog.d/add-milliseconds-time-api.txt b/ChangeLog.d/add-milliseconds-time-api.txt
deleted file mode 100644
index d9e939f..0000000
--- a/ChangeLog.d/add-milliseconds-time-api.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * Add new millisecond time type `mbedtls_ms_time_t` and `mbedtls_ms_time()`
- function, needed for TLS 1.3 ticket lifetimes. Alternative implementations
- can be created using an ALT interface.
-
diff --git a/ChangeLog.d/add-missing-md-includes.txt b/ChangeLog.d/add-missing-md-includes.txt
deleted file mode 100644
index 408c361..0000000
--- a/ChangeLog.d/add-missing-md-includes.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Add missing md.h includes to some of the external programs from
- the programs directory. Without this, even though the configuration
- was sufficient for a particular program to work, it would only print
- a message that one of the required defines is missing.
diff --git a/ChangeLog.d/add-pbkdf2-hmac.txt b/ChangeLog.d/add-pbkdf2-hmac.txt
deleted file mode 100644
index 2708098..0000000
--- a/ChangeLog.d/add-pbkdf2-hmac.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Add support for PBKDF2-HMAC through the PSA API.
diff --git a/ChangeLog.d/add-psa-example-program-hash.txt b/ChangeLog.d/add-psa-example-program-hash.txt
new file mode 100644
index 0000000..ba4da20
--- /dev/null
+++ b/ChangeLog.d/add-psa-example-program-hash.txt
@@ -0,0 +1,2 @@
+Features
+ * Added an example program showing how to hash with the PSA API.
diff --git a/ChangeLog.d/add-psa_want_alg_some_pake.txt b/ChangeLog.d/add-psa_want_alg_some_pake.txt
deleted file mode 100644
index 00b3002..0000000
--- a/ChangeLog.d/add-psa_want_alg_some_pake.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc)
- if no PAKE algorithms are requested
diff --git a/ChangeLog.d/add-subjectAltName-certs.txt b/ChangeLog.d/add-subjectAltName-certs.txt
deleted file mode 100644
index 487e5c6..0000000
--- a/ChangeLog.d/add-subjectAltName-certs.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * It is now possible to generate certificates with SubjectAltNames.
- Currently supported subtypes: DnsName, UniformResourceIdentifier,
- IP address, OtherName, and DirectoryName, as defined in RFC 5280.
- See mbedtls_x509write_crt_set_subject_alternative_name for
- more information.
diff --git a/ChangeLog.d/aes-perf.txt b/ChangeLog.d/aes-perf.txt
deleted file mode 100644
index ab716bc..0000000
--- a/ChangeLog.d/aes-perf.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Features
- * AES performance improvements. Uplift varies by platform,
- toolchain, optimisation flags and mode.
- Aarch64, gcc -Os and CCM, GCM and XTS benefit the most.
- On Aarch64, uplift is typically around 20 - 110%.
- When compiling with gcc -Os on Aarch64, AES-XTS improves
- by 4.5x.
diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt
deleted file mode 100644
index 59ae1cd..0000000
--- a/ChangeLog.d/armclang-compile-fix.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Bugfix
- * Fix clang and armclang compilation error when targeting certain Arm
- M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
- SecurCore SC000). Fixes #1077.
-Changes
- * Enable Arm / Thumb bignum assembly for most Arm platforms when
- compiling with gcc, clang or armclang and -O0.
diff --git a/ChangeLog.d/armv8-aesce.txt b/ChangeLog.d/armv8-aesce.txt
new file mode 100644
index 0000000..ec5889c
--- /dev/null
+++ b/ChangeLog.d/armv8-aesce.txt
@@ -0,0 +1,3 @@
+Features
+ * Support use of Armv8-A Cryptographic Extensions for hardware acclerated
+ AES when compiling for Thumb (T32) or 32-bit Arm (A32).
diff --git a/ChangeLog.d/basic-uri-verification.txt b/ChangeLog.d/basic-uri-verification.txt
deleted file mode 100644
index aa039ea..0000000
--- a/ChangeLog.d/basic-uri-verification.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * X.509 hostname verification now partially supports URI Subject Alternate
- Names. Only exact matching, without any normalization procedures
- described in 7.4 of RFC5280, will result in a positive URI verification.
diff --git a/ChangeLog.d/bugfix_iar_typo.txt b/ChangeLog.d/bugfix_iar_typo.txt
deleted file mode 100644
index 95f97b1..0000000
--- a/ChangeLog.d/bugfix_iar_typo.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fixed an issue that caused compile errors when using CMake and the IAR
- toolchain.
diff --git a/ChangeLog.d/cmake-pass-through-config-defines.txt b/ChangeLog.d/cmake-pass-through-config-defines.txt
deleted file mode 100644
index 6122f37..0000000
--- a/ChangeLog.d/cmake-pass-through-config-defines.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
- setting the CMake variable of the same name at configuration time.
diff --git a/ChangeLog.d/driver-ffdh.txt b/ChangeLog.d/driver-ffdh.txt
deleted file mode 100644
index 1185133..0000000
--- a/ChangeLog.d/driver-ffdh.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add a driver dispatch layer for FFDH keys, enabling alternative
- implementations of FFDH through the driver entry points.
diff --git a/ChangeLog.d/driver-only-ecc.txt b/ChangeLog.d/driver-only-ecc.txt
deleted file mode 100644
index ca23db9..0000000
--- a/ChangeLog.d/driver-only-ecc.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Features
- * When a PSA driver for ECDH is present, it is now possible to disable
- MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2
- key exchanges based on ECDH(E) to work, this requires
- MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in
- TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet,
- as PSA does not have an API for restartable ECDH yet.
- * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by
- a driver, it is possible to disable MBEDTLS_ECP_C and still get support
- for ECC keys and algorithms in PSA. See docs/driver-only-builds.txt.
diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt
deleted file mode 100644
index 4967bb1..0000000
--- a/ChangeLog.d/driver-only-hashes.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Features
- * All modules that use hashes or HMAC can now take advantage of PSA Crypto
- drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has
- been called. Previously (in 3.3), this was restricted to a few modules,
- and only in builds where MBEDTLS_MD_C was disabled; in particular the
- entropy module was not covered which meant an external RNG had to be
- provided - these limitations are lifted in this version. A new set of
- feature macros, MBEDTLS_MD_CAN_xxx, has been introduced that can be used
- to check for availability of hash algorithms, regardless of whether
- they're provided by a built-in implementation, a driver or both.
diff --git a/ChangeLog.d/ec_jpake_user_peer_2.txt b/ChangeLog.d/ec_jpake_user_peer_2.txt
deleted file mode 100644
index 9572ac7..0000000
--- a/ChangeLog.d/ec_jpake_user_peer_2.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix the J-PAKE driver interface for user and peer to accept any values
- (previously accepted values were limited to "client" or "server").
diff --git a/ChangeLog.d/enforce-min-RSA-key-size.txt b/ChangeLog.d/enforce-min-RSA-key-size.txt
deleted file mode 100644
index 06cd2a2..0000000
--- a/ChangeLog.d/enforce-min-RSA-key-size.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Enforce minimum RSA key size when generating a key
- to avoid accidental misuse.
diff --git a/ChangeLog.d/extend-pk-opaque-ecc.txt b/ChangeLog.d/extend-pk-opaque-ecc.txt
deleted file mode 100644
index ad5bdc0..0000000
--- a/ChangeLog.d/extend-pk-opaque-ecc.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Support for "opaque" (PSA-held) ECC keys in the PK module has been
- extended: it is now possible to use mbedtls_pk_write_key_der(),
- mbedtls_pk_write_key_pem(), mbedtls_pk_check_pair(), and
- mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes
- allow it).
diff --git a/ChangeLog.d/ffdh-tls-1-3.txt b/ChangeLog.d/ffdh-tls-1-3.txt
deleted file mode 100644
index c5d07d6..0000000
--- a/ChangeLog.d/ffdh-tls-1-3.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Add support for FFDH key exchange in TLS 1.3.
- This is automatically enabled as soon as PSA_WANT_ALG_FFDH
- and the ephemeral or psk-ephemeral key exchange mode are enabled.
- By default, all groups are offered; the list of groups can be
- configured using the existing API function mbedtls_ssl_conf_groups().
diff --git a/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt b/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt
new file mode 100644
index 0000000..ec543aa
--- /dev/null
+++ b/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix the build with CMake when Everest or P256-m is enabled through
+ a user configuration file or the compiler command line. Fixes #8165.
diff --git a/ChangeLog.d/fix-cpp-compilation-error.txt b/ChangeLog.d/fix-cpp-compilation-error.txt
new file mode 100644
index 0000000..32d86dc
--- /dev/null
+++ b/ChangeLog.d/fix-cpp-compilation-error.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is
+ disabled.
diff --git a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt b/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt
deleted file mode 100644
index ded9b2d..0000000
--- a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix crypt_and_hash decryption fail when used with a stream cipher
- mode of operation due to the input not being multiple of block size.
- Resolves #7417.
diff --git a/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt b/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt
new file mode 100644
index 0000000..5b15512
--- /dev/null
+++ b/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt
@@ -0,0 +1,6 @@
+Features
+ * Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows
+ parsing unsupported certificate extensions via user provided callback.
+
+Bugfix
+ * Fix parsing of CSRs with critical extensions.
diff --git a/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt b/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt
deleted file mode 100644
index c30e074..0000000
--- a/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function
- in the ecdsa.h header file. There was a build warning when the
- configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined.
- Resolves #7407.
diff --git a/ChangeLog.d/fix-hrr-in-psk-kem.txt b/ChangeLog.d/fix-hrr-in-psk-kem.txt
deleted file mode 100644
index 0377711..0000000
--- a/ChangeLog.d/fix-hrr-in-psk-kem.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * In TLS 1.3, fix handshake failure when a client in its ClientHello
- proposes an handshake based on PSK only key exchange mode or at least
- one of the key exchange modes using ephemeral keys to a server that
- supports only the PSK key exchange mode.
diff --git a/ChangeLog.d/fix-ilp32.txt b/ChangeLog.d/fix-ilp32.txt
deleted file mode 100644
index 3f18ac5..0000000
--- a/ChangeLog.d/fix-ilp32.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a compilation failure in the constant_time module when
- building for arm64_32 (e.g., for watchos). Reported by Paulo
- Coutinho in #7787.
diff --git a/ChangeLog.d/fix-issue-x509-cert_req.txt b/ChangeLog.d/fix-issue-x509-cert_req.txt
new file mode 100644
index 0000000..3a5171b
--- /dev/null
+++ b/ChangeLog.d/fix-issue-x509-cert_req.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix possible NULL dereference issue in X509 cert_req program if an entry
+ in the san parameter is not separated by a colon.
diff --git a/ChangeLog.d/fix-issue-x509-cert_write.txt b/ChangeLog.d/fix-issue-x509-cert_write.txt
new file mode 100644
index 0000000..43d67c2
--- /dev/null
+++ b/ChangeLog.d/fix-issue-x509-cert_write.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix possible NULL dereference issue in X509 cert_write program if an entry
+ in the san parameter is not separated by a colon.
diff --git a/ChangeLog.d/fix-linux-builds-in-conda-forge.txt b/ChangeLog.d/fix-linux-builds-in-conda-forge.txt
new file mode 100644
index 0000000..5cfee85
--- /dev/null
+++ b/ChangeLog.d/fix-linux-builds-in-conda-forge.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix build failure in conda-forge. Fixes #8422.
diff --git a/ChangeLog.d/fix-mingw32-build.txt b/ChangeLog.d/fix-mingw32-build.txt
new file mode 100644
index 0000000..feef0a2
--- /dev/null
+++ b/ChangeLog.d/fix-mingw32-build.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix an inconsistency between implementations and usages of `__cpuid`,
+ which mainly causes failures when building Windows target using
+ mingw or clang. Fixes #8334 & #8332.
diff --git a/ChangeLog.d/fix-string-to-names-retcode.txt b/ChangeLog.d/fix-string-to-names-retcode.txt
deleted file mode 100644
index ac4b3d1..0000000
--- a/ChangeLog.d/fix-string-to-names-retcode.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a bug in which mbedtls_x509_string_to_names() would return success
- when given a invalid name string if it did not contain '=' or ','.
diff --git a/ChangeLog.d/fix-tfm-build.txt b/ChangeLog.d/fix-tfm-build.txt
deleted file mode 100644
index 64cb837..0000000
--- a/ChangeLog.d/fix-tfm-build.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix compilation warnings in aes.c, which prevented the
- example TF-M configuration in configs/ from building cleanly:
- tfm_mbedcrypto_config_profile_medium.h with
- crypto_config_profile_medium.h.
diff --git a/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt b/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt
deleted file mode 100644
index 7fcb5ec..0000000
--- a/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when
- built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
- way to detect the crypto extensions required. A warning is still issued.
diff --git a/ChangeLog.d/gnutls_anti_replay_fail.txt b/ChangeLog.d/gnutls_anti_replay_fail.txt
new file mode 100644
index 0000000..cb35284
--- /dev/null
+++ b/ChangeLog.d/gnutls_anti_replay_fail.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Switch to milliseconds as the unit for ticket creation and reception time
+ instead of seconds. That avoids rounding errors when computing the age of
+ tickets compared to peer using a millisecond clock (observed with GnuTLS).
+ Fixes #6623.
diff --git a/ChangeLog.d/inject-entropy.txt b/ChangeLog.d/inject-entropy.txt
deleted file mode 100644
index 7626629..0000000
--- a/ChangeLog.d/inject-entropy.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
diff --git a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
deleted file mode 100644
index 22e8adb..0000000
--- a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
- MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
diff --git a/ChangeLog.d/mbedtls_x509_time.txt b/ChangeLog.d/mbedtls_x509_time.txt
deleted file mode 100644
index 557f191..0000000
--- a/ChangeLog.d/mbedtls_x509_time.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Improve mbedtls_x509_time performance and reduce memory use.
- * Reduce syscalls to time() during certificate verification.
diff --git a/ChangeLog.d/misc-from-psa-crypto.txt b/ChangeLog.d/misc-from-psa-crypto.txt
deleted file mode 100644
index 40a043a..0000000
--- a/ChangeLog.d/misc-from-psa-crypto.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix CCM* with no tag being not supported in a build with CCM as the only
- symmetric encryption algorithm and the PSA configuration enabled.
diff --git a/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt b/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt
new file mode 100644
index 0000000..85d970c
--- /dev/null
+++ b/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt
@@ -0,0 +1,3 @@
+Changes
+ * Moved declaration of functions mbedtls_ecc_group_to_psa and
+ mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h
diff --git a/ChangeLog.d/non-psa-pk-implementation.txt b/ChangeLog.d/non-psa-pk-implementation.txt
new file mode 100644
index 0000000..535bbf5
--- /dev/null
+++ b/ChangeLog.d/non-psa-pk-implementation.txt
@@ -0,0 +1,3 @@
+Changes
+ * mbedtls_pk_sign_ext() is now always available, not just when
+ PSA (MBEDTLS_PSA_CRYPTO_C) is enabled.
diff --git a/ChangeLog.d/oid-parse-from-numeric-string.txt b/ChangeLog.d/oid-parse-from-numeric-string.txt
deleted file mode 100644
index 82ed2fd..0000000
--- a/ChangeLog.d/oid-parse-from-numeric-string.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add function mbedtls_oid_from_numeric_string() to parse an OID from a
- string to a DER-encoded mbedtls_asn1_buf.
diff --git a/ChangeLog.d/pkwrite-pem-use-heap.txt b/ChangeLog.d/pkwrite-pem-use-heap.txt
new file mode 100644
index 0000000..11db7b6
--- /dev/null
+++ b/ChangeLog.d/pkwrite-pem-use-heap.txt
@@ -0,0 +1,4 @@
+Changes
+ * Use heap memory to allocate DER encoded public/private key.
+ This reduces stack usage significantly for writing a public/private
+ key to a PEM string.
diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt
deleted file mode 100644
index fe2099e..0000000
--- a/ChangeLog.d/programs_psa_fix.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix missing PSA initialization in sample programs when
- MBEDTLS_USE_PSA_CRYPTO is enabled.
diff --git a/ChangeLog.d/python3.8.txt b/ChangeLog.d/python3.8.txt
deleted file mode 100644
index 32a7c09..0000000
--- a/ChangeLog.d/python3.8.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Requirement changes
- * Officially require Python 3.8 now that earlier versions are out of support.
diff --git a/ChangeLog.d/rename-conf-early-data-API.txt b/ChangeLog.d/rename-conf-early-data-API.txt
new file mode 100644
index 0000000..d436811
--- /dev/null
+++ b/ChangeLog.d/rename-conf-early-data-API.txt
@@ -0,0 +1,4 @@
+API changes
+ * Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and
+ mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data
+ feature may not be TLS 1.3 specific in the future. Fixes #6909.
diff --git a/ChangeLog.d/rfc8410.txt b/ChangeLog.d/rfc8410.txt
deleted file mode 100644
index e2984ee..0000000
--- a/ChangeLog.d/rfc8410.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add support for reading and writing X25519 and X448
- public and private keys in RFC 8410 format using the existing PK APIs.
diff --git a/ChangeLog.d/sha256-armce-arm.txt b/ChangeLog.d/sha256-armce-arm.txt
new file mode 100644
index 0000000..5b18eb3
--- /dev/null
+++ b/ChangeLog.d/sha256-armce-arm.txt
@@ -0,0 +1,7 @@
+Features
+ * Support Armv8-A Crypto Extension acceleration for SHA-256
+ when compiling for Thumb (T32) or 32-bit Arm (A32).
+New deprecations
+ * Rename the MBEDTLS_SHA256_USE_A64_CRYPTO_xxx config options to
+ MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still
+ be used, but are deprecated.
diff --git a/ChangeLog.d/sha3.txt b/ChangeLog.d/sha3.txt
deleted file mode 100644
index 9426f87..0000000
--- a/ChangeLog.d/sha3.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add SHA-3 family hash functions.
-
diff --git a/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt b/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt
deleted file mode 100644
index 8cc6e5e..0000000
--- a/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix proper sizing for PSA_EXPORT_[KEY_PAIR/PUBLIC_KEY]_MAX_SIZE and
- PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger
- than all built-in ones and RSA is disabled.
- Resolves #6622.
diff --git a/ChangeLog.d/ssl_debug_helpers-stack_usage.txt b/ChangeLog.d/ssl_debug_helpers-stack_usage.txt
deleted file mode 100644
index e2c2475..0000000
--- a/ChangeLog.d/ssl_debug_helpers-stack_usage.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix very high stack usage in SSL debug code. Reported by Maximilian
- Gerhardt in #7804.
diff --git a/ChangeLog.d/ssl_premaster_secret-empty.txt b/ChangeLog.d/ssl_premaster_secret-empty.txt
deleted file mode 100644
index 0ce5f36..0000000
--- a/ChangeLog.d/ssl_premaster_secret-empty.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a compilation error on some platforms when including mbedtls/ssl.h
- with all TLS support disabled. Fixes #6628.
diff --git a/ChangeLog.d/tls13-server-version-negotiation.txt b/ChangeLog.d/tls13-server-version-negotiation.txt
deleted file mode 100644
index 989018b..0000000
--- a/ChangeLog.d/tls13-server-version-negotiation.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add support for server-side TLS version negotiation. If both TLS 1.2 and
- TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or
- TLS 1.3 depending on the capabilities and preferences of TLS clients.
- Fixes #6867.
diff --git a/ChangeLog.d/verify-ip-sans-properly.txt b/ChangeLog.d/verify-ip-sans-properly.txt
deleted file mode 100644
index 00203a8..0000000
--- a/ChangeLog.d/verify-ip-sans-properly.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * X.509 hostname verification now supports IPAddress Subject Alternate Names.
diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
deleted file mode 100644
index c1de491..0000000
--- a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
- using ECC key. The certificate was rejected by some crypto frameworks.
- Fixes #2924.
diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl
index dfa0f07..af0578a 100644
--- a/DartConfiguration.tcl
+++ b/DartConfiguration.tcl
@@ -1,4 +1,4 @@
Site: localhost
-BuildName: mbed TLS-test
+BuildName: Mbed TLS-test
CoverageCommand: /usr/bin/gcov
MemoryCheckCommand: /usr/bin/valgrind
diff --git a/LICENSE b/LICENSE
index d645695..776ac77 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,3 +1,10 @@
+Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html)
+OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license.
+This means that users may choose which of these licenses they take the code
+under.
+
+The full text of each of these licenses is given below.
+
Apache License
Version 2.0, January 2004
@@ -200,3 +207,347 @@
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
+
+
+===============================================================================
+
+
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/Makefile b/Makefile
index 1f36a06..885948c 100644
--- a/Makefile
+++ b/Makefile
@@ -36,6 +36,29 @@
generated_files: tests/generated_files
generated_files: visualc_files
+# Set GEN_FILES to the empty string to disable dependencies on generated
+# source files. Then `make generated_files` will only build files that
+# are missing, it will not rebuilt files that are present but out of date.
+# This is useful, for example, if you have a source tree where
+# `make generated_files` has already run and file timestamps reflect the
+# time the files were copied or extracted, and you are now in an environment
+# that lacks some of the necessary tools to re-generate the files.
+# If $(GEN_FILES) is non-empty, the generated source files' dependencies
+# are treated ordinarily, based on file timestamps.
+GEN_FILES ?= yes
+
+# In dependencies where the target is a configuration-independent generated
+# file, use `TARGET: $(gen_file_dep) DEPENDENCY1 DEPENDENCY2 ...`
+# rather than directly `TARGET: DEPENDENCY1 DEPENDENCY2 ...`. This
+# enables the re-generation to be turned off when GEN_FILES is disabled.
+ifdef GEN_FILES
+gen_file_dep =
+else
+# Order-only dependency: generate the target if it's absent, but don't
+# re-generate it if it's present but older than its dependencies.
+gen_file_dep = |
+endif
+
.PHONY: visualc_files
VISUALC_FILES = visualc/VS2013/mbedTLS.sln visualc/VS2013/mbedTLS.vcxproj
# TODO: $(app).vcxproj for each $(app) in programs/
@@ -45,10 +68,10 @@
# present before it runs. It doesn't matter if the files aren't up-to-date,
# they just need to be present.
$(VISUALC_FILES): | library/generated_files
-$(VISUALC_FILES): scripts/generate_visualc_files.pl
-$(VISUALC_FILES): scripts/data_files/vs2013-app-template.vcxproj
-$(VISUALC_FILES): scripts/data_files/vs2013-main-template.vcxproj
-$(VISUALC_FILES): scripts/data_files/vs2013-sln-template.sln
+$(VISUALC_FILES): $(gen_file_dep) scripts/generate_visualc_files.pl
+$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2013-app-template.vcxproj
+$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2013-main-template.vcxproj
+$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2013-sln-template.sln
# TODO: also the list of .c and .h source files, but not their content
$(VISUALC_FILES):
echo " Gen $@ ..."
diff --git a/README.md b/README.md
index cbdb2df3..2505d8f 100644
--- a/README.md
+++ b/README.md
@@ -307,13 +307,14 @@
License
-------
-Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 OR GPL-2.0-or-later licenses.
+Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information.
### Third-party code included in Mbed TLS
-This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, and in source files. The projects are listed below:
+
+This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below:
* `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
-* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is also used by the project under the Apache 2.0 license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project.
+* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author.
Contributing
------------
diff --git a/SECURITY.md b/SECURITY.md
index 61e3936..7ed72de 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -135,3 +135,12 @@
- Use cryptographic mechanisms that are not based on block ciphers. In
particular, for authenticated encryption, use ChaCha20/Poly1305 instead of
block cipher modes. For random generation, use HMAC\_DRBG instead of CTR\_DRBG.
+
+#### Everest
+
+The HACL* implementation of X25519 taken from the Everest project only protects
+against remote timing attacks. (See their [Security
+Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).)
+
+The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED`
+configuration option is defined. This option is off by default.
diff --git a/configs/README.txt b/configs/README.txt
index 9e5a243..86496db 100644
--- a/configs/README.txt
+++ b/configs/README.txt
@@ -21,4 +21,4 @@
make
Note that the second method also works if you want to keep your custom
-configuration file outside the mbed TLS tree.
+configuration file outside the Mbed TLS tree.
diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h
index af2415f..19e09d9 100644
--- a/configs/config-ccm-psk-dtls1_2.h
+++ b/configs/config-ccm-psk-dtls1_2.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index 62c1d80..d49adfd 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 31fab4e..ddb00b4 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* Minimal configuration of features that do not require an entropy source
@@ -33,7 +21,7 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -47,7 +35,7 @@
#define MBEDTLS_SELF_TEST
#define MBEDTLS_VERSION_FEATURES
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 89898b3..9bba6e6 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
@@ -37,13 +25,13 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
index a014b52..512dd76 100644
--- a/configs/config-symmetric-only.h
+++ b/configs/config-symmetric-only.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* System support */
diff --git a/configs/config-tfm.h b/configs/config-tfm.h
new file mode 100644
index 0000000..197b808
--- /dev/null
+++ b/configs/config-tfm.h
@@ -0,0 +1,67 @@
+/**
+ * \file config-tfm.h
+ *
+ * \brief TF-M medium profile, adapted to work on other platforms.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* TF-M medium profile: mbedtls legacy configuration */
+#include "../configs/ext/tfm_mbedcrypto_config_profile_medium.h"
+
+/* TF-M medium profile: PSA crypto configuration */
+#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/ext/crypto_config_profile_medium.h"
+
+/***********************************************************/
+/* Tweak the configuration to remove dependencies on TF-M. */
+/***********************************************************/
+
+/* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */
+#undef MBEDTLS_PSA_CRYPTO_SPM
+
+/* Use built-in platform entropy functions (TF-M provides its own). */
+#undef MBEDTLS_NO_PLATFORM_ENTROPY
+
+/* Disable buffer-based memory allocator. This isn't strictly required,
+ * but using the native allocator is faster and works better with
+ * memory management analysis frameworks such as ASan. */
+#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+// This macro is enabled in TFM Medium but is disabled here because it is
+// incompatible with baremetal builds in Mbed TLS.
+#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+// This macro is enabled in TFM Medium but is disabled here because it is
+// incompatible with baremetal builds in Mbed TLS.
+#undef MBEDTLS_ENTROPY_NV_SEED
+
+// These platform-related TF-M settings are not useful here.
+#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#undef MBEDTLS_PLATFORM_STD_MEM_HDR
+#undef MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#undef MBEDTLS_PLATFORM_PRINTF_ALT
+#undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
+#undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE
+
+/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it
+ * does not need CIPHER_C to be enabled, so we can disable it in order
+ * to reduce code size further. */
+#undef MBEDTLS_CIPHER_C
+
+/*
+ * In order to get an example config that works cleanly out-of-the-box
+ * for both baremetal and non-baremetal builds, we detect baremetal builds
+ * and set this variable automatically.
+ */
+#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARM_EABI__)
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+#endif
+
+/***********************************************************************
+ * Local changes to crypto config below this delimiter
+ **********************************************************************/
+
+// We expect TF-M to pick this up soon
+#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 0652136..2f81f90 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -35,7 +23,7 @@
/* System support */
#define MBEDTLS_HAVE_ASM
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
@@ -46,7 +34,7 @@
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h
index 6c12bd7..7f8d587 100644
--- a/configs/crypto-config-ccm-aes-sha256.h
+++ b/configs/crypto-config-ccm-aes-sha256.h
@@ -6,19 +6,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_CONFIG_H
diff --git a/configs/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h
similarity index 78%
rename from configs/crypto_config_profile_medium.h
rename to configs/ext/crypto_config_profile_medium.h
index 3fa8552..63ed470 100644
--- a/configs/crypto_config_profile_medium.h
+++ b/configs/ext/crypto_config_profile_medium.h
@@ -1,14 +1,13 @@
-/*
- * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
/**
* \file psa/crypto_config.h
* \brief PSA crypto configuration options (set of defines)
*
*/
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
/**
* When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
@@ -51,7 +50,7 @@
//#define PSA_WANT_ALG_CFB 1
//#define PSA_WANT_ALG_CHACHA20_POLY1305 1
//#define PSA_WANT_ALG_CTR 1
-#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
+//#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
//#define PSA_WANT_ALG_ECB_NO_PADDING 1
#define PSA_WANT_ALG_ECDH 1
#define PSA_WANT_ALG_ECDSA 1
@@ -106,33 +105,27 @@
//#define PSA_WANT_KEY_TYPE_CAMELLIA 1
//#define PSA_WANT_KEY_TYPE_CHACHA20 1
//#define PSA_WANT_KEY_TYPE_DES 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */
+#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */
+//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+
+/*
+ * The following symbols extend and deprecate the legacy
+ * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in
+ * the name's suffix. "_USE" is the most generic and it can be used to describe
+ * a generic suport, whereas other ones add more features on top of that and
+ * they are more specific.
+ */
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_RAW_DATA 1
-//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
-//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-/***********************************************************************
- * Local edits below this delimiter
- **********************************************************************/
-
-/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro
- * (commented-out above) has been replaced with the following new macros: */
-//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
-//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */
-
-/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */
-//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported
+#ifdef CRYPTO_HW_ACCELERATOR
+#include "crypto_accelerator_config.h"
+#endif
#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */
diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h
similarity index 74%
rename from configs/tfm_mbedcrypto_config_profile_medium.h
rename to configs/ext/tfm_mbedcrypto_config_profile_medium.h
index b581f1f..beebddf 100644
--- a/configs/tfm_mbedcrypto_config_profile_medium.h
+++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h
@@ -8,27 +8,15 @@
* memory footprint.
*/
/*
- * Copyright (C) 2006-2022, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PROFILE_M_MBEDTLS_CONFIG_H
#define PROFILE_M_MBEDTLS_CONFIG_H
+//#include "config_tfm.h"
+
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
@@ -95,44 +83,6 @@
*/
/**
- * \def MBEDTLS_MD2_PROCESS_ALT
- *
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
- * alternate core implementation of symmetric crypto or hash function. Keep in
- * mind that function prototypes should remain the same.
- *
- * This replaces only one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
- *
- * \note Because of a signature change, the core AES encryption and decryption routines are
- * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
- * respectively. When setting up alternative implementations, these functions should
- * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
- * must stay untouched.
- *
- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
- * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- * tables.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- *
- * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
- * constitutes a security risk. If possible, we recommend avoiding
- * dependencies on them, and considering stronger message digests
- * and ciphers instead.
- *
- */
-#define MBEDTLS_AES_SETKEY_DEC_ALT
-#define MBEDTLS_AES_DECRYPT_ALT
-
-/**
* \def MBEDTLS_AES_ROM_TABLES
*
* Use precomputed AES tables stored in ROM.
@@ -186,21 +136,6 @@
#define MBEDTLS_ECP_NIST_OPTIM
/**
- * \def MBEDTLS_ERROR_STRERROR_DUMMY
- *
- * Enable a dummy error function to make use of mbedtls_strerror() in
- * third party libraries easier when MBEDTLS_ERROR_C is disabled
- * (no effect when MBEDTLS_ERROR_C is enabled).
- *
- * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
- * not using mbedtls_strerror() or error_strerror() in your application.
- *
- * Disable if you run into name conflicts and want to really remove the
- * mbedtls_strerror()
- */
-#define MBEDTLS_ERROR_STRERROR_DUMMY
-
-/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
*
* Do not use built-in platform entropy functions.
@@ -237,26 +172,7 @@
* \note The entropy collector will write to the seed file before entropy is
* given to an external source, to update it.
*/
-// This macro is enabled in TFM Medium but is disabled here because it is
-// incompatible with baremetal builds in Mbed TLS.
-//#define MBEDTLS_ENTROPY_NV_SEED
-
-/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- *
- * Enable key identifiers that encode a key owner identifier.
- *
- * This is only meaningful when building the library as part of a
- * multi-client service. When you activate this option, you must provide an
- * implementation of the type mbedtls_key_owner_id_t and a translation from
- * mbedtls_svc_key_id_t to file name in all the storage backends that you
- * you wish to support.
- *
- * Note that while this define has been removed from TF-M's copy of this config
- * file, TF-M still passes this option to Mbed TLS during the build via CMake.
- * Therefore we keep it in our copy. See discussion on PR #7426 for more info.
- *
- */
-#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+#define MBEDTLS_ENTROPY_NV_SEED
/**
* \def MBEDTLS_PSA_CRYPTO_SPM
@@ -340,6 +256,23 @@
#define MBEDTLS_AES_C
/**
+ * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+ *
+ * Use only 128-bit keys in AES operations to save ROM.
+ *
+ * Uncomment this macro to remove support for AES operations that use 192-
+ * or 256-bit keys.
+ *
+ * Uncommenting this macro reduces the size of AES code by ~300 bytes
+ * on v8-M/Thumb2.
+ *
+ * Module: library/aes.c
+ *
+ * Requires: MBEDTLS_AES_C
+ */
+#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+
+/**
* \def MBEDTLS_CIPHER_C
*
* Enable the generic cipher layer.
@@ -381,18 +314,6 @@
#define MBEDTLS_ENTROPY_C
/**
- * \def MBEDTLS_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module: library/error.c
- * Caller:
- *
- * This module enables mbedtls_strerror().
- */
-#define MBEDTLS_ERROR_C
-
-/**
* \def MBEDTLS_HKDF_C
*
* Enable the HKDF algorithm (RFC 5869).
@@ -405,7 +326,7 @@
* This module adds support for the Hashed Message Authentication Code
* (HMAC)-based key derivation function (HKDF).
*/
-#define MBEDTLS_HKDF_C /* Used for HUK deriviation */
+//#define MBEDTLS_HKDF_C /* Used for HUK deriviation */
/**
* \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
@@ -424,45 +345,6 @@
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
/**
- * \def MBEDTLS_PK_C
- *
- * Enable the generic public (asymetric) key layer.
- *
- * Module: library/pk.c
- *
- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
- *
- * Uncomment to enable generic public key wrappers.
- */
-#define MBEDTLS_PK_C
-
-/**
- * \def MBEDTLS_PK_PARSE_C
- *
- * Enable the generic public (asymetric) key parser.
- *
- * Module: library/pkparse.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key parse functions.
- */
-#define MBEDTLS_PK_PARSE_C
-
-/**
- * \def MBEDTLS_PK_WRITE_C
- *
- * Enable the generic public (asymetric) key writer.
- *
- * Module: library/pkwrite.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key write functions.
- */
-#define MBEDTLS_PK_WRITE_C
-
-/**
* \def MBEDTLS_PLATFORM_C
*
* Enable the platform abstraction layer that allows you to re-assign
@@ -482,6 +364,15 @@
*/
#define MBEDTLS_PLATFORM_C
+#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h>
+
+#include <stdio.h>
+
+#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
+#define MBEDTLS_PLATFORM_PRINTF_ALT
+#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE
/**
* \def MBEDTLS_PSA_CRYPTO_C
@@ -506,9 +397,7 @@
* either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
* the PSA ITS interface
*/
-// This macro is enabled in TFM Medium but is disabled here because it is
-// incompatible with baremetal builds in Mbed TLS.
-//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
/* \} name SECTION: mbed TLS modules */
@@ -612,6 +501,47 @@
/* ECP options */
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */
+/**
+ * Uncomment to enable p256-m. This is an alternative implementation of
+ * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
+ * Compared to the default implementation:
+ *
+ * - p256-m has a much smaller code size and RAM footprint.
+ * - p256-m is only available via the PSA API. This includes the pk module
+ * when #MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
+ * over the core arithmetic, or deterministic derivation of keys.
+ *
+ * We recommend enabling this option if your application uses the PSA API
+ * and the only elliptic curve support it needs is ECDH and ECDSA over
+ * SECP256R1.
+ *
+ * If you enable this option, you do not need to enable any ECC-related
+ * MBEDTLS_xxx option. You do need to separately request support for the
+ * cryptographic mechanisms through the PSA API:
+ * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based
+ * configuration;
+ * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS;
+ * - #PSA_WANT_ECC_SECP_R1_256;
+ * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
+ * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
+ *
+ * \note To benefit from the smaller code size of p256-m, make sure that you
+ * do not enable any ECC-related option not supported by p256-m: this
+ * would cause the built-in ECC implementation to be built as well, in
+ * order to provide the required option.
+ * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
+ * SECP256R1 are disabled as they are not supported by this driver.
+ * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
+ * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
+ * the built-in ECC implementation, see docs/driver-only-builds.md.
+ */
+#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
+
/* \} name SECTION: Customisation configuration options */
#if CRYPTO_NV_SEED
@@ -619,7 +549,7 @@
#endif /* CRYPTO_NV_SEED */
#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED)
-#include "mbedtls_entropy_nv_seed_config.h"
+//#include "mbedtls_entropy_nv_seed_config.h"
#endif
#ifdef CRYPTO_HW_ACCELERATOR
diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md
index a5aac40..d7e4f9c 100644
--- a/docs/architecture/psa-crypto-implementation-structure.md
+++ b/docs/architecture/psa-crypto-implementation-structure.md
@@ -49,7 +49,7 @@
```
The code of most PSA APIs is expected to match precisely the above layout. However, it is likely that the code structure of some APIs will be more complicated with several calls to the driver interface, mainly to encompass a larger variety of hardware designs. For example, to encompass hardware accelerators that are capable of verifying a MAC and those that are only capable of computing a MAC, the psa_mac_verify() API could call first psa_driver_wrapper_mac_verify() and then fallback to psa_driver_wrapper_mac_compute().
-The implementations of `psa_driver_wrapper_<entry_point>` functions are generated by the build system based on the JSON driver description files of the various PSA drivers making up the Mbed TLS PSA Cryptography API implementation. The implementations are generated in a psa_crypto_driver_wrappers.c C file and the function prototypes declared in a psa_crypto_driver_wrappers.h header file.
+The implementations of `psa_driver_wrapper_<entry_point>` functions are generated by the build system based on the JSON driver description files of the various PSA drivers making up the Mbed TLS PSA Cryptography API implementation. The implementations are splited into two parts. The static ones are generated in a psa_crypto_driver_wrappers.h header file, the non-static ones are generated in a psa_crypto_driver_wrappers_no_static.c C file and the function prototypes declared in a psa_crypto_driver_wrappers_no_static.h header file.
The psa_driver_wrapper_<entry_point>() functions dispatch cryptographic operations to accelerator drivers, secure element drivers as well as to the software implementations of cryptographic operations.
@@ -139,7 +139,7 @@
The general structure of a cryptographic operation function is:
1. API function defined in `library/psa_crypto.c`. The entry point performs generic checks that don't depend on whether the mechanism is implemented in software or in a driver and looks up keys in the key store.
-2. Driver dispatch code in `scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja` or files included from there.
+2. Driver dispatch code in `scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja`, `scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja` or files included from there.
3. Built-in implementation in `library/psa_crypto_*.c` (with function declarations in the corresponding `.h` file). These files typically contain the implementation of modes of operation over basic building blocks that are defined elsewhere. For example, HMAC is implemented in `library/psa_crypto_mac.c` but the underlying hash functions are implemented in `library/sha*.c` and `library/md*.c`.
4. Basic cryptographic building blocks in `library/*.c`.
diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh
index 1e1ec8c..6c9686e 100755
--- a/docs/architecture/psa-migration/syms.sh
+++ b/docs/architecture/psa-migration/syms.sh
@@ -1,19 +1,7 @@
#!/bin/sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
diff --git a/docs/architecture/psa-thread-safety/key-slot-state-transitions.png b/docs/architecture/psa-thread-safety/key-slot-state-transitions.png
new file mode 100644
index 0000000..34cc79b
--- /dev/null
+++ b/docs/architecture/psa-thread-safety/key-slot-state-transitions.png
Binary files differ
diff --git a/docs/architecture/psa-thread-safety/psa-thread-safety.md b/docs/architecture/psa-thread-safety/psa-thread-safety.md
new file mode 100644
index 0000000..dc5d7e1
--- /dev/null
+++ b/docs/architecture/psa-thread-safety/psa-thread-safety.md
@@ -0,0 +1,450 @@
+# Thread safety of the PSA subsystem
+
+Currently PSA Crypto API calls in Mbed TLS releases are not thread-safe. In Mbed TLS 3.6 we are planning to add a minimal support for thread-safety of the PSA Crypto API (see section [Strategy for 3.6](#strategy-for-36)).
+
+In the [Design analysis](#design-analysis) section we analyse design choices. This discussion is not constrained to what is planned for 3.6 and considers future developments. It also leaves some questions open and discusses options that have been (or probably will be) rejected.
+
+## Design analysis
+
+This section explores possible designs and does not reflect what is currently implemented.
+
+### Requirements
+
+#### Backward compatibility requirement
+
+Code that is currently working must keep working. There can be an exception for code that uses features that are advertised as experimental; for example, it would be annoying but ok to add extra requirements for drivers.
+
+(In this section, “currently” means Mbed TLS releases without proper concurrency management: 3.0.0, 3.1.0, and any other subsequent 3.x version.)
+
+In particular, if you either protect all PSA calls with a mutex, or only ever call PSA functions from a single thread, your application currently works and must keep working. If your application currently builds and works with `MBEDTLS_PSA_CRYPTO_C` and `MBEDTLS_THREADING_C` enabled, it must keep building and working.
+
+As a consequence, we must not add a new platform requirement beyond mutexes for the base case. It would be ok to add new platform requirements if they're only needed for PSA drivers, or if they're only performance improvements.
+
+Tempting platform requirements that we cannot add to the default `MBEDTLS_THREADING_C` include:
+
+* Releasing a mutex from a different thread than the one that acquired it. This isn't even guaranteed to work with pthreads.
+* New primitives such as semaphores or condition variables.
+
+#### Correctness out of the box
+
+If you build with `MBEDTLS_PSA_CRYPTO_C` and `MBEDTLS_THREADING_C`, the code must be functionally correct: no race conditions, deadlocks or livelocks.
+
+The [PSA Crypto API specification](https://armmbed.github.io/mbed-crypto/html/overview/conventions.html#concurrent-calls) defines minimum expectations for concurrent calls. They must work as if they had been executed one at a time (excluding resource-management errors), except that the following cases have undefined behavior:
+
+* Destroying a key while it's in use.
+* Concurrent calls using the same operation object. (An operation object may not be used by more than one thread at a time. But it can move from one thread to another between calls.)
+* Overlap of an output buffer with an input or output of a concurrent call.
+* Modification of an input buffer during a call.
+
+Note that while the specification does not define the behavior in such cases, Mbed TLS can be used as a crypto service. It's acceptable if an application can mess itself up, but it is not acceptable if an application can mess up the crypto service. As a consequence, destroying a key while it's in use may violate the security property that all key material is erased as soon as `psa_destroy_key` returns, but it may not cause data corruption or read-after-free inside the key store.
+
+#### No spinning
+
+The code must not spin on a potentially non-blocking task. For example, this is proscribed:
+```
+lock(m);
+while (!its_my_turn) {
+ unlock(m);
+ lock(m);
+}
+```
+
+Rationale: this can cause battery drain, and can even be a livelock (spinning forever), e.g. if the thread that might unblock this one has a lower priority.
+
+#### Driver requirements
+
+At the time of writing, the driver interface specification does not consider multithreaded environments.
+
+We need to define clear policies so that driver implementers know what to expect. Here are two possible policies at two ends of the spectrum; what is desirable is probably somewhere in between.
+
+* **Policy 1:** Driver entry points may be called concurrently from multiple threads, even if they're using the same key, and even including destroying a key while an operation is in progress on it.
+* **Policy 2:** At most one driver entry point is active at any given time.
+
+Combining the two we arrive at **Policy 3**:
+
+* By default, each driver only has at most one entry point active at any given time. In other words, each driver has its own exclusive lock.
+* Drivers have an optional `"thread_safe"` boolean property. If true, it allows concurrent calls to this driver.
+* Even with a thread-safe driver, the core never starts the destruction of a key while there are operations in progress on it, and never performs concurrent calls on the same multipart operation.
+
+#### Long-term performance requirements
+
+In the short term, correctness is the important thing. We can start with a global lock.
+
+In the medium to long term, performing a slow or blocking operation (for example, a driver call, or an RSA decryption) should not block other threads, even if they're calling the same driver or using the same key object.
+
+We may want to go directly to a more sophisticated approach because when a system works with a global lock, it's typically hard to get rid of it to get more fine-grained concurrency.
+
+#### Key destruction short-term requirements
+
+##### Summary of guarantees in the short term
+
+When `psa_destroy_key` returns:
+
+1. The key identifier doesn't exist. Rationale: this is a functional requirement for persistent keys: the caller can immediately create a new key with the same identifier.
+2. The resources from the key have been freed. Rationale: in a low-resource condition, this may be necessary for the caller to re-create a similar key, which should be possible.
+3. The call must not block indefinitely, and in particular cannot wait for an event that is triggered by application code such as calling an abort function. Rationale: this may not strictly be a functional requirement, but it is an expectation `psa_destroy_key` does not block forever due to another thread, which could potentially be another process on a multi-process system. In particular, it is only acceptable for `psa_destroy_key` to block, when waiting for another thread to complete a PSA Cryptography API call that it had already started.
+
+When `psa_destroy_key` is called on a key that is in use, guarantee 2. might be violated. (This is consistent with the requirement [“Correctness out of the box”](#correctness-out-of-the-box), as destroying a key while it's in use is undefined behavior.)
+
+#### Key destruction long-term requirements
+
+The [PSA Crypto API specification](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#key-destruction) mandates that implementations make a best effort to ensure that the key material cannot be recovered. In the long term, it would be good to guarantee that `psa_destroy_key` wipes all copies of the key material.
+
+##### Summary of guarantees in the long term
+
+When `psa_destroy_key` returns:
+
+1. The key identifier doesn't exist. Rationale: this is a functional requirement for persistent keys: the caller can immediately create a new key with the same identifier.
+2. The resources from the key have been freed. Rationale: in a low-resource condition, this may be necessary for the caller to re-create a similar key, which should be possible.
+3. The call must not block indefinitely, and in particular cannot wait for an event that is triggered by application code such as calling an abort function. Rationale: this may not strictly be a functional requirement, but it is an expectation `psa_destroy_key` does not block forever due to another thread, which could potentially be another process on a multi-process system. In particular, it is only acceptable for `psa_destroy_key` to block, when waiting for another thread to complete a PSA Cryptography API call that it had already started.
+4. No copy of the key material exists. Rationale: this is a security requirement. We do not have this requirement yet, but we need to document this as a security weakness, and we would like to satisfy this security requirement in the future.
+
+As opposed to the short term requirements, all the above guarantees hold even if `psa_destroy_key` is called on a key that is in use.
+
+### Resources to protect
+
+Analysis of the behavior of the PSA key store as of Mbed TLS 9202ba37b19d3ea25c8451fd8597fce69eaa6867.
+
+#### Global variables
+
+* `psa_crypto_slot_management::global_data.key_slots[i]`: see [“Key slots”](#key-slots).
+
+* `psa_crypto_slot_management::global_data.key_slots_initialized`:
+ * `psa_initialize_key_slots`: modification.
+ * `psa_wipe_all_key_slots`: modification.
+ * `psa_get_empty_key_slot`: read.
+ * `psa_get_and_lock_key_slot`: read.
+
+* `psa_crypto::global_data.rng`: depends on the RNG implementation. See [“Random generator”](#random-generator).
+ * `psa_generate_random`: query.
+ * `mbedtls_psa_crypto_configure_entropy_sources` (only if `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is enabled): setup. Only called from `psa_crypto_init` via `mbedtls_psa_random_init`, or from test code.
+ * `mbedtls_psa_crypto_free`: deinit.
+ * `psa_crypto_init`: seed (via `mbedtls_psa_random_seed`); setup via `mbedtls_psa_crypto_configure_entropy_sources.
+
+* `psa_crypto::global_data.{initialized,rng_state}`: these are bit-fields and cannot be modified independently so they must be protected by the same mutex. The following functions access these fields:
+ * `mbedtls_psa_crypto_configure_entropy_sources` [`rng_state`] (only if `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is enabled): read. Only called from `psa_crypto_init` via `mbedtls_psa_random_init`, or from test code.
+ * `mbedtls_psa_crypto_free`: modification.
+ * `psa_crypto_init`: modification.
+ * Many functions via `GUARD_MODULE_INITIALIZED`: read.
+
+#### Key slots
+
+##### Key slot array traversal
+
+“Occupied key slot” is determined by `psa_is_key_slot_occupied` based on `slot->attr.type`.
+
+The following functions traverse the key slot array:
+
+* `psa_get_and_lock_key_slot_in_memory`: reads `slot->attr.id`.
+* `psa_get_and_lock_key_slot_in_memory`: calls `psa_lock_key_slot` on one occupied slot.
+* `psa_get_empty_key_slot`: calls `psa_is_key_slot_occupied`.
+* `psa_get_empty_key_slot`: calls `psa_wipe_key_slot` and more modifications on one occupied slot with no active user.
+* `psa_get_empty_key_slot`: calls `psa_lock_key_slot` and more modification on one unoccupied slot.
+* `psa_wipe_all_key_slots`: writes to all slots.
+* `mbedtls_psa_get_stats`: reads from all slots.
+
+##### Key slot state
+
+The following functions modify a slot's usage state:
+
+* `psa_lock_key_slot`: writes to `slot->lock_count`.
+* `psa_unlock_key_slot`: writes to `slot->lock_count`.
+* `psa_wipe_key_slot`: writes to `slot->lock_count`.
+* `psa_destroy_key`: reads `slot->lock_count`, calls `psa_lock_key_slot`.
+* `psa_wipe_all_key_slots`: writes to all slots.
+* `psa_get_empty_key_slot`: writes to `slot->lock_count` and calls `psa_wipe_key_slot` and `psa_lock_key_slot` on one occupied slot with no active user; calls `psa_lock_key_slot` on one unoccupied slot.
+* `psa_close_key`: reads `slot->lock_count`; calls `psa_get_and_lock_key_slot_in_memory`, `psa_wipe_key_slot` and `psa_unlock_key_slot`.
+* `psa_purge_key`: reads `slot->lock_count`; calls `psa_get_and_lock_key_slot_in_memory`, `psa_wipe_key_slot` and `psa_unlock_key_slot`.
+
+**slot->attr access:**
+`psa_crypto_core.h`:
+* `psa_key_slot_set_flags` - writes to attr.flags
+* `psa_key_slot_set_bits_in_flags` - writes to attr.flags
+* `psa_key_slot_clear_bits` - writes to attr.flags
+* `psa_is_key_slot_occupied` - reads attr.type (but see “[Determining whether a key slot is occupied](#determining-whether-a-key-slot-is-occupied)”)
+* `psa_key_slot_get_flags` - reads attr.flags
+
+`psa_crypto_slot_management.c`:
+* `psa_get_and_lock_key_slot_in_memory` - reads attr.id
+* `psa_get_empty_key_slot` - reads attr.lifetime
+* `psa_load_persistent_key_into_slot` - passes attr pointer to psa_load_persistent_key
+* `psa_load_persistent_key` - reads attr.id and passes pointer to psa_parse_key_data_from_storage
+* `psa_parse_key_data_from_storage` - writes to many attributes
+* `psa_get_and_lock_key_slot` - writes to attr.id, attr.lifetime, and attr.policy.usage
+* `psa_purge_key` - reads attr.lifetime, calls psa_wipe_key_slot
+* `mbedtls_psa_get_stats` - reads attr.lifetime, attr.id
+
+`psa_crypto.c`:
+* `psa_get_and_lock_key_slot_with_policy` - reads attr.type, attr.policy.
+* `psa_get_and_lock_transparent_key_slot_with_policy` - reads attr.lifetime
+* `psa_destroy_key` - reads attr.lifetime, attr.id
+* `psa_get_key_attributes` - copies all publicly available attributes of a key
+* `psa_export_key` - copies attributes
+* `psa_export_public_key` - reads attr.type, copies attributes
+* `psa_start_key_creation` - writes to the whole attr structure
+* `psa_validate_optional_attributes` - reads attr.type, attr.bits
+* `psa_import_key` - reads attr.bits
+* `psa_copy_key` - reads attr.bits, attr.type, attr.lifetime, attr.policy
+* `psa_mac_setup` - copies whole attr structure
+* `psa_mac_compute_internal` - copies whole attr structure
+* `psa_verify_internal` - copies whole attr structure
+* `psa_sign_internal` - copies whole attr structure, reads attr.type
+* `psa_assymmetric_encrypt` - reads attr.type
+* `psa_assymetric_decrypt` - reads attr.type
+* `psa_cipher_setup` - copies whole attr structure, reads attr.type
+* `psa_cipher_encrypt` - copies whole attr structure, reads attr.type
+* `psa_cipher_decrypt` - copies whole attr structure, reads attr.type
+* `psa_aead_encrypt` - copies whole attr structure
+* `psa_aead_decrypt` - copies whole attr structure
+* `psa_aead_setup` - copies whole attr structure
+* `psa_generate_derived_key_internal` - reads attr.type, writes to and reads from attr.bits, copies whole attr structure
+* `psa_key_derivation_input_key` - reads attr.type
+* `psa_key_agreement_raw_internal` - reads attr.type and attr.bits
+
+##### Determining whether a key slot is occupied
+
+`psa_is_key_slot_occupied` currently uses the `attr.type` field to determine whether a key slot is occupied. This works because we maintain the invariant that an occupied slot contains key material. With concurrency, it is desirable to allow a key slot to be reserved, but not yet contain key material or even metadata. When creating a key, determining the key type can be costly, for example when loading a persistent key from storage or (not yet implemented) when importing or unwrapping a key using an interface that determines the key type from the data that it parses. So we should not need to hold the global key store lock while the key type is undetermined.
+
+Instead, `psa_is_key_slot_occupied` should use the key identifier to decide whether a slot is occupied. The key identifier is always readily available: when allocating a slot for a persistent key, it's an input of the function that allocates the key slot; when allocating a slot for a volatile key, the identifier is calculated from the choice of slot.
+
+Alternatively, we could use a dedicated indicator that the slot is occupied. The advantage of this is that no field of the `attr` structure would be needed to determine the slot state. This would be a clean separation between key attributes and slot state and `attr` could be treated exactly like key slot content. This would save code size and maintenance effort. The cost of it would be that each slot would need an extra field to indicate whether it is occupied.
+
+##### Key slot content
+
+Other than what is used to determine the [“key slot state”](#key-slot-state), the contents of a key slot are only accessed as follows:
+
+* Modification during key creation (between `psa_start_key_creation` and `psa_finish_key_creation` or `psa_fail_key_creation`).
+* Destruction in `psa_wipe_key_slot`.
+* Read in many functions, between calls to `psa_lock_key_slot` and `psa_unlock_key_slot`.
+
+**slot->key access:**
+* `psa_allocate_buffer_to_slot` - allocates key.data, sets key.bytes;
+* `psa_copy_key_material_into_slot` - writes to key.data
+* `psa_remove_key_data_from_memory` - writes and reads to/from key data
+* `psa_get_key_attributes` - reads from key data
+* `psa_export_key` - passes key data to psa_driver_wrapper_export_key
+* `psa_export_public_key` - passes key data to psa_driver_wrapper_export_public_key
+* `psa_finish_key_creation` - passes key data to psa_save_persistent_key
+* `psa_validate_optional_attributes` - passes key data and bytes to mbedtls_psa_rsa_load_representation
+* `psa_import_key` - passes key data to psa_driver_wrapper_import_key
+* `psa_copy_key` - passes key data to psa_driver_wrapper_copy_key, psa_copy_key_material_into_slot
+* `psa_mac_setup` - passes key data to psa_driver_wrapper_mac_sign_setup, psa_driver_wrapper_mac_verify_setup
+* `psa_mac_compute_internal` - passes key data to psa_driver_wrapper_mac_compute
+* `psa_sign_internal` - passes key data to psa_driver_wrapper_sign_message, psa_driver_wrapper_sign_hash
+* `psa_verify_internal` - passes key data to psa_driver_wrapper_verify_message, psa_driver_wrapper_verify_hash
+* `psa_asymmetric_encrypt` - passes key data to mbedtls_psa_rsa_load_representation
+* `psa_asymmetric_decrypt` - passes key data to mbedtls_psa_rsa_load_representation
+* `psa_cipher_setup ` - passes key data to psa_driver_wrapper_cipher_encrypt_setup and psa_driver_wrapper_cipher_decrypt_setup
+* `psa_cipher_encrypt` - passes key data to psa_driver_wrapper_cipher_encrypt
+* `psa_cipher_decrypt` - passes key data to psa_driver_wrapper_cipher_decrypt
+* `psa_aead_encrypt` - passes key data to psa_driver_wrapper_aead_encrypt
+* `psa_aead_decrypt` - passes key data to psa_driver_wrapper_aead_decrypt
+* `psa_aead_setup` - passes key data to psa_driver_wrapper_aead_encrypt_setup and psa_driver_wrapper_aead_decrypt_setup
+* `psa_generate_derived_key_internal` - passes key data to psa_driver_wrapper_import_key
+* `psa_key_derivation_input_key` - passes key data to psa_key_derivation_input_internal
+* `psa_key_agreement_raw_internal` - passes key data to mbedtls_psa_ecp_load_representation
+* `psa_generate_key` - passes key data to psa_driver_wrapper_generate_key
+
+#### Random generator
+
+The PSA RNG can be accessed both from various PSA functions, and from application code via `mbedtls_psa_get_random`.
+
+With the built-in RNG implementations using `mbedtls_ctr_drbg_context` or `mbedtls_hmac_drbg_context`, querying the RNG with `mbedtls_xxx_drbg_random()` is thread-safe (protected by a mutex inside the RNG implementation), but other operations (init, free, seed) are not.
+
+When `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is enabled, thread safety depends on the implementation.
+
+#### Driver resources
+
+Depends on the driver. The PSA driver interface specification does not discuss whether drivers must support concurrent calls.
+
+### Simple global lock strategy
+
+Have a single mutex protecting all accesses to the key store and other global variables. In practice, this means every PSA API function needs to take the lock on entry and release on exit, except for:
+
+* Hash function.
+* Accessors for key attributes and other local structures.
+
+Note that operation functions do need to take the lock, since they need to prevent the destruction of the key.
+
+Note that this does not protect access to the RNG via `mbedtls_psa_get_random`, which is guaranteed to be thread-safe when `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is disabled.
+
+This approach is conceptually simple, but requires extra instrumentation to every function and has bad performance in a multithreaded environment since a slow operation in one thread blocks unrelated operations on other threads.
+
+### Global lock excluding slot content
+
+Have a single mutex protecting all accesses to the key store and other global variables, except that it's ok to access the content of a key slot without taking the lock if one of the following conditions holds:
+
+* The key slot is in a state that guarantees that the thread has exclusive access.
+* The key slot is in a state that guarantees that no other thread can modify the slot content, and the accessing thread is only reading the slot.
+
+Note that a thread must hold the global mutex when it reads or changes a slot's state.
+
+#### Slot states
+
+For concurrency purposes, a slot can be in one of four states:
+
+* EMPTY: no thread is currently accessing the slot, and no information is stored in the slot. Any thread is able to change the slot's state to FILLING and begin loading data.
+* FILLING: one thread is currently loading or creating material to fill the slot, this thread is responsible for the next state transition. Other threads cannot read the contents of a slot which is in FILLING.
+* FULL: the slot contains a key, and any thread is able to use the key after registering as a reader.
+* PENDING_DELETION: the key within the slot has been destroyed or marked for destruction, but at least one thread is still registered as a reader. No thread can register to read this slot. The slot must not be wiped until the last reader de-registers, wiping the slot by calling `psa_wipe_key_slot`.
+
+To change `slot` to state `new_state`, a function must call `psa_slot_state_transition(slot, new_state)`.
+
+A counter field within each slot keeps track of how many readers have registered. Library functions must call `psa_register_read` before reading the key data within a slot, and `psa_unregister_read` after they have finished operating.
+
+Any call to `psa_slot_state_transition`, `psa_register_read` or `psa_unregister_read` must be performed by a thread which holds the global mutex.
+
+##### Linearizability of the system
+
+To satisfy the requirements in [Correctness out of the box](#correctness-out-of-the-box), we require our functions to be "linearizable" (under certain constraints). This means that any (constraint satisfying) set of concurrent calls are performed as if they were executed in some sequential order.
+
+The standard way of reasoning that this is the case is to identify a "linearization point" for each call, this is a single execution step where the function takes effect (this is usually a step in which the effects of the call become visible to other threads). If every call has a linearization point, the set of calls is equivalent to sequentially performing the calls in order of when their linearization point occurred.
+
+We only require linearizability to hold in the case where a resource-management error is not returned. In a set of concurrent calls, it is permitted for a call c to fail with a PSA_ERROR_INSUFFICIENT_MEMORY return code even if there does not exist a sequential ordering of the calls in which c returns this error. Even if such an error occurs, all calls are still required to be functionally correct.
+
+We only access and modify a slot's state and reader count while we hold the global lock. This ensures the memory in which these fields are stored is correctly synchronized. It also ensures that the key data within the slot is synchronised where needed (the writer unlocks the mutex after filling the data, and any reader must lock the mutex before reading the data).
+
+To help justify that our system is linearizable, here is a list of key slot state changing functions and their linearization points (for the sake of brevity not all failure cases are covered, but those cases are not complex):
+* `psa_wipe_key_slot, psa_register_read, psa_unregister_read, psa_slot_state_transition,` - These functions are all always performed under the global mutex, so they have no effects visible to other threads (this implies that they are linearizable).
+* `psa_get_empty_key_slot, psa_get_and_lock_key_slot_in_memory, psa_load_X_key_into_slot, psa_fail_key_creation` - These functions hold the mutex for all non-setup/finalizing code, their linearization points are the release of the mutex.
+* `psa_get_and_lock_key_slot` - If the key is already in a slot, the linearization point is the linearization point of the call to `psa_get_and_lock_key_slot_in_memory`. If the key is not in a slot and is loaded into one, the linearization point is the linearization point of the call to `psa_load_X_key_into_slot`.
+* `psa_start_key_creation` - From the perspective of other threads, the only effect of a successful call to this function is that the amount of usable resources decreases (a key slot which was usable is now unusable). Since we do not consider resource management as linearizable behaviour, when arguing for linearizability of the system we consider this function to have no visible effect to other threads.
+* `psa_finish_key_creation` - On a successful load, we lock the mutex and set the state of the slot to FULL, the linearization point is then the following unlock. On an unsuccessful load, the linearization point is when we return - no action we have performed has been made visible to another thread as the slot is still in a FILLING state.
+* `psa_destroy_key, psa_close_key, psa_purge_key` - As per the requirements, we need only argue for the case where the key is not in use here. The linearization point is the unlock after wiping the data and setting the slot state to EMPTY.
+* `psa_import_key, psa_copy_key, psa_generate_key, mbedtls_psa_register_se_key` - These functions call both `psa_start_key_creation` and `psa_finish_key_creation`, the linearization point of a successful call is the linearization point of the call to `psa_finish_key_creation`. The linearization point of an unsuccessful call is the linearization point of the call to `psa_fail_key_creation`.
+* `psa_key_derivation_output_key` - Same as above. If the operation object is in use by multiple threads, the behaviour need not be linearizable.
+
+Library functions which operate on a slot will return `PSA_ERROR_BAD_STATE` if the slot is in an inappropriate state for the function at the linearization point.
+
+##### Key slot state transition diagram
+
+
+
+In the state transition diagram above, an arrow between two states `q1` and `q2` with label `f` indicates that if the state of a slot is `q1` immediately before `f`'s linearization point, it may be `q2` immediately after `f`'s linearization point.
+
+##### Generating the key slot state transition diagram from source
+
+To generate the state transition diagram in https://app.diagrams.net/, open the following url:
+
+https://viewer.diagrams.net/?tags=%7B%7D&highlight=FFFFFF&edit=_blank&layers=1&nav=1&title=key-slot-state-transitions#R5Vxbd5s4EP4t%2B%2BDH5iAJcXms4ySbrdtNT7qX9MWHgGyrxcABHNv59SsM2EhgDBhs3PVL0CANoBl9fDMaMkC3i%2FWDb3jzz65F7AGUrPUAjQYQAqBh9ieSbGKJIqFYMPOplXTaC57pO0mEUiJdUosEXMfQde2QerzQdB2HmCEnM3zfXfHdpq7NX9UzZiQneDYNOy%2F9h1rhPJZqUN3Lfyd0Nk%2BvDBQ9PrMw0s7JkwRzw3JXGRG6G6Bb33XD%2BGixviV2NHnpvMTj7g%2Bc3d2YT5ywyoDv4H08%2Ffvxj9VX3XGGw5cf3o9PHxJjvBn2MnngAVRspm9o0Td2OIsO7%2F8aj1Mx0585U9B5bgQTnxgW8YP07Ksv9he1bOcn3KSTzm6c2Zc1hqs5DcmzZ5jRmRVzsegK4cJmLcAOjcCLjT6la2LtVGUnJZmnN%2BKHZJ0RJZP0QNwFCf0N65KclbXEYDuPTdqrjP0T0Txj%2BlRmJB4322neG4UdJHapYSMACowkzphjfYy8nbVM2wgCavIT5btLx4pmaCSxFpscf%2FNvcmrbeMk2Rutsv9Emba1puBvEjl8y8v2QqJGOOGiNwF36Jjnul6Hhz0hY0k%2BO%2BxGLW8V522Zshwtsl8p8YhshfePXfpFBkys8uZQ92UHXwYrgE%2FFzJ6Oya1VUpOo3euancWplJKiNpymnduttu0k4wQFhzgGXjk9mNAiJv13seX9kBhkbr%2BxlwK9Xm86cyEeZQxCfCaJlSRnafkxOLKhlRTqGPgnou%2FG61Re5khc93PZx8XCAR4XOVb56RADYvTOSq3CwXAQM0g2UVJ2zxAd4mt%2BkaoAwxJ1OA9KNLasA%2Ft3np28v14nevQNvvXXwTmBYysAwKIXhHdxLWbiXjsB9c%2FCGFcEb9Au8ec%2FJgWxl7D7yDugYrFO6mXE4LzAmU4Pak59kMzEZXofUdfoM2ema6SNkJ5ohp1Qc3x1%2B51%2FF94%2Fj8eOXh17DMFIuDMNyldderTjnt18u0Lm4kXAVIz3dfRlt3b2inUZ347tvj39%2BuU4b9Y7PqF3RmepRZbPotTmdSdNOx%2BgM7BWdgRJ7%2BWkyVAGLJmWs8G9BLCs3KsAq1FTMGkhQX5XrAEUgTfJ5yY5WyHXYFSdk4YWbLeEJbDfsMdlJF1Qfuc5OjXwuegOKXtTt48sNbhIwxaMuGjL1K98VYYwkpRijMDjg0QBEWawUZJAmqc1QRpYElGG%2BjgSX7DoFVow0U%2BrQYH41cVW6uE7Gmg%2FM7rKu8mCDWvEpRSvUegboKaKfgi3Npf%2B2RZaYbZwv51492dMcg6rm3FGvMEhWMecwitowb4MVQZHIoQ9ADPMBY5PplizPwzes82imSlL5fUGhPzjSX9bK9LOD%2BI6bLp7RUDYBfTA9%2B50sH%2Bkz%2Fvi0rha6CVsGFQO4lNEZjjWxXfNnhtTV0GDabkCiobVGeUtm8uyo%2BtFjf9A%2FtVEb6A%2BQxntZO1k1nr5CfC7sR0X74K3QzixwVwxrMzyz2zy9XBHw%2B5WnhyrkvATjhoAPDuVWzsQpUVGsUwhDFglC392cDl%2FtQGVvIW63jFsIpmVN4aOZdBmc6L47HN5wkNc9xsmX4LfHwKs%2BTB6Eu57AE6N3mcwa0gBnbaSCorO1uaqsZpJ7CtDrXKQjHouQVn7P4l2iIzwWl%2BrvhsfmyyOup9JFbo3gsegeC47bEvh1kUgsNGT7%2BxSXxrfW6BzsFV4iIbzFTesukCpkCSvG72153HXtRZQumlYiRF3YcmqLPqVZzC4ThIWzc5ZKrspbEzwMdbg1UTUtiHsNKwpoCitCPZfSXfFtMSMprufiQsLeAkprhVwRoECekbQVj%2FG7GF0UchXb9UxV%2FcehoQkMNYcTXBFO%2BhXVwQNJ%2BNpwAgWWonRXHlrsdrDA7XJpoFzQUyN9tKIeyeXoryNvXr5Q26jQ2H0P1y6IAXQhEMuT3pwlz55TOohNfcESIXHSeMcSbbNAGpahrMs6RBoS9XLVGbAS0NRNA7GnyV4F6PxNqBK6UaG0%2B6HyJwJ6qTIA6ijDze%2Bso%2BxSPoToZXqpfK3%2Fz9JLT3S5Hk%2FhRNNmX9%2B%2B338yHccr%2FIyqHfLGlZw1%2BiSzM%2BpWtRC2X0VqSKgew2JeqDLc4iOZqvaoW6HPVWJuEQOzXcOaeMQPIlxxwi0ZY%2Ffk1q%2Ba2Gp6XVI7pM4JakrLN66DGpaiQAuIiGVQGIie6Pxnq6CAl6wAqu9Cv9gXl1VT%2F1VL9%2Fa74OmW%2Brk2T%2Fnkbu57gsolw4KiqrUde0WnLBnW3P9fj7j7%2Fr%2BjoLv%2FAA%3D%3D
+
+#### Destruction of a key in use
+
+Problem: In [Key destruction long-term requirements](#key-destruction-long-term-requirements) we require that the key slot is destroyed (by `psa_wipe_key_slot`) even while it's in use (FILLING or with at least one reader).
+
+How do we ensure that? This needs something more sophisticated than mutexes (concurrency number >2)! Even a per-slot mutex isn't enough (we'd need a reader-writer lock).
+
+Solution: after some team discussion, we've decided to rely on a new threading abstraction which mimics C11 (i.e. `mbedtls_fff` where `fff` is the C11 function name, having the same parameters and return type, with default implementations for C11, pthreads and Windows). We'll likely use condition variables in addition to mutexes.
+
+##### Mutex only
+
+When calling `psa_wipe_key_slot` it is the callers responsibility to set the slot state to PENDING_DELETION first. For most functions this is a clean {FULL, !has_readers} -> PENDING_DELETION transition: psa_get_empty_key_slot, psa_get_and_lock_key_slot, psa_close_key, psa_purge_key.
+
+`psa_wipe_all_key_slots` is only called from `mbedtls_psa_crypto_free`, here we will need to return an error as we won't be able to free the key store if a key is in use without compromising the state of the secure side. This is acceptable as an untrusted application cannot call `mbedtls_psa_crypto_free` in a crypto service. In a service integration, `mbedtls_psa_crypto_free` on the client cuts the communication with the crypto service. Also, this is the current behaviour.
+
+`psa_destroy_key` registers as a reader, marks the slot as deleted, deletes persistent keys and opaque keys and unregisters before returning. This will free the key ID, but the slot might be still in use. This only works if drivers are protected by a mutex (and the persistent storage as well if needed). `psa_destroy_key` transfers to PENDING_DELETION as an intermediate state. The last reading operation will wipe the key slot upon unregistering. In case of volatile keys freeing up the ID while the slot is still in use does not provide any benefit and we don't need to do it.
+
+These are serious limitations, but this can be implemented with mutexes only and arguably satisfies the [Key destruction short-term requirements](#key-destruction-short-term-requirements).
+
+Variations:
+
+1. As a first step the multipart operations would lock the keys for reading on setup and release on free
+2. In a later stage this would be improved by locking the keys on entry into multi-part API calls and released before exiting.
+
+The second variant can't be implemented as a backward compatible improvement on the first as multipart operations that were successfully completed in the first case, would fail in the second. If we want to implement these incrementally, multipart operations in a multithreaded environment must be left unsupported in the first variant. This makes the first variant impractical (multipart operations returning an error in builds with multithreading enabled is not a behaviour that would be very useful to release).
+
+We can't reuse the `lock_count` field to mark key slots deleted, as we still need to keep track the lock count while the slot is marked for deletion. This means that we will need to add a new field to key slots. This new field can be reused to indicate whether the slot is occupied (see section [Determining whether a key slot is occupied](#determining-whether-a-key-slot-is-occupied)). (There would be three states: deleted, occupied, empty.)
+
+#### Condition variables
+
+Clean UNUSED -> PENDING_DELETION transition works as before.
+
+`psa_wipe_all_key_slots` and `psa_destroy_key` mark the slot as deleted and go to sleep until the slot has no registered readers. When waking up, they wipe the slot, and return.
+
+If the slot is already marked as deleted the threads calling `psa_wipe_all_key_slots` and `psa_destroy_key` go to sleep until the deletion completes. To satisfy [Key destruction long-term requirements](#key-destruction-long-term-requirements) none of the threads may return from the call until the slot is deleted completely. This can be achieved by signalling them when the slot has already been wiped and ready for use, that is not marked for deletion anymore. To handle spurious wake-ups, these threads need to be able to tell whether the slot was already deleted. This is not trivial, because by the time the thread wakes up, theoretically the slot might be in any state. It might have been reused and maybe even marked for deletion again.
+
+To resolve this, we can either:
+
+1. Depend on the deletion marker. If the slot has been reused and is marked for deletion again, the threads keep waiting until the second deletion completes.
+2. Introduce a uuid (eg a global counter plus a slot ID), which is recorded by the thread waiting for deletion and checks whether it matches. If it doesn't, the function can return as the slot was already reallocated. If it does match, it can check whether it is still marked for deletion, if it is, the thread goes back to sleep, if it isn't, the function can return.
+
+##### Platform abstraction
+
+Introducing condition variables to the platform abstraction layer would be best done in a major version. If we can't wait until that, we will need to introduce a new compile time flag. Considering that this only will be needed on the PSA Crypto side and the upcoming split, it makes sense to make this flag responsible for the entire PSA Crypto threading support. Therefore if we want to keep the option open for implementing this in a backward compatible manner, we need to introduce and use this new flag already when implementing [Mutex only](#mutex-only). (If we keep the abstraction layer for mutexes the same, this shouldn't mean increase in code size and would mean only minimal effort on the porting side.)
+
+#### Operation contexts
+
+Concurrent access to the same operation context can compromise the crypto service for example if the operation context has a pointer (depending on the compiler and the platform, the pointer assignment may or may not be atomic). This violates the functional correctness requirement of the crypto service. (Concurrent calls to operations is undefined behaviour, but still should not compromise the CIA of the crypto service.)
+
+If we want to protect against this in the library, operations will need a status field protected by a global mutex similarly to key slots. On entry, API calls would check the state and return an error if it is already ACTIVE. Otherwise they set it to ACTIVE and restore it to INACTIVE before returning.
+
+Alternatively, protecting operation contexts can be left as the responsibility of the crypto service. The [PSA Crypto API Specification](https://arm-software.github.io/psa-api/crypto/1.1/overview/conventions.html#concurrent-calls) does not require the library to provide any protection in this case. A crypto service can easily add its own mutex in its operation structure wrapper (the same structure where it keeps track of which client connection owns that operation object).
+
+#### Drivers
+
+Each driver that hasn’t got the "thread_safe” property set has a dedicated mutex.
+
+Implementing "thread_safe” drivers depends on the condition variable protection in the key store, as we must guarantee that the core never starts the destruction of a key while there are operations in progress on it.
+
+Start with implementing threading for drivers without the "thread_safe” property (all drivers behave like the property wasn't set). Add "thread_safe" drivers at some point after the [Condition variables](#condition-variables) approach is implemented in the core.
+
+##### Reentrancy
+
+It is natural sometimes to want to perform cryptographic operations from a driver, for example calculating a hash as part of various other crypto primitives, or using a block cipher in a driver for a mode, etc. Also encrypting/authenticating communication with a secure element.
+
+**Non-thread-safe drivers:**
+
+A driver is non-thread-safe if the `thread-safe` property (see [Driver requirements](#driver-requirements)) is set to false.
+
+In the non-thread-safe case we have these natural assumptions/requirements:
+1. Drivers don't call the core for any operation for which they provide an entry point
+2. The core doesn't hold the driver mutex between calls to entry points
+
+With these, the only way of a deadlock is when we have several drivers and they have circular dependencies. That is, Driver A makes a call that is despatched to Driver B and upon executing that Driver B makes a call that is despatched to Driver A. For example Driver A does CCM calls Driver B to do CBC-MAC, which in turn calls Driver A to do AES. This example is pretty contrived and it is hard to find a more practical example.
+
+Potential ways for resolving this:
+1. Non-thread-safe drivers must not call the core
+2. Provide a new public API that drivers can safely call
+3. Make the dispatch layer public for drivers to call
+4. There is a whitelist of core APIs that drivers can call. Drivers providing entry points to these must not make a call to the core when handling these calls. (Drivers are still allowed to call any core API that can't have a driver entry point.)
+
+The first is too restrictive, the second and the third would require making it a stable API, and would likely increase the code size for a relatively rare feature. We are choosing the fourth as that is the most viable option.
+
+**Thread-safe drivers:**
+
+A driver is non-thread-safe if the `thread-safe` property (see [Driver requirements](#driver-requirements)) is set to true.
+
+To make reentrancy in non-thread-safe drivers work, thread-safe drivers must not make a call to the core when handling a call that is on the non-thread-safe driver core API whitelist.
+
+Thread-safe drivers have less guarantees from the core and need to implement more complex logic and we can reasonably expect them to be more flexible in terms of reentrancy as well. At this point it is hard to see what further guarantees would be useful and feasible. Therefore, we don't provide any further guarantees for now.
+
+Thread-safe drivers must not make any assumption about the operation of the core beyond what is discussed in the [Reentrancy](#reentrancy) and [Driver requirements](#driver-requirements) sections.
+
+#### Global data
+
+PSA Crypto makes use of a `global_data` variable that will be accessible from multiple threads and needs to be protected. Any function accessing this variable (or its members) must take the corresponding lock first. Since `global_data` holds the RNG state, these will involve relatively expensive operations and therefore ideally `global_data` should be protected by its own, dedicated lock (different from the one protecting the key store).
+
+Note that this does not protect access to the RNG via `mbedtls_psa_get_random`, which is guaranteed to be thread-safe when `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is disabled. Still, doing so is conceptually simpler and we probably will want to remove the lower level mutex in the long run, since the corresponding interface will be removed from the public API. The two mutexes are different and are always taken in the same order, there is no risk of deadlock.
+
+The purpose of `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is very similar to the driver interface (and might even be added to it in the long run), therefore it makes sense to handle it the same way. In particular, we can use the `global_data` mutex to protect it as a default and when we implement the "thread_safe” property for drivers, we implement it for `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` as well.
+
+#### Implementation notes
+
+Since we only have simple mutexes, locking the same mutex from the same thread is a deadlock. Therefore functions taking the global mutex must not be called while holding the same mutex. Functions taking the mutex will document this fact and the implications.
+
+Releasing the mutex before a function call might introduce race conditions. Therefore might not be practical to take the mutex in low level access functions. If functions like that don't take the mutex, they need to rely on the caller to take it for them. These functions will document that the caller is required to hold the mutex.
+
+To avoid performance degradation, functions must hold mutexes for as short time as possible. In particular, they must not start expensive operations (eg. doing cryptography) while holding the mutex.
+
+## Strategy for 3.6
+
+The goal is to provide viable threading support without extending the platform abstraction. (Condition variables should be added in 4.0.) This means that we will be relying on mutexes only.
+
+- Key Store
+ - Slot states are described in the [Slot states](#slot-states) section. They guarantee safe concurrent access to slot contents.
+ - Slot states will be protected by a global mutex as described in the introduction of the [Global lock excluding slot content](#global-lock-excluding-slot-content) section.
+ - Simple key destruction strategy as described in the [Mutex only](#mutex-only) section (variant 2).
+ - The slot state and key attributes will be separated as described in the last paragraph of the [Determining whether a key slot is occupied](#determining-whether-a-key-slot-is-occupied) section.
+- The main `global_data` (the one in `psa_crypto.c`) shall be protected by its own mutex as described in the [Global data](#global-data) section.
+- The solution shall use the pre-existing `MBEDTLS_THREADING_C` threading abstraction. That is, the flag proposed in the [Platform abstraction](#platform-abstraction) section won't be implemented.
+- The core makes no additional guarantees for drivers. That is, Policy 1 in section [Driver requirements](#driver-requirements) applies.
diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md
index a55bbc5..2dcfe67 100644
--- a/docs/driver-only-builds.md
+++ b/docs/driver-only-builds.md
@@ -3,7 +3,7 @@
built-in implementation of those algorithms), from a user's perspective.
This is useful to save code size for people who are using either a hardware
-accelerator, or an alternative software implementation that's more
+accelerator, or an alternative software implementation that is more
aggressively optimized for code size than the default one in Mbed TLS.
General considerations
@@ -55,6 +55,7 @@
- hashes: SHA-3, SHA-2, SHA-1, MD5, etc.
- elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types.
- finite-field Diffie-Hellman: FFDH algorithm, DH key types.
+- AEADs: GCM, CCM and ChachaPoly
Supported means that when those are provided only by drivers, everything
(including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should
@@ -63,7 +64,7 @@
below.
In the near future (end of 2023), we are planning to also add support for
-ciphers (AES) and AEADs (GCM, CCM, ChachaPoly).
+ciphers (AES, ARIA, Camellia).
Currently (mid-2023) we don't have plans to extend this to RSA. If
you're interested in driver-only support for RSA, please let us know.
@@ -71,41 +72,94 @@
Hashes
------
-TODO
+It is possible to have all hash operations provided only by a driver.
+
+More precisely:
+- you can enable `PSA_WANT_ALG_SHA_256` without `MBEDTLS_SHA256_C`, provided
+ you have `MBEDTLS_PSA_ACCEL_ALG_SHA_256` enabled;
+- and similarly for all supported hash algorithms: `MD5`, `RIPEMD160`,
+ `SHA_1`, `SHA_224`, `SHA_256`, `SHA_384`, `SHA_512`, `SHA3_224`, `SHA3_256`,
+`SHA3_384`, `SHA3_512`.
+
+In such a build, all crypto operations (via the PSA Crypto API, or non-PSA
+APIs), as well as X.509 and TLS, will work as usual, except that direct calls
+to low-level hash APIs (`mbedtls_sha256()` etc.) are not possible for the
+modules that are disabled.
+
+You need to call `psa_crypto_init()` before any crypto operation that uses
+a hash algorithm that is provided only by a driver, as mentioned in [General
+considerations](#general-considerations) above.
+
+If you want to check at compile-time whether a certain hash algorithm is
+available in the present build of Mbed TLS, regardless of whether it's
+provided by a driver or built-in, you should use the following macros:
+- for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from
+ `psa/crypto.h`;
+- for code that uses non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from
+ `mbedtls/md.h`.
Elliptic-curve cryptography (ECC)
---------------------------------
-Note: things are still evolving. This section describes the situation right
-after #7452 has been merged. It will be updated again in #7757 when bignum is
-done.
-
It is possible to have most ECC operations provided only by a driver:
- the ECDH, ECDSA and EC J-PAKE algorithms;
- key import, export, and random generation.
-More precisely:
-- you can enable `PSA_WANT_ALG_ECDH` without `MBEDTLS_ECDH_C` provided
- `MBEDTLS_PSA_ACCEL_ALG_ECDH` is enabled;
-- you can enable `PSA_WANT_ALG_ECDSA` without `MBEDTLS_ECDSA_C` provided
+More precisely, if:
+- you have driver support for ECC public and using private keys (that is,
+`MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY` and
+`MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC` are enabled), and
+- you have driver support for all ECC curves that are enabled (that is, for
+ each `PSA_WANT_ECC_xxx` macro enabled, the corresponding
+`MBEDTLS_PSA_ACCEL_ECC_xxx` macros is enabled as well);
+
+then you can:
+- enable `PSA_WANT_ALG_ECDH` without `MBEDTLS_ECDH_C`, provided
+ `MBEDTLS_PSA_ACCEL_ALG_ECDH` is enabled
+- enable `PSA_WANT_ALG_ECDSA` without `MBEDTLS_ECDSA_C`, provided
`MBEDTLS_PSA_ACCEL_ALG_ECDSA` is enabled;
-- you can enable `PSA_WANT_ALG_JPAKE` without `MBEDTLS_ECJPAKE_C` provided
+- enable `PSA_WANT_ALG_JPAKE` without `MBEDTLS_ECJPAKE_C`, provided
`MBEDTLS_PSA_ACCEL_ALG_JPAKE` is enabled.
-In addition, if none of `MBEDTLS_ECDH_C`, `MBEDTLS_ECDSA_C`,
-`MBEDTLS_ECJPAKE_C` are enabled, you can enable:
-- `PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY`;
-- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC`;
-- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT`;
-- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT`;
-- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE`;
-without `MBEDTLS_ECP_C` provided the corresponding
-`MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx` are enabled.
+In addition, if:
+- none of `MBEDTLS_ECDH_C`, `MBEDTLS_ECDSA_C`, `MBEDTLS_ECJPAKE_C` are enabled
+ (see conditions above), and
+- you have driver support for all enabled ECC key pair operations - that is,
+ for each `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx` macro enabled, the
+corresponding `MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_xxx` macros is also
+enabled,
-[Coming soon] If `MBEDTLS_ECP_C` is disabled and `ecp.c` is fully removed (see
-"Limitations regarding fully removing `ecp.c`" below), and you're not using
-RSA or FFDH, then you can also disable `MBEDTLS_BIGNUM_C` for further code
-size saving.
+then you can also disable `MBEDTLS_ECP_C`. However, a small subset of it might
+still be included in the build, see limitations sub-section below.
+
+In addition, if:
+- `MBEDTLS_ECP_C` is fully removed (see limitation sub-section below), and
+- support for RSA key types and algorithms is fully disabled, and
+- support for DH key types and the FFDH algorithm is either disabled, or
+ fully provided by a driver,
+
+then you can also disable `MBEDTLS_BIGNUM_C`.
+
+In such builds, all crypto operations via the PSA Crypto API will work as
+usual, as well as the PK, X.509 and TLS modules if `MBEDTLS_USE_PSA_CRYPTO` is
+enabled, with the following exceptions:
+- direct calls to APIs from the disabled modules are not possible;
+- PK, X.509 and TLS will not support restartable ECC operations (see
+ limitation sub-section below).
+
+If you want to check at compile-time whether a certain curve is available in
+the present build of Mbed TLS, regardless of whether ECC is provided by a
+driver or built-in, you should use the following macros:
+- for code that uses only the PSA Crypto API: `PSA_WANT_ECC_xxx` from
+ `psa/crypto.h`;
+- for code that may also use non-PSA crypto APIs: `MBEDTLS_ECP_HAVE_xxx` from
+ `mbedtls/build_info.h` where xxx can take the same values as for
+`MBEDTLS_ECP_DP_xxx` macros.
+
+Note that for externally-provided drivers, the integrator is responsible for
+ensuring the appropriate `MBEDTLS_PSA_ACCEL_xxx` macros are defined. However,
+for the p256-m driver that's provided with the library, those macros are
+automatically defined when enabling `MBEDTLS_PSA_P256M_DRIVER_ENABLED`.
### Limitations regarding fully removing `ecp.c`
@@ -130,7 +184,7 @@
### Limitations regarding restartable / interruptible ECC operations
-At the moment, there is not driver support for interruptible operations
+At the moment, there is no driver support for interruptible operations
(see `psa_sign_hash_start()` + `psa_sign_hash_complete()` etc.) so as a
consequence these are not supported in builds without `MBEDTLS_ECDSA_C`.
@@ -142,12 +196,79 @@
Again, we have plans to support this in the future but not with an established
timeline, please let us know if you're interested.
-### Limitations regarding the selection of curves
+### Limitations regarding "mixed" builds (driver and built-in)
-TODO: apparently we don't really support having some curves built-in and
-others driver-only... investigate and describe the situation. See also #7899.
+In order for a build to be driver-only (no built-in implementation), all the
+requested algorithms, key types (key operations) and curves must be
+accelerated (plus a few other restrictions, see "Limitations regarding fully
+removing `ecp.c`" above). However, what if you have an accelerator that only
+supports some algorithms, some key types (key operations), or some curves, but
+want to have more enabled in you build?
+
+It is possible to have acceleration for only a subset of the requested
+algorithms. In this case, the built-in implementation of the accelerated
+algorithms will be disabled, provided all the requested curves and key types
+that can be used with this algorithm are also declared as accelerated.
+
+There is very limited support for having acceleration for only a subset of the
+requested key type operations. The only configuration that's tested is that of
+a driver accelerating `PUBLIC_KEY`, `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`,
+`KEY_PAIR_EXPORT` but not `KEY_PAIR_GENERATE`. (Note: currently the driver
+interface does not support `KEY_PAIR_DERIVE`.)
+
+There is limited support for having acceleration for only a subset of the
+requested curves. In such builds, only the PSA API is currently tested and
+working; there are known issues in PK, and X.509 and TLS are untested.
Finite-field Diffie-Hellman
---------------------------
-TODO
+Support is pretty similar to the "Elliptic-curve cryptography (ECC)" section
+above.
+Key management and usage can be enabled by means of the usual `PSA_WANT` +
+`MBEDTLS_PSA_ACCEL` pairs:
+
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_PUBLIC_KEY`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_BASIC`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_IMPORT`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_EXPORT`;
+- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_GENERATE`;
+
+The same holds for the associated algorithm:
+`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and
+removing builtin support (i.e. `MBEDTLS_DHM_C`).
+
+### Limitations
+Support for deterministic derivation of a DH keypair
+(i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported.
+
+AEADs
+-----
+
+[This section might contain incomplete data and it is going to be updated in
+#8358, i.e. the wrap-up task for accelerated ciphers and AEADs.]
+
+It is possible to have all AEADs operations provided only by a driver.
+
+More precisely you can:
+- enable desired PSA algorithm(s) and key type(s):
+ - `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`
+ - `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`;
+- enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the
+ `PSA_WANT_xxx` of the previous step (both for algorithms and key types);
+- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY|POLY1305]_C`
+ algorithms and key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs
+ which are accelerated.
+
+In a build in which all AEADs algorithms and related key types are accelerated
+all AEADs operations requested through the PSA Crypto API (including those in
+TLS and X.509) will be performed by the driver.
+Moreover if no unauthenticated cipher is required, it is also possible to
+disable all built-in block cipher's key types
+(i.e. `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C`) and `MBEDTLS_CIPHER_C`. This
+helps in further reducing code's footprint, but unfortunately it makes the
+following modules unavailable:
+- `MBEDTLS_PKCS[5|12]_C`
+- `MBEDTLS_CTR_DRBG_C`
+- `MBEDTLS_NIST_KW_C`
+
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
index 67157e5..f9b108d 100644
--- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
+++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
@@ -1,10 +1,10 @@
-Migrating to an auto generated psa_crypto_driver_wrappers.c file
+Migrating to an auto generated psa_crypto_driver_wrappers.h file
================================================================
-This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.c file.
+This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.h file.
It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md.
-For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html).
+For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.md).
## Introduction
@@ -27,10 +27,10 @@
#### What's changed
-(1) psa_crypto_driver_wrappers.c will from this point on be auto generated.
-(2) The auto generation is based on the template file at **scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja**.
-(3) The driver JSONS to be used for generating the psa_crypto_driver_wrappers.c file can be found at **scripts/data_files/driver_jsons/** as their default location, this path includes the schemas against which the driver schemas will be validated (driver_opaque_schema.json, driver_transparent_schema.json) and a driverlist.json which specifies the drivers to be considered and the order in which they want to be called into. The default location for driverlist.json and driver JSONS can be overloaded by passing an argument --json-dir while running the script generate_driver_wrappers.py.
-(4) While the complete driver wrapper templating support is yet to come in, if the library user sees a need to patch psa_crypto_driver_wrappers.c file, the user will need to patch into the template file as needed (psa_crypto_driver_wrappers.c.jinja).
+(1) psa_crypto_driver_wrappers.h will from this point on be auto generated.
+(2) The auto generation is based on the template file at **scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja**.
+(3) The driver JSONS to be used for generating the psa_crypto_driver_wrappers.h file can be found at **scripts/data_files/driver_jsons/** as their default location, this path includes the schemas against which the driver schemas will be validated (driver_opaque_schema.json, driver_transparent_schema.json) and a driverlist.json which specifies the drivers to be considered and the order in which they want to be called into. The default location for driverlist.json and driver JSONS can be overloaded by passing an argument --json-dir while running the script generate_driver_wrappers.py.
+(4) While the complete driver wrapper templating support is yet to come in, if the library user sees a need to patch psa_crypto_driver_wrappers.h file, the user will need to patch into the template file as needed (psa_crypto_driver_wrappers.h.jinja).
#### How to set your driver up
diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md
index ae3c04c..d041723 100644
--- a/docs/psa-driver-example-and-guide.md
+++ b/docs/psa-driver-example-and-guide.md
@@ -74,7 +74,7 @@
**4. For each operation being accelerated, locate the function in the driver dispatch layer that corresponds to the entry point of that operation.** \
-The file `psa_crypto_driver_wrappers.c.jinja` contains the driver wrapper functions. For the entry points that have driver wrapper auto-generation implemented, the functions have been replaced with `jinja` templating logic. While the file has a `.jinja` extension, the driver wrapper functions for the remaining entry points are simple C functions. The names of these functions are of the form `psa_driver_wrapper` followed by the entry point name. So, for example, the function `psa_driver_wrapper_sign_hash()` corresponds to the `sign_hash` entry point.
+The file `psa_crypto_driver_wrappers.h.jinja` and `psa_crypto_driver_wrappers_no_static.c.jinja` contains the driver wrapper functions. For the entry points that have driver wrapper auto-generation implemented, the functions have been replaced with `jinja` templating logic. While the file has a `.jinja` extension, the driver wrapper functions for the remaining entry points are simple C functions. The names of these functions are of the form `psa_driver_wrapper` followed by the entry point name. So, for example, the function `psa_driver_wrapper_sign_hash()` corresponds to the `sign_hash` entry point.
**5. If a driver entry point function has been provided then ensure it has the same signature as the driver wrapper function.** \
If one has not been provided then write one. Its name should begin with the driver prefix, followed by transparent/opaque (depending on driver type), and end with the entry point name. It should have the same signature as the driver wrapper function. The purpose of the entry point function is to take arguments in PSA format for the implemented operation and return outputs/status codes in PSA format. \
@@ -138,20 +138,25 @@
### Example: Manually integrating a software accelerator alongside Mbed TLS
-[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. As such, it serves as a software accelerator. This section demonstrates the integration of `p256-m` as a transparent driver alongside Mbed TLS, serving as a guide for implementation.
-The code for p256-m can be found in `3rdparty/p256-m/p256m`. In this demonstration, p256-m is built from source alongside Mbed TLS.
+[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. It started out as an independent project and has been integrated in Mbed TLS as a PSA transparent driver. The source code of p256-m and the driver entry points is located in the Mbed TLS source tree under `3rdparty/p256-m`. In this section, we will look at how this integration was done.
-The driver prefix for p256-m is `P256`/`p256`. The driver macro is `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. To build with and use p256-m, set the macro using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run:
+The Mbed TLS build system includes the instructions needed to build p256-m. To build with and use p256-m, set the macro `MBEDTLS_PSA_P256M_DRIVER_ENABLED` using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run:
- python3 scripts/config.py set MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED
+ python3 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ python3 scripts/config.py set MBEDTLS_PSA_P256M_DRIVER_ENABLED
make
-p256-m implements four entry points: `generate_key`, `key_agreement`, `sign_hash`, `verify_hash`. The `sign/verify_hash` entry points are used instead of `sign/verify_message` as messages must be hashed prior to any operation, and p256-m does not implement this. The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes.
+(You need extra steps if you want to disable the built-in implementation of ECC algorithms, which includes more features than p256-m. Refer to the documentation of `MBEDTLS_PSA_P256M_DRIVER_ENABLED` and [`driver-only-builds.md`](driver-only-builds.md) for more information.)
-The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called.
+The driver prefix for p256-m is `P256`/`p256`.
+The p256-m driver implements the following entry points: `"import_key"`, `"export_public_key"`, `"generate_key"`, `"key_agreement"`, `"sign_hash"`, `"verify_hash"`.
+There are no entry points for `"sign_message"` and `"verify_message"`, which are not necessary for a sign-and-hash algorithm. The core still implements these functions by doing the hashes and then calling the sign/verify-hash entry points.
+The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes.
+
+The driver wrapper functions in `psa_crypto_driver_wrappers.h.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_PSA_P256M_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called.
```
-#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
PSA_ALG_IS_ECDSA(alg) &&
!PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
@@ -170,6 +175,6 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
```
-Following this, p256-m is now ready to use alongside Mbed TLS as a software accelerator. If `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` is set in the config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable.
+Following this, p256-m is now ready to use alongside Mbed TLS as a software accelerator. If `MBEDTLS_PSA_P256M_DRIVER_ENABLED` is set in the config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable.
diff --git a/docs/psa-transition.md b/docs/psa-transition.md
new file mode 100644
index 0000000..067ffaf
--- /dev/null
+++ b/docs/psa-transition.md
@@ -0,0 +1,1341 @@
+# Transitioning to the PSA API
+
+> I have code written for `mbedtls_` cryptography APIs. How do I migrate to `psa_` APIs?
+
+## Introduction
+
+Mbed TLS is gradually moving from legacy `mbedtls_xxx` APIs to newer `psa_xxx` APIs for cryptography. Note that this only concerns cryptography APIs, not X.509 or SSL/TLS APIs.
+
+This guide is intended to help migrate existing applications that use Mbed TLS for cryptography. It aims to cover common use cases, but cannot cover all possible scenarios.
+
+### Suggested reading
+
+This document is long, but you probably don't need to read all of it. You should start with the following sections:
+
+1. [Where can I find documentation?](#where-can-i-find-documentation)
+2. [General considerations](#general-considerations)
+
+Then use the [summary of API modules](#summary-of-api-modules), the table of contents or a text search to locate the sections that interest you, based on what legacy interfaces your code is currently using.
+
+### Where can I find documentation?
+
+**Tutorial**: See the [getting started guide](https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/).
+
+**Reference**: The [PSA Crypto API specification](https://arm-software.github.io/psa-api/crypto/) is available online. Mbed TLS implements a large subset of the specification which is documented in the [`psa/crypto*.h` headers](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto_8h/).
+
+### Additional resources
+
+* [Mbed TLS open issues](https://github.com/Mbed-TLS/mbedtls/issues)
+* [PSA API open issues](https://github.com/ARM-software/psa-api/issues) (not just cryptography APIs)
+* [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org/)
+
+### Why change the API?
+
+* Mbed TLS APIs are traditionally very transparent: the caller can access internal fields of operations. This is less true in the 3.x major version than before, but still the case to some extent. This offers applications some flexibility, but it removes flexibility from the implementation. For example, it is hard to support hardware acceleration, because the API constrains how the data must be represented. PSA APIs were designed to be more opaque, giving more freedom to the implementation.
+* Mbed TLS legacy APIs require key material to be present in the application memory. The PSA Crypto API natively supports operations on keys stored in an external [location](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/lifetimes.html#c.psa_key_location_t) (secure enclave, secure element, HSM, etc.).
+* PSA APIs have [consistent conventions](https://arm-software.github.io/psa-api/crypto/1.1/overview/conventions.html#parameter-conventions) which many legacy APIs in Mbed TLS do not follow. For example, many legacy cryptography functions require the caller to know how large an output buffer needs to be based on the selected algorithm, whereas in the PSA API, all buffer arguments have a well-defined size and those sizes are checked.
+* Mbed TLS legacy APIs require passing around a random generator argument where needed. This has historically been problematic with functions that were created without an RNG argument but later needed one as part of a security countermeasure. The PSA crypto subsystem maintains a global random generator, resolving this problem.
+
+### Migration timeline
+
+* Mbed TLS 2.15.0 (Nov 2018): first release with a draft implementation of the PSA API.
+* Mbed TLS 2.18.0 (Jun 2019): The PSA API is available in the default build.
+* Mbed TLS 3.1.0 (Dec 2021): TLS 1.3 support is the first major feature that requires the PSA API.
+* Mbed TLS 4.0.0 (2024?): X.509 and TLS require the PSA API. Removal of some legacy crypto APIs.
+* Mbed TLS 5.0.0 (??): Removal of the remaining non-PSA crypto APIs.
+
+## General considerations
+
+### Configuration of the PSA subsystem
+
+To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled. (It is enabled in the default configuration.)
+
+You should probably enable [`MBEDTLS_USE_PSA_CRYPTO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a70fd7b97d5f11170546583f2095942a6) as well (it is disabled by default). This option causes the PK, X.509 and TLS modules to use PSA crypto under the hood. Some functions that facilitate the transition (for example, to convert between metadata encodings or between key representations) are only available when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
+
+By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API (configured by `MBEDTLS_XXX` macros). The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”.
+
+### Header files
+
+Applications only need to include a single header file:
+```
+#include <psa/crypto.h>
+```
+
+### General application layout
+
+Before any cryptographic operation, call [`psa_crypto_init`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__initialization/#group__initialization_1ga2de150803fc2f7dc6101d5af7e921dd9) and check that it succeeds. (A failure indicates an abnormal system state from which most applications cannot recover.)
+
+If you wish to free all resources associated with PSA cryptography, call [`mbedtls_psa_crypto_free`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#_CPPv423mbedtls_psa_crypto_freev).
+
+The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually (no need to create an `mbedtls_entropy_context` and an `mbedtls_xxx_drbg_context`).
+
+### Error codes
+
+Mbed TLS functions return a status of type `int`: 0 for success (or occasionally a positive value which is the output length), or a negative value `MBEDTLS_ERR_xxx` indicating an error.
+
+PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/#group__error_1ga05676e70ba5c6a7565aff3c36677c1f9): `PSA_SUCCESS == 0` for success, or a negative value [`PSA_ERROR_xxx`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/) indicating an error.
+
+### Memory management
+
+Apart from keys, as described in “[Key management](#key-management)” below, APIs that need to preserve state between function calls store this state in a structure allocated by the calling code. For example, multipart operations store state in a multipart operation object.
+
+All PSA operation objects must be zero-initialized (or equivalently, initialized with the provided `PSA_XXX_INIT` macro or `psa_xxx_init()` function) before calling any API function.
+
+Functions that output data require an output buffer of sufficient size. For all PSA crypto API functions that have an output buffer, there is a corresponding macro, generally called `PSA_XXX_OUTPUT_SIZE`, that calculates a sufficient size for the output buffer, given the relevant parameters. In some cases, there may be macros with less precision which can be resolved at compile time. For example, for the size of a buffer containing a hash, you can use `PSA_HASH_LENGTH(hash_alg)` where `hash_alg` is a specific hash algorithm, or `PSA_HASH_MAX_SIZE` for a buffer that is long enough for any supported hash. See the relevant sections of this document and of the reference documentation for more details.
+
+#### Key management
+
+One of the major differences between the legacy API and the PSA API is that in the PSA API, access to keys is indirect. Operations that require a key take a parameter of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t), which is an identifier for the key. This allows the API to be used with keys that are not directly accessible to the application, for example because they are stored in a secure environment that does not allow the key material to be exported.
+
+To use a key:
+
+1. First create a key object with a key creation function. The two most common ones are [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) if you have the key material available and [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to create a random key. The key creation function has the key identifier as an output parameter.
+2. Use the key as desired, passing the key identifier obtained during the key creation.
+3. Finally destroy the key object with [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2).
+
+See “[Cipher key management](#cipher-key-management)”, “[MAC key management](#mac-key-management)”, “[Key lifecycle for asymmetric cryptography](#key-lifecycle-for-asymmetric-cryptography)”, “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” and “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)” for more details about key management in specific workflows, including information about choosing the key's attributes.
+
+If you need access to the key material, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If you need the public key corresponding to a key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062).
+
+Note that a key consumes a key store entry, which is distinct from heap memory, until it is destroyed or the application exits. (This is not true for persistent keys, which instead consume disk space. Since persistent keys have no analog in the legacy API, we will not discuss them further in this document.)
+
+## Summary of API modules
+
+| Header | Function prefix | PSA equivalent |
+| ------ | --------------- | -------------- |
+| `aes.h` | `mbedtls_aes_` | [Symmetric encryption](#symmetric-encryption) |
+| `aria.h` | `mbedtls_aria_` | [Symmetric encryption](#symmetric-encryption) |
+| `asn1.h` | `mbedtls_asn1_` | No change ([PK support interface](#pk-format-support-interfaces)) |
+| `asn1write.h` | `mbedtls_asn1_write_` | No change ([PK support interface](#pk-format-support-interfaces)) |
+| `base64.h` | `mbedtls_base64_` | No change ([PK support interface](#pk-format-support-interfaces)) |
+| `bignum.h` | `mbedtls_mpi_` | None (no low-level arithmetic) |
+| `build_info.h` | `MBEDTLS_` | No change (not a crypto API) |
+| `camellia.h` | `mbedtls_camellia_` | [Symmetric encryption](#symmetric-encryption) |
+| `ccm.h` | `mbedtls_ccm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) |
+| `chacha20.h` | `mbedtls_chacha20_` | [Symmetric encryption](#symmetric-encryption) |
+| `chachapoly.h` | `mbedtls_chachapoly_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) |
+| `check_config.h` | N/A | No public APIs (internal support header) |
+| `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) |
+| `cmac.h` | `mbedtls_cipher_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) |
+| `compat-2.x.h` | various | None (transitional APIs) |
+| `config_psa.h` | N/A | No public APIs (internal support header) |
+| `constant_time.h` | `mbedtls_ct_` | [Constant-time functions](#constant-time-functions) |
+| `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) |
+| `debug.h` | `mbedtls_debug_` | No change (not a crypto API) |
+| `des.h` | `mbedtls_des_` | [Symmetric encryption](#symmetric-encryption) |
+| `dhm.h` | `mbedtls_dhm_` | [Asymmetric cryptography](#asymmetric-cryptography) |
+| `ecdh.h` | `mbedtls_ecdh_` | [Asymmetric cryptography](#asymmetric-cryptography) |
+| `ecdsa.h` | `mbedtls_ecdsa_` | [Asymmetric cryptography](#asymmetric-cryptography) |
+| `ecjpake.h` | `mbedtls_ecjpake_` | [EC-JPAKE](#ec-jpake) |
+| `ecp.h` | `mbedtls_ecp_` | [Asymmetric cryptography](#asymmetric-cryptography) |
+| `entropy.h` | `mbedtls_entropy_` | [Random generation interface](#random-generation-interface), [Entropy sources](#entropy-sources) |
+| `error.h` | `mbedtls_*err*` | [Error messages](#error-messages) |
+| `gcm.h` | `mbedtls_gcm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) |
+| `hkdf.h` | `mbedtls_hkdf_` | [HKDF](#hkdf) |
+| `hmac_drbg.h` | `mbedtls_hmac_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) |
+| `lms.h` | `mbedtls_lms_` | No change ([LMS signatures](#lms-signatures)) |
+| `mbedtls_config.h` | `MBEDTLS_` | [Compile-time configuration](#compile-time-configuration) |
+| `md.h` | `mbedtls_md_` | [Hashes and MAC](#hashes-and-mac) |
+| `md5.h` | `mbedtls_md5_` | [Hashes and MAC](#hashes-and-mac) |
+| `memory_buffer_alloc.h` | `mbedtls_memory_buffer_alloc_` | No change (not a crypto API) |
+| `net_sockets.h` | `mbedtls_net_` | No change (not a crypto API) |
+| `nist_kw.h` | `mbedtls_nist_kw_` | Migration path not yet defined |
+| `oid.h` | `mbedtls_oid_` | No change ([PK support interface](#pk-format-support-interfaces)) |
+| `pem.h` | `mbedtls_pem_` | No change ([PK support interface](#pk-format-support-interfaces)) |
+| `pk.h` | `mbedtls_pk_` | [Asymmetric cryptography](#asymmetric-cryptography) |
+| `pkcs5.h` | `mbedtls_pkcs5_` | [PKCS#5 module](#pkcs5-module) |
+| `pkcs7.h` | `mbedtls_pkcs7_` | No change (not a crypto API) |
+| `pkcs12.h` | `mbedtls_pkcs12_` | [PKCS#12 module](#pkcs12-module) |
+| `platform.h` | `mbedtls_platform_` | No change (not a crypto API) |
+| `platform_time.h` | `mbedtls_*time*` | No change (not a crypto API) |
+| `platform_util.h` | `mbedtls_platform_` | No change (not a crypto API) |
+| `poly1305.h` | `mbedtls_poly1305_` | None (but there is Chacha20-Poly1305 [AEAD](#symmetric-encryption)) |
+| `private_access.h` | N/A | No public APIs (internal support header) |
+| `psa_util.h` | N/A | No public APIs (internal support header) |
+| `ripemd160.h` | `mbedtls_ripemd160_` | [Hashes and MAC](#hashes-and-mac) |
+| `rsa.h` | `mbedtls_rsa_` | [Asymmetric cryptography](#asymmetric-cryptography) |
+| `sha1.h` | `mbedtls_sha1_` | [Hashes and MAC](#hashes-and-mac) |
+| `sha3.h` | `mbedtls_sha3_` | [Hashes and MAC](#hashes-and-mac) |
+| `sha256.h` | `mbedtls_sha256_` | [Hashes and MAC](#hashes-and-mac) |
+| `sha512.h` | `mbedtls_sha512_` | [Hashes and MAC](#hashes-and-mac) |
+| `ssl.h` | `mbedtls_ssl_` | No change (not a crypto API) |
+| `ssl_cache.h` | `mbedtls_ssl_cache_` | No change (not a crypto API) |
+| `ssl_ciphersuites.h` | `mbedtls_ssl_ciphersuite_` | No change (not a crypto API) |
+| `ssl_cookie.h` | `mbedtls_ssl_cookie_` | No change (not a crypto API) |
+| `ssl_ticket.h` | `mbedtls_ssl_ticket_` | No change (not a crypto API) |
+| `threading.h` | `mbedtls_threading_` | No change (not a crypto API) |
+| `timing.h` | `mbedtls_timing_` | No change (not a crypto API) |
+| `version.h` | `mbedtls_version_` | No change (not a crypto API) |
+| `x509.h` | `mbedtls_x509` | No change (not a crypto API) |
+| `x509_crl.h` | `mbedtls_x509` | No change (not a crypto API) |
+| `x509_crt.h` | `mbedtls_x509` | No change (not a crypto API) |
+| `x509_csr.h` | `mbedtls_x509` | No change (not a crypto API) |
+
+## Compile-time configuration
+
+### Cryptographic mechanism availability
+
+**This section only applies if `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled.** This option is disabled in the default configuration.
+
+When the configuration option [`MBEDTLS_PSA_CRYPTO_CONFIG`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a5aca5ddcffb586acad82f9aef26db056) is enabled, the cryptographic mechanisms available through the PSA API are determined by the contents of the header file `"psa/crypto_config.h"`. You can override the file location with the macro [`MBEDTLS_PSA_CRYPTO_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a25f7e358caa101570cb9519705c2b873), and you can set [`MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1abd1870cc0d2681183a3018a7247cb137) to the path of an additional file (similar to `MBEDTLS_CONFIG_FILE` and `MBEDTLS_USER_CONFIG_FILE` for legacy configuration symbols).
+
+The availability of cryptographic mechanisms in the PSA API is based on a systematic pattern:
+
+* To make `PSA_ALG_aaa` available, enable `PSA_WANT_ALG_aaa`.
+ For parametrized algorithms, there is a `PSA_WANT_` symbol both for the main macro and for each argument. For example, to make `PSA_ALG_HMAC(PSA_ALG_SHA_256)` available, enable both `PSA_WANT_ALG_HMAC` and `PSA_WANT_ALG_SHA_256`.
+
+* To make `PSA_KEY_TYPE_ttt` available, enable `PSA_WANT_KEY_TYPE_ttt`.
+
+ As an exception, starting in Mbed TLS 3.5.0, for key pair types, the feature selection is more fine-grained, with an additional suffix:
+ * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC` enables basic support for the key type, and in particular support for operations with a key of that type for enabled algorithms. This is automatically enabled if any of the other `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy` options are enabled.
+ * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_IMPORT` enables support for `psa_import_key` to import a key of that type.
+ * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type.
+ * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type.
+ * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_EXPORT` enables support for `psa_export_key` to export a key of that type.
+
+ Enabling any support for a key pair type automatically enables support for the corresponding public key type, as well as support for `psa_export_public_key` on the private key.
+
+* To make `PSA_ECC_FAMILY_fff` available for size sss, enable `PSA_WANT_ECC_fff_sss`.
+
+Note that all `PSA_WANT_xxx` symbols must be set to a non-zero value. In particular, setting `PSA_WANT_xxx` to an empty value may not be handled consistently.
+
+For example, the following configuration enables hashing with SHA-256, AEAD with AES-GCM, signature with deterministic ECDSA using SHA-256 on the curve secp256r1 using a randomly generated key as well as the corresponding verification, and ECDH key exchange on secp256r1 and Curve25519.
+
+```
+#define PSA_WANT_ALG_SHA_256 1
+
+#define PSA_WANT_KEY_TYPE_AES 1
+#define PSA_WANT_ALG_GCM 1
+
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+// ^^ In Mbed TLS <= 3.4, enable PSA_WANT_KEY_TYPE_ECC_KEY_PAIR instead
+// ^^ implicitly enables PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+#define PSA_WANT_ECC_SECP_R1_256 1 // secp256r1 (suitable for ECDSA and ECDH)
+#define PSA_WANT_ECC_MONTGOMERY_255 1 // Curve25519 (suitable for ECDH)
+#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
+#define PSA_WANT_ALG_ECDH
+```
+
+If a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will normally not include it. This allows builds that use few features to have a small code size. However, this is not guaranteed: a mechanism that is not explicitly requested can be enabled because it is a dependency of another configuration option, because it is used internally, or because the granularity is not fine enough to distinguish between it and another mechanism that is requested.
+
+Under the hood, `PSA_WANT_xxx` enables the necessary legacy modules. Note that if a mechanism has a PSA accelerator driver, the corresponding legacy module is typically not needed. Thus applications that use a cryptographic mechanism both through the legacy API and through the PSA API need to explicitly enable both the `PSA_WANT_xxx` symbols and the `MBEDTLS_xxx` symbols.
+
+### Optimization options
+
+When PSA Crypto mechanisms are implemented by the built-in code from Mbed TLS, the legacy optimization options (e.g. `MBEDTLS_SHA256_SMALLER`, `MBEDTLS_ECP_WINDOW_SIZE`, etc.) apply to the PSA implementation as well (they invoke the same code under the hood).
+
+The PSA Crypto API may use accelerator drivers. In this case any options controlling the driver behavior are driver-specific.
+
+### Alternative implementations (`MBEDTLS_xxx_ALT` options)
+
+In the Mbed TLS legacy interface, you can replace some cryptographic primitives and modes by an alternative implementation, by enabling configuration options of the form `MBEDTLS_xxx_ALT` and linking with your own implementation of the affected function or module. Alternative implementations remain supported in Mbed TLS 3.x even if the application code uses the PSA API. However, they will be removed from the next version of the library.
+
+The corresponding PSA feature is accelerator drivers. To implement an accelerator driver, see the [PSA cryptoprocessor driver example and guide](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-driver-example-and-guide.md). In an application that uses both the legacy interface and the PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the legacy interface. See the [Guide to driver-only builds](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/driver-only-builds.md) for more information.
+
+### Self-tests
+
+There is currently [no PSA equivalent to the self-tests](https://github.com/Mbed-TLS/mbedtls/issues/7781) enabled by `MBEDTLS_SELF_TEST`.
+
+## Miscellaneous support modules
+
+### Error messages
+
+At the time of writing, there is no equivalent to the error messages provided by `mbedtls_strerror`. However, you can use the companion program `programs/psa/psa_constant_names` to convert various numbers (`psa_status_t`, `psa_algorithm_t`, `psa_key_type_t`, `psa_ecc_family_t`, `psa_dh_family_t`, `psa_key_usage_t`) to a programmer-friendly representation. The conversion doesn't depend on the library configuration or the target platform, so you can use a native build of this program even if you cross-compile your application.
+
+```
+$ programs/psa/psa_constant_names error -138
+PSA_ERROR_BUFFER_TOO_SMALL
+$ programs/psa/psa_constant_names type 0x7112
+PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)
+$ programs/psa/psa_constant_names alg 0x06000609
+PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+```
+
+The other functions in `error.h` are specific to the construction of Mbed TLS error code and are not relevant to the PSA API. PSA error codes are never the combination of multiple codes.
+
+### Constant-time functions
+
+The PSA API does not have an equivalent to the timing-side-channel-resistance utility functions in `constant_time.h`. Continue using `constant_time.h` as needed.
+
+Note that the PSA API does include features that reduce the need for `mbedtls_ct_memcmp`:
+
+* To compare a MAC with a reference value, use `psa_mac_verify` rather than `psa_mac_compute` followed by `mbedtls_ct_memcmp`, or use `psa_mac_verify_setup` and `psa_mac_verify_finish` in the multi-part case. See “[MAC calculation](#mac-calculation)”.
+* The AEAD decryption functions take care of verifying the tag. See “[Authenticated cipher operations](#authenticated-cipher-operations)”.
+
+## Symmetric encryption
+
+All PSA APIs have algorithm agility, where the functions depend only on the nature of the operation and the choice of a specific algorithm comes from an argument. There is no special API for a particular block cipher (`aes.h`, `aria.h`, `camellia.h`, `des.h`), a particular block cipher mode (`ccm.h`, `gcm.h`) or a particular stream cipher (`chacha20.h`, `chachapoly.h`). To migrate code using those low-level modules, please follow the recommendations in the following sections, using the same principles as the corresponding `cipher.h` API.
+
+### Cipher mechanism selection
+
+Instead of `mbedtls_cipher_id_t` (`MBEDTLS_CIPHER_ID_xxx` constants), `mbedtls_cipher_type_t` (`MBEDTLS_CIPHER_base_size_mode` constants), `mbedtls_cipher_mode_t` (`MBEDTLS_CIPHER_MODE_xxx` constants) and `mbedtls_cipher_padding_t` (`MBEDTLS_CIPHER_PADDING_xxx` constants), use the [`PSA_KEY_TYPE_xxx` and `PSA_ALG_xxx` constants](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/).
+
+For modes that are based on a block cipher, the key type encodes the choice of block cipher:
+[`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e),
+[`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA),
+[`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81),
+[`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138).
+The algorithm encodes the mode and if relevant the padding type:
+
+* Unauthenticated cipher modes:
+ [`PSA_ALG_CTR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad318309706a769cffdc64e4c7e06b2e9),
+ [`PSA_ALG_CFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0088c933e01d671f263a9a1f177cb5bc),
+ [`PSA_ALG_OFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gae96bb421fa634c6fa8f571f0112f1ddb),
+ [`PSA_ALG_XTS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa722c0e426a797fd6d99623f59748125),
+ [`PSA_ALG_ECB_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab8f0609cd0f12cccc9c950fd5a81a0e3),
+ [`PSA_ALG_CBC_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gacb332d72716958880ee7f97d8365ae66),
+ [`PSA_ALG_CBC_PKCS7`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaef50d2e9716eb6d476046608e4e0c78c),
+ [`PSA_ALG_CCM_STAR_NO_TAG`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga89627bb27ec3ce642853ab8554a88572).
+* Other padding modes, which are obsolete, are not available in the PSA API. If you need them, handle the padding in your application code and use the `NO_PADDING` algorithm.
+* AEAD modes:
+ [`PSA_ALG_CCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2c0e7d21f1b2df5e76bcb4a8f84273c),
+ [`PSA_ALG_GCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0d7d02b15aaae490d38277d99f1c637c).
+* KW/KWP modes are not available in the PSA API at the time of writing.
+
+For the ChaCha20 unauthenticated cipher, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_STREAM_CIPHER`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad98c105198f7428f7d1dffcb2cd398cd).
+For the Chacha20+Poly1305 AEAD, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_CHACHA20_POLY1305`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1fec55093541640a71bdd022d4adfb9c)
+
+### Cipher mechanism availability
+
+For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. Note that for a mechanism to be supported, both the key type and the algorithm must be supported.
+
+For example, to test if AES-CBC-PKCS7 is supported, in the legacy API, you could write:
+```
+#if defined(MBEDTLS_AES_C) && \
+ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+```
+The equivalent in the PSA API is
+```
+#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CBC_PKCS7
+```
+
+### Cipher metadata
+
+Both APIs express key sizes in bits. Note however that in the PSA API, the size of a _buffer_ is always expressed in bytes, even if that buffer contains a key.
+
+The following table lists corresponding PSA macros for maximum-size macros that take all supported algorithms into account.
+
+| Legacy macro | PSA macro |
+| ------------ | --------- |
+| `MBEDTLS_MAX_IV_LENGTH` | [`PSA_CIPHER_IV_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_MAX_SIZE), [`PSA_AEAD_NONCE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ac2a332765ba4ccfc24935d6f7f48fcc7) |
+| `MBEDTLS_MAX_BLOCK_LENGTH` | [`PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) |
+| `MBEDTLS_MAX_KEY_LENGTH` | no equivalent|
+
+There is no equivalent to the type `mbedtls_cipher_info_t` and the functions `mbedtls_cipher_info_from_type` and `mbedtls_cipher_info_from_values` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants).
+
+| Legacy function | PSA macro |
+| --------------- | --------- |
+| `mbedtls_cipher_info_get_iv_size` | [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH), [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH) |
+| `mbedtls_cipher_info_get_block_size` | not available (use specific macros for the IV, nonce or tag length) |
+
+The following features have no PSA equivalent:
+
+* `mbedtls_cipher_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future.
+* `mbedtls_cipher_info_has_variable_key_bitlen`, `mbedtls_cipher_info_has_variable_iv_size`: the PSA API does not currently have such mechanism for high-level metadata information.
+* `mbedtls_cipher_info_from_string`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name.
+
+### Cipher key management
+
+The legacy API and the PSA API have a different organization of operations in several respects:
+
+* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call.
+* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions.
+* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable.
+
+Here is an overview of the lifecycle of a key object.
+
+1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters:
+ * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”).
+ * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material.
+ * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms.
+ * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_ENCRYPT) or [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DECRYPT), depending on which direction you want to use the key in. To allow both directions, use the flag mask `PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT`. The same policy flags cover authenticated and non-authenticated encryption/decryption.
+2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object.
+ * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material.
+ * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5).
+ * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1).
+3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations.
+4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished.
+
+### Unauthenticated cipher operations
+
+Recall the workflow of an unauthenticated cipher operation in the legacy Mbed TLS cipher API:
+
+1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`.
+2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable.
+3. Set the IV with `mbedtls_cipher_set_iv` (except for ECB which does not use an IV).
+4. For a one-shot operation, call `mbedtls_cipher_crypt`. To pass the input in multiple parts, call `mbedtls_cipher_update` as many times as necessary followed by `mbedtls_cipher_finish`.
+5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`.
+
+For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the equivalent workflow with the PSA API is to call a single function:
+
+* [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer.
+* [`psa_cipher_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gab3593f5f14d8c0431dd306d80929215e) to perform decryption with a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer.
+
+For a multi-part operation, the equivalent workflow with the PSA API is as follows:
+
+1. Create an operation object of type [`psa_cipher_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1399de29db657e3737bb09927aae51fa) and zero-initialize it (or use the corresponding `INIT` macro).
+2. Select the key and algorithm with [`psa_cipher_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga587374c0eb8137a572f8e2fc409bb2b4) or [`psa_cipher_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaa4ba3a167066eaef2ea49abc5dcd1d4b) depending on the desired direction.
+3. When encrypting with a random IV, use [`psa_cipher_generate_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga29fd7d32a5729226a2f73e7b6487bd8a). When encrypting with a chosen IV, or when decrypting, set the IV with [`psa_cipher_set_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga9caddac1a429a5032d6d4a907fb70ba1). Skip this step with ECB since it does not use an IV.
+4. Call [`psa_cipher_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gac3ca27ac6682917c48247d01fd96cd0f) as many times as needed. You can use [`PSA_CIPHER_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE) or [`PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ab1f6598efd6a7dc56e7ad7e34719eb32) to determine a sufficient size for the output buffer.
+5. Call [`psa_cipher_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1dcb58b8befe23f8a4d7a1d49c99249b) to obtain the last part of the output. You can use [`PSA_CIPHER_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_SIZE) or [`PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer.
+
+If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4).
+
+### Authenticated cipher operations
+
+Recall the workflow of an authenticated cipher operation in the legacy Mbed TLS cipher API (or similar workflows in the `chachapoly`, `ccm` and `gcm` modules):
+
+1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`.
+2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable.
+3. Set the nonce with `mbedtls_cipher_set_iv` (or the `starts` function for low-level modules). For CCM, which requires direct use of the `ccm` module, also call `mbedtls_ccm_set_lengths` to set the length of the additional data and of the plaintext.
+4. Call `mbedtls_cipher_update_ad` to pass the unencrypted additional data.
+5. Call `mbedtls_cipher_update` as many times as necessary to pass the input plaintext or ciphertext.
+6. Call `mbedtls_cipher_finish` to obtain the last part of the output. Then call `mbedtls_cipher_write_tag` (when encrypting) or `mbedtls_cipher_check_tag` (when decrypting) to process the authentication tag.
+7. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`.
+
+Steps 3–6 can be replaced by a single call to `mbedtls_cipher_auth_encrypt_ext` or `mbedtls_cipher_auth_decrypt_ext` for a one-shot operation (where the whole plaintext or ciphertext is passed as a single input).
+
+For a one-shot operation, the PSA API allows you to call a single function:
+
+* [`psa_aead_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae72e1eb3c2da3ebd843bb9c8db8df509) to perform authenticated encryption with a random nonce of the default size (indicated by [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH)), with the authentication tag written at the end of the output. (To encrypt with a specified nonce, or to separate the tag from the rest of the ciphertext, use the multi-part API described below.) You can use the macro [`PSA_AEAD_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE) or [`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer.
+* [`psa_aead_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae799f6196a22d50c216c947e0320d3ba) to perform authenticated decryption of a ciphertext with the authentication tag at the end. (If the tag is separate, use the multi-part API described below.) You can use the macro [`PSA_AEAD_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer.
+
+For a multi-part operation, the equivalent workflow with the PSA API is as follows:
+
+1. Create an operation object of type [`psa_aead_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga14f6a01afbaa8c5b3d8c5d345cbaa3ed) and zero-initialize it (or use the corresponding `INIT` macro).
+2. Select the key and algorithm with [`psa_aead_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga2732c40ce8f3619d41359a329e9b46c4) or [`psa_aead_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaaa5c5018e67a7a6514b7e76b9a14de26) depending on the desired direction.
+3. When encrypting with a random nonce, use [`psa_aead_generate_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga5799df1c555efd35970b65be51cb07d1). When encrypting with a chosen nonce, or when decrypting, set the nonce with [`psa_aead_set_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga59132751a6f843d038924cb217b5e13b). If the algorithm is CCM, you must also call [`psa_aead_set_lengths`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gad3431e28d05002c2a7b0760610176050) before or after setting the nonce (for other algorithms, this is permitted but not needed).
+4. Call [`psa_aead_update_ad`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga6d0eed03f832e5c9c91cb8adf2882569) as many times as needed.
+5. Call [`psa_aead_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaf6d49864951ca42136b4a9b71ea26e5c) as many times as needed. You can use [`PSA_AEAD_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_SIZE) or [`PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer.
+6. Finally:
+ * When encrypting, call [`psa_aead_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga759791bbe1763b377c3b5447641f1fc8) to obtain the last part of the ciphertext and the authentication tag. You can use [`PSA_AEAD_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_SIZE) or [`PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer.
+ * When decrypting, call [`psa_aead_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae0280e2e61a185b893c36d858453f0d0) to obtain the last part of the plaintext and check the authentication tag. You can use [`PSA_AEAD_VERIFY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_SIZE) or [`PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer.
+
+If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0).
+
+### Miscellaneous cipher operation management
+
+The equivalent of `mbedtls_cipher_reset` is to call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4) or [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). Note that you must set the key again with a setup function: the PSA API does not have a special way to reuse an operation object with the same key.
+
+There is no equivalent for the `mbedtls_cipher_get_xxx` functions to extract information from an ongoing PSA cipher or AEAD operation. Applications that need this information will need to save it from the key and operation parameters.
+
+## Hashes and MAC
+
+The PSA API groups functions by purpose rather than by underlying primitive: there is a MAC API (equivalent to `md.h` for HMAC, and `cmac.h` for CMAC) and a hash API (equivalent to `md.h` for hashing). There is no special API for a particular hash algorithm (`md5.h`, `sha1.h`, `sha256.h`, `sha512.h`, `sha3.h`). To migrate code using those low-level modules, please follow the recommendations in the following section, using the same principles as the corresponding `md.h` API.
+
+The PSA API does not have a direct interface for the AES-CMAC-PRF-128 algorithm from RFC 4615 calculated by `mbedtls_aes_cmac_prf_128` at the time of writing. You can implement it using the MAC interface with an AES key and the CMAC algorithm.
+
+### Hash mechanism selection
+
+The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD_XXX` constants is the type `psa_algorithm_t` and `PSA_ALG_xxx` constants (the type encompasses all categories of cryptographic algorithms, not just hashes). PSA offers a similar selection of algorithms, but note that SHA-1 and SHA-2 are spelled slightly differently.
+
+| Mbed TLS constant | PSA constant |
+| ---------------------- | ------------------- |
+| `MBEDTLS_MD_MD5` | `PSA_ALG_MD5` |
+| `MBEDTLS_MD_SHA1` | `PSA_ALG_SHA_1` |
+| `MBEDTLS_MD_SHA224` | `PSA_ALG_SHA_224` |
+| `MBEDTLS_MD_SHA256` | `PSA_ALG_SHA_256` |
+| `MBEDTLS_MD_SHA384` | `PSA_ALG_SHA_384` |
+| `MBEDTLS_MD_SHA512` | `PSA_ALG_SHA_512` |
+| `MBEDTLS_MD_RIPEMD160` | `PSA_ALG_RIPEMD160` |
+| `MBEDTLS_MD_SHA3_224` | `PSA_ALG_SHA3_224` |
+| `MBEDTLS_MD_SHA3_256` | `PSA_ALG_SHA3_256` |
+| `MBEDTLS_MD_SHA3_384` | `PSA_ALG_SHA3_384` |
+| `MBEDTLS_MD_SHA3_512` | `PSA_ALG_SHA3_512` |
+
+### MAC mechanism selection
+
+PSA Crypto has a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a combination of an algorithm value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69) and a key type value of type [`psa_key_type_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga63fce6880ca5933b5d6baa257febf1f6).
+
+* For HMAC, the algorithm is [`PSA_ALG_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga70f397425684b3efcde1e0e34c28261f)`(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”),
+ for example `PSA_ALG_HMAC(PSA_ALG_SHA_256)` for HMAC-SHA-256.
+ The key type is [`PSA_KEY_TYPE_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_KEY_TYPE_HMAC) regardless of the hash algorithm.
+* For CMAC, the algorithm is [`PSA_ALG_CMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_CMAC) regardless of the underlying block cipher. The key type determines the block cipher:
+ [`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e),
+ [`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA),
+ [`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81) or
+ [`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138).
+
+### Hash and MAC mechanism availability
+
+For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. For a compound mechanism, all parts must be supported. In particular, for HMAC, all three of `PSA_WANT_KEY_TYPE_HMAC`, `PSA_WANT_ALG_HMAC` and the underlying hash must be enabled. (A configuration with only one of `PSA_WANT_KEY_TYPE_HMAC` and `PSA_WANT_ALG_HMAC` is technically possible but not useful.)
+
+For example, to test if HMAC-SHA-256 is supported, in the legacy API, you could write:
+```
+#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C)
+```
+The equivalent in the PSA API is
+```
+#if PSA_WANT_KEY_TYPE_HMAC && PSA_WANT_ALG_HMAC && PSA_WANT_ALG_SHA_256
+```
+
+To test if AES-CMAC is supported, in the legacy API, you could write:
+```
+if defined(MBEDTLS_AES_C) && defined(MBEDTLS_CMAC_C)
+```
+The equivalent in the PSA API is
+```
+#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CMAC
+```
+
+### Hash algorithm metadata
+
+There is no equivalent to the type `mbedtls_md_info_t` and the functions `mbedtls_md_info_from_type` and `mbedtls_md_get_type` in the PSA API because it is unnecessary. All macros and functions operate directly on algorithm (`psa_algorithm_t`, `PSA_ALG_xxx` constants).
+
+| Legacy macro | PSA macro |
+| ------------ | --------- |
+| `MBEDTLS_MD_MAX_SIZE` | [`PSA_HASH_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_MAX_SIZE) |
+| `MBEDTLS_MD_MAX_BLOCK_SIZE` | [`PSA_HMAC_MAX_HASH_BLOCK_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HMAC_MAX_HASH_BLOCK_SIZE) |
+| `mbedtls_md_get_size` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) |
+| `mbedtls_md_get_size_from_type` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) |
+
+The following features have no PSA equivalent:
+
+* `mbedtls_md_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future.
+* `mbedtls_md_info_from_ctx`
+* `mbedtls_cipher_info_from_string`, `mbedtls_md_get_name`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name.
+
+### Hash calculation
+
+The equivalent of `mbedtls_md` for a one-shot hash calculation is [`psa_hash_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gac69f7f19d96a56c28cf3799d11b12156). In addition, to compare the hash of a message with an expected value, you can call [`psa_hash_compare`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga0c08f4797bec96b886c8c8d7acc2a553) instead of `mbedtls_md` followed by `memcmp` or a constant-time equivalent.
+
+For a multi-part hash calculation, the legacy process is as follows:
+
+1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`.
+2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=0`. Then call `mbedtls_md_starts` to start the hash operation.
+3. Call `mbedtls_md_update` as many times as necessary.
+4. Call `mbedtls_md_finish`. If verifying the hash against an expected value, compare the result with the expected value.
+5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`.
+
+The equivalent process in the PSA API is as follows:
+
+1. Create an operation object of type [`psa_hash_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga3c4205d2ce66c4095fc5c78c25273fab) and zero-initialize it (or use the corresponding `INIT` macro).
+2. Call [`psa_hash_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga8d72896cf70fc4d514c5c6b978912515) to specify the algorithm.
+3. Call [`psa_hash_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga65b16ef97d7f650899b7db4b7d1112ff) as many times as necessary.
+4. To obtain the hash, call [`psa_hash_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga4795fd06a0067b0adcd92e9627b8c97e). Alternatively, to verify the hash against an expected value, call [`psa_hash_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga7be923c5700c9c70ef77ee9b76d1a5c0).
+
+If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928).
+
+There is no equivalent to `mbedtls_md_file` in the PSA API. Load the file data and calculate its hash.
+
+### MAC key management
+
+The legacy API and the PSA API have a different organization of operations in several respects:
+
+* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call.
+* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions.
+* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable.
+
+Here is an overview of the lifecycle of a key object.
+
+1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters:
+ * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”).
+ * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material.
+ * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms.
+ * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_SIGN_MESSAGE) to calculate a MAC or [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_VERIFY_MESSAGE) to verify the MAC of a message. To allow both directions, use the flag mask `PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE`.
+2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object.
+ * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material.
+ * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5).
+ * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1).
+3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations.
+4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished.
+
+### MAC calculation
+
+The process for a HMAC operation in the legacy API is as follows:
+
+1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`.
+2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=1`. Then call `mbedtls_md_hmac_starts` to set the key.
+3. Call `mbedtls_md_hmac_update` as many times as necessary.
+4. Call `mbedtls_md_hmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`.
+5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`.
+
+The process for a CMAC operation in the legacy API is as follows:
+
+1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`.
+2. Call `mbedtls_cipher_setup` to select the block cipher. Then call `mbedtls_md_cmac_starts` to set the key.
+3. Call `mbedtls_cipher_cmac_update` as many times as necessary.
+4. Call `mbedtls_cipher_cmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`.
+5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`.
+
+The process in the PSA API to calculate a MAC is as follows:
+
+1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro).
+2. Call [`psa_mac_sign_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga03bc3e3c0b7e55b20d2a238e418d46cd) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier.
+3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary.
+4. To obtain the MAC, call [`psa_mac_sign_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac22bc0125580c96724a09226cfbc97f2).
+
+To verify a MAC against an expected value, use the following process instead:
+
+1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro).
+2. Call [`psa_mac_verify_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga08ae327fcbc5f8e201172fe11e536984) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier.
+3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary.
+4. To verify the MAC against an expected value, call [`psa_mac_verify_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac92b2930d6728e1be4d011c05d485822).
+
+If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd).
+
+The PSA API also offers functions for a one-shot MAC calculation, similar to `mbedtls_cipher_cmac` and `mbedtls_md_hmac`:
+
+* [`psa_mac_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gabf02ebd3595ea15436967092b5d52878) to calculate the MAC of a buffer in memory.
+* [`psa_mac_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gaf6988545df5d5e2466c34d753443b15a) to verify the MAC of a buffer in memory against an expected value.
+
+In both cases, see “[MAC key management](#mac-key-management)” for how to obtain a key identifier.
+
+### Miscellaneous hash or MAC operation management
+
+The equivalent of `mbedtls_md_reset`, `mbedtls_md_hmac_reset` or `mbedtls_cmac_reset` is to call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928) or [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). Note that you must call a setup function to specify the algorithm and the key (for MAC) again, and they can be different ones.
+
+The equivalent of `mbedtls_md_clone` to clone a hash operation is [`psa_hash_clone`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga39673348f3302b4646bd780034a5aeda). A PSA MAC operation cannot be cloned.
+
+## Key derivation
+
+### HKDF
+
+PSA Crypto provides access to HKDF, HKDF-Extract and HKDF-Expand via its [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/). This is a generic interface using an operation object with one function call for each input and one function call for each output.
+
+1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro).
+2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For HKDF and variants, use one of the macros [`PSA_ALG_HKDF`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF), [`PSA_ALG_HKDF_EXTRACT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXTRACT) or [`PSA_ALG_HKDF_EXPAND`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXPAND) with the [hash algorithm](#hash-mechanism-selection) passed as an argument. For example `PSA_ALG_HKDF(PSA_ALG_SHA_256)` selects HKDF-SHA-256.
+3. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows:
+ 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. Omit this step for HKDF-Expand. For HKDF, you may omit this step if the salt is empty.
+ 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the secret input.
+ 3. [`PSA_KEY_DERIVATION_INPUT_INFO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gacef8df989e09c769233f4b779acb5b7d) for the info string used during the expansion step. Omit this step for HKDF-Extract.
+4. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key.
+5. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object.
+
+### PKCS#5 module
+
+Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf2_hmac_ext` can switch to the PSA key derivation API for PBKDF2. This is a generic interface using an operation object with one function call for each input and one function call for each output.
+
+1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro).
+2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For PBKDF2-HMAC, select `PSA_ALG_PBKDF2_HMAC(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”).
+3. Call `psa_key_derivation_input_cost` with the step `PSA_KEY_DERIVATION_INPUT_COST` to select the iteration count.
+4. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows:
+ 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. You may repeat this step to pass the salt in pieces (for example a salt and a pepper).
+ 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the password.
+5. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks.
+ Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key.
+ If you want to verify the output against an expected value (for authentication, rather than to derive key material), call [`psa_key_derivation_verify_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gaf01520beb7ba932143ffe733b0795b08) or [`psa_key_derivation_verify_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac041714e34a94742e8ee006ac7dfea5a) instead of `psa_key_derivation_output_bytes`. (Note that the `verify` functions are not yet present in the 3.5 release of Mbed TLS. They are expected to be released in version 3.6.0.)
+6. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object.
+
+The function `mbedtls_pkcs5_pbes2` is only intended as a support function to parse encrypted private keys in the PK module. It has no PSA equivalent.
+
+### PKCS#12 module
+
+The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbe` are only intended as support functions to parse encrypted private keys in the PK module. They have no PSA equivalent.
+
+## Random generation
+
+### Random generation interface
+
+The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually, so most applications using PSA crypto do not need the interfaces from `entropy.h`, `ctr_drbg.h` and `hmac_drbg.h`. See the next sections for remaining use cases for [entropy](#entropy-sources) and [DRBG](#deterministic-pseudorandom-generation).
+
+The PSA API uses its internal random generator to generate keys (`psa_generate_key`), nonces for encryption (`psa_cipher_generate_iv`, `psa_cipher_encrypt`, `psa_aead_generate_nonce`, `psa_aead_encrypt`, `psa_asymmetric_encrypt`), and other random material as needed. If you need random data for some other purposes, call [`psa_generate_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5).
+
+If your application mixes uses of the PSA crypto API and the mbedtls API and you need to pass an RNG argument to a legacy or X.509/TLS function, include the header file `<mbedtls/psa_util.h>` and use:
+
+* [`mbedtls_psa_get_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#_CPPv422mbedtls_psa_get_randomPvPh6size_t) as the `f_rng` argument;
+* [`MBEDTLS_PSA_RANDOM_STATE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#c.MBEDTLS_PSA_RANDOM_STATE) as the `p_rng` argument.
+
+You can remove the Mbed TLS RNG boilerplate (`mbedtls_entropy_init`, `mbedtls_ctr_drbg_init`, `mbedtls_ctr_drbg_seed`, `mbedtls_ctr_drbg_random`, `mbedtls_ctr_drbg_free`, `mbedtls_entropy_free` — or `hmac_drbg` equivalents of the `ctr_drbg` functions) once you have finished replacing the references to `mbedtls_ctr_drbg_random` (or `mbedtls_hmac_drbg_random`) by `mbedtls_psa_get_random`.
+
+### Entropy sources
+
+Unless explicitly configured otherwise, the PSA random generator uses the default entropy sources configured through the legacy interface (`MBEDTLS_ENTROPY_xxx` symbols). Its set of sources is equivalent to an entropy object configured with `mbedtls_entropy_init`.
+
+A future version of Mbed TLS will include a PSA interface for configuring entropy sources. This is likely to replace the legacy interface in Mbed TLS 4.0.
+
+### Deterministic pseudorandom generation
+
+The PSA API does not have a dedicated interface for pseudorandom generation. The [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) can serve a similar purpose in some applications, but it does not offer CTR\_DRBG or HMAC\_DRBG. If you need these algorithms, keep using `ctr_drbg.h` and `hmac_drbg.h`, but note that they may be removed from the public API in Mbed TLS 4.0.
+
+## Asymmetric cryptography
+
+The PSA API supports RSA (see “[RSA mechanism selection](#rsa-mechanism-selection)”), elliptic curve cryptography (see “[ECC mechanism selection](#elliptic-curve-mechanism-selection)” and “[EC-JPAKE](#ec-jpake)”) and finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”).
+
+### Key lifecycle for asymmetric cryptography
+
+In the PSA API, keys are referenced by an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t).
+(Some documentation references [`mbedtls_svc_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv420mbedtls_svc_key_id_t); the two types are identical except when the library is configured for use in a multi-client cryptography service.)
+The PSA key identifier tends to play the same role as an `mbedtls_pk_context`, `mbedtls_rsa_context` or `mbedtls_ecp_keypair` structure in the legacy API. However, there are major differences in the way the two APIs can be used to create keys or to obtain information about a key.
+
+Here is an overview of the lifecycle of a PSA key object.
+
+1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters:
+ * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”).
+ * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's conceptual size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material.
+ * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the permitted algorithm to the desired `PSA_ALG_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” as well as “[Public-key cryptography policies](#public-key-cryptography-policies)”).
+ * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable the desired usage types (see “[Public-key cryptography policies](#public-key-cryptography-policies)”).
+2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object.
+ * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material.
+ * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5).
+ * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1).
+3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations.
+4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished.
+
+### Public-key cryptography policies
+
+A key's policy indicates what algorithm(s) it can be used with (usage algorithm policy) and what operations are permitted (usage flags).
+
+The following table lists the relevant usage flags for asymmetric cryptography. You can pass those flags (combined with bitwise-or) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de).
+
+| Usage | Flag |
+| ----- | ---- |
+| export public key | 0 (always permitted) |
+| export private key | [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) |
+| Sign a message directly | [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) |
+| Sign an already-calculated hash | at least one of [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) or [`PSA_KEY_USAGE_SIGN_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) |
+| Verify a message directly | [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) |
+| Verify an already-calculated hash | at least one of [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) or [`PSA_KEY_USAGE_VERIFY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gafadf131ef2182045e3483d03aadaa1bd) |
+| Encryption | [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga75153b296d045d529d97203a6a995dad) |
+| Decryption | [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gac3f2d2e5983db1edde9f142ca9bf8e6a) |
+| Key agreement | [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gaf19022acc5ef23cf12477f632b48a0b2) |
+
+The sections “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” cover the available algorithm values for each key type. Normally, a key can only be used with a single algorithm, following standard good practice. However, there are two ways to relax this requirement.
+
+* Many signature algorithms encode a hash algorithm. Sometimes the same key may need to be used to sign messages with multiple different hashes. In an algorithm policy, you can use [`PSA_ALG_ANY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_ANY_HASH) instead of a hash algorithm value to allow the key to be used with any hash. For example, `psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH))` allows the key to be used with RSASSA-PSS, with different hash algorithms in each operation.
+* In addition to the algorithm (or wildcard) selected with [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98), you can use [`psa_set_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to permit a second algorithm (or wildcard). This is intended for scenarios where a key is normally used with a single algorithm, but needs to be used with a different algorithm for enrollment (such as an ECDH key for which an ECDSA proof-of-possession is also required).
+
+### Asymmetric cryptographic mechanisms
+
+#### RSA mechanism selection
+
+The PK types `MBEDTLS_PK_RSA`, `MBEDTLS_PK_RSASSA_PSS` and `MBEDTLS_PK_RSA_ALT` correspond to RSA key types in the PSA API. In the PSA API, key pairs and public keys are separate object types.
+See “[RSA-ALT interface](#rsa-alt-interface)” for more information about `MBEDTLS_PK_RSA_ALT`.
+
+The PSA API uses policies and algorithm parameters rather than key types to distinguish between RSA-based mechanisms. The PSA algorithm selection corresponds to the `mbedtls_pk_type_t` value passed to `mbedtls_pk_{sign,verify}_ext`. It also replaces the use of `mbedtls_rsa_set_padding` on an `mbedtls_rsa_context` object. See the list of algorithms below and the signature and encryption sections for more information.
+
+An RSA public key has the type [`PSA_KEY_TYPE_RSA_PUBLIC_KEY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9ba0878f56c8bcd1995ac017a74f513b).
+
+An RSA key pair has the type [`PSA_KEY_TYPE_RSA_KEY_PAIR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11745b110166e927e2abeabc7d532051). A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key).
+You can always use a private key for operations on the corresponding public key (as long as the policy permits it).
+
+The following cryptographic algorithms work with RSA keys:
+
+* PKCS#1v1.5 RSA signature: [`PSA_ALG_RSA_PKCS1V15_SIGN`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af), [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817).
+* PKCS#1v1.5 RSA encryption: [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9).
+* PKCS#1 RSASSA-PSS signature: [`PSA_ALG_RSA_PSS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d), [`PSA_ALG_RSA_PSS_ANY_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b).
+* PKCS#1 RSAES-OAEP encryption: [`PSA_ALG_RSA_OAEP`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76).
+
+#### Elliptic curve mechanism selection
+
+The PK types `MBEDTLS_PK_ECKEY`, `MBEDTLS_PK_ECKEY_DH` and `MBEDTLS_PK_ECDSA` correspond to elliptic-curve key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. The PSA API uses policies and algorithm parameters rather than key types to distinguish between the PK EC types.
+
+An ECC public key has the type [`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad54c03d3b47020e571a72cd01d978cf2) where `curve` is a curve family identifier.
+
+An ECC key pair has the type [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) where `curve` is a curve family identifier. A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key).
+You can always use a private key for operations on the corresponding public key (as long as the policy permits it).
+
+A curve is fully determined by a curve family identifier and the private key size in bits. The following table gives the correspondence between legacy and PSA elliptic curve designations.
+
+| Mbed TLS legacy curve identifier | PSA curve family | Curve bit-size |
+| -------------------------------- | ---------------- | -------------- |
+| `MBEDTLS_ECP_DP_SECP192R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 |
+| `MBEDTLS_ECP_DP_SECP224R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 224 |
+| `MBEDTLS_ECP_DP_SECP256R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 |
+| `MBEDTLS_ECP_DP_SECP384R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 384 |
+| `MBEDTLS_ECP_DP_SECP521R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 521 |
+| `MBEDTLS_ECP_DP_BP256R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 256 |
+| `MBEDTLS_ECP_DP_BP384R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 384 |
+| `MBEDTLS_ECP_DP_BP512R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 512 |
+| `MBEDTLS_ECP_DP_CURVE25519` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 255 |
+| `MBEDTLS_ECP_DP_SECP192K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 |
+| `MBEDTLS_ECP_DP_SECP224K1` | not supported | N/A |
+| `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 |
+| `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 |
+
+The following cryptographic algorithms work with ECC keys:
+
+* ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43).
+* ECDSA: [`PSA_ALG_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3), [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4), [`PSA_ALG_DETERMINISTIC_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03).
+* EC-JPAKE (see “[EC-JPAKE](#ec-jpake)”.
+
+#### Diffie-Hellman mechanism selection
+
+A finite-field Diffie-Hellman key pair has the type [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) where `group` is a group family as explained below.
+
+A finite-field Diffie-Hellman public key has the type [`PSA_KEY_TYPE_DH_PUBLIC_KEY(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa22f0f2ea89b929f2fadc19890cc5d5c) where `group` is a group family as explained below. Due to the design of the API, there is rarely a need to use Diffie-Hellman public key objects.
+
+The PSA API only supports Diffie-Hellman with predefined groups. A group is fully determined by a group family identifier and the public key size in bits.
+
+| Mbed TLS DH group P value | PSA DH group family | Bit-size |
+| ------------------------- | ------------------- | -------- |
+| `MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 2048 |
+| `MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 3072 |
+| `MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 4096 |
+| `MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 6144 |
+| `MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 8192 |
+
+A finite-field Diffie-Hellman key can be used for key agreement with the algorithm [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4).
+
+### Creating keys for asymmetric cryptography
+
+The easiest way to create a key pair object is by randomly generating it with [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). Compared with the low-level functions from the legacy API (`mbedtls_rsa_gen_key`, `mbedtls_ecp_gen_privkey`, `mbedtls_ecp_gen_keypair`, `mbedtls_ecp_gen_keypair_base`, `mbedtls_ecdsa_genkey`), this directly creates an object that can be used with high-level APIs, but removes some of the flexibility. Note that if you want to export the generated private key, you must pass the flag [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de); exporting the public key with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) is always permitted.
+
+For RSA keys, `psa_generate_key` always uses 65537 as the public exponent. If you need a different public exponent, use the legacy interface to create the key then import it as described in “[Importing legacy keys via the PK module](#importing-legacy-keys-via-the-pk-module)”.
+
+To create a key object from existing material, use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). While this function has the same basic goal as the PK parse functions (`mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`), it is limited to a single format that just contains the number(s) that make up the key, with very little metadata. This format is a substring of one of the formats accepted by the PK functions (except for finite-field Diffie-Hellman which the PK module does not support). The table below summarizes the PSA import/export format for key pairs and public keys; see the documentation of [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) for more details.
+
+| Key type | PSA import/export format |
+| -------- | ------------------------ |
+| RSA key pair | PKCS#1 RSAPrivateKey DER encoding (including both private exponent and CRT parameters) |
+| RSA public key | PKCS#1 RSAPublicKey DER encoding |
+| ECC key pair | Fixed-length private value (not containing the public key) |
+| ECC public key (Weierstrass curve) | Fixed-length uncompressed point |
+| ECC public key (Montgomery curve) | Fixed-length public value |
+| FFDH key pair | Fixed-length private value (not containing the public key) |
+| FFDH public key | Fixed-length public value |
+
+There is no equivalent of `mbedtls_pk_parse_keyfile` and `mbedtls_pk_parse_public_keyfile`. Either call the legacy function or load the file data manually.
+
+A future extension of the PSA API will support other import formats. Until those are implemented, see the following subsections for ways to use the PK module for key parsing and construct a PSA key object from the PK object.
+
+#### Importing legacy keys via the PK module
+
+You can use glue functions in the PK module to create a key object using the legacy API, then import that object into the PSA subsystem. This is useful for use cases that the PSA API does not currently cover, such as:
+
+* Parsing a key in a format with metadata without knowing its type ahead of time.
+* Importing a key which you have in the form of a list of numbers, rather than the binary encoding required by `psa_import_key`.
+* Importing a key with less information than what the PSA API needs, for example an ECC public key in a compressed format, an RSA private key without the private exponent, or an RSA private key without the CRT parameters.
+* Generating an RSA key with $e \ne 65537$.
+
+#### Importing a PK key by wrapping
+
+If you have a PK object, you can call `mbedtls_pk_wrap_as_opaque` to create a PSA key object with the same key material. (This function is only present in builds with `MBEDTLS_USE_PSA_CRYPTO` enabled. It is experimental and [will likely be replaced by a slightly different interface in a future version of Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/7760)). This function automatically determines the PSA key type and lets you specify the usage policy (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). Once you've called this function, you can destroy the PK object. This function calls `psa_import_key` internally; call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to destroy the PSA key object once your application no longer needs it. Common scenarios where this workflow is useful are:
+
+* You have working code that's calling `mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`, `mbedtls_pk_parse_keyfile` or `mbedtls_pk_parse_public_keyfile` to create a PK object.
+* You have working code that's using the `rsa.h` or `ecp.h` API to create a key object, and there is no PSA equivalent.
+
+You can use this workflow to import an RSA key via an `mbedtls_rsa_context` object or an ECC key via an `mbedtls_ecp_keypair` object:
+
+1. Call `mbedtls_pk_init` then `mbedtls_pk_setup` to set up a PK context for the desired key type (`MBEDTLS_PK_RSA` or `MBEDTLS_PK_ECKEY`).
+2. Call `mbedtls_pk_rsa` or `mbedtls_pk_ec` to obtain the underlying low-level context.
+3. Call `mbedtls_rsa_xxx` or `mbedtls_ecp_xxx` functions to construct the desired key. For example:
+ * `mbedtls_rsa_import` or `mbedtls_rsa_import_raw` followed by `mbedtls_rsa_complete` to create an RSA private key without all the parameters required by the PSA API.
+ * `mbedtls_rsa_gen_key` to generate an RSA private key with a custom public exponent.
+4. Call `mbedtls_pk_wrap_as_opaque` as described above to create a corresponding PSA key object.
+5. Call `mbedtls_pk_free` to free the resources associated with the PK object.
+
+#### Importing a PK key by export-import
+
+This section explains how to export a PK object in the PSA import format. The process depends on the key type. You can use `mbedtls_pk_get_type` or `mbedtls_pk_can_do` to distinguish between RSA and ECC keys. The snippets below assume that the key is in an `mbedtls_pk_context pk`, and omit error checking.
+
+For an RSA private key:
+
+```
+unsigned char buf[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
+size_t length = mbedtls_pk_write_key_der(&pk, buf, sizeof(buf));
+psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+psa_set_key_attributes(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
+psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...);
+psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...);
+psa_key_id_t key_id = 0;
+psa_import_key(&attributes, buf + sizeof(buf) - length, length, &key_id);
+mbedtls_pk_free(&pk);
+```
+
+For an ECC private key (a future version of Mbed TLS [will provide a more direct way to find the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764)):
+
+```
+unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+size_t length = PSA_BITS_TO_BYTES(mbedtls_pk_bitlen(&pk));
+mbedtls_ecp_keypair *ec = mbedtls_pk_ec(&pk);
+psa_ecc_curve_t curve;
+{
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point Q;
+ mbedtls_ecp_point_init(&Q);
+ mbedtls_mpi d;
+ mbedtls_mpi_init(&d);
+ mbedtls_ecp_export(ec, &grp, &d, &Q);
+ size_t bits;
+ curve = mbedtls_ecc_group_to_psa(grp.id, &bits);
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&Q);
+ mbedtls_mpi_free(&d);
+}
+mbedtls_ecp_write_key(ec, buf, length);
+psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
+psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...);
+psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...);
+psa_key_id_t key_id = 0;
+psa_import_key(&attributes, buf, length, &key_id);
+mbedtls_pk_free(&pk);
+```
+
+For an RSA or ECC public key:
+
+```
+unsigned char buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
+size_t length = mbedtls_pk_write_pubkey(&pk, buf, sizeof(buf));
+psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+psa_set_key_attributes(&attributes, ...); // need to determine the type manually
+psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...);
+psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...);
+psa_key_id_t key_id = 0;
+psa_import_key(&attributes, buf + sizeof(buf) - length, length, &key_id);
+mbedtls_pk_free(&pk);
+```
+
+#### Importing an elliptic curve key from ECP
+
+This section explains how to use the `ecp.h` API to create an elliptic curve key in a format suitable for `psa_import_key`.
+
+You can use this, for example, to import an ECC key in the form of a compressed point by calling `mbedtls_ecp_point_read_binary` then following the process below.
+
+The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. (This includes `mbedtls_ecdsa_keypair` objects since that is just a type alias.) Error checks are omitted for simplicity. A future version of Mbed TLS [will provide a function to calculate the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764).
+
+```
+mbedtls_ecp_keypair ec;
+mbedtls_ecp_keypair_init(&ec);
+// Omitted: fill ec with key material
+// (the public key will not be used and does not need to be set)
+unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+size_t length = PSA_BITS_TO_BYTES(mbedtls_pk_bitlen(&pk));
+mbedtls_ecp_write_key(&ec, buf, length);
+psa_ecc_curve_t curve = ...; // need to determine the curve family manually
+psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
+psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...);
+psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...);
+psa_key_id_t key_id = 0;
+psa_import_key(&attributes, buf, length, &key_id);
+mbedtls_ecp_keypair_free(&ec);
+```
+The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. Error checks are omitted for simplicity.
+
+```
+mbedtls_ecp_group grp;
+mbedtls_ecp_group_init(&grp);
+mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_...);
+mbedtls_ecp_point pt;
+mbedtls_ecp_point_init(&pt);
+// Omitted: fill pt with key material
+unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_PUBLIC_KEY_MAX_SIZE)];
+size_t length;
+mbedtls_ecp_point_write_binary(&grp, &pt, &length, buf, sizeof(buf));
+psa_ecc_curve_t curve = ...; // need to determine the curve family manually
+psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve));
+psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...);
+psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...);
+psa_key_id_t key_id = 0;
+psa_import_key(&attributes, buf, length, &key_id);
+mbedtls_ecp_point_free(&pt);
+mbedtls_ecp_group_free(&grp);
+```
+
+### Key pair and public key metadata
+
+There is no equivalent to the type `mbedtls_pk_info_t` and the functions `mbedtls_pk_info_from_type` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants).
+
+You can call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) to populate a structure with the attributes of a key, then functions such as [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain a key's type (`PSA_KEY_TYPE_xxx` value) and size (nominal size in bits).
+
+The bit-size from `psa_get_key_bits` is the same as the one from `mbedtls_pk_get_bitlen`. To convert to bytes as `mbedtls_pk_get_len` or `mbedtls_rsa_get_len` do, you can use the macro `PSA_BITS_TO_BYTES`. However, note that the PSA API has generic macros for each related buffer size (export, signature size, etc.), so you should generally use those instead. The present document lists those macros where it explains the usage of the corresponding function.
+
+Most code that calls `mbedtls_pk_get_type` or `mbedtls_pk_can_do` only requires the key's type as reported by [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918). For code that uses both `mbedtls_pk_context` objects and PSA metadata encoding, [`mbedtls_pk_can_do_ext`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a256d3e8d4323a45aafa7d2b6c59a36f6) checks the compatibility between a key object and a mechanism. If needed, you can also access a key's policy from its attributes with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaa1af20f142ca722222c6d98678a0c448), [`psa_get_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac255da850a00bbed925390044f016b34) and [`psa_get_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga39803b62a97198cf630854db9b53c588). The algorithm policy also conveys the padding and hash information provided by `mbedtls_rsa_get_padding_mode` and `mbedtls_rsa_get_md_alg`.
+
+### Exporting a public key or a key pair
+
+To export a PSA key pair or public key, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If the key is a key pair, its policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”).
+
+To export a PSA public key or to export the public key of a PSA key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062). This is always permitted regardless of the key's policy.
+
+The export format is the same format used for `psa_import_key`, described in “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” above.
+
+A future extension of the PSA API will support other export formats. Until those are implemented, see “[Exporting a PK key by wrapping](#exporting-a-pk-key-by-wrapping)” for ways to use the PK module to format a PSA key.
+
+#### Exporting a PK key by wrapping
+
+You can wrap a PSA key object in a PK key context with `mbedtls_pk_setup_opaque`. This allows you to call functions such as `mbedtls_pk_write_key_der`, `mbedtls_pk_write_pubkey_der`, `mbedtls_pk_write_pubkey_pem`, `mbedtls_pk_write_key_pem` or `mbedtls_pk_write_pubkey` to export the key data in various formats.
+
+### Signature operations
+
+The equivalent of `mbedtls_pk_sign` or `mbedtls_pk_sign_ext` to sign an already calculated hash is [`psa_sign_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga785e746a31a7b2a35ae5175c5ace3c5c).
+The key must be a key pair allowing the usage `PSA_KEY_USAGE_SIGN_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”).
+Use [`PSA_SIGN_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGN_OUTPUT_SIZE) or [`PSA_SIGNATURE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGNATURE_MAX_SIZE) (similar to `MBEDTLS_PK_SIGNATURE_MAX_SIZE`) to determine a sufficient size for the output buffer.
+This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext` and `mbedtls_ecdsa_write_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details.
+
+The equivalent of `mbedtls_pk_verify` or `mbedtls_pk_verify_ext` to verify an already calculated hash is [`psa_verify_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gae2ffbf01e5266391aff22b101a49f5f5).
+The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_VERIFY_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”).
+This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_verify`, `mbedtls_rsa_rsassa_pkcs1_v15_verify`, `mbedtls_rsa_rsassa_pss_verify`, `mbedtls_rsa_rsassa_pss_verify_ext`, `mbedtls_ecdsa_verify` amd `mbedtls_ecdsa_read_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details.
+
+Generally, `psa_sign_hash` and `psa_verify_hash` require the input to have the correct length for the hash (this has historically not always been enforced in the corresponding legacy APIs).
+
+See also “[Restartable ECDSA signature](#restartable-ecdsa-signature)” for a restartable variant of this API.
+
+The PSA API also has functions [`psa_sign_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga963ecadae9c38c85826f9a13cf1529b9) and [`psa_verify_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga01c11f480b185a4268bebd013df7c14c). These functions combine the hash calculation with the signature calculation or verification.
+For `psa_sign_message`, either the usage flag `PSA_KEY_USAGE_SIGN_MESSAGE` or `PSA_KEY_USAGE_SIGN_HASH` is sufficient.
+For `psa_verify_message`, either the usage flag `PSA_KEY_USAGE_VERIFY_MESSAGE` or `PSA_KEY_USAGE_VERIFY_HASH` is sufficient.
+
+Most signature algorithms involve a hash algorithm. See “[Hash mechanism selection](#hash-mechanism-selection)”.
+
+The following subsections describe the PSA signature mechanisms that correspond to legacy Mbed TLS mechanisms.
+
+#### ECDSA signature
+
+**Note: in the PSA API, the format of an ECDSA signature is the raw fixed-size format. This is different from the legacy API** which uses the ASN.1 DER format for ECDSA signatures. A future version of Mbed TLS [will provide a way to convert between the two formats](https://github.com/Mbed-TLS/mbedtls/issues/7765).
+<!-- The following are specific to the DER format and therefore have no PSA equivalent: MBEDTLS_ECDSA_MAX_SIG_LEN, MBEDTLS_ECDSA_MAX_LEN -->
+
+ECDSA is the mechanism provided by `mbedtls_pk_sign` and `mbedtls_pk_verify` for ECDSA keys, as well as by `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext`, `mbedtls_ecdsa_write_signature`, `mbedtls_ecdsa_verify` and `mbedtls_ecdsa_read_signature`.
+
+The PSA API offers three algorithm constructors for ECDSA. They differ only for signature, and have exactly the same behavior for verification.
+
+* [`PSA_ALG_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3) is a randomized ECDSA signature of a hash calculated with the algorithm `hash`.
+* [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4) is equivalent to `PSA_ALG_ECDSA`, but does not require specifying a hash as part of the algorithm. It can only be used with `psa_sign_hash` and `psa_verify_hash`, with no constraint on the length of the hash.
+* [`PSA_ALG_DETERMINISTIC_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03) is a deterministic ECDSA signature of a hash calculated with the algorithm `hash`. This is the same as the functionality offered by `MBEDTLS_ECDSA_DETERMINISTIC` in the legacy API.
+ * For `psa_sign_message` with `PSA_ALG_DETERMINISTIC_ECDSA`, the same hash algorithm is used to hash the message and to parametrize the deterministic signature generation.
+
+Unlike the legacy API, where `mbedtls_pk_sign` and `mbedtls_ecdsa_write_signature` automatically select deterministic ECDSA if both are available, the PSA API requires the application to select the preferred variant. ECDSA verification cannot distinguish between randomized and deterministic ECDSA (except in so far as if the same message is signed twice and the signatures are different, then at least one of the signatures is not the determinstic variant), so in most cases switching between the two is a compatible change.
+
+#### Restartable ECDSA signature
+
+The legacy API includes an API for “restartable” ECC operations: the operation returns after doing partial computation, and can be resumed. This is intended for highly constrained devices where long cryptographic calculations need to be broken up to poll some inputs, where interrupt-based scheduling is not desired. The legacy API consists of the functions `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable`, `mbedtls_ecdsa_sign_restartable`, `mbedtls_ecdsa_verify_restartable`, `mbedtls_ecdsa_write_signature_restartable`, `mbedtls_ecdsa_read_signature_restartable`, as well as several configuration and data manipulation functions.
+
+The PSA API offers similar functionality via “interruptible” public-key operations. As of Mbed TLS 3.5, it is only implemented for ECDSA, for the same curves as the legacy API. This will likely be extended to ECDH in the short term. At the time of writing, no extension is planned to other curves or other algorithms.
+
+The flow of operations for an interruptible signature operation is as follows:
+
+1. Create an operation object of type [`psa_sign_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6948d4653175b1b530a265540066a7e7) and zero-initialize it (or use the corresponding `INIT` macro).
+2. Call [`psa_sign_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga441988da830205182b3e791352537fac) with the private key object and the hash to verify.
+3. Call [`psa_sign_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga79849aaa7004a85d2ffbc4b658a333dd) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`.
+
+The flow of operations for an interruptible signature verification operation is as follows:
+
+1. Create an operation object of type [`psa_verify_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga537054cf4909ad1426331ae4ce7148bb) and zero-initialize it (or use the corresponding `INIT` macro).
+2. Call [`psa_verify_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga912eb51fb94056858f451f276ee289cb) with the private key object and the hash and signature to verify.
+3. Call [`psa_verify_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga67fe82352bc2f8c0343e231a70a5bc7d) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`.
+
+If you need to cancel the operation after calling the start function without waiting for the loop calling the complete function to finish, call [`psa_sign_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1gae893a4813aa8e03bd201fe4f1bbbb403) or [`psa_verify_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga18dc9c0cc27d590c5e3b186094d90f88).
+
+Call [`psa_interruptible_set_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6d86790b31657c13705214f373af869e) to set the number of basic operations per call. This is the same unit as `mbedtls_ecp_set_max_ops`. You can retrieve the current value with [`psa_interruptible_get_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga73e66a6d93f2690b626fcea20ada62b2). The value is [`PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible/#group__interruptible_1gad19c1da7f6b7d59d5873d5b68eb943d4) if operations are not restartable, which corresponds to `mbedtls_ecp_restart_is_enabled()` being false.
+
+#### PKCS#1 v1.5 RSA signature
+
+This mechanism corresponds to `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` for an RSA key, unless PSS has been selected with `mbedtls_rsa_set_padding` on the underlying RSA key context. This mechanism also corresponds to `mbedtls_rsa_rsassa_pkcs1_v15_sign` and `mbedtls_rsa_rsassa_pkcs1_v15_verify`.
+
+The PSA API has two algorithm constructors:
+
+* [`PSA_ALG_RSA_PKCS1V15_SIGN(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af) formats the hash as specified in PKCS#1. The hash algorithm corresponds to the `md_alg` parameter of the legacy functions.
+* [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817) uses the “hash” input in lieu of a DigestInfo structure. This is the same as calling the legacy functions with `md_alg=MBEDTLS_MD_NONE`.
+
+#### PKCS#1 RSASSA-PSS signature
+
+This mechanism corresponds to `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext` for an RSA key, as well as `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` if PSS has been selected on the underlying RSA context with `mbedlts_rsa_set_padding`.
+It also corresponds to `mbedtls_rsa_rsassa_pss_sign` and `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify` and `mbedtls_rsa_rsassa_pss_verify_ext`.
+
+The PSA API has two algorithm constructors: [`PSA_ALG_RSA_PSS(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d) and [`PSA_ALG_RSA_PSS_ANY_SALT(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). They differ only for verification, and have exactly the same behavior for signature. The hash algorithm `hash` corresponds to the `md_alg` parameter passed to the legacy API. It is used to hash the message, to create the salted hash, and for the mask generation with MGF1. The PSA API does not support using different hash algorithms for these different purposes.
+
+With respect to the salt length:
+
+* When signing, the salt is random, and the salt length is the largest possible salt length up to the hash length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument.
+* When verifying, `PSA_ALG_RSA_PSS` requires the the salt length to the largest possible salt length up to the hash length (i.e. the same that would be used for signing).
+* When verifying, `PSA_ALG_RSA_PSS_ANY_SALT` accepts any salt length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument.
+
+### Asymmetric encryption and decryption
+
+The equivalent of `mbedtls_pk_encrypt`, `mbedtls_rsa_pkcs1_encrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_encrypt` or `mbedtls_rsa_rsaes_oaep_encrypt` to encrypt a short message (typically a symmetric key) is [`psa_asymmetric_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gaa17f61e4ddafd1823d2c834b3706c290).
+The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”).
+Use the macro [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a66ba3bd93e5ec52870ccc3848778bad8) or [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size.
+
+The equivalent of `mbedtls_pk_decrypt`, `mbedtls_rsa_pkcs1_decrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` or `mbedtls_rsa_rsaes_oaep_decrypt` to decrypt a short message (typically a symmetric key) is [`psa_asymmetric_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga4f968756f6b22aab362b598b202d83d7).
+The key must be a key pair allowing the usage `PSA_KEY_USAGE_DECRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”).
+Use the macro [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a61a246f3eac41989821d982e56fea6c1) or [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size.
+
+The following subsections describe the PSA asymmetric encryption mechanisms that correspond to legacy Mbed TLS mechanisms.
+
+#### RSA PKCS#1v1.5 encryption
+
+This is the mechanism used by the PK functions and by `mbedtls_rsa_pkcs1_{encrypt,decrypt}` unless `mbedtls_rsa_set_padding` has been called on the underlying RSA key context.
+This is also the mechanism used by `mbedtls_rsa_rsaes_pkcs1_v15_{encrypt,decrypt}`.
+
+The PSA algorithm is [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9).
+
+Beware that PKCS#1v1.5 decryption is subject to padding oracle attacks. Revealing when `psa_asymmetric_decrypt` returns `PSA_ERROR_INVALID_PADDING` may allow an adversary to decrypt arbitrary ciphertexts.
+
+#### RSA RSAES-OAEP
+
+This is the mechanism used by `mbedtls_rsa_rsaes_oaep_{encrypt,decrypt}`.
+
+The PSA algorithm is [`PSA_ALG_RSA_OAEP(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76) where `hash` is a hash algorithm value (`PSA_ALG_xxx`, see “[Hash mechanism selection](#hash-mechanism-selection)”).
+
+As with the PK API, the mask generation is MGF1, the label is empty, and the same hash algorithm is used for MGF1 and to hash the label. The PSA API does not offer a way to choose a different label or a different hash algorithm for the label.
+
+### Private-public key consistency
+
+There is no direct equivalent of the functions `mbedtls_rsa_check_privkey`, `mbedtls_rsa_check_pubkey`,`mbedtls_ecp_check_privkey`, `mbedtls_ecp_check_pubkey`. The PSA API performs some basic checks when it imports a key, and may perform additional checks before performing an operation if needed, so it will never perform an operation on a key that does not satisfy these checks, but the details of when the check is performed may change between versions of the library.
+
+The legacy API provides functions `mbedtls_pk_check_pair`, `mbedtls_rsa_check_pub_priv` and `mbedtls_ecp_check_pub_priv`, which can be used to check the consistency between a private key and a public key. To perform such a check with the PSA API, you can export the public keys; this works because the PSA representation of public keys is canonical.
+
+* Prepare a key object containing the private key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b).
+* Prepare a key object containing the public key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b).
+* Export both public keys with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) (this is possible regardless of the usage policies on the keys) and compare the output.
+ ```
+ // Error checking omitted
+ unsigned char pub1[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
+ unsigned char pub2[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
+ size_t length1, length2;
+ psa_export_public_key(key1, pub1, sizeof(pub1), &length1);
+ psa_export_public_key(key2, pub2, sizeof(pub2), &length2);
+ if (length1 == length2 && !memcmp(pub1, pub2, length1))
+ puts("The keys match");
+ else
+ puts("The keys do not match");
+ ```
+
+### PK functionality with no PSA equivalent
+
+There is no PSA equivalent of the debug functionality provided by `mbedtls_pk_debug`. Use `psa_export_key` to export the key if desired.
+
+There is no PSA equivalent to Mbed TLS's custom key type names exposed by `mbedtls_pk_get_name`.
+
+### Key agreement
+
+The PSA API has a generic interface for key agreement, covering the main use of both `ecdh.h` and `dhm.h`.
+
+<!-- TODO: static FFDH/ECDH (including `mbedtls_ecdh_get_params`)
+ https://github.com/Mbed-TLS/mbedtls/pull/7766#discussion_r1410568541
+ -->
+
+#### Diffie-Hellman key pair management
+
+The PSA API manipulates keys as such, rather than via an operation context. Thus, to use Diffie-Hellman, you need to create a key object, then perform the key exchange, then destroy the key. There is no equivalent to the types `mbedtls_ecdh_context` and `mbedtls_dhm_context`.
+
+Here is an overview of the lifecycle of a key object.
+
+1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters:
+ * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value:
+ * [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) for finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”).
+ * [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) for elliptic-curve Diffie-Hellman (see “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)”).
+ * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the private key size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material.
+ * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to select the appropriate algorithm:
+ * [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43) or [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4) for a raw key agreement.
+ * [`PSA_ALG_KEY_AGREEMENT(ka, kdf)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga78bb81cffb87a635c247725eeb2a2682) if the key will be used as part of a key derivation, where:
+ * `ka` is either `PSA_ALG_ECDH` or `PSA_ALG_FFDH`.
+ * `kdf` is a key derivation algorithm.
+ * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DERIVE). See “[Public-key cryptography policies](#public-key-cryptography-policies)” for more information.
+2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object.
+ * Use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to generate a random key. This is normally the case for a Diffie-Hellman key.
+ * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material.
+ * If the key is derived deterministically from other material, use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1).
+3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations.
+4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished.
+
+#### Performing a key agreement
+
+Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain the public key that needs to be sent to the other party.
+Use the macros [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to determine a sufficient size for the output buffer.
+
+Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to calculate the shared secret from your private key and the other party's public key.
+Use the macros [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer.
+
+Call [`psa_key_derivation_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga2cd5a8ac906747d3204ec442db78745f) instead of `psa_raw_key_agreement` to use the resulting shared secret as the secret input to a key derivation. See “[HKDF](#hkdf)” for an example of the key derivation interface.
+
+#### Translating a legacy key agreement contextless workflow
+
+A typical workflow for ECDH using the legacy API without a context object is:
+
+1. Initialize objects:
+ * `mbedtls_ecp_group grp` for the curve;
+ * `mbedtls_mpi our_priv` for our private key;
+ * `mbedtls_ecp_point our_pub` for our public key;
+ * `mbedtls_ecp_point their_pub` for their public key (this may be the same variable as `our_pub` if the application does not need to hold both at the same time);
+ * `mbedtls_mpi z` for the shared secret (this may be the same variable as `our_priv` when doing ephemeral ECDH).
+2. Call `mbedtls_ecp_group_load` on `grp` to select the curve.
+3. Call `mbedtls_ecdh_gen_public` on `grp`, `our_priv` (output) and `our_pub` (output) to generate a key pair and retrieve the corresponding public key.
+4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order.
+5. Call `mbedtls_ecdh_compute_shared` on `grp`, `z` (output), `their_pub` and `our_priv`. Use the raw shared secret `z`, typically, to construct a shared key.
+6. Free `grp`, `our_priv`, `our_pub`, `their_pub` and `z`.
+
+The corresponding workflow with the PSA API is as follows:
+
+1. Initialize objects:
+ * `psa_key_id_t our_key`: a handle to our key pair;
+ * `psa_key_attributes_t attributes`: key attributes used in steps 2–3;;
+ * `our_pub`: a buffer of size [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) (where `key_type` is the value passed to `psa_set_key_size` in step 2) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to hold our key.
+ * `their_pub`: a buffer of the same size, to hold the peer's key. This can be the same as `our_pub` if the application does not need to hold both at the same time;
+ * `shared_secret`: a buffer of size [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) (if not using a key derivation operation).
+2. Prepare an attribute structure as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”, in particular selecting the curve with `psa_set_key_type`.
+3. Call [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) on `attributes` and `our_key` (output) to generate a key pair, then [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on `our_key` and `our_pub` (output) to obtain our public key.
+4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order.
+5. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output).
+ Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”).
+6. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) on `key_id`, and free the memory buffers.
+
+Steps 4–6 are only performed once for a "true" ephemeral Diffie-Hellman. They may be repeated multiple times for a "fake ephemeral" Diffie-Hellman where the same private key is used for multiple key exchanges, but it not saved.
+
+#### Translating a legacy ephemeral key agreement TLS server workflow
+
+The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 server. The PSA version of this workflow can also be used with other protocols, on the side of the party that selects the curve or group and sends its public key first.
+
+1. Setup phase:
+ 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`.
+ 2. Call `mbedtls_ecdh_setup` or `mbedtls_dhm_set_group` to select the curve or group.
+ 3. Call `mbedtls_ecdh_make_params` or `mbedtls_dhm_make_params` to generate our key pair and obtain a TLS ServerKeyExchange message encoding the selected curve/group and our public key.
+2. Send the ServerKeyExchange message to the peer.
+3. Retrieve the peer's public key.
+4. Call `mbedtls_ecdh_read_public` or `mbedtls_dhm_read_public` on the peer's public key, then call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret.
+5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`.
+
+The corresponding workflow with the PSA API is as follows:
+
+1. Setup phase:
+ 1. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”.
+ 2. Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key.
+ 3. Format a ServerKeyExchange message containing the curve/group selection and our public key.
+2. Send the ServerKeyExchange message to the peer.
+3. Retrieve the peer's public key.
+4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output).
+ Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”).
+5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair.
+
+#### Translating a legacy ephemeral key agreement TLS client workflow
+
+The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 client. The PSA version of this workflow can also be used with other protocols, on the side of the party that receives a message indicating both the choice of curve or group, and the peer's public key.
+
+1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key:
+ 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`.
+ 2. Call `mbedtls_ecdh_read_params` or `mbedtls_dhm_read_params` to input the data from the ServerKeyExchange message.
+2. Call `mbedtls_ecdh_make_public` or `mbedtls_dh_make_public` to generate our private key and export our public key.
+3. Send our public key to the peer.
+4. Call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret.
+5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`.
+
+The corresponding workflow with the PSA API is as follows:
+
+1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key:
+ 1. Decode the selected curve/group and use this to determine a PSA key type (`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)` or `PSA_KEY_TYPE_DH_KEY_PAIR(group)`), a key size and an algorithm.
+2. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”.
+ Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key.
+3. Send our public key to the peer.
+4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output).
+ Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”).
+5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair.
+
+#### ECDH and DHM metadata functions
+
+You can obtain data and metadata from an ECDH key agreement through the PSA API as follows:
+
+* With either side, accessing the group: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the key identifier, then [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain metadata about the key.
+* Accessing our public key: call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier.
+* Accessing our private key: call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”).
+* Accessing the peer's public key: there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately.
+
+The functions `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len` and `mbedtls_dhm_get_value` allow the caller to obtain metadata about the keys used for the key exchange. The PSA equivalents access the key identifier:
+
+* `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len`: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the PSA key identifier, then [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06).
+* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_X` (our private key): call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”).
+* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GX` (our public key): call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier.
+* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GY` (peer's public key): the there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately.
+* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_K` (shared secret): this is the value calculated by `psa_raw_key_agreement` or `psa_key_derivation_key_agreement`. If you need to use it multiple times (for example to derive multiple values independently), call `psa_raw_key_agreement` and make a copy.
+* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_P` or `MBEDTLS_DHM_PARAM_G` (group parameters): [there is no PSA API to retrieve these values](https://github.com/Mbed-TLS/mbedtls/issues/7780).
+
+The PSA API for finite-field Diffie-Hellman only supports predefined groups. Therefore there is no equivalent to `mbedtls_dhm_parse_dhm`, `mbedtls_dhm_parse_dhmfile`, and the `MBEDTLS_DHM_xxx_BIN` macros.
+
+#### Restartable key agreement
+
+Restartable key agreement (enabled by `mbedtls_ecdh_enable_restart`) is not yet available through the PSA API. It will be added under the name “interruptible key agreement” in a future version of the library, with an interface that's similar to the interruptible signature interface described in “[Restartable ECDSA signature](#restartable-ecdsa-signature)”.
+
+### Additional information about Elliptic-curve cryptography
+
+#### Information about a curve
+
+The legacy API identifies a curve by an `MBEDTLS_ECP_DP_xxx` value of type `mbedtls_ecp_group_id`. The PSA API identifies a curve by a `PSA_ECC_FAMILY_xxx` value and the private value's bit-size. See “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” for the correspondence between the two sets of values.
+
+There is no PSA equivalent of the `mbedtls_ecp_group` data structure (and so no equivalent to `mbedtls_ecp_group_init`, `mbedtls_ecp_group_load`, `mbedtls_ecp_group_copy` and `mbedtls_ecp_group_free`) or of the `mbedtls_ecp_curve_info` data structure (and so no equivalent to `mbedtls_ecp_curve_info_from_grp_id`) because they are not needed. All API elements identify the curve directly by its family and size.
+
+The bit-size used by the PSA API is the size of the private key. For most curves, the PSA bit-size, the `bit_size` field in `mbedtls_ecp_curve_info`, the `nbits` field in `mbedtls_ecp_group` and the `pbits` field in `mbedtls_ecp_group` are the same. The following table lists curves for which they are different.
+
+| Curve | `grp->nbits` | `grp->pbits` | `curve_info->bit_size` | PSA bit-size |
+| ----- | ------------ | ------------ | ---------------------- | ------------ |
+| secp224k1 | 225 | 224 | 224 | not supported |
+| Curve25519 | 253 | 255 | 256 | 255 |
+| Curve448 | 446 | 448 | 448 | 448 |
+
+There is no exact PSA equivalent of the type `mbedtls_ecp_curve_type` and the function `mbedtls_ecp_get_type`, but the curve family encodes the same information. `PSA_ECC_FAMILY_MONTGOMERY` is the only Montgomery family. All other families supported in Mbed TLS 3.4.0 are short Weierstrass families.
+
+There is no PSA equivalent for the following functionality:
+
+* The `name` field of `mbedtls_ecp_curve_info`, and the function `mbedtls_ecp_curve_info_from_name`. There is no equivalent of Mbed TLS's lookup based on the name used for the curve in TLS specifications.
+* The `tls_id` field of `mbedtls_ecp_curve_info`, the constant `MBEDTLS_ECP_TLS_NAMED_CURVE`, and the functions `mbedtls_ecp_curve_info_from_tls_id`, `mbedtls_ecp_tls_read_group`, `mbedtls_ecp_tls_read_group_id` and `mbedtls_ecp_tls_write_group`. The PSA crypto API does not have this dedicated support for the TLS protocol.
+* Retrieving the parameters of a curve from the fields of an `mbedtls_ecp_group` structure.
+
+#### Information about supported curves
+
+The PSA API does not currently have a discovery mechanism for cryptographic mechanisms (although one may be added in the future). Thus there is no equivalent for `MBEDTLS_ECP_DP_MAX` and the functions `mbedtls_ecp_curve_list` and `mbedtls_ecp_grp_id_list`.
+
+The API provides macros that give the maximum supported sizes for various kinds of objects. The following table lists equivalents for `MBEDTLS_ECP_MAX_xxx` macros.
+
+| Legacy macro | PSA equivalent |
+| ------------ | -------------- |
+| `MBEDTLS_ECP_MAX_BITS` | [`PSA_VENDOR_ECC_MAX_CURVE_BITS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_VENDOR_ECC_MAX_CURVE_BITS) |
+| `MBEDTLS_ECP_MAX_BYTES` | `PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)` |
+| `MBEDTLS_ECP_MAX_PT_LEN` | [`PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE) |
+
+#### Restartable ECC
+
+The PSA API supports the equivalent of restartable operations, but only for signatures at the time of writing. See “[Restartable ECDSA signature](#restartable-ecdsa-signature)”.
+
+There is no PSA API for elliptic curve arithmetic as such, and therefore no equivalent of `mbedtls_ecp_restart_ctx` and functions that operate on it.
+
+There is PSA no equivalent of the `MBEDTLS_ECP_OPS_xxx` constants.
+
+#### ECC functionality with no PSA equivalent
+
+There is no PSA equivalent of `mbedtls_ecdsa_can_do` and `mbedtls_ecdh_can_do` to query the capabilities of a curve at runtime. Check the documentation of each curve family to see what algorithms it supports.
+
+There is no PSA equivalent to the types `mbedtls_ecdsa_context` and `mbedtls_ecdsa_restart_ctx`, and to basic ECDSA context manipulation functions including `mbedtls_ecdsa_from_keypair`, because they are not needed: the PSA API does not have ECDSA-specific context types.
+
+#### No curve arithmetic
+
+The PSA API is a cryptography API, not an arithmetic API. As a consequence, there is no PSA equivalent for the ECC arithmetic functionality exposed by `ecp.h`:
+
+* Manipulation of point objects and input-output: the type `mbedtls_ecp_point` and functions operating on it (`mbedtls_ecp_point_xxx`, `mbedtls_ecp_copy`, `mbedtls_ecp_{set,is}_zero`, `mbedtls_ecp_tls_{read,write}_point`). Note that the PSA export format for public keys corresponds to the uncompressed point format (`MBEDTLS_ECP_PF_UNCOMPRESSED`), so [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) are equivalent to `mbedtls_ecp_point_read_binary` and `mbedtls_ecp_point_write_binary` for uncompressed points. The PSA API does not currently support compressed points, but it is likely that such support will be added in the future.
+* Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type, `mbedtls_ecp_export`). However, the PSA export format for ECC private keys used by [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) is the same as the format used by `mbedtls_ecp_read_key` and `mbedtls_ecp_write_key`.
+* Elliptic curve arithmetic (`mbedtls_ecp_mul`, `mbedtls_ecp_muladd` and their restartable variants).
+
+### Additional information about RSA
+
+#### RSA-ALT interface
+
+Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk_setup_rsa_alt` setup function) should migrate to the [PSA cryptoprocessor driver interface](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-driver-example-and-guide.md).
+
+* If the purpose of the ALT interface is acceleration only: use the accelerator driver interface. This is fully transparent to application code.
+* If the purpose of the ALT interface is to isolate the private key in a high-security environment: use the opaque driver interface. This is mostly transparent to user code. Code that uses a key via its key identifier does not need to know whether the key is transparent (equivalent of `MBEDTLS_PK_RSA`) or opaque (equivalent of `MBEDTLS_PK_RSA_ALT`). When creating a key, it will be transparent by default; to create an opaque key, call [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to set the key's location to the chosen location value for the driver, e.g.
+ ```
+ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_VOLATILE, MY_RSA_DRIVER_LOCATION));
+ ```
+
+The PSA subsystem uses its internal random generator both for randomized algorithms and to generate blinding values. As a consequence, none of the API functions take an RNG parameter.
+
+#### RSA functionality with no PSA equivalent
+
+The PSA API does not provide direct access to the exponentiation primitive as with `mbedtls_rsa_public` and `mbedtls_rsa_private`. If you need an RSA-based mechanism that is not supported by the PSA API, please [submit an issue on GitHub](https://github.com/ARM-software/psa-api/issues) so that we can extend the API to support it.
+
+The PSA API does not support constructing RSA keys progressively from numbers with `mbedtls_rsa_import` or `mbedtls_rsa_import_raw` followed by `mbedtls_rsa_complete`. See “[Importing a PK key by wrapping](#importing-a-pk-key-by-wrapping)”.
+
+There is no direct equivalent of `mbedtls_rsa_export`, `mbedtls_rsa_export_raw` and `mbedtls_rsa_export_crt` to export some of the numbers in a key. You can export the whole key with `psa_export_key`, or with `psa_export_public_key` to export the public key from a key pair object. See also “[Exporting a public key or a key pair](#exporting-a-public-key-or-a-key-pair)”.
+
+A PSA key object is immutable, so there is no need for an equivalent of `mbedtls_rsa_copy`. (There is a function `psa_copy_key`, but it is only useful to make a copy of a key with a different policy of ownership; both concepts are out of scope of this document since they have no equivalent in the legacy API.)
+
+### LMS signatures
+
+A future version of Mbed TLS will support LMS keys and signatures through the PSA API (`psa_generate_key`, `psa_export_public_key`, `psa_import_key`, `psa_sign_hash`, `psa_verify_hash`, etc.). However, this is likely to happen after Mbed TLS 4.0, therefore the next major version of Mbed TLS will likely keep the existing `lms.h` interface.
+
+### PK format support interfaces
+
+The interfaces in `base64.h`, `asn1.h`, `asn1write.h`, `oid.h` and `pem.h` are intended to support X.509 and key file formats. They have no PSA equivalent since they are not directly about cryptography.
+
+In Mbed TLS 4.0, we are planning to keep the ASN.1 interfaces mostly unchanged. The evolution of Base64, OID and PEM as separate interfaces is still undecided at the time of writing.
+
+## EC-JPAKE
+
+The PSA API exposes EC-JPAKE via the algorithm [`PSA_ALG_JPAKE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#c.PSA_ALG_JPAKE) and the PAKE API functions. At the time of writing, the PAKE API is still experimental, but it should offer the same functionality as the legacy `ecjpake.h`. Please consult the documentation of your version of Mbed TLS for more information.
+
+Please note a few differences between the two APIs: the legacy API is geared towards the use of EC-JPAKE in TLS 1.2, whereas the PSA API is protocol-agnostic.
+
+* The PSA API is finer-grained and offers more flexibility in message ordering. Where the legacy API makes a single function call, the PSA API may require multiple calls.
+* The legacy API uses the TLS 1.2 wire format in the input or output format of several functions. In particular, one of the messages embeds the curve identifier in the TLS protocol. The PSA API uses protocol-agnostic formats.
+* The legacy API always applies the key derivation specified by TLS 1.2 to the shared secret. With the PSA API, use a key derivation with `PSA_ALG_TLS12_ECJPAKE_TO_PMS` for the same calculation.
diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h
index ec149ae..cf77690 100644
--- a/doxygen/input/doc_encdec.h
+++ b/doxygen/input/doc_encdec.h
@@ -6,19 +6,7 @@
/*
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h
index 931e6e9..83613bf 100644
--- a/doxygen/input/doc_hashing.h
+++ b/doxygen/input/doc_hashing.h
@@ -6,19 +6,7 @@
/*
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 837cec5..c391c59 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -6,23 +6,11 @@
/*
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
- * @mainpage Mbed TLS v3.4.1 API Documentation
+ * @mainpage Mbed TLS v3.5.1 API Documentation
*
* This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h
index 7da13cd..22608a8 100644
--- a/doxygen/input/doc_rng.h
+++ b/doxygen/input/doc_rng.h
@@ -6,19 +6,7 @@
/*
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h
index 6961124..5757574 100644
--- a/doxygen/input/doc_ssltls.h
+++ b/doxygen/input/doc_ssltls.h
@@ -6,19 +6,7 @@
/*
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h
index a705de1..f8d8c69 100644
--- a/doxygen/input/doc_tcpip.h
+++ b/doxygen/input/doc_tcpip.h
@@ -6,19 +6,7 @@
/*
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h
index 9049675..945830f 100644
--- a/doxygen/input/doc_x509.h
+++ b/doxygen/input/doc_x509.h
@@ -6,19 +6,7 @@
/*
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 8c7c7cc..89048f2 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "mbed TLS v3.4.1"
+PROJECT_NAME = "Mbed TLS v3.5.1"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
@@ -51,4 +51,5 @@
"MBEDTLS_CHECK_RETURN_TYPICAL=" \
"MBEDTLS_CHECK_RETURN_OPTIONAL=" \
"MBEDTLS_PRINTF_ATTRIBUTE(a,b)=" \
+ "__DOXYGEN__" \
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index e693bc1..e11e271 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -1,4 +1,4 @@
-option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON)
+option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON)
if(INSTALL_MBEDTLS_HEADERS)
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 7c92162..d5eb1fd 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -22,19 +22,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_AES_H
@@ -167,6 +155,7 @@
int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief This function sets the decryption key.
*
@@ -185,6 +174,7 @@
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
@@ -604,6 +594,7 @@
const unsigned char input[16],
unsigned char output[16]);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief Internal AES block decryption function. This is only
* exposed to allow overriding it using see
@@ -619,6 +610,7 @@
int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16]);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 7e55df7..c685fc3 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -11,19 +11,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ARIA_H
@@ -110,6 +98,7 @@
const unsigned char *key,
unsigned int keybits);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief This function sets the decryption key.
*
@@ -128,6 +117,7 @@
int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
const unsigned char *key,
unsigned int keybits);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/**
* \brief This function performs an ARIA single-block encryption or
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 002c8de..3c3bfad 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ASN1_H
#define MBEDTLS_ASN1_H
@@ -96,15 +84,14 @@
/* Slightly smaller way to check if tag is a string tag
* compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \
- ((tag) < 32u && ( \
+#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \
+ ((unsigned int) (tag) < 32u && ( \
((1u << (tag)) & ((1u << MBEDTLS_ASN1_BMP_STRING) | \
(1u << MBEDTLS_ASN1_UTF8_STRING) | \
(1u << MBEDTLS_ASN1_T61_STRING) | \
(1u << MBEDTLS_ASN1_IA5_STRING) | \
(1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \
- (1u << MBEDTLS_ASN1_PRINTABLE_STRING) | \
- (1u << MBEDTLS_ASN1_BIT_STRING))) != 0))
+ (1u << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0))
/*
* Bit masks for each of the components of an ASN.1 tag as specified in
@@ -210,6 +197,7 @@
}
mbedtls_asn1_named_data;
+#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C)
/**
* \brief Get the length of an ASN.1 element.
* Updates the pointer to immediately behind the length.
@@ -256,7 +244,9 @@
int mbedtls_asn1_get_tag(unsigned char **p,
const unsigned char *end,
size_t *len, int tag);
+#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */
+#if defined(MBEDTLS_ASN1_PARSE_C)
/**
* \brief Retrieve a boolean ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag.
@@ -642,6 +632,8 @@
/** \} name Functions to parse ASN.1 data structures */
/** \} addtogroup asn1_module */
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index 3c5072c..7af4aba 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ASN1_WRITE_H
#define MBEDTLS_ASN1_WRITE_H
@@ -48,6 +36,7 @@
extern "C" {
#endif
+#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C)
/**
* \brief Write a length field in ASN.1 format.
*
@@ -76,7 +65,9 @@
*/
int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start,
unsigned char tag);
+#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
+#if defined(MBEDTLS_ASN1_WRITE_C)
/**
* \brief Write raw buffer data.
*
@@ -393,4 +384,6 @@
}
#endif
+#endif /* MBEDTLS_ASN1_WRITE_C */
+
#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 635be71..8f459b7 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_BASE64_H
#define MBEDTLS_BASE64_H
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 3ba1777..931e06d 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_BIGNUM_H
#define MBEDTLS_BIGNUM_H
@@ -186,6 +174,15 @@
#endif /* !MBEDTLS_NO_UDBL_DIVISION */
#endif /* !MBEDTLS_HAVE_INT64 */
+/*
+ * Sanity check that exactly one of MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 is defined,
+ * so that code elsewhere doesn't have to check.
+ */
+#if (!(defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64))) || \
+ (defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64))
+#error "Only 32-bit or 64-bit limbs are supported in bignum"
+#endif
+
/** \typedef mbedtls_mpi_uint
* \brief The type of machine digits in a bignum, called _limbs_.
*
diff --git a/include/mbedtls/block_cipher.h b/include/mbedtls/block_cipher.h
new file mode 100644
index 0000000..154ae26
--- /dev/null
+++ b/include/mbedtls/block_cipher.h
@@ -0,0 +1,58 @@
+/**
+ * \file block_cipher.h
+ *
+ * \brief Internal abstraction layer.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_BLOCK_CIPHER_H
+#define MBEDTLS_BLOCK_CIPHER_H
+
+#include "mbedtls/private_access.h"
+
+#include "mbedtls/build_info.h"
+
+#if defined(MBEDTLS_AES_C)
+#include "mbedtls/aes.h"
+#endif
+#if defined(MBEDTLS_ARIA_C)
+#include "mbedtls/aria.h"
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+#include "mbedtls/camellia.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+ MBEDTLS_BLOCK_CIPHER_ID_NONE = 0, /**< Unset. */
+ MBEDTLS_BLOCK_CIPHER_ID_AES, /**< The AES cipher. */
+ MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
+ MBEDTLS_BLOCK_CIPHER_ID_ARIA, /**< The Aria cipher. */
+} mbedtls_block_cipher_id_t;
+
+typedef struct {
+ mbedtls_block_cipher_id_t MBEDTLS_PRIVATE(id);
+ union {
+ unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+#if defined(MBEDTLS_AES_C)
+ mbedtls_aes_context MBEDTLS_PRIVATE(aes);
+#endif
+#if defined(MBEDTLS_ARIA_C)
+ mbedtls_aria_context MBEDTLS_PRIVATE(aria);
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+ mbedtls_camellia_context MBEDTLS_PRIVATE(camellia);
+#endif
+ } MBEDTLS_PRIVATE(ctx);
+} mbedtls_block_cipher_context_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_BLOCK_CIPHER_H */
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 5b8a40d..7a70e25 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -8,19 +8,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_BUILD_INFO_H
@@ -37,7 +25,7 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 3
-#define MBEDTLS_VERSION_MINOR 4
+#define MBEDTLS_VERSION_MINOR 5
#define MBEDTLS_VERSION_PATCH 1
/**
@@ -45,9 +33,55 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03040100
-#define MBEDTLS_VERSION_STRING "3.4.1"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.1"
+#define MBEDTLS_VERSION_NUMBER 0x03050100
+#define MBEDTLS_VERSION_STRING "3.5.1"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.1"
+
+/* Macros for build-time platform detection */
+
+#if !defined(MBEDTLS_ARCH_IS_ARM64) && \
+ (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC))
+#define MBEDTLS_ARCH_IS_ARM64
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_ARM32) && \
+ (defined(__arm__) || defined(_M_ARM) || \
+ defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__))
+#define MBEDTLS_ARCH_IS_ARM32
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_X64) && \
+ (defined(__amd64__) || defined(__x86_64__) || \
+ ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC)))
+#define MBEDTLS_ARCH_IS_X64
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_X86) && \
+ (defined(__i386__) || defined(_X86_) || \
+ (defined(_M_IX86) && !defined(_M_I86)))
+#define MBEDTLS_ARCH_IS_X86
+#endif
+
+#if !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) && \
+ (defined(_M_ARM64) || defined(_M_ARM64EC))
+#define MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64
+#endif
+
+/* This is defined if the architecture is Armv8-A, or higher */
+#if !defined(MBEDTLS_ARCH_IS_ARMV8_A)
+#if defined(__ARM_ARCH) && defined(__ARM_ARCH_PROFILE)
+#if (__ARM_ARCH >= 8) && (__ARM_ARCH_PROFILE == 'A')
+/* GCC, clang, armclang and IAR */
+#define MBEDTLS_ARCH_IS_ARMV8_A
+#endif
+#elif defined(__ARM_ARCH_8A)
+/* Alternative defined by clang */
+#define MBEDTLS_ARCH_IS_ARMV8_A
+#elif defined(_M_ARM64) || defined(_M_ARM64EC)
+/* MSVC ARM64 is at least Armv8.0-A */
+#define MBEDTLS_ARCH_IS_ARMV8_A
+#endif
+#endif
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
@@ -59,6 +93,7 @@
#define inline __inline
#endif
+/* X.509, TLS and non-PSA crypto configuration */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/mbedtls_config.h"
#else
@@ -80,6 +115,18 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
+/* PSA crypto configuration */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+#else
+#include "psa/crypto_config.h"
+#endif
+#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
+#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+#endif
+#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
+
/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined
* to ensure a 128-bit key size in CTR_DRBG.
@@ -107,157 +154,11 @@
#include "mbedtls/config_psa.h"
#endif
-/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
- * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
- */
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_MD_LIGHT
-#endif
+#include "mbedtls/config_adjust_legacy_crypto.h"
-/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
- * in a previous release, to ensure backwards compatibility.
- */
-#if defined(MBEDTLS_ECJPAKE_C) || \
- defined(MBEDTLS_PEM_PARSE_C) || \
- defined(MBEDTLS_ENTROPY_C) || \
- defined(MBEDTLS_PK_C) || \
- defined(MBEDTLS_PKCS12_C) || \
- defined(MBEDTLS_RSA_C) || \
- defined(MBEDTLS_SSL_TLS_C) || \
- defined(MBEDTLS_X509_USE_C) || \
- defined(MBEDTLS_X509_CREATE_C)
-#define MBEDTLS_MD_LIGHT
-#endif
+#include "mbedtls/config_adjust_x509.h"
-/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
- * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
- * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
- * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
- * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
- * these features are not supported in PSA so the only way to have them is
- * to enable the built-in solution.
- * Both of them are temporary dependencies:
- * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
- * - support for compressed points should also be added to PSA, but in this
- * case there is no associated issue to track it yet.
- * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
- * still depends on ECP_LIGHT.
- * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
- * be fixed by #7453.
- */
-#if defined(MBEDTLS_ECP_C) || \
- defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
- defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
-#define MBEDTLS_ECP_LIGHT
-#endif
-
-/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while
- * in previous version compressed points were automatically supported as long
- * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
- * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
- * are met. */
-#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PK_PARSE_EC_COMPRESSED
-#endif
-
-/* Helper symbol to state that there is support for ECDH, either through
- * library implementation (ECDH_C) or through PSA. */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
- (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
-#define MBEDTLS_CAN_ECDH
-#endif
-
-/* PK module can achieve ECDSA functionalities by means of either software
- * implementations (ECDSA_C) or through a PSA driver. The following defines
- * are meant to list these capabilities in a general way which abstracts how
- * they are implemented under the hood. */
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PK_CAN_ECDSA_SIGN
-#define MBEDTLS_PK_CAN_ECDSA_VERIFY
-#endif /* MBEDTLS_ECDSA_C */
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(PSA_WANT_ALG_ECDSA)
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define MBEDTLS_PK_CAN_ECDSA_SIGN
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PK_CAN_ECDSA_VERIFY
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_ALG_ECDSA */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
-#define MBEDTLS_PK_CAN_ECDSA_SOME
-#endif
-
-/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
- * is defined as well to include all PSA code.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#define MBEDTLS_PSA_CRYPTO_CLIENT
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-/* The PK wrappers need pk_write functions to format RSA key objects
- * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO,
- * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_PARSE_C
-#endif
-
-/* The following blocks make it easier to disable all of TLS,
- * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
- * key exchanges, options and extensions related to them. */
-
-#if !defined(MBEDTLS_SSL_TLS_C)
-#undef MBEDTLS_SSL_CLI_C
-#undef MBEDTLS_SSL_SRV_C
-#undef MBEDTLS_SSL_PROTO_TLS1_3
-#undef MBEDTLS_SSL_PROTO_TLS1_2
-#undef MBEDTLS_SSL_PROTO_DTLS
-#endif
-
-#if !defined(MBEDTLS_SSL_PROTO_DTLS)
-#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
-#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
-#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
-#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#undef MBEDTLS_SSL_DTLS_SRTP
-#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
-#endif
-
-#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
-#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-#undef MBEDTLS_SSL_RENEGOTIATION
-#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-#endif
-
-#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-#undef MBEDTLS_SSL_EARLY_DATA
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
-#define MBEDTLS_SSL_TLS1_2_SOME_ECC
-#endif
+#include "mbedtls/config_adjust_ssl.h"
/* Make sure all configuration symbols are set before including check_config.h,
* even the ones that are calculated programmatically. */
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 8033c13..557f472 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CAMELLIA_H
#define MBEDTLS_CAMELLIA_H
@@ -93,6 +81,7 @@
const unsigned char *key,
unsigned int keybits);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief Perform a CAMELLIA key schedule operation for decryption.
*
@@ -108,6 +97,7 @@
int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/**
* \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 6c22552..8bf8c32 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -29,19 +29,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CCM_H
@@ -52,6 +40,10 @@
#include "mbedtls/cipher.h"
+#if !defined(MBEDTLS_CIPHER_C)
+#include "mbedtls/block_cipher.h"
+#endif
+
#define MBEDTLS_CCM_DECRYPT 0
#define MBEDTLS_CCM_ENCRYPT 1
#define MBEDTLS_CCM_STAR_DECRYPT 2
@@ -77,7 +69,6 @@
typedef struct mbedtls_ccm_context {
unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working buffer */
unsigned char MBEDTLS_PRIVATE(ctr)[16]; /*!< The counter buffer */
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
size_t MBEDTLS_PRIVATE(plaintext_len); /*!< Total plaintext length */
size_t MBEDTLS_PRIVATE(add_len); /*!< Total authentication data length */
size_t MBEDTLS_PRIVATE(tag_len); /*!< Total tag length */
@@ -87,15 +78,19 @@
and plaintext/ciphertext.
This variable is set to zero after
auth data input is finished. */
- unsigned char MBEDTLS_PRIVATE(q); /*!< The Q working value */
- unsigned char MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
+ unsigned int MBEDTLS_PRIVATE(q); /*!< The Q working value */
+ unsigned int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
#MBEDTLS_CCM_ENCRYPT or
#MBEDTLS_CCM_DECRYPT or
#MBEDTLS_CCM_STAR_ENCRYPT or
#MBEDTLS_CCM_STAR_DECRYPT. */
+#if defined(MBEDTLS_CIPHER_C)
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+#else
+ mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
+#endif
int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
- state. Used for chunked data
- input */
+ state. Used for chunked data input */
}
mbedtls_ccm_context;
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index e24e56b..680fe36 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -14,19 +14,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CHACHA20_H
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 19baade..3dc21e3 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -14,19 +14,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CHACHAPOLY_H
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 7a87971..34ddcb1 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CHECK_CONFIG_H
@@ -30,7 +18,7 @@
*/
#include <limits.h>
#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
+#error "Mbed TLS requires a platform with 8-bit chars"
#endif
#include <stdint.h>
@@ -66,7 +54,108 @@
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
-#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
+/* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart
+ * when PSA crypto is enabled. */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C)
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_255)
+#error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_448)
+#error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_192)
+#error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_224)
+#error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_256)
+#error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_384)
+#error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_521)
+#error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_192)
+#error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+/* SECP224K1 is buggy in PSA API so we skip this check */
+#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_224)
+#error "MBEDTLS_ECP_DP_SECP224K1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_256)
+#error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart"
+#endif
+
+#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */
+
+/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`,
+ * `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have
+ * all 4 of them.
+ */
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#error "Unsupported partial support for ECC key type acceleration, see docs/driver-only-builds.md"
+#endif /* not all of public, basic, import, export */
+#endif /* one of public, basic, import, export */
+
+/* Limitations on ECC curves acceleration: partial curve acceleration is only
+ * supported with crypto excluding PK, X.509 or TLS.
+ * Note: no need to check X.509 as it depends on PK. */
+#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
+#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
+#if defined(MBEDTLS_PK_C) || \
+ defined(MBEDTLS_SSL_TLS_C)
+#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md"
+#endif /* modules beyond what's supported */
+#endif /* not all curves accelerated */
+#endif /* some curve accelerated */
+
+#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \
+ (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_AES) && \
+ defined(PSA_WANT_ALG_ECB_NO_PADDING)))
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
@@ -84,6 +173,36 @@
#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_NO_PADDING cannot be defined simultaneously"
+#endif
+#if defined(PSA_WANT_ALG_CBC_PKCS7)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_PKCS7 cannot be defined simultaneously"
+#endif
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_ECB_NO_PADDING cannot be defined simultaneously"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_DES)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously"
+#endif
+#endif
+
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC cannot be defined simultaneously"
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_XTS cannot be defined simultaneously"
+#endif
+#if defined(MBEDTLS_DES_C)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_DES_C cannot be defined simultaneously"
+#endif
+#if defined(MBEDTLS_NIST_KW_C)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_NIST_KW_C cannot be defined simultaneously"
+#endif
+#endif
+
#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
#endif
@@ -106,6 +225,15 @@
#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && !defined(MBEDTLS_ASN1_WRITE_C)
+#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_WRITE_C for ECDSA signature"
+#endif
+#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && !defined(MBEDTLS_ASN1_PARSE_C)
+#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_PARSE_C for ECDSA verification"
+#endif
+#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_ECJPAKE_C) && \
( !defined(MBEDTLS_ECP_C) || \
!( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) )
@@ -132,7 +260,7 @@
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
+#if defined(MBEDTLS_ECP_LIGHT) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
@@ -146,7 +274,7 @@
!defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
!defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
-#error "MBEDTLS_ECP_C defined, but not all prerequisites"
+#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites"
#endif
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
@@ -210,19 +338,11 @@
#error "MBEDTLS_CCM_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_CCM_C defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_GCM_C) && ( \
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
#endif
@@ -412,10 +532,6 @@
#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
#endif
@@ -425,7 +541,7 @@
#endif
#if defined(MBEDTLS_PK_C) && \
- !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_LIGHT)
+ !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#error "MBEDTLS_PK_C defined, but not all prerequisites"
#endif
@@ -671,7 +787,8 @@
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C) && !defined(MBEDTLS_CIPHER_C )
+#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_HAVE_SOFT_BLOCK_MODE) && \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER) && !defined(MBEDTLS_CIPHER_C)
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
#endif
@@ -754,25 +871,24 @@
#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
#endif
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
- defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
-#error "Must only define one of MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) && \
+ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+#error "Must only define one of MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
#endif
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
- defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
#if !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_SHA256_USE_A64_CRYPTO_* defined without MBEDTLS_SHA256_C"
+#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C"
#endif
#if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT)
-#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
#endif
#endif
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && \
- !defined(__aarch64__) && !defined(_M_ARM64)
-#error "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) && !defined(MBEDTLS_ARCH_IS_ARMV8_A)
+#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY defined on non-Armv8-A system"
#endif
/* TLS 1.3 requires separate HKDF parts from PSA,
@@ -834,10 +950,10 @@
#endif
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \
- ( !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) || \
- ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0 ) || \
- ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX ) )
-#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(0..UINT32_MAX)"
+ defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) && \
+ ((MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0) || \
+ (MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX))
+#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE must be in the range(0..UINT32_MAX)"
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
@@ -853,7 +969,8 @@
#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \
+ defined(MBEDTLS_USE_PSA_CRYPTO))
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
#endif
@@ -945,7 +1062,8 @@
#endif
#if defined(MBEDTLS_SSL_TICKET_C) && \
- !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
+ !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
+ defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
@@ -986,15 +1104,15 @@
#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
+#if defined(MBEDTLS_X509_USE_C) && \
+ (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
!defined(MBEDTLS_PK_PARSE_C) || \
( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
+#if defined(MBEDTLS_X509_CREATE_C) && \
+ (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
!defined(MBEDTLS_PK_PARSE_C) || \
( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
@@ -1046,7 +1164,9 @@
#error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \
+ !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
+ defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
#endif
@@ -1099,8 +1219,8 @@
#if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \
( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \
- ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) ||\
- ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || ( !defined(MBEDTLS_BIGNUM_C) ) || \
+ ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) || \
+ ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || \
( !defined(MBEDTLS_MD_C) ) )
#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 53ef2ad..815b5bb 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CIPHER_H
@@ -492,7 +480,7 @@
if (info == NULL) {
return 0;
} else {
- return info->MBEDTLS_PRIVATE(key_bitlen) << MBEDTLS_KEY_BITLEN_SHIFT;
+ return ((size_t) info->MBEDTLS_PRIVATE(key_bitlen)) << MBEDTLS_KEY_BITLEN_SHIFT;
}
}
@@ -852,7 +840,6 @@
* \brief This function sets the padding mode, for cipher modes
* that use padding.
*
- * The default passing mode is PKCS7 padding.
*
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 3125e70..97b86fc 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -5,22 +5,11 @@
*
* The Cipher-based Message Authentication Code (CMAC) Mode for
* Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
+ * It is supported with AES and DES.
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CMAC_H
@@ -38,12 +27,30 @@
#define MBEDTLS_AES_BLOCK_SIZE 16
#define MBEDTLS_DES3_BLOCK_SIZE 8
+/* We don't support Camellia or ARIA in this module */
#if defined(MBEDTLS_AES_C)
-#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
+#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 16 /**< The longest block used by CMAC is that of AES. */
#else
-#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
+#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 8 /**< The longest block used by CMAC is that of 3DES. */
#endif
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+/** The longest block supported by the cipher module.
+ *
+ * \deprecated
+ * For the maximum block size of a cipher supported by the CMAC module,
+ * use #MBEDTLS_CMAC_MAX_BLOCK_SIZE.
+ * For the maximum block size of a cipher supported by the cipher module,
+ * use #MBEDTLS_MAX_BLOCK_LENGTH.
+ */
+/* Before Mbed TLS 3.5, this was the maximum block size supported by the CMAC
+ * module, so it didn't take Camellia or ARIA into account. Since the name
+ * of the macro doesn't even convey "CMAC", this was misleading. Now the size
+ * is sufficient for any cipher, but the name is defined in cmac.h for
+ * backward compatibility. */
+#define MBEDTLS_CIPHER_BLKSIZE_MAX MBEDTLS_MAX_BLOCK_LENGTH
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
#if !defined(MBEDTLS_CMAC_ALT)
/**
@@ -51,11 +58,11 @@
*/
struct mbedtls_cmac_context_t {
/** The internal state of the CMAC algorithm. */
- unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */
- unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/** The length of data pending processing. */
size_t MBEDTLS_PRIVATE(unprocessed_len);
diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h
index cdf81dc..096341b 100644
--- a/include/mbedtls/compat-2.x.h
+++ b/include/mbedtls/compat-2.x.h
@@ -7,19 +7,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#if defined(MBEDTLS_DEPRECATED_WARNING)
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
new file mode 100644
index 0000000..74d037d
--- /dev/null
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -0,0 +1,354 @@
+/**
+ * \file mbedtls/config_adjust_legacy_crypto.h
+ * \brief Adjust legacy configuration configuration
+ *
+ * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * configurations need to be explicitly enabled by the user: enabling
+ * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
+ * compilation error. However, we do automatically enable certain options
+ * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
+ * used to identify parts of a module that are used by other module, and we
+ * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
+ * Another case is if A didn't depend on B in earlier versions, and we
+ * want to use B in A but we need to preserve backward compatibility with
+ * configurations that explicitly activate MBEDTLS_xxx_A but not
+ * MBEDTLS_xxx_B.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
+#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
+
+/* GCM_C and CCM_C can either depend on (in order of preference) CIPHER_C or
+ * BLOCK_CIPHER_C. If the former is not defined, auto-enable the latter. */
+#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
+ !defined(MBEDTLS_CIPHER_C)
+#define MBEDTLS_BLOCK_CIPHER_C
+#endif
+
+/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
+ * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
+ */
+#if defined(MBEDTLS_MD_C)
+#define MBEDTLS_MD_LIGHT
+#endif
+
+/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
+ * in a previous release, to ensure backwards compatibility.
+ */
+#if defined(MBEDTLS_ECJPAKE_C) || \
+ defined(MBEDTLS_PEM_PARSE_C) || \
+ defined(MBEDTLS_ENTROPY_C) || \
+ defined(MBEDTLS_PK_C) || \
+ defined(MBEDTLS_PKCS12_C) || \
+ defined(MBEDTLS_RSA_C) || \
+ defined(MBEDTLS_SSL_TLS_C) || \
+ defined(MBEDTLS_X509_USE_C) || \
+ defined(MBEDTLS_X509_CREATE_C)
+#define MBEDTLS_MD_LIGHT
+#endif
+
+#if defined(MBEDTLS_MD_LIGHT)
+/*
+ * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
+ * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
+ * (see below).
+ * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
+ * via PSA (see below).
+ * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
+ * via a direct legacy call (see below).
+ *
+ * The md module performs an algorithm via PSA if there is a PSA hash
+ * accelerator and the PSA driver subsytem is initialized at the time the
+ * operation is started, and makes a direct legacy call otherwise.
+ */
+
+/* PSA accelerated implementations */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
+#define MBEDTLS_MD_CAN_MD5
+#define MBEDTLS_MD_MD5_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
+#define MBEDTLS_MD_CAN_SHA1
+#define MBEDTLS_MD_SHA1_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
+#define MBEDTLS_MD_CAN_SHA224
+#define MBEDTLS_MD_SHA224_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
+#define MBEDTLS_MD_CAN_SHA256
+#define MBEDTLS_MD_SHA256_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
+#define MBEDTLS_MD_CAN_SHA384
+#define MBEDTLS_MD_SHA384_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
+#define MBEDTLS_MD_CAN_SHA512
+#define MBEDTLS_MD_SHA512_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
+#define MBEDTLS_MD_CAN_RIPEMD160
+#define MBEDTLS_MD_RIPEMD160_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
+#define MBEDTLS_MD_CAN_SHA3_224
+#define MBEDTLS_MD_SHA3_224_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
+#define MBEDTLS_MD_CAN_SHA3_256
+#define MBEDTLS_MD_SHA3_256_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
+#define MBEDTLS_MD_CAN_SHA3_384
+#define MBEDTLS_MD_SHA3_384_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
+#define MBEDTLS_MD_CAN_SHA3_512
+#define MBEDTLS_MD_SHA3_512_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+/* Built-in implementations */
+#if defined(MBEDTLS_MD5_C)
+#define MBEDTLS_MD_CAN_MD5
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA1_C)
+#define MBEDTLS_MD_CAN_SHA1
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA224_C)
+#define MBEDTLS_MD_CAN_SHA224
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_MD_CAN_SHA256
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA384_C)
+#define MBEDTLS_MD_CAN_SHA384
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_MD_CAN_SHA512
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA3_C)
+#define MBEDTLS_MD_CAN_SHA3_224
+#define MBEDTLS_MD_CAN_SHA3_256
+#define MBEDTLS_MD_CAN_SHA3_384
+#define MBEDTLS_MD_CAN_SHA3_512
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+#define MBEDTLS_MD_CAN_RIPEMD160
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+
+#endif /* MBEDTLS_MD_LIGHT */
+
+/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
+ * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
+ * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
+ * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
+ * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
+ * these features are not supported in PSA so the only way to have them is
+ * to enable the built-in solution.
+ * Both of them are temporary dependencies:
+ * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
+ * - support for compressed points should also be added to PSA, but in this
+ * case there is no associated issue to track it yet.
+ * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
+ * still depends on ECP_LIGHT.
+ * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
+ * be fixed by #7453.
+ */
+#if defined(MBEDTLS_ECP_C) || \
+ defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
+ defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define MBEDTLS_ECP_LIGHT
+#endif
+
+/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
+ * in previous version compressed points were automatically supported as long
+ * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
+ * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
+ * are met. */
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PK_PARSE_EC_COMPRESSED
+#endif
+
+/* Helper symbol to state that there is support for ECDH, either through
+ * library implementation (ECDH_C) or through PSA. */
+#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
+ (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
+#define MBEDTLS_CAN_ECDH
+#endif
+
+/* PK module can achieve ECDSA functionalities by means of either software
+ * implementations (ECDSA_C) or through a PSA driver. The following defines
+ * are meant to list these capabilities in a general way which abstracts how
+ * they are implemented under the hood. */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_ECDSA_C)
+#define MBEDTLS_PK_CAN_ECDSA_SIGN
+#define MBEDTLS_PK_CAN_ECDSA_VERIFY
+#endif /* MBEDTLS_ECDSA_C */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(PSA_WANT_ALG_ECDSA)
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define MBEDTLS_PK_CAN_ECDSA_SIGN
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#define MBEDTLS_PK_CAN_ECDSA_VERIFY
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+#endif /* PSA_WANT_ALG_ECDSA */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
+#define MBEDTLS_PK_CAN_ECDSA_SOME
+#endif
+
+/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
+ * is defined as well to include all PSA code.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#define MBEDTLS_PSA_CRYPTO_CLIENT
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+/* The PK wrappers need pk_write/pk_parse functions to format RSA key objects
+ * when they are dispatching to the PSA API. This happens under MBEDTLS_USE_PSA_CRYPTO,
+ * and even under just MBEDTLS_PSA_CRYPTO_C in psa_crypto_rsa.c. */
+#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PK_PARSE_C
+#endif
+
+/* Helpers to state that each key is supported either on the builtin or PSA side. */
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
+#define MBEDTLS_ECP_HAVE_SECP521R1
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#define MBEDTLS_ECP_HAVE_BP512R1
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
+#define MBEDTLS_ECP_HAVE_CURVE448
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#define MBEDTLS_ECP_HAVE_BP384R1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
+#define MBEDTLS_ECP_HAVE_SECP384R1
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#define MBEDTLS_ECP_HAVE_BP256R1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
+#define MBEDTLS_ECP_HAVE_SECP256K1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
+#define MBEDTLS_ECP_HAVE_SECP256R1
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
+#define MBEDTLS_ECP_HAVE_CURVE25519
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
+#define MBEDTLS_ECP_HAVE_SECP224K1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
+#define MBEDTLS_ECP_HAVE_SECP224R1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
+#define MBEDTLS_ECP_HAVE_SECP192K1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
+#define MBEDTLS_ECP_HAVE_SECP192R1
+#endif
+
+/* Helper symbol to state that the PK module has support for EC keys. This
+ * can either be provided through the legacy ECP solution or through the
+ * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
+#if defined(MBEDTLS_ECP_C) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
+#define MBEDTLS_PK_HAVE_ECC_KEYS
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
+
+/* Historically pkparse did not check the CBC padding when decrypting
+ * a key. This was a bug, which is now fixed. As a consequence, pkparse
+ * now needs PKCS7 padding support, but existing configurations might not
+ * enable it, so we enable it here. */
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#endif
+
+/* Backwards compatibility for some macros which were renamed to reflect that
+ * they are related to Armv8, not aarch64. */
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
+ !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
+#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+#endif
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+#endif
+
+/* Some internal helpers to determine which keys are availble. */
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
+#define MBEDTLS_SSL_HAVE_AES
+#endif
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
+#define MBEDTLS_SSL_HAVE_ARIA
+#endif
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
+#define MBEDTLS_SSL_HAVE_CAMELLIA
+#endif
+
+/* Some internal helpers to determine which operation modes are availble. */
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
+#define MBEDTLS_SSL_HAVE_CBC
+#endif
+
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
+#define MBEDTLS_SSL_HAVE_GCM
+#endif
+
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
+#define MBEDTLS_SSL_HAVE_CCM
+#endif
+
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
+#define MBEDTLS_SSL_HAVE_CHACHAPOLY
+#endif
+
+#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
+ defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
+#define MBEDTLS_SSL_HAVE_AEAD
+#endif
+
+#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h
new file mode 100644
index 0000000..bf87c36
--- /dev/null
+++ b/include/mbedtls/config_adjust_legacy_from_psa.h
@@ -0,0 +1,885 @@
+/**
+ * \file mbedtls/config_adjust_legacy_from_psa.h
+ * \brief Adjust PSA configuration: activate legacy implementations
+ *
+ * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, activate legacy implementations
+ * of cryptographic mechanisms as needed to fulfill the needs of the PSA
+ * configuration. Generally speaking, we activate a legacy mechanism if
+ * it's needed for a requested PSA mechanism and there is no PSA driver
+ * for it.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
+#define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
+
+/* Define appropriate ACCEL macros for the p256-m driver.
+ * In the future, those should be generated from the drivers JSON description.
+ */
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256
+#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_ECDH
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
+#endif
+
+/*
+ * ECC: support for a feature is controlled by a triplet or a pair:
+ * (curve, key_type public/basic, alg) or (curve, key_type_<action>).
+ *
+ * A triplet/pair is accelerated if all of is components are accelerated;
+ * otherwise each component needs to be built in.
+ *
+ * We proceed in two passes:
+ * 1. Check if acceleration is complete for curves, key types, algs.
+ * 2. Then enable built-ins for each thing that's either not accelerated of
+ * doesn't have complete acceleration of the other triplet/pair components.
+ *
+ * Note: this needs psa/crypto_adjust_keypair_types.h to have been included
+ * already, so that we know the full set of key types that are requested.
+ */
+
+/* ECC: curves: is acceleration complete? */
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_255) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_448) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_192) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_224) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_256) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_384) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_521) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_K1_192) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_K1_224) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_K1_256) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
+#endif
+
+/* ECC: algs: is acceleration complete? */
+#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
+#endif
+
+#if defined(PSA_WANT_ALG_ECDH) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
+#endif
+
+#if defined(PSA_WANT_ALG_ECDSA) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
+#endif
+
+#if defined(PSA_WANT_ALG_JPAKE) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
+#endif
+
+/* ECC: key types: is acceleration complete? */
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
+#endif
+
+/* Special case: we don't support cooked key derivation in drivers yet */
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+#endif
+
+/* Note: the condition is always true as DERIVE can't be accelerated yet */
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
+#endif
+
+/* ECC: curves: enable built-ins as needed.
+ *
+ * We need the curve built-in:
+ * - if it's not accelerated, or
+ * - if there's a key type with missing acceleration, or
+ * - if there's a alg with missing acceleration.
+ */
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_192)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_SECP_R1_192 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_224)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_SECP_R1_224 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_256)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_SECP_R1_256 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_384)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_SECP_R1_384 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_521)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_SECP_R1_521 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_192)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_SECP_K1_192 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_224)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+/* https://github.com/Mbed-TLS/mbedtls/issues/3541 */
+#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_SECP_K1_224 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_256)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#endif /* missing accel */
+#endif /* PSA_WANT_ECC_SECP_K1_256 */
+
+/* ECC: algs: enable built-ins as needed.
+ *
+ * We need the alg built-in:
+ * - if it's not accelerated, or
+ * - if there's a relevant curve (see below) with missing acceleration, or
+ * - if there's a key type among (public, basic) with missing acceleration.
+ *
+ * Relevant curves are:
+ * - all curves for ECDH
+ * - Weierstrass curves for (deterministic) ECDSA
+ * - secp256r1 for EC J-PAKE
+ */
+#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC)
+#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#endif /* missing accel */
+#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
+
+#if defined(PSA_WANT_ALG_ECDH)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#endif /* missing accel */
+#endif /* PSA_WANT_ALG_ECDH */
+
+#if defined(PSA_WANT_ALG_ECDSA)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#endif /* missing accel */
+#endif /* PSA_WANT_ALG_ECDSA */
+
+#if defined(PSA_WANT_ALG_JPAKE)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) || \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC)
+#define MBEDTLS_PSA_BUILTIN_PAKE 1
+#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECJPAKE_C
+#endif /* missing accel */
+#endif /* PSA_WANT_ALG_JPAKE */
+
+/* ECC: key types: enable built-ins as needed.
+ *
+ * We need the key type built-in:
+ * - if it's not accelerated, or
+ * - if there's a curve with missing acceleration, or
+ * - only for public/basic: if there's an alg with missing acceleration.
+ */
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define MBEDTLS_ECP_LIGHT
+#define MBEDTLS_BIGNUM_C
+#endif /* missing accel */
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define MBEDTLS_ECP_LIGHT
+#define MBEDTLS_BIGNUM_C
+#endif /* missing accel */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define MBEDTLS_ECP_LIGHT
+#define MBEDTLS_BIGNUM_C
+#endif /* missing accel */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#endif /* missing accel */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#endif /* missing accel */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
+
+/* Note: the condition is always true as DERIVE can't be accelerated yet */
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \
+ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
+#define MBEDTLS_ECP_LIGHT
+#define MBEDTLS_BIGNUM_C
+#endif /* missing accel */
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
+
+/* End of ECC section */
+
+#if defined(PSA_WANT_ALG_FFDH)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
+#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */
+#endif /* PSA_WANT_ALG_FFDH */
+
+#if defined(PSA_WANT_ALG_HKDF)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
+/*
+ * The PSA implementation has its own implementation of HKDF, separate from
+ * hkdf.c. No need to enable MBEDTLS_HKDF_C here.
+ */
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
+#endif /* PSA_WANT_ALG_HKDF */
+
+#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
+/*
+ * The PSA implementation has its own implementation of HKDF, separate from
+ * hkdf.c. No need to enable MBEDTLS_HKDF_C here.
+ */
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
+#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
+
+#if defined(PSA_WANT_ALG_HKDF_EXPAND)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
+/*
+ * The PSA implementation has its own implementation of HKDF, separate from
+ * hkdf.c. No need to enable MBEDTLS_HKDF_C here.
+ */
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
+#endif /* PSA_WANT_ALG_HKDF_EXPAND */
+
+#if defined(PSA_WANT_ALG_HMAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
+#endif /* PSA_WANT_ALG_HMAC */
+
+#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
+#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
+#define MBEDTLS_MD5_C
+#endif
+
+#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
+#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
+#define MBEDTLS_RIPEMD160_C
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_OAEP)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PKCS1_V21
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
+#endif /* PSA_WANT_ALG_RSA_OAEP */
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PKCS1_V15
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
+#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PKCS1_V15
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
+#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
+
+#if defined(PSA_WANT_ALG_RSA_PSS)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PKCS1_V21
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
+#endif /* PSA_WANT_ALG_RSA_PSS */
+
+#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
+#define MBEDTLS_SHA1_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
+#define MBEDTLS_SHA224_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
+#define MBEDTLS_SHA256_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
+#define MBEDTLS_SHA384_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
+#define MBEDTLS_SHA512_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
+#define MBEDTLS_SHA3_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
+#define MBEDTLS_SHA3_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
+#define MBEDTLS_SHA3_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
+#define MBEDTLS_SHA3_C
+#endif
+
+#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
+#define PSA_HAVE_SOFT_PBKDF2_HMAC 1
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
+#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
+
+#if defined(PSA_WANT_ALG_TLS12_PRF)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
+#endif /* PSA_WANT_ALG_TLS12_PRF */
+
+#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
+#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
+
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */
+#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
+#define MBEDTLS_GENPRIME
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
+#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
+
+/* If any of the block modes are requested that don't have an
+ * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
+ * in the block cipher key types. */
+#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
+ (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
+ (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
+ (defined(PSA_WANT_ALG_ECB_NO_PADDING) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)) || \
+ (defined(PSA_WANT_ALG_CBC_NO_PADDING) && !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
+ (defined(PSA_WANT_ALG_CBC_PKCS7) && !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
+ (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
+#define PSA_HAVE_SOFT_BLOCK_MODE 1
+#endif
+
+#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
+ (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
+#define PSA_HAVE_SOFT_BLOCK_AEAD 1
+#endif
+
+#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128)
+#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1
+#define PSA_HAVE_SOFT_PBKDF2_CMAC 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */
+#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */
+
+#if defined(PSA_WANT_KEY_TYPE_AES)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
+#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
+ defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
+#define MBEDTLS_AES_C
+#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
+#endif /* PSA_WANT_KEY_TYPE_AES */
+
+#if defined(PSA_WANT_KEY_TYPE_ARIA)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
+#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
+ defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
+#define MBEDTLS_ARIA_C
+#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
+#endif /* PSA_WANT_KEY_TYPE_ARIA */
+
+#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
+#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
+ defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
+#define MBEDTLS_CAMELLIA_C
+#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
+#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
+
+#if defined(PSA_WANT_KEY_TYPE_DES)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
+#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
+#define MBEDTLS_DES_C
+#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
+#endif /* PSA_WANT_KEY_TYPE_DES */
+
+#if defined(PSA_WANT_ALG_STREAM_CIPHER)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+#endif /* MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER */
+#endif /* PSA_WANT_ALG_STREAM_CIPHER */
+
+#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+#define MBEDTLS_CHACHA20_C
+#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
+#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+
+/* If any of the software block ciphers are selected, define
+ * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
+ * situations. */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
+#endif
+
+#if defined(PSA_WANT_ALG_CBC_MAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
+#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
+#endif /* PSA_WANT_ALG_CBC_MAC */
+
+#if defined(PSA_WANT_ALG_CMAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
+#define MBEDTLS_CMAC_C
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
+#endif /* PSA_WANT_ALG_CMAC */
+
+#if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \
+ defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
+#define PSA_HAVE_SOFT_PBKDF2 1
+#endif /* PSA_HAVE_SOFT_PBKDF2_HMAC || PSA_HAVE_SOFT_PBKDF2_CMAC */
+
+#if defined(PSA_WANT_ALG_CTR)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
+#define MBEDTLS_CIPHER_MODE_CTR
+#endif
+#endif /* PSA_WANT_ALG_CTR */
+
+#if defined(PSA_WANT_ALG_CFB)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
+#define MBEDTLS_CIPHER_MODE_CFB
+#endif
+#endif /* PSA_WANT_ALG_CFB */
+
+#if defined(PSA_WANT_ALG_OFB)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
+#define MBEDTLS_CIPHER_MODE_OFB
+#endif
+#endif /* PSA_WANT_ALG_OFB */
+
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
+#endif
+
+#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
+#endif
+#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
+
+#if defined(PSA_WANT_ALG_CBC_PKCS7)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#endif
+#endif /* PSA_WANT_ALG_CBC_PKCS7 */
+
+#if defined(PSA_WANT_ALG_CCM)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+#define MBEDTLS_CCM_C
+#endif
+#endif /* PSA_WANT_ALG_CCM */
+
+#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
+#define MBEDTLS_CCM_C
+#endif
+#endif /* PSA_WANT_ALG_CCM_STAR_NO_TAG */
+
+#if defined(PSA_WANT_ALG_GCM)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
+#define MBEDTLS_GCM_C
+#endif
+#endif /* PSA_WANT_ALG_GCM */
+
+#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
+#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+#define MBEDTLS_CHACHAPOLY_C
+#define MBEDTLS_CHACHA20_C
+#define MBEDTLS_POLY1305_C
+#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
+#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
+#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
+
+#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H */
diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h
new file mode 100644
index 0000000..b841875
--- /dev/null
+++ b/include/mbedtls/config_adjust_psa_from_legacy.h
@@ -0,0 +1,340 @@
+/**
+ * \file mbedtls/config_adjust_psa_from_legacy.h
+ * \brief Adjust PSA configuration: construct PSA configuration from legacy
+ *
+ * When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable
+ * cryptographic mechanisms through the PSA interface when the corresponding
+ * legacy mechanism is enabled. In many cases, this just enables the PSA
+ * wrapper code around the legacy implementation, but we also do this for
+ * some mechanisms where PSA has its own independent implementation so
+ * that high-level modules that can use either cryptographic API have the
+ * same feature set in both cases.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
+#define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
+
+/*
+ * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
+ * is not defined
+ */
+
+#if defined(MBEDTLS_CCM_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+#define PSA_WANT_ALG_CCM 1
+#if defined(MBEDTLS_CIPHER_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
+#endif /* MBEDTLS_CIPHER_C */
+#endif /* MBEDTLS_CCM_C */
+
+#if defined(MBEDTLS_CMAC_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
+#define PSA_WANT_ALG_CMAC 1
+#endif /* MBEDTLS_CMAC_C */
+
+#if defined(MBEDTLS_ECDH_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
+#define PSA_WANT_ALG_ECDH 1
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_ECDSA_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+#define PSA_WANT_ALG_ECDSA 1
+#define PSA_WANT_ALG_ECDSA_ANY 1
+
+// Only add in DETERMINISTIC support if ECDSA is also enabled
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+/* Normally we wouldn't enable this because it's not implemented in ecp.c,
+ * but since it used to be available any time ECP_C was enabled, let's enable
+ * it anyway for the sake of backwards compatibility */
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+/* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_DHM_C)
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
+#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
+#define PSA_WANT_ALG_FFDH 1
+#define PSA_WANT_DH_FAMILY_RFC7919 1
+#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#endif /* MBEDTLS_DHM_C */
+
+#if defined(MBEDTLS_GCM_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
+#define PSA_WANT_ALG_GCM 1
+#endif /* MBEDTLS_GCM_C */
+
+/* Enable PSA HKDF algorithm if mbedtls HKDF is supported.
+ * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when
+ * PSA HKDF is enabled, so enable both algorithms together
+ * with PSA HKDF. */
+#if defined(MBEDTLS_HKDF_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define PSA_WANT_ALG_HMAC 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
+#define PSA_WANT_ALG_HKDF 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
+#define PSA_WANT_ALG_HKDF_EXTRACT 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
+#define PSA_WANT_ALG_HKDF_EXPAND 1
+#endif /* MBEDTLS_HKDF_C */
+
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define PSA_WANT_ALG_HMAC 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+
+#if defined(MBEDTLS_MD_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
+#define PSA_WANT_ALG_TLS12_PRF 1
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
+#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_MD5_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
+#define PSA_WANT_ALG_MD5 1
+#endif
+
+#if defined(MBEDTLS_ECJPAKE_C)
+#define MBEDTLS_PSA_BUILTIN_PAKE 1
+#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
+#define PSA_WANT_ALG_JPAKE 1
+#endif
+
+#if defined(MBEDTLS_RIPEMD160_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
+#define PSA_WANT_ALG_RIPEMD160 1
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+#if defined(MBEDTLS_PKCS1_V15)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
+#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
+#define PSA_WANT_ALG_RSA_OAEP 1
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
+#define PSA_WANT_ALG_RSA_PSS 1
+#endif /* MBEDTLS_PKCS1_V21 */
+#if defined(MBEDTLS_GENPRIME)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
+#endif /* MBEDTLS_GENPRIME */
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
+#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_SHA1_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
+#define PSA_WANT_ALG_SHA_1 1
+#endif
+
+#if defined(MBEDTLS_SHA224_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
+#define PSA_WANT_ALG_SHA_224 1
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
+#define PSA_WANT_ALG_SHA_256 1
+#endif
+
+#if defined(MBEDTLS_SHA384_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
+#define PSA_WANT_ALG_SHA_384 1
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
+#define PSA_WANT_ALG_SHA_512 1
+#endif
+
+#if defined(MBEDTLS_SHA3_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
+#define PSA_WANT_ALG_SHA3_224 1
+#define PSA_WANT_ALG_SHA3_256 1
+#define PSA_WANT_ALG_SHA3_384 1
+#define PSA_WANT_ALG_SHA3_512 1
+#endif
+
+#if defined(MBEDTLS_AES_C)
+#define PSA_WANT_KEY_TYPE_AES 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
+#endif
+
+#if defined(MBEDTLS_ARIA_C)
+#define PSA_WANT_KEY_TYPE_ARIA 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
+#endif
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#define PSA_WANT_KEY_TYPE_CAMELLIA 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
+#endif
+
+#if defined(MBEDTLS_DES_C)
+#define PSA_WANT_KEY_TYPE_DES 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
+#endif
+
+#if defined(MBEDTLS_CHACHA20_C)
+#define PSA_WANT_KEY_TYPE_CHACHA20 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+/* ALG_STREAM_CIPHER requires CIPHER_C in order to be supported in PSA */
+#if defined(MBEDTLS_CIPHER_C)
+#define PSA_WANT_ALG_STREAM_CIPHER 1
+#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+#endif
+#if defined(MBEDTLS_CHACHAPOLY_C)
+#define PSA_WANT_ALG_CHACHA20_POLY1305 1
+#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
+#endif
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
+#define PSA_WANT_ALG_CBC_NO_PADDING 1
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
+#define PSA_WANT_ALG_CBC_PKCS7 1
+#endif
+#endif
+
+#if (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
+ defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)) && \
+ defined(MBEDTLS_CIPHER_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
+#define PSA_WANT_ALG_ECB_NO_PADDING 1
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
+#define PSA_WANT_ALG_CFB 1
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
+#define PSA_WANT_ALG_CTR 1
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
+#define PSA_WANT_ALG_OFB 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
+#define PSA_WANT_ECC_MONTGOMERY_255 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
+#define PSA_WANT_ECC_MONTGOMERY_448 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
+#define PSA_WANT_ECC_SECP_R1_192 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
+#define PSA_WANT_ECC_SECP_R1_224 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+#define PSA_WANT_ECC_SECP_R1_256 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
+#define PSA_WANT_ECC_SECP_R1_384 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
+#define PSA_WANT_ECC_SECP_R1_521 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
+#define PSA_WANT_ECC_SECP_K1_192 1
+#endif
+
+/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
+#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
+#define PSA_WANT_ECC_SECP_K1_224 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
+#define PSA_WANT_ECC_SECP_K1_256 1
+#endif
+
+#endif /* MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H */
diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/include/mbedtls/config_adjust_psa_superset_legacy.h
new file mode 100644
index 0000000..3a55c3f
--- /dev/null
+++ b/include/mbedtls/config_adjust_psa_superset_legacy.h
@@ -0,0 +1,142 @@
+/**
+ * \file mbedtls/config_adjust_psa_superset_legacy.h
+ * \brief Adjust PSA configuration: automatic enablement from legacy
+ *
+ * To simplify some edge cases, we automatically enable certain cryptographic
+ * mechanisms in the PSA API if they are enabled in the legacy API. The general
+ * idea is that if legacy module M uses mechanism A internally, and A has
+ * both a legacy and a PSA implementation, we enable A through PSA whenever
+ * it's enabled through legacy. This facilitates the transition to PSA
+ * implementations of A for users of M.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
+#define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
+
+/****************************************************************/
+/* Hashes that are built in are also enabled in PSA.
+ * This simplifies dependency declarations especially
+ * for modules that obey MBEDTLS_USE_PSA_CRYPTO. */
+/****************************************************************/
+
+#if defined(MBEDTLS_MD5_C)
+#define PSA_WANT_ALG_MD5 1
+#endif
+
+#if defined(MBEDTLS_RIPEMD160_C)
+#define PSA_WANT_ALG_RIPEMD160 1
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+#define PSA_WANT_ALG_SHA_1 1
+#endif
+
+#if defined(MBEDTLS_SHA224_C)
+#define PSA_WANT_ALG_SHA_224 1
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+#define PSA_WANT_ALG_SHA_256 1
+#endif
+
+#if defined(MBEDTLS_SHA384_C)
+#define PSA_WANT_ALG_SHA_384 1
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+#define PSA_WANT_ALG_SHA_512 1
+#endif
+
+#if defined(MBEDTLS_SHA3_C)
+#define PSA_WANT_ALG_SHA3_224 1
+#define PSA_WANT_ALG_SHA3_256 1
+#define PSA_WANT_ALG_SHA3_384 1
+#define PSA_WANT_ALG_SHA3_512 1
+#endif
+
+/* Ensure that the PSA's supported curves (PSA_WANT_ECC_xxx) are always a
+ * superset of the builtin ones (MBEDTLS_ECP_DP_xxx). */
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
+#endif /*MBEDTLS_ECP_DP_BP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#if !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#if !defined(PSA_WANT_ECC_MONTGOMERY_255)
+#define PSA_WANT_ECC_MONTGOMERY_255 1
+#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#if !defined(PSA_WANT_ECC_MONTGOMERY_448)
+#define PSA_WANT_ECC_MONTGOMERY_448 1
+#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#if !defined(PSA_WANT_ECC_SECP_R1_192)
+#define PSA_WANT_ECC_SECP_R1_192 1
+#endif /* PSA_WANT_ECC_SECP_R1_192 */
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#if !defined(PSA_WANT_ECC_SECP_R1_224)
+#define PSA_WANT_ECC_SECP_R1_224 1
+#endif /* PSA_WANT_ECC_SECP_R1_224 */
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#if !defined(PSA_WANT_ECC_SECP_R1_256)
+#define PSA_WANT_ECC_SECP_R1_256 1
+#endif /* PSA_WANT_ECC_SECP_R1_256 */
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if !defined(PSA_WANT_ECC_SECP_R1_384)
+#define PSA_WANT_ECC_SECP_R1_384 1
+#endif /* PSA_WANT_ECC_SECP_R1_384 */
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#if !defined(PSA_WANT_ECC_SECP_R1_521)
+#define PSA_WANT_ECC_SECP_R1_521 1
+#endif /* PSA_WANT_ECC_SECP_R1_521 */
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#if !defined(PSA_WANT_ECC_SECP_K1_192)
+#define PSA_WANT_ECC_SECP_K1_192 1
+#endif /* PSA_WANT_ECC_SECP_K1_192 */
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
+#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#if !defined(PSA_WANT_ECC_SECP_K1_224)
+#define PSA_WANT_ECC_SECP_K1_224 1
+#endif /* PSA_WANT_ECC_SECP_K1_224 */
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#if !defined(PSA_WANT_ECC_SECP_K1_256)
+#define PSA_WANT_ECC_SECP_K1_256 1
+#endif /* PSA_WANT_ECC_SECP_K1_256 */
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+#endif /* MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H */
diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h
new file mode 100644
index 0000000..8415f3e
--- /dev/null
+++ b/include/mbedtls/config_adjust_ssl.h
@@ -0,0 +1,76 @@
+/**
+ * \file mbedtls/config_adjust_ssl.h
+ * \brief Adjust TLS configuration
+ *
+ * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * configurations need to be explicitly enabled by the user: enabling
+ * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
+ * compilation error. However, we do automatically enable certain options
+ * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
+ * used to identify parts of a module that are used by other module, and we
+ * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
+ * Another case is if A didn't depend on B in earlier versions, and we
+ * want to use B in A but we need to preserve backward compatibility with
+ * configurations that explicitly activate MBEDTLS_xxx_A but not
+ * MBEDTLS_xxx_B.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
+#define MBEDTLS_CONFIG_ADJUST_SSL_H
+
+/* The following blocks make it easier to disable all of TLS,
+ * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
+ * key exchanges, options and extensions related to them. */
+
+#if !defined(MBEDTLS_SSL_TLS_C)
+#undef MBEDTLS_SSL_CLI_C
+#undef MBEDTLS_SSL_SRV_C
+#undef MBEDTLS_SSL_PROTO_TLS1_3
+#undef MBEDTLS_SSL_PROTO_TLS1_2
+#undef MBEDTLS_SSL_PROTO_DTLS
+#endif
+
+#if !defined(MBEDTLS_SSL_PROTO_DTLS)
+#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
+#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
+#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#undef MBEDTLS_SSL_DTLS_SRTP
+#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+#endif
+
+#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#undef MBEDTLS_SSL_RENEGOTIATION
+#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+#endif
+
+#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+#undef MBEDTLS_SSL_EARLY_DATA
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
+#define MBEDTLS_SSL_TLS1_2_SOME_ECC
+#endif
+
+#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */
diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h
new file mode 100644
index 0000000..346c8ae
--- /dev/null
+++ b/include/mbedtls/config_adjust_x509.h
@@ -0,0 +1,25 @@
+/**
+ * \file mbedtls/config_adjust_x509.h
+ * \brief Adjust X.509 configuration
+ *
+ * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * configurations need to be explicitly enabled by the user: enabling
+ * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
+ * compilation error. However, we do automatically enable certain options
+ * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
+ * used to identify parts of a module that are used by other module, and we
+ * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
+ * Another case is if A didn't depend on B in earlier versions, and we
+ * want to use B in A but we need to preserve backward compatibility with
+ * configurations that explicitly activate MBEDTLS_xxx_A but not
+ * MBEDTLS_xxx_B.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_X509_H
+#define MBEDTLS_CONFIG_ADJUST_X509_H
+
+#endif /* MBEDTLS_CONFIG_ADJUST_X509_H */
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index e113865..17da61b 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -12,998 +12,37 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CONFIG_PSA_H
#define MBEDTLS_CONFIG_PSA_H
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
-#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
-#else
-#include "psa/crypto_config.h"
-#endif
-#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
-
-#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
-#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
-#endif
-
#include "psa/crypto_legacy.h"
-#ifdef __cplusplus
-extern "C" {
-#endif
+#include "psa/crypto_adjust_config_synonyms.h"
-
-
-/****************************************************************/
-/* De facto synonyms */
-/****************************************************************/
-
-#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
-#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
-#endif
-
-#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM)
-#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG
-#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM)
-#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
-#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
-#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
-#endif
-
-
-/****************************************************************/
-/* Hashes that are built in are also enabled in PSA.
- * This simplifies dependency declarations especially
- * for modules that obey MBEDTLS_USE_PSA_CRYPTO. */
-/****************************************************************/
-
-#if defined(MBEDTLS_MD5_C)
-#define PSA_WANT_ALG_MD5 1
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#define PSA_WANT_ALG_RIPEMD160 1
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-#define PSA_WANT_ALG_SHA_1 1
-#endif
-
-#if defined(MBEDTLS_SHA224_C)
-#define PSA_WANT_ALG_SHA_224 1
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#define PSA_WANT_ALG_SHA_256 1
-#endif
-
-#if defined(MBEDTLS_SHA384_C)
-#define PSA_WANT_ALG_SHA_384 1
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#define PSA_WANT_ALG_SHA_512 1
-#endif
-
-
-/****************************************************************/
-/* Require built-in implementations based on PSA requirements */
-/****************************************************************/
+#include "mbedtls/config_adjust_psa_superset_legacy.h"
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
-#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
+/* Require built-in implementations based on PSA requirements */
-#if defined(PSA_WANT_ALG_ECDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
-#endif /* PSA_WANT_ALG_ECDH */
+/* We need this to have a complete list of requirements
+ * before we deduce what built-ins are required. */
+#include "psa/crypto_adjust_config_key_pair_types.h"
-#if defined(PSA_WANT_ALG_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
-#endif /* PSA_WANT_ALG_ECDSA */
-
-#if defined(PSA_WANT_ALG_FFDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
-#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */
-#endif /* PSA_WANT_ALG_FFDH */
-
-#if defined(PSA_WANT_ALG_HKDF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
-#endif /* PSA_WANT_ALG_HKDF */
-
-#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
-#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
-
-#if defined(PSA_WANT_ALG_HKDF_EXPAND)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
-#endif /* PSA_WANT_ALG_HKDF_EXPAND */
-
-#if defined(PSA_WANT_ALG_HMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
-#endif /* PSA_WANT_ALG_HMAC */
-
-#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define MBEDTLS_MD5_C
-#endif
-
-#if defined(PSA_WANT_ALG_JPAKE)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
-#define MBEDTLS_PSA_BUILTIN_PAKE 1
-#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ECJPAKE_C
-#endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */
-#endif /* PSA_WANT_ALG_JPAKE */
-
-#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define MBEDTLS_RIPEMD160_C
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_OAEP)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
-#endif /* PSA_WANT_ALG_RSA_OAEP */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
-
-#if defined(PSA_WANT_ALG_RSA_PSS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
-#endif /* PSA_WANT_ALG_RSA_PSS */
-
-#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define MBEDTLS_SHA1_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define MBEDTLS_SHA224_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define MBEDTLS_SHA256_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define MBEDTLS_SHA384_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define MBEDTLS_SHA512_C
-#endif
-
-#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
-#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
-#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
-
-#if defined(PSA_WANT_ALG_TLS12_PRF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
-#endif /* PSA_WANT_ALG_TLS12_PRF */
-
-#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
-#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
-
-#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */
-#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
-#define MBEDTLS_GENPRIME
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
-
-/* If any of the block modes are requested that don't have an
- * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
- * in the block cipher key types. */
-#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
- (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
- (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
- defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
- (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
- (defined(PSA_WANT_ALG_CBC_PKCS7) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
- (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
-#define PSA_HAVE_SOFT_BLOCK_MODE 1
-#endif
-
-#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
- (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
-#define PSA_HAVE_SOFT_BLOCK_AEAD 1
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#define MBEDTLS_AES_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_ARIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#define MBEDTLS_ARIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_ARIA */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_CAMELLIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#if defined(PSA_WANT_KEY_TYPE_DES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
-#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#define MBEDTLS_DES_C
-#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_DES */
-
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_CHACHA20_C
-#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-
-/* If any of the software block ciphers are selected, define
- * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
- * situations. */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
-#endif
-
-#if defined(PSA_WANT_ALG_STREAM_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif /* PSA_WANT_ALG_STREAM_CIPHER */
-
-#if defined(PSA_WANT_ALG_CBC_MAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
-#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
-#endif /* PSA_WANT_ALG_CBC_MAC */
-
-#if defined(PSA_WANT_ALG_CMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define MBEDTLS_CMAC_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
-#endif /* PSA_WANT_ALG_CMAC */
-
-#if defined(PSA_WANT_ALG_CTR)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define MBEDTLS_CIPHER_MODE_CTR
-#endif
-#endif /* PSA_WANT_ALG_CTR */
-
-#if defined(PSA_WANT_ALG_CFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define MBEDTLS_CIPHER_MODE_CFB
-#endif
-#endif /* PSA_WANT_ALG_CFB */
-
-#if defined(PSA_WANT_ALG_OFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define MBEDTLS_CIPHER_MODE_OFB
-#endif
-#endif /* PSA_WANT_ALG_OFB */
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#endif
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_CBC_PKCS7)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-#endif /* PSA_WANT_ALG_CBC_PKCS7 */
-
-#if defined(PSA_WANT_ALG_CCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
-#define MBEDTLS_CCM_C
-#endif
-#endif /* PSA_WANT_ALG_CCM */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define MBEDTLS_GCM_C
-#endif
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#define MBEDTLS_CHACHAPOLY_C
-#define MBEDTLS_CHACHA20_C
-#define MBEDTLS_POLY1305_C
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
-#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
-#endif /* PSA_WANT_ECC_SECP_R1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
-#endif /* PSA_WANT_ECC_SECP_R1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
-#endif /* PSA_WANT_ECC_SECP_R1_256 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
-#endif /* PSA_WANT_ECC_SECP_R1_384 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_521)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
-#endif /* PSA_WANT_ECC_SECP_R1_521 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
-#endif /* PSA_WANT_ECC_SECP_K1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
-/*
- * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
- */
-#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
-#endif /* PSA_WANT_ECC_SECP_K1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
-#endif /* PSA_WANT_ECC_SECP_K1_256 */
-
-
-
-/****************************************************************/
-/* Infer PSA requirements from Mbed TLS capabilities */
-/****************************************************************/
+#include "mbedtls/config_adjust_legacy_from_psa.h"
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
-/*
- * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
- * is not defined
- */
+/* Infer PSA requirements from Mbed TLS capabilities */
-#if defined(MBEDTLS_CCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
-#define PSA_WANT_ALG_CCM 1
-#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
-#endif /* MBEDTLS_CCM_C */
+#include "mbedtls/config_adjust_psa_from_legacy.h"
-#if defined(MBEDTLS_CMAC_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define PSA_WANT_ALG_CMAC 1
-#endif /* MBEDTLS_CMAC_C */
-
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define PSA_WANT_ALG_ECDH 1
-#endif /* MBEDTLS_ECDH_C */
-
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA_ANY 1
-
-// Only add in DETERMINISTIC support if ECDSA is also enabled
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-#endif /* MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-/* Normally we wouldn't enable this because it's not implemented in ecp.c,
- * but since it used to be available any time ECP_C was enabled, let's enable
- * it anyway for the sake of backwards compatibility */
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-/* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_DHM_C)
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
-#define PSA_WANT_ALG_FFDH 1
-#define PSA_WANT_DH_FAMILY_RFC7919 1
-#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
-#endif /* MBEDTLS_DHM_C */
-
-#if defined(MBEDTLS_GCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define PSA_WANT_ALG_GCM 1
-#endif /* MBEDTLS_GCM_C */
-
-/* Enable PSA HKDF algorithm if mbedtls HKDF is supported.
- * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when
- * PSA HKDF is enabled, so enable both algorithms together
- * with PSA HKDF. */
-#if defined(MBEDTLS_HKDF_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#define PSA_WANT_ALG_HKDF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
-#define PSA_WANT_ALG_HKDF_EXTRACT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
-#define PSA_WANT_ALG_HKDF_EXPAND 1
-#endif /* MBEDTLS_HKDF_C */
-
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_KEY_TYPE_HMAC
-
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define PSA_WANT_ALG_MD5 1
-#endif
-
-#if defined(MBEDTLS_ECJPAKE_C)
-#define MBEDTLS_PSA_BUILTIN_PAKE 1
-#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
-#define PSA_WANT_ALG_JPAKE 1
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define PSA_WANT_ALG_RIPEMD160 1
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_PKCS1_V15)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
-#endif /* MBEDTLS_PKCS1_V15 */
-#if defined(MBEDTLS_PKCS1_V21)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define PSA_WANT_ALG_RSA_OAEP 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define PSA_WANT_ALG_RSA_PSS 1
-#endif /* MBEDTLS_PKCS1_V21 */
-#if defined(MBEDTLS_GENPRIME)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
-#endif /* MBEDTLS_GENPRIME */
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define PSA_WANT_ALG_SHA_1 1
-#endif
-
-#if defined(MBEDTLS_SHA224_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define PSA_WANT_ALG_SHA_224 1
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define PSA_WANT_ALG_SHA_256 1
-#endif
-
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define PSA_WANT_ALG_SHA_384 1
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define PSA_WANT_ALG_SHA_512 1
-#endif
-
-#if defined(MBEDTLS_AES_C)
-#define PSA_WANT_KEY_TYPE_AES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#endif
-
-#if defined(MBEDTLS_ARIA_C)
-#define PSA_WANT_KEY_TYPE_ARIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#define PSA_WANT_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#define PSA_WANT_KEY_TYPE_DES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#endif
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
-#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
-#endif
-
-#if defined(MBEDTLS_CHACHA20_C)
-#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#define PSA_WANT_ALG_CHACHA20_POLY1305 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#define PSA_WANT_ALG_CBC_NO_PADDING 1
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define PSA_WANT_ALG_CBC_PKCS7 1
-#endif
-#endif
-
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
- defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#define PSA_WANT_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define PSA_WANT_ALG_CFB 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define PSA_WANT_ALG_CTR 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define PSA_WANT_ALG_OFB 1
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_512
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#define PSA_WANT_ECC_MONTGOMERY_255
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#define PSA_WANT_ECC_MONTGOMERY_448
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#define PSA_WANT_ECC_SECP_R1_192
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#define PSA_WANT_ECC_SECP_R1_224
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define PSA_WANT_ECC_SECP_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#define PSA_WANT_ECC_SECP_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#define PSA_WANT_ECC_SECP_R1_521
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#define PSA_WANT_ECC_SECP_K1_192
-#endif
-
-/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
-#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#define PSA_WANT_ECC_SECP_K1_224
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#define PSA_WANT_ECC_SECP_K1_256
-#endif
+/* Hopefully the file above will have enabled keypair symbols in a consistent
+ * way, but including this here fixes them if that wasn't the case. */
+#include "psa/crypto_adjust_config_key_pair_types.h"
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
@@ -1011,56 +50,6 @@
#define PSA_WANT_ALG_SOME_PAKE 1
#endif
-/* Even though KEY_PAIR symbols' feature several level of support (BASIC, IMPORT,
- * EXPORT, GENERATE, DERIVE) we're not planning to have support only for BASIC
- * without IMPORT/EXPORT since these last 2 features are strongly used in tests.
- * In general it is allowed to include more feature than what is strictly
- * requested.
- * As a consequence IMPORT and EXPORT features will be automatically enabled
- * as soon as the BASIC one is. */
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#endif
-
-/* See description above */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#endif
-
-/* See description above */
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-#endif
-
-/* See description above */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-#endif
-
-/* See description above */
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#endif
-
-/* See description above */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#endif
-
-/* These features are always enabled. */
-#define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_PASSWORD 1
-#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
-#define PSA_WANT_KEY_TYPE_RAW_DATA 1
-
-#ifdef __cplusplus
-}
-#endif
+#include "psa/crypto_adjust_auto_enabled.h"
#endif /* MBEDTLS_CONFIG_PSA_H */
diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h
index 91a9e7f..d31bff6 100644
--- a/include/mbedtls/constant_time.h
+++ b/include/mbedtls/constant_time.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CONSTANT_TIME_H
@@ -23,20 +11,22 @@
#include <stddef.h>
-
/** Constant-time buffer comparison without branches.
*
* This is equivalent to the standard memcmp function, but is likely to be
- * compiled to code using bitwise operation rather than a branch.
+ * compiled to code using bitwise operations rather than a branch, such that
+ * the time taken is constant w.r.t. the data pointed to by \p a and \p b,
+ * and w.r.t. whether \p a and \p b are equal or not. It is not constant-time
+ * w.r.t. \p n .
*
* This function can be used to write constant-time code by replacing branches
* with bit operations using masks.
*
- * \param a Pointer to the first buffer.
- * \param b Pointer to the second buffer.
- * \param n The number of bytes to compare in the buffer.
+ * \param a Pointer to the first buffer, containing at least \p n bytes. May not be NULL.
+ * \param b Pointer to the second buffer, containing at least \p n bytes. May not be NULL.
+ * \param n The number of bytes to compare.
*
- * \return Zero if the content of the two buffer is the same,
+ * \return Zero if the contents of the two buffers are the same,
* otherwise non-zero.
*/
int mbedtls_ct_memcmp(const void *a,
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 0348281..c00756d 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -23,19 +23,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CTR_DRBG_H
@@ -44,7 +32,14 @@
#include "mbedtls/build_info.h"
+/* In case AES_C is defined then it is the primary option for backward
+ * compatibility purposes. If that's not available, PSA is used instead */
+#if defined(MBEDTLS_AES_C)
#include "mbedtls/aes.h"
+#else
+#include "psa/crypto.h"
+#endif
+
#include "entropy.h"
#if defined(MBEDTLS_THREADING_C)
@@ -162,6 +157,13 @@
#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
#endif
+#if !defined(MBEDTLS_AES_C)
+typedef struct mbedtls_ctr_drbg_psa_context {
+ mbedtls_svc_key_id_t key_id;
+ psa_cipher_operation_t operation;
+} mbedtls_ctr_drbg_psa_context;
+#endif
+
/**
* \brief The CTR_DRBG context structure.
*/
@@ -187,7 +189,11 @@
* This is the maximum number of requests
* that can be made between reseedings. */
+#if defined(MBEDTLS_AES_C)
mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
+#else
+ mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */
+#endif
/*
* Callbacks (Entropy)
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index d6dd152..922e5be 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_DEBUG_H
#define MBEDTLS_DEBUG_H
@@ -132,7 +120,12 @@
/* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#if !defined(MBEDTLS_PRINTF_MS_TIME)
+#include <inttypes.h>
+#if !defined(PRId64)
+#define MBEDTLS_PRINTF_MS_TIME MBEDTLS_PRINTF_LONGLONG
+#else
#define MBEDTLS_PRINTF_MS_TIME PRId64
+#endif
#endif /* MBEDTLS_PRINTF_MS_TIME */
#ifdef __cplusplus
@@ -237,7 +230,7 @@
const char *text, const mbedtls_mpi *X);
#endif
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/**
* \brief Print an ECP point to the debug output. This function is always
* used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index f445102..2b097a1 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
*/
#ifndef MBEDTLS_DES_H
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 0232a71..fcba3d2 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -45,19 +45,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_DHM_H
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 67c94f0..792db79 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -14,19 +14,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ECDH_H
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 3b2b418..2ecf349 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -12,19 +12,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ECDSA_H
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 0008d73..c2148a2 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ECJPAKE_H
#define MBEDTLS_ECJPAKE_H
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 0e678a3..7f5e880 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -16,19 +16,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ECP_H
@@ -175,7 +163,7 @@
#if !defined(MBEDTLS_ECP_ALT)
/*
- * default mbed TLS elliptic curve arithmetic implementation
+ * default Mbed TLS elliptic curve arithmetic implementation
*
* (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
* alternative implementation for the whole module and it will replace this
@@ -197,6 +185,27 @@
* odd prime as mbedtls_ecp_mul() requires an odd number, and
* mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
*
+ * The default implementation only initializes \p A without setting it to the
+ * authentic value for curves with <code>A = -3</code>(SECP256R1, etc), in which
+ * case you need to load \p A by yourself when using domain parameters directly,
+ * for example:
+ * \code
+ * mbedtls_mpi_init(&A);
+ * mbedtls_ecp_group_init(&grp);
+ * CHECK_RETURN(mbedtls_ecp_group_load(&grp, grp_id));
+ * if (mbedtls_ecp_group_a_is_minus_3(&grp)) {
+ * CHECK_RETURN(mbedtls_mpi_sub_int(&A, &grp.P, 3));
+ * } else {
+ * CHECK_RETURN(mbedtls_mpi_copy(&A, &grp.A));
+ * }
+ *
+ * do_something_with_a(&A);
+ *
+ * cleanup:
+ * mbedtls_mpi_free(&A);
+ * mbedtls_ecp_group_free(&grp);
+ * \endcode
+ *
* For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
* which is the quantity used in the formulas. Additionally, \p nbits is
* not the size of \p N but the required size for private keys.
@@ -223,8 +232,11 @@
typedef struct mbedtls_ecp_group {
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
- mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
- Montgomery curves: <code>(A + 2) / 4</code>. */
+ mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. Note that
+ \p A is not set to the authentic value in some cases.
+ Refer to detailed description of ::mbedtls_ecp_group if
+ using domain parameters in the structure.
+ For Montgomery curves: <code>(A + 2) / 4</code>. */
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
For Montgomery curves: unused. */
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
@@ -992,6 +1004,26 @@
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/**
+ * \brief This function checks if domain parameter A of the curve is
+ * \c -3.
+ *
+ * \note This function is only defined for short Weierstrass curves.
+ * It may not be included in builds without any short
+ * Weierstrass curve.
+ *
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ *
+ * \return \c 1 if <code>A = -3</code>.
+ * \return \c 0 Otherwise.
+ */
+static inline int mbedtls_ecp_group_a_is_minus_3(const mbedtls_ecp_group *grp)
+{
+ return grp->A.MBEDTLS_PRIVATE(p) == NULL;
+}
+
+/**
* \brief This function performs multiplication and addition of two
* points by integers: \p R = \p m * \p P + \p n * \p Q
*
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index e17245e..20fd687 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ENTROPY_H
#define MBEDTLS_ENTROPY_H
@@ -115,10 +103,10 @@
* \brief Entropy context structure
*/
typedef struct mbedtls_entropy_context {
+ mbedtls_md_context_t MBEDTLS_PRIVATE(accumulator);
int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
* 1 after the first update.
* -1 after free. */
- mbedtls_md_context_t MBEDTLS_PRIVATE(accumulator);
int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_THREADING_C)
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 11600bb..186589a 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ERROR_H
#define MBEDTLS_ERROR_H
@@ -166,9 +154,9 @@
}
/**
- * \brief Translate a mbed TLS error code into a string representation,
- * Result is truncated if necessary and always includes a terminating
- * null byte.
+ * \brief Translate an Mbed TLS error code into a string representation.
+ * The result is truncated if necessary and always includes a
+ * terminating null byte.
*
* \param errnum error code
* \param buffer buffer to place representation in
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index c3343e6..3925f68 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -13,19 +13,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_GCM_H
@@ -36,6 +24,10 @@
#include "mbedtls/cipher.h"
+#if !defined(MBEDTLS_CIPHER_C)
+#include "mbedtls/block_cipher.h"
+#endif
+
#include <stdint.h>
#define MBEDTLS_GCM_ENCRYPT 1
@@ -58,7 +50,11 @@
* \brief The GCM context structure.
*/
typedef struct mbedtls_gcm_context {
+#if defined(MBEDTLS_CIPHER_C)
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+#else
+ mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
+#endif
uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index 699c6d9..930e93f 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -8,19 +8,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_HKDF_H
#define MBEDTLS_HKDF_H
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 2e5aa6d..18b1b75 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_HMAC_DRBG_H
#define MBEDTLS_HMAC_DRBG_H
diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
index 5c8df42..95fce21 100644
--- a/include/mbedtls/lms.h
+++ b/include/mbedtls/lms.h
@@ -10,19 +10,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_LMS_H
#define MBEDTLS_LMS_H
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 6a76e88..a3e3f83 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
@@ -168,19 +156,51 @@
*
* Enable the memory allocation layer.
*
- * By default mbed TLS uses the system-provided calloc() and free().
+ * By default Mbed TLS uses the system-provided calloc() and free().
* This allows different allocators (self-implemented or provided) to be
* provided to the platform abstraction layer.
*
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * Enabling #MBEDTLS_PLATFORM_MEMORY without the
* MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
* "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
* free() function pointer at runtime.
*
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
* MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
* alternate function at compile time.
*
+ * An overview of how the value of mbedtls_calloc is determined:
+ *
+ * - if !MBEDTLS_PLATFORM_MEMORY
+ * - mbedtls_calloc = calloc
+ * - if MBEDTLS_PLATFORM_MEMORY
+ * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
+ * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
+ * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
+ * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
+ * - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
+ * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
+ * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
+ * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
+ * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
+ * - if MBEDTLS_PLATFORM_STD_CALLOC is present:
+ * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
+ * - if !MBEDTLS_PLATFORM_STD_CALLOC:
+ * - MBEDTLS_PLATFORM_STD_CALLOC = calloc
+ *
+ * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
+ * - if !MBEDTLS_PLATFORM_STD_CALLOC
+ * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
+ *
+ * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
+ *
+ * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
+ * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
+ * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
+ * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
+ *
* Requires: MBEDTLS_PLATFORM_C
*
* Enable this layer to allow use of alternative memory allocators.
@@ -209,10 +229,10 @@
/**
* \def MBEDTLS_PLATFORM_EXIT_ALT
*
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
* function in the platform abstraction layer.
*
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
* provide a function "mbedtls_platform_set_printf()" that allows you to set an
* alternative printf function pointer.
*
@@ -241,6 +261,48 @@
//#define MBEDTLS_PLATFORM_MS_TIME_ALT
/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(), to wipe sensitive data in memory. This replaces
+ * the default implementation in platform_util.c.
+ *
+ * By default, the library uses a system function such as memset_s()
+ * (optional feature of C11), explicit_bzero() (BSD and compatible), or
+ * SecureZeroMemory (Windows). If no such function is detected, the library
+ * falls back to a plain C implementation. Compilers are technically
+ * permitted to optimize this implementation out, meaning that the memory is
+ * not actually wiped. The library tries to prevent that, but the C language
+ * makes it impossible to guarantee that the memory will always be wiped.
+ *
+ * If your platform provides a guaranteed method to wipe memory which
+ * `platform_util.c` does not detect, define this macro to the name of
+ * a function that takes two arguments, a `void *` pointer and a length,
+ * and wipes that many bytes starting at the specified address. For example,
+ * if your platform has explicit_bzero() but `platform_util.c` does not
+ * detect its presence, define `MBEDTLS_PLATFORM_ZEROIZE_ALT` to be
+ * `explicit_bzero` to use that function as mbedtls_platform_zeroize().
+ */
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+/**
* \def MBEDTLS_DEPRECATED_WARNING
*
* Mark deprecated functions and features so that they generate a warning if
@@ -270,7 +332,7 @@
/** \} name SECTION: System support */
/**
- * \name SECTION: mbed TLS feature support
+ * \name SECTION: Mbed TLS feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled.
@@ -293,7 +355,7 @@
/**
* \def MBEDTLS_AES_ALT
*
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternate core implementation of a symmetric crypto, an arithmetic or hash
* module (e.g. platform specific assembly optimized implementations). Keep
* in mind that the function prototypes should remain the same.
@@ -301,7 +363,7 @@
* This replaces the whole module. If you only want to replace one of the
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
* provide the "struct mbedtls_aes_context" definition and omit the base
* function declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
@@ -349,14 +411,14 @@
/**
* \def MBEDTLS_SHA256_PROCESS_ALT
*
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
* alternate core implementation of symmetric crypto or hash function. Keep in
* mind that function prototypes should remain the same.
*
- * This replaces only one function. The header file from mbed TLS is still
+ * This replaces only one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
* no longer provide the mbedtls_sha1_process() function, but it will still provide
* the other function (using your mbedtls_sha1_process() function) and the definition
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
@@ -406,11 +468,11 @@
*
* Expose a part of the internal interface of the Elliptic Curve Point module.
*
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternative core implementation of elliptic curve arithmetic. Keep in mind
* that function prototypes should remain the same.
*
- * This partially replaces one function. The header file from mbed TLS is still
+ * This partially replaces one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
* is still present and it is used for group structures not supported by the
* alternative.
@@ -434,11 +496,11 @@
* implement optimized set up and tear down instructions.
*
* Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
* function, but will use your mbedtls_internal_ecp_double_jac() if the group
* for the operation is supported by your implementation (i.e. your
* mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
- * group is not supported by your implementation, then the original mbed TLS
+ * group is not supported by your implementation, then the original Mbed TLS
* implementation of ecp_double_jac() is used instead, unless this fallback
* behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
* ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
@@ -469,7 +531,7 @@
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
- * Uncomment this macro to let mbed TLS use your own implementation of a
+ * Uncomment this macro to let Mbed TLS use your own implementation of a
* hardware entropy collector.
*
* Your function must be called \c mbedtls_hardware_poll(), have the same
@@ -537,6 +599,20 @@
*/
//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+/*
+ * Disable plain C implementation for AES.
+ *
+ * When the plain C implementation is enabled, and an implementation using a
+ * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime
+ * detection will be used to select between them.
+ *
+ * If only one implementation is present, runtime detection will not be used.
+ * This configuration will crash at runtime if running on a CPU without the
+ * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C
+ * and/or MBEDTLS_AESNI_C is enabled & present in the build.
+ */
+//#define MBEDTLS_AES_USE_HARDWARE_ONLY
+
/**
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
*
@@ -661,6 +737,18 @@
//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
/**
+ * Enable the verified implementations of ECDH primitives from Project Everest
+ * (currently only Curve25519). This feature changes the layout of ECDH
+ * contexts and therefore is a compatibility break for applications that access
+ * fields of a mbedtls_ecdh_context structure directly. See also
+ * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ *
+ * The Everest code is provided under the Apache 2.0 license only; therefore enabling this
+ * option is not compatible with taking the library under the GPL v2.0-or-later license.
+ */
+//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+
+/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
* MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
@@ -751,6 +839,14 @@
//#define MBEDTLS_ECP_RESTARTABLE
/**
+ * Uncomment to enable using new bignum code in the ECC modules.
+ *
+ * \warning This is currently experimental, incomplete and therefore should not
+ * be used in production.
+ */
+//#define MBEDTLS_ECP_WITH_MPI_UINT
+
+/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
*
* Enable deterministic ECDSA (RFC 6979).
@@ -1305,6 +1401,13 @@
* NSPE (Non-Secure Process Environment) and an SPE (Secure Process
* Environment).
*
+ * If you enable this option, your build environment must include a header
+ * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS
+ * header files, or in another directory on the compiler's include search
+ * path). Alternatively, your platform may customize the header
+ * `psa/crypto_platform.h`, in which case it can skip or replace the
+ * inclusion of `"crypto_spe.h"`.
+ *
* Module: library/psa_crypto.c
* Requires: MBEDTLS_PSA_CRYPTO_C
*
@@ -1312,6 +1415,47 @@
//#define MBEDTLS_PSA_CRYPTO_SPM
/**
+ * Uncomment to enable p256-m. This is an alternative implementation of
+ * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
+ * Compared to the default implementation:
+ *
+ * - p256-m has a much smaller code size and RAM footprint.
+ * - p256-m is only available via the PSA API. This includes the pk module
+ * when #MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
+ * over the core arithmetic, or deterministic derivation of keys.
+ *
+ * We recommend enabling this option if your application uses the PSA API
+ * and the only elliptic curve support it needs is ECDH and ECDSA over
+ * SECP256R1.
+ *
+ * If you enable this option, you do not need to enable any ECC-related
+ * MBEDTLS_xxx option. You do need to separately request support for the
+ * cryptographic mechanisms through the PSA API:
+ * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based
+ * configuration;
+ * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS;
+ * - #PSA_WANT_ECC_SECP_R1_256;
+ * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
+ * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
+ *
+ * \note To benefit from the smaller code size of p256-m, make sure that you
+ * do not enable any ECC-related option not supported by p256-m: this
+ * would cause the built-in ECC implementation to be built as well, in
+ * order to provide the required option.
+ * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
+ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
+ * SECP256R1 are disabled as they are not supported by this driver.
+ * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
+ * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
+ * the built-in ECC implementation, see docs/driver-only-builds.md.
+ */
+//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
+
+/**
* \def MBEDTLS_PSA_INJECT_ENTROPY
*
* Enable support for entropy injection at first boot. This feature is
@@ -1372,7 +1516,7 @@
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
+ * If you choose not to send the alert messages, Mbed TLS can still communicate
* with other servers, only debugging of failures is harder.
*
* The advantage of not sending alert messages, is that no information is given
@@ -1553,6 +1697,8 @@
* it has been associated with security issues in the past and is easy to
* misuse/misunderstand.
*
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ *
* Comment this to disable support for renegotiation.
*
* \note Even if this option is disabled, both client and server are aware
@@ -1611,9 +1757,7 @@
*
* Enable support for TLS 1.3.
*
- * \note The support for TLS 1.3 is not comprehensive yet, in particular
- * pre-shared keys are not supported.
- * See docs/architecture/tls13-support.md for a description of the TLS
+ * \note See docs/architecture/tls13-support.md for a description of the TLS
* 1.3 support that this option enables.
*
* Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
@@ -1713,27 +1857,13 @@
* This feature is experimental, not completed and thus not ready for
* production.
*
+ * \note The maximum amount of early data can be set with
+ * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
+ *
*/
//#define MBEDTLS_SSL_EARLY_DATA
/**
- * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
- *
- * The default maximum amount of 0-RTT data. See the documentation of
- * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
- *
- * It must be positive and smaller than UINT32_MAX.
- *
- * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
- * have any impact on the build.
- *
- * This feature is experimental, not completed and thus not ready for
- * production.
- *
- */
-#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
-
-/**
* \def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS (all available versions).
@@ -2061,15 +2191,17 @@
* Enable parsing and verification of X.509 certificates, CRLs and CSRS
* signed with RSASSA-PSS (aka PKCS#1 v2.1).
*
+ * Requires: MBEDTLS_PKCS1_V21
+ *
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-/** \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: Mbed TLS feature support */
/**
- * \name SECTION: mbed TLS modules
+ * \name SECTION: Mbed TLS modules
*
- * This section enables or disables entire modules in mbed TLS
+ * This section enables or disables entire modules in Mbed TLS
* \{
*/
@@ -2108,7 +2240,7 @@
/**
* \def MBEDTLS_AESCE_C
*
- * Enable AES cryptographic extension support on 64-bit Arm.
+ * Enable AES cryptographic extension support on Armv8.
*
* Module: library/aesce.c
* Caller: library/aes.c
@@ -2119,13 +2251,15 @@
* system, Armv8-A Cryptographic Extensions must be supported by
* the CPU when this option is enabled.
*
- * \note Minimum compiler versions for this feature are Clang 4.0,
- * armclang 6.6, GCC 6.0 or MSVC 2019 version 16.11.2.
+ * \note Minimum compiler versions for this feature when targeting aarch64
+ * are Clang 4.0; armclang 6.6; GCC 6.0; or MSVC 2019 version 16.11.2.
+ * Minimum compiler versions for this feature when targeting 32-bit
+ * Arm or Thumb are Clang 11.0; armclang 6.20; or GCC 6.0.
*
* \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
* armclang <= 6.9
*
- * This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems.
+ * This module adds support for the AES Armv8-A Cryptographic Extensions on Armv8 systems.
*/
#define MBEDTLS_AESCE_C
@@ -2245,6 +2379,28 @@
#define MBEDTLS_BASE64_C
/**
+ * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
+ *
+ * Remove decryption operation for AES, ARIA and Camellia block cipher.
+ *
+ * \note This feature is incompatible with insecure block cipher,
+ * MBEDTLS_DES_C, and cipher modes which always require decryption
+ * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and
+ * MBEDTLS_NIST_KW_C. When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled,
+ * this feature is incompatible with following supported PSA equivalence,
+ * PSA_WANT_ALG_ECB_NO_PADDING, PSA_WANT_ALG_CBC_NO_PADDING,
+ * PSA_WANT_ALG_CBC_PKCS7 and PSA_WANT_KEY_TYPE_DES.
+ *
+ * Module: library/aes.c
+ * library/aesce.c
+ * library/aesni.c
+ * library/aria.c
+ * library/camellia.c
+ * library/cipher.c
+ */
+//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
+
+/**
* \def MBEDTLS_BIGNUM_C
*
* Enable the multi-precision integer library.
@@ -2453,6 +2609,13 @@
* The CTR_DRBG generator uses AES-256 by default.
* To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
*
+ * AES support can either be achived through builtin (MBEDTLS_AES_C) or PSA.
+ * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA
+ * is used.
+ *
+ * \warning When using PSA, the user should call `psa_crypto_init()` before
+ * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`).
+ *
* \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
*
* \note To achieve a 256-bit security strength with CTR_DRBG,
@@ -2462,7 +2625,9 @@
* Module: library/ctr_drbg.c
* Caller:
*
- * Requires: MBEDTLS_AES_C
+ * Requires: MBEDTLS_AES_C or
+ * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and
+ * MBEDTLS_PSA_CRYPTO_C)
*
* This module provides the CTR_DRBG AES random number generator.
*/
@@ -2765,7 +2930,7 @@
* Module: library/memory_buffer_alloc.c
*
* Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
*
* Enable this module to enable the buffer memory allocator.
*/
@@ -3001,8 +3166,7 @@
*
* Module: library/psa_crypto.c
*
- * Requires: MBEDTLS_CIPHER_C,
- * either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
+ * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
* or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
* or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
*
@@ -3131,14 +3295,14 @@
#define MBEDTLS_SHA256_C
/**
- * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
*
* Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
* with the ARMv8 cryptographic extensions if they are available at runtime.
* If not, the library will fall back to the C implementation.
*
- * \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building
- * for a non-Aarch64 build it will be silently ignored.
+ * \note If MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT is defined when building
+ * for a non-Armv8-A build it will be silently ignored.
*
* \note Minimum compiler versions for this feature are Clang 4.0,
* armclang 6.6 or GCC 6.0.
@@ -3146,27 +3310,40 @@
* \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
* armclang <= 6.9
*
- * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
- * same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
+ * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
+ * That name is deprecated, but may still be used as an alternative form for this
+ * option.
+ *
+ * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT cannot be defined at the
+ * same time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
*
* Requires: MBEDTLS_SHA256_C.
*
* Module: library/sha256.c
*
- * Uncomment to have the library check for the A64 SHA-256 crypto extensions
+ * Uncomment to have the library check for the Armv8-A SHA-256 crypto extensions
* and use them if available.
*/
+//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+
+/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
+ * This name is now deprecated, but may still be used as an alternative form for
+ * this option.
+ */
//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
/**
- * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
*
* Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
* with the ARMv8 cryptographic extensions, which must be available at runtime
* or else an illegal instruction fault will occur.
*
* \note This allows builds with a smaller code size than with
- * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ * MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
*
* \note Minimum compiler versions for this feature are Clang 4.0,
* armclang 6.6 or GCC 6.0.
@@ -3174,16 +3351,29 @@
* \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
* armclang <= 6.9
*
- * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same
- * time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
+ * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
+ * That name is deprecated, but may still be used as an alternative form for this
+ * option.
+ *
+ * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY cannot be defined at the same
+ * time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
*
* Requires: MBEDTLS_SHA256_C.
*
* Module: library/sha256.c
*
- * Uncomment to have the library use the A64 SHA-256 crypto extensions
+ * Uncomment to have the library use the Armv8-A SHA-256 crypto extensions
* unconditionally.
*/
+//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+
+/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ *
+ * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
+ * This name is now deprecated, but may still be used as an alternative form for
+ * this option.
+ */
//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
/**
@@ -3367,7 +3557,7 @@
* \def MBEDTLS_THREADING_C
*
* Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * By default Mbed TLS assumes it is used in a non-threaded environment or that
* contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race
* conditions. See also our Knowledge Base article about threading:
@@ -3381,7 +3571,7 @@
* You will have to enable either MBEDTLS_THREADING_ALT or
* MBEDTLS_THREADING_PTHREAD.
*
- * Enable this layer to allow use of mutexes within mbed TLS
+ * Enable this layer to allow use of mutexes within Mbed TLS
*/
//#define MBEDTLS_THREADING_C
@@ -3527,7 +3717,7 @@
*/
#define MBEDTLS_X509_CSR_WRITE_C
-/** \} name SECTION: mbed TLS modules */
+/** \} name SECTION: Mbed TLS modules */
/**
* \name SECTION: General configuration options
@@ -3708,8 +3898,29 @@
/* Platform options */
//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
+
+/** \def MBEDTLS_PLATFORM_STD_CALLOC
+ *
+ * Default allocator to use, can be undefined.
+ * It must initialize the allocated buffer memory to zeroes.
+ * The size of the buffer is the product of the two parameters.
+ * The calloc function returns either a null pointer or a pointer to the allocated space.
+ * If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
+ * See the description of #MBEDTLS_PLATFORM_MEMORY for more details.
+ * The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE.
+ */
+//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
+
+/** \def MBEDTLS_PLATFORM_STD_FREE
+ *
+ * Default free to use, can be undefined.
+ * NULL is a valid parameter, and the function must do nothing.
+ * A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
+ * See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply).
+ */
+//#define MBEDTLS_PLATFORM_STD_FREE free
//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
@@ -3723,10 +3934,10 @@
//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */
+//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
@@ -3789,7 +4000,7 @@
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
/* RSA OPTIONS */
-#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
+//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
@@ -3903,24 +4114,44 @@
//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
/**
- * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
+ * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
*
- * Maximum time difference in milliseconds tolerated between the age of a
- * ticket from the server and client point of view.
- * From the client point of view, the age of a ticket is the time difference
- * between the time when the client proposes to the server to use the ticket
- * (time of writing of the Pre-Shared Key Extension including the ticket) and
- * the time the client received the ticket from the server.
- * From the server point of view, the age of a ticket is the time difference
- * between the time when the server receives a proposition from the client
- * to use the ticket and the time when the ticket was created by the server.
- * The server age is expected to be always greater than the client one and
- * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
- * maximum difference tolerated for the server to accept the ticket.
- * This is not used in TLS 1.2.
+ * The default maximum amount of 0-RTT data. See the documentation of
+ * \c mbedtls_ssl_conf_max_early_data_size() for more information.
+ *
+ * It must be positive and smaller than UINT32_MAX.
+ *
+ * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
+ * have any impact on the build.
+ *
+ * This feature is experimental, not completed and thus not ready for
+ * production.
*
*/
-#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
+//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
+ *
+ * Maximum allowed ticket age difference in milliseconds tolerated between
+ * server and client. Default value is 6000. This is not used in TLS 1.2.
+ *
+ * - The client ticket age is the time difference between the time when the
+ * client proposes to the server to use the ticket and the time the client
+ * received the ticket from the server.
+ * - The server ticket age is the time difference between the time when the
+ * server receives a proposition from the client to use the ticket and the
+ * time when the ticket was created by the server.
+ *
+ * The ages might be different due to the client and server clocks not running
+ * at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts
+ * per million (360 to 72 milliseconds per hour). Default tolerance window is
+ * 6s, thus in the worst case clients and servers must sync up their system time
+ * every 6000/360/2~=8 hours.
+ *
+ * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information.
+ */
+//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
/**
* \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
@@ -3929,7 +4160,7 @@
*
* This must be less than 256.
*/
-#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
+//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
/**
* \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
@@ -3939,81 +4170,10 @@
* the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
*
*/
-#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
/* X509 options */
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
- *
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/**
- * Enable the verified implementations of ECDH primitives from Project Everest
- * (currently only Curve25519). This feature changes the layout of ECDH
- * contexts and therefore is a compatibility break for applications that access
- * fields of a mbedtls_ecdh_context structure directly. See also
- * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
- */
-//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-
-/**
- * Uncomment to enable p256-m, which implements ECC key generation, ECDH,
- * and ECDSA for SECP256R1 curves. This driver is used as an example to
- * document how a third-party driver or software accelerator can be integrated
- * to work alongside Mbed TLS.
- *
- * \warning p256-m has only been included to serve as a sample implementation
- * of how a driver/accelerator can be integrated alongside Mbed TLS. It is not
- * intended for use in production. p256-m files in Mbed TLS are not updated
- * regularly, so they may not contain upstream fixes/improvements.
- * DO NOT ENABLE/USE THIS MACRO IN PRODUCTION BUILDS!
- */
-//#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED
-
-
-/**
- * Uncomment to enable using new bignum code in the ECC modules.
- *
- * \warning This is currently experimental, incomplete and therefore should not
- * be used in production.
- */
-//#define MBEDTLS_ECP_WITH_MPI_UINT
-
/** \} name SECTION: Module configuration options */
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index dde95c5..478e9f7 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -8,19 +8,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_MD_H
@@ -32,99 +20,6 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform_util.h"
-#if defined(MBEDTLS_MD_LIGHT)
-
-/*
- * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
- * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
- * (see below).
- * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
- * via PSA (see below).
- * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
- * via a direct legacy call (see below).
- *
- * The md module performs an algorithm via PSA if there is a PSA hash
- * accelerator and the PSA driver subsytem is initialized at the time the
- * operation is started, and makes a direct legacy call otherwise.
- */
-
-/* PSA accelerated implementations */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_MD_CAN_MD5
-#define MBEDTLS_MD_MD5_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#define MBEDTLS_MD_CAN_SHA1
-#define MBEDTLS_MD_SHA1_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_MD_CAN_SHA224
-#define MBEDTLS_MD_SHA224_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_MD_CAN_SHA256
-#define MBEDTLS_MD_SHA256_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_MD_CAN_SHA384
-#define MBEDTLS_MD_SHA384_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_MD_CAN_SHA512
-#define MBEDTLS_MD_SHA512_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_MD_CAN_RIPEMD160
-#define MBEDTLS_MD_RIPEMD160_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-/* Built-in implementations */
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_MD_CAN_MD5
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_MD_CAN_SHA1
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA224_C)
-#define MBEDTLS_MD_CAN_SHA224
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_MD_CAN_SHA256
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_MD_CAN_SHA384
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_CAN_SHA512
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA3_C)
-#define MBEDTLS_MD_CAN_SHA3_224
-#define MBEDTLS_MD_CAN_SHA3_256
-#define MBEDTLS_MD_CAN_SHA3_384
-#define MBEDTLS_MD_CAN_SHA3_512
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_MD_CAN_RIPEMD160
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-
-#endif /* MBEDTLS_MD_LIGHT */
-
/** The selected feature is not available. */
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
/** Bad input parameters to function. */
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 8081886..6bf0754 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_MD5_H
#define MBEDTLS_MD5_H
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index 9694d24..b527d9b 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 14316fb..85c1197 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -21,19 +21,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_NET_SOCKETS_H
#define MBEDTLS_NET_SOCKETS_H
@@ -155,7 +143,7 @@
* \param client_ctx Will contain the connected client socket
* \param client_ip Will contain the client IP address, can be NULL
* \param buf_size Size of the client_ip buffer
- * \param ip_len Will receive the size of the client IP written,
+ * \param cip_len Will receive the size of the client IP written,
* can be NULL if client_ip is null
*
* \return 0 if successful, or
@@ -168,7 +156,7 @@
*/
int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
mbedtls_net_context *client_ctx,
- void *client_ip, size_t buf_size, size_t *ip_len);
+ void *client_ip, size_t buf_size, size_t *cip_len);
/**
* \brief Check and wait for the context to be ready for read/write
@@ -286,6 +274,10 @@
* \brief Closes down the connection and free associated data
*
* \param ctx The context to close
+ *
+ * \note This function frees and clears data associated with the
+ * context but does not free the memory pointed to by \p ctx.
+ * This memory is the responsibility of the caller.
*/
void mbedtls_net_close(mbedtls_net_context *ctx);
@@ -293,6 +285,10 @@
* \brief Gracefully shutdown the connection and free associated data
*
* \param ctx The context to free
+ *
+ * \note This function frees and clears data associated with the
+ * context but does not free the memory pointed to by \p ctx.
+ * This memory is the responsibility of the caller.
*/
void mbedtls_net_free(mbedtls_net_context *ctx);
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index 0c95c90..d353f3d 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -17,19 +17,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_NIST_KW_H
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index e333ba1..e48817d 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_OID_H
#define MBEDTLS_OID_H
@@ -270,6 +258,15 @@
#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */
+
+
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
@@ -280,6 +277,16 @@
#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
+#define MBEDTLS_OID_HMAC_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x0d" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-224(13) } */
+
+#define MBEDTLS_OID_HMAC_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x0e" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-256(14) } */
+
+#define MBEDTLS_OID_HMAC_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x0f" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-384(15) } */
+
+#define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */
+
+#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */
+
/*
* Encryption algorithms
*/
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index a33fc65..cc617a9 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PEM_H
#define MBEDTLS_PEM_H
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index f56c942..27768bd 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PK_H
@@ -40,7 +28,7 @@
#include "mbedtls/ecdsa.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif
@@ -173,11 +161,11 @@
/* Internal helper to define which fields in the pk_context structure below
* should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly)
- * format. It should be noticed that this only affect how data is stored, not
+ * format. It should be noted that this only affects how data is stored, not
* which functions are used for various operations. The overall picture looks
* like this:
- * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
- * and legacy functions
+ * - if USE_PSA is not defined and ECP_C is defined then use ecp_keypair data
+ * structure and legacy functions
* - if USE_PSA is defined and
* - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
* format and use PSA functions
@@ -185,13 +173,13 @@
*
* The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long
* as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the
- * ecp_keypair structure inside the pk_context so he/she can modify it using
+ * ecp_keypair structure inside the pk_context so they can modify it using
* ECP functions which are not under PK module's control.
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
!defined(MBEDTLS_ECP_C)
#define MBEDTLS_PK_USE_PSA_EC_DATA
-#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
+#endif
/* Helper symbol to state that the PK module has support for EC keys. This
* can either be provided through the legacy ECP solution or through the
@@ -241,7 +229,7 @@
void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
/* The following field is used to store the ID of a private key in the
* following cases:
- * - opaque key when MBEDTLS_PSA_CRYPTO_C is defined
+ * - opaque key when MBEDTLS_USE_PSA_CRYPTO is defined
* - normal key when MBEDTLS_PK_USE_PSA_EC_DATA is defined. In this case:
* - the pk_ctx above is not not used to store the private key anymore.
* Actually that field not populated at all in this case because also
@@ -251,15 +239,10 @@
*
* Note: this private key storing solution only affects EC keys, not the
* other ones. The latters still use the pk_ctx to store their own
- * context.
- *
- * Note: this priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by
- * MBEDTLS_PK_USE_PSA_EC_DATA (as the public counterpart below) because,
- * when working with opaque keys, it can be used also in
- * mbedtls_pk_sign_ext for RSA keys. */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+ * context. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* The following fields are meant for storing the public key in raw format
* which is handy for:
* - easily importing it into the PSA context
@@ -627,7 +610,6 @@
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-#if defined(MBEDTLS_PSA_CRYPTO_C)
/**
* \brief Make signature given a signature type.
*
@@ -664,7 +646,6 @@
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
-#endif /* MBEDTLS_PSA_CRYPTO_C */
/**
* \brief Restartable version of \c mbedtls_pk_sign()
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index eb9e2d9..09f89a2 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PKCS12_H
#define MBEDTLS_PKCS12_H
@@ -43,8 +31,8 @@
#define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */
#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */
-#define MBEDTLS_PKCS12_PBE_DECRYPT 0
-#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
+#define MBEDTLS_PKCS12_PBE_DECRYPT MBEDTLS_DECRYPT
+#define MBEDTLS_PKCS12_PBE_ENCRYPT MBEDTLS_ENCRYPT
#ifdef __cplusplus
extern "C" {
@@ -52,10 +40,30 @@
#if defined(MBEDTLS_ASN1_PARSE_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief PKCS12 Password Based function (encryption / decryption)
* for cipher-based and mbedtls_md-based PBE's
*
+ * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must
+ * be enabled at compile time.
+ *
+ * \deprecated This function is deprecated and will be removed in a
+ * future version of the library.
+ * Please use mbedtls_pkcs12_pbe_ext() instead.
+ *
+ * \warning When decrypting:
+ * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile
+ * time, this function validates the CBC padding and returns
+ * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is
+ * invalid. Note that this can help active adversaries
+ * attempting to brute-forcing the password. Note also that
+ * there is no guarantee that an invalid password will be
+ * detected (the chances of a valid padding with a random
+ * password are about 1/255).
+ * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile
+ * time, this function does not validate the CBC padding.
+ *
* \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
* \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or
* #MBEDTLS_PKCS12_PBE_DECRYPT
@@ -64,17 +72,78 @@
* \param pwd Latin1-encoded password used. This may only be \c NULL when
* \p pwdlen is 0. No null terminator should be used.
* \param pwdlen length of the password (may be 0)
- * \param input the input data
+ * \param data the input data
* \param len data length
- * \param output the output buffer
+ * \param output Output buffer.
+ * On success, it contains the encrypted or decrypted data,
+ * possibly followed by the CBC padding.
+ * On failure, the content is indeterminate.
+ * For decryption, there must be enough room for \p len
+ * bytes.
+ * For encryption, there must be enough room for
+ * \p len + 1 bytes, rounded up to the block size of
+ * the block cipher identified by \p pbe_params.
*
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
*/
-int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
- mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *input, size_t len,
- unsigned char *output);
+int MBEDTLS_DEPRECATED mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_type_t cipher_type,
+ mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output);
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+/**
+ * \brief PKCS12 Password Based function (encryption / decryption)
+ * for cipher-based and mbedtls_md-based PBE's
+ *
+ *
+ * \warning When decrypting:
+ * - This function validates the CBC padding and returns
+ * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is
+ * invalid. Note that this can help active adversaries
+ * attempting to brute-forcing the password. Note also that
+ * there is no guarantee that an invalid password will be
+ * detected (the chances of a valid padding with a random
+ * password are about 1/255).
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
+ * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or
+ * #MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param cipher_type the cipher used
+ * \param md_type the mbedtls_md used
+ * \param pwd Latin1-encoded password used. This may only be \c NULL when
+ * \p pwdlen is 0. No null terminator should be used.
+ * \param pwdlen length of the password (may be 0)
+ * \param data the input data
+ * \param len data length
+ * \param output Output buffer.
+ * On success, it contains the encrypted or decrypted data,
+ * possibly followed by the CBC padding.
+ * On failure, the content is indeterminate.
+ * For decryption, there must be enough room for \p len
+ * bytes.
+ * For encryption, there must be enough room for
+ * \p len + 1 bytes, rounded up to the block size of
+ * the block cipher identified by \p pbe_params.
+ * \param output_size size of output buffer.
+ * This must be big enough to accommodate for output plus
+ * padding data.
+ * \param output_len On success, length of actual data written to the output buffer.
+ *
+ * \return 0 if successful, or a MBEDTLS_ERR_XXX code
+ */
+int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output, size_t output_size,
+ size_t *output_len);
+
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
#endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index 152b45f..6cfe967 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -7,27 +7,17 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PKCS5_H
#define MBEDTLS_PKCS5_H
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
#include "mbedtls/asn1.h"
#include "mbedtls/md.h"
+#include "mbedtls/cipher.h"
#include <stddef.h>
#include <stdint.h>
@@ -41,8 +31,8 @@
/** Given private key password does not allow for correct decryption. */
#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00
-#define MBEDTLS_PKCS5_DECRYPT 0
-#define MBEDTLS_PKCS5_ENCRYPT 1
+#define MBEDTLS_PKCS5_DECRYPT MBEDTLS_DECRYPT
+#define MBEDTLS_PKCS5_ENCRYPT MBEDTLS_ENCRYPT
#ifdef __cplusplus
extern "C" {
@@ -50,23 +40,95 @@
#if defined(MBEDTLS_ASN1_PARSE_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief PKCS#5 PBES2 function
*
+ * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must
+ * be enabled at compile time.
+ *
+ * \deprecated This function is deprecated and will be removed in a
+ * future version of the library.
+ * Please use mbedtls_pkcs5_pbes2_ext() instead.
+ *
+ * \warning When decrypting:
+ * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile
+ * time, this function validates the CBC padding and returns
+ * #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is
+ * invalid. Note that this can help active adversaries
+ * attempting to brute-forcing the password. Note also that
+ * there is no guarantee that an invalid password will be
+ * detected (the chances of a valid padding with a random
+ * password are about 1/255).
+ * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile
+ * time, this function does not validate the CBC padding.
+ *
* \param pbe_params the ASN.1 algorithm parameters
- * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
+ * \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT
* \param pwd password to use when generating key
* \param pwdlen length of password
* \param data data to process
* \param datalen length of data
- * \param output output buffer
+ * \param output Output buffer.
+ * On success, it contains the encrypted or decrypted data,
+ * possibly followed by the CBC padding.
+ * On failure, the content is indeterminate.
+ * For decryption, there must be enough room for \p datalen
+ * bytes.
+ * For encryption, there must be enough room for
+ * \p datalen + 1 bytes, rounded up to the block size of
+ * the block cipher identified by \p pbe_params.
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
-int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t datalen,
- unsigned char *output);
+int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output);
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+/**
+ * \brief PKCS#5 PBES2 function
+ *
+ * \warning When decrypting:
+ * - This function validates the CBC padding and returns
+ * #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is
+ * invalid. Note that this can help active adversaries
+ * attempting to brute-forcing the password. Note also that
+ * there is no guarantee that an invalid password will be
+ * detected (the chances of a valid padding with a random
+ * password are about 1/255).
+ *
+ * \param pbe_params the ASN.1 algorithm parameters
+ * \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT
+ * \param pwd password to use when generating key
+ * \param pwdlen length of password
+ * \param data data to process
+ * \param datalen length of data
+ * \param output Output buffer.
+ * On success, it contains the decrypted data.
+ * On failure, the content is indetermidate.
+ * For decryption, there must be enough room for \p datalen
+ * bytes.
+ * For encryption, there must be enough room for
+ * \p datalen + 1 bytes, rounded up to the block size of
+ * the block cipher identified by \p pbe_params.
+ * \param output_size size of output buffer.
+ * This must be big enough to accommodate for output plus
+ * padding data.
+ * \param output_len On success, length of actual data written to the output buffer.
+ *
+ * \returns 0 on success, or a MBEDTLS_ERR_XXX code if parsing or decryption fails.
+ */
+int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output, size_t output_size,
+ size_t *output_len);
+
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
#endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h
index 1231e34..70b25a9 100644
--- a/include/mbedtls/pkcs7.h
+++ b/include/mbedtls/pkcs7.h
@@ -6,19 +6,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 768c756..de3d71d 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -21,19 +21,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H
@@ -130,11 +118,22 @@
#endif
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+/* Enable certain documented defines only when generating doxygen to avoid
+ * an "unrecognized define" error. */
+#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#define MBEDTLS_PLATFORM_STD_CALLOC
+#endif
+
+#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_FREE)
+#define MBEDTLS_PLATFORM_STD_FREE
+#endif
/** \} name SECTION: Module settings */
/*
* The function pointers for calloc and free.
+ * Please see MBEDTLS_PLATFORM_STD_CALLOC and MBEDTLS_PLATFORM_STD_FREE
+ * in mbedtls_config.h for more information about behaviour and requirements.
*/
#if defined(MBEDTLS_PLATFORM_MEMORY)
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index c7973d9..97f1963 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -1,23 +1,11 @@
/**
* \file platform_time.h
*
- * \brief mbed TLS Platform time abstraction
+ * \brief Mbed TLS Platform time abstraction
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PLATFORM_TIME_H
#define MBEDTLS_PLATFORM_TIME_H
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index edbde94..cba02ab 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -6,19 +6,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H
@@ -145,6 +133,11 @@
#define MBEDTLS_IGNORE_RETURN(result) ((void) !(result))
#endif
+/* If the following macro is defined, the library is being built by the test
+ * framework, and the framework is going to provide a replacement
+ * mbedtls_platform_zeroize() using a preprocessor macro, so the function
+ * declaration should be omitted. */
+#if !defined(MBEDTLS_TEST_DEFINES_ZEROIZE) //no-check-names
/**
* \brief Securely zeroize a buffer
*
@@ -168,6 +161,7 @@
*
*/
void mbedtls_platform_zeroize(void *buf, size_t len);
+#endif
#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 3025ef1..61bcaa6 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -14,19 +14,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_POLY1305_H
diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h
index 61fa877..580f3eb 100644
--- a/include/mbedtls/private_access.h
+++ b/include/mbedtls/private_access.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PRIVATE_ACCESS_H
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 8ce1592..5f6a053 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PSA_UTIL_H
@@ -26,6 +14,8 @@
#include "mbedtls/build_info.h"
+#include "psa/crypto.h"
+
#if defined(MBEDTLS_PSA_CRYPTO_C)
/* Expose whatever RNG the PSA subsystem uses to applications using the
@@ -112,5 +102,53 @@
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
+/** \defgroup psa_tls_helpers TLS helper functions
+ * @{
+ */
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#include <mbedtls/ecp.h>
+
+/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
+ *
+ * \note This function is provided solely for the convenience of
+ * Mbed TLS and may be removed at any time without notice.
+ *
+ * \param grpid An Mbed TLS elliptic curve identifier
+ * (`MBEDTLS_ECP_DP_xxx`).
+ * \param[out] bits On success, the bit size of the curve.
+ *
+ * \return The corresponding PSA elliptic curve identifier
+ * (`PSA_ECC_FAMILY_xxx`).
+ * \return \c 0 on failure (\p grpid is not recognized).
+ */
+psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
+ size_t *bits);
+
+/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
+ *
+ * \note This function is provided solely for the convenience of
+ * Mbed TLS and may be removed at any time without notice.
+ *
+ * \param curve A PSA elliptic curve identifier
+ * (`PSA_ECC_FAMILY_xxx`).
+ * \param bits The bit-length of a private key on \p curve.
+ * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
+ * to the nearest multiple of 8. This allows the caller
+ * to infer the exact curve from the length of a key
+ * which is supplied as a byte string.
+ *
+ * \return The corresponding Mbed TLS elliptic curve identifier
+ * (`MBEDTLS_ECP_DP_xxx`).
+ * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
+ * \return #MBEDTLS_ECP_DP_NONE if \p bits is not
+ * correct for \p curve.
+ */
+mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
+ size_t bits,
+ int bits_is_sloppy);
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+
+/**@}*/
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index acec3c5..279f92b 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_RIPEMD160_H
#define MBEDTLS_RIPEMD160_H
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 69f3981..e5e172f 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -11,19 +11,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_RSA_H
#define MBEDTLS_RSA_H
@@ -881,6 +869,7 @@
const unsigned char *hash,
unsigned char *sig);
+#if defined(MBEDTLS_PKCS1_V21)
/**
* \brief This function performs a PKCS#1 v2.1 PSS signature
* operation (RSASSA-PSS-SIGN).
@@ -981,6 +970,7 @@
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig);
+#endif /* MBEDTLS_PKCS1_V21 */
/**
* \brief This function performs a public RSA operation and checks
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 18bde93..592ffd1 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -12,19 +12,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SHA1_H
#define MBEDTLS_SHA1_H
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 87e5cc6..ca568e2 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -8,19 +8,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SHA256_H
#define MBEDTLS_SHA256_H
@@ -50,11 +38,13 @@
* made in the call to mbedtls_sha256_starts().
*/
typedef struct mbedtls_sha256_context {
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
+#if defined(MBEDTLS_SHA224_C)
int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
+#endif
}
mbedtls_sha256_context;
diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h
index 77748be..3eeee65 100644
--- a/include/mbedtls/sha3.h
+++ b/include/mbedtls/sha3.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SHA3_H
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index ea54678..1c20e4c 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -7,19 +7,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SHA512_H
#define MBEDTLS_SHA512_H
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 920efa9..043988f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
@@ -405,6 +393,22 @@
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
+#if !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE)
+#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
+#endif
+
+#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE)
+#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
+#endif
+
+#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH)
+#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
+#endif
+
+#if !defined(MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS)
+#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+#endif
+
/** \} name SECTION: Module settings */
/*
@@ -609,7 +613,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && \
+ defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) && \
defined(MBEDTLS_MD_CAN_SHA384)
#define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */
#else
@@ -683,7 +687,6 @@
MBEDTLS_SSL_SERVER_FINISHED,
MBEDTLS_SSL_FLUSH_BUFFERS,
MBEDTLS_SSL_HANDSHAKE_WRAPUP,
-
MBEDTLS_SSL_NEW_SESSION_TICKET,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
MBEDTLS_SSL_HELLO_RETRY_REQUEST,
@@ -1193,7 +1196,7 @@
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
+ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< start time of current session */
#endif
int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
@@ -1230,12 +1233,21 @@
char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)
- mbedtls_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time ticket was received */
-#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_SSL_CLI_C)
+ mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time); /*!< time when ticket was received. */
+#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+ mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); /*!< time when ticket was created. */
+#endif
+#endif /* MBEDTLS_HAVE_TIME */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ uint32_t MBEDTLS_PRIVATE(max_early_data_size); /*!< maximum amount of early data in tickets */
+#endif
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
@@ -1487,7 +1499,7 @@
const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
@@ -1824,7 +1836,7 @@
* and #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_EARLY_DATA)
int MBEDTLS_PRIVATE(early_data_status);
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */
@@ -1996,8 +2008,8 @@
* \warning This interface is experimental and may change without notice.
*
*/
-void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf,
- int early_data_enabled);
+void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf,
+ int early_data_enabled);
#if defined(MBEDTLS_SSL_SRV_C)
/**
@@ -2022,8 +2034,12 @@
*
* \warning This interface is experimental and may change without notice.
*
+ * \warning This interface DOES NOT influence/limit the amount of early data
+ * that can be received through previously created and issued tickets,
+ * which clients may have stored.
+ *
*/
-void mbedtls_ssl_tls13_conf_max_early_data_size(
+void mbedtls_ssl_conf_max_early_data_size(
mbedtls_ssl_config *conf, uint32_t max_early_data_size);
#endif /* MBEDTLS_SSL_SRV_C */
@@ -3635,7 +3651,7 @@
unsigned int bitlen);
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the allowed curves in order of preference.
@@ -3681,7 +3697,7 @@
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curves);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+#endif /* MBEDTLS_ECP_C */
/**
* \brief Set the allowed groups in order of preference.
@@ -4997,6 +5013,10 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2
+
#if defined(MBEDTLS_SSL_SRV_C)
/**
* \brief Read at most 'len' application data bytes while performing
@@ -5106,9 +5126,6 @@
int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len);
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2
/**
* \brief Get the status of the negotiation of the use of early data.
*
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 7a90191..a1307b4 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SSL_CACHE_H
#define MBEDTLS_SSL_CACHE_H
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 2db5209..8cecbb6 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -1,23 +1,11 @@
/**
* \file ssl_ciphersuites.h
*
- * \brief SSL Ciphersuites for mbed TLS
+ * \brief SSL Ciphersuites for Mbed TLS
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
#define MBEDTLS_SSL_CIPHERSUITES_H
@@ -292,21 +280,49 @@
#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
#endif
+/* Key exchanges in either TLS 1.2 or 1.3 which are using an ECDSA
+ * signature */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED
+#endif
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
#endif
-/* Key exchanges allowing client certificate requests */
+/* Key exchanges allowing client certificate requests.
+ *
+ * Note: that's almost the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
+ * above, except RSA-PSK uses a server certificate but no client cert.
+ *
+ * Note: this difference is specific to TLS 1.2, as with TLS 1.3, things are
+ * more symmetrical: client certs and server certs are either both allowed
+ * (Ephemeral mode) or both disallowed (PSK and PKS-Ephemeral modes).
+ */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
#endif
+/* Helper to state that certificate-based client authentication through ECDSA
+ * is supported in TLS 1.2 */
+#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) && \
+ defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
+#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED
+#endif
+
+/* ECDSA required for certificates in either TLS 1.2 or 1.3 */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED
+#endif
+
/* Key exchanges involving server signature in ServerKeyExchange */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 5cd1847..71c258e 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 0cefe43..6d59c12 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 1b9c7ce..b504233 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_THREADING_H
#define MBEDTLS_THREADING_H
@@ -40,10 +28,14 @@
#include <pthread.h>
typedef struct mbedtls_threading_mutex_t {
pthread_mutex_t MBEDTLS_PRIVATE(mutex);
- /* is_valid is 0 after a failed init or a free, and nonzero after a
- * successful init. This field is not considered part of the public
- * API of Mbed TLS and may change without notice. */
- char MBEDTLS_PRIVATE(is_valid);
+
+ /* WARNING - state should only be accessed when holding the mutex lock in
+ * tests/src/threading_helpers.c, otherwise corruption can occur.
+ * state will be 0 after a failed init or a free, and nonzero after a
+ * successful init. This field is for testing only and thus not considered
+ * part of the public API of Mbed TLS and may change without notice.*/
+ char MBEDTLS_PRIVATE(state);
+
} mbedtls_threading_mutex_t;
#endif
@@ -55,9 +47,9 @@
* \brief Set your alternate threading implementation function
* pointers and initialize global mutexes. If used, this
* function must be called once in the main thread before any
- * other mbed TLS function is called, and
+ * other Mbed TLS function is called, and
* mbedtls_threading_free_alt() must be called once in the main
- * thread after all other mbed TLS functions.
+ * thread after all other Mbed TLS functions.
*
* \note mutex_init() and mutex_free() don't return a status code.
* If mutex_init() fails, it should leave its argument (the
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index 830dcee..62ae102 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_TIMING_H
#define MBEDTLS_TIMING_H
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index bb1a4c3..637f9d3 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* This set of run-time variables can be used to determine the version number of
@@ -52,9 +40,9 @@
void mbedtls_version_get_string(char *string);
/**
- * Get the full version string ("mbed TLS x.y.z").
+ * Get the full version string ("Mbed TLS x.y.z").
*
- * \param string The string that will receive the value. The mbed TLS version
+ * \param string The string that will receive the value. The Mbed TLS version
* string will use 18 bytes AT MOST including a terminating
* null byte.
* (So the buffer should be at least 18 bytes to receive this
@@ -64,12 +52,12 @@
/**
* \brief Check if support for a feature was compiled into this
- * mbed TLS binary. This allows you to see at runtime if the
+ * Mbed TLS binary. This allows you to see at runtime if the
* library was for instance compiled with or without
* Multi-threading support.
*
* \note only checks against defines in the sections "System
- * support", "mbed TLS modules" and "mbed TLS feature
+ * support", "Mbed TLS modules" and "Mbed TLS feature
* support" in mbedtls_config.h
*
* \param feature The string for the define to check (e.g. "MBEDTLS_AES_C")
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index e21356f..e2e0667 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_X509_H
#define MBEDTLS_X509_H
@@ -526,6 +514,9 @@
int mbedtls_x509_info_key_usage(char **buf, size_t *size,
unsigned int key_usage);
+int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions,
+ const mbedtls_x509_san_list *san_list);
+
/**
* \brief This function parses a CN string as an IP address.
*
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 62694ae..6625a44 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_X509_CRL_H
#define MBEDTLS_X509_CRL_H
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 078781c..3f1a1e7 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_X509_CRT_H
#define MBEDTLS_X509_CRT_H
@@ -1007,7 +995,7 @@
* \brief Set the issuer name for a Certificate
* Issuer names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS CA"
*
* \param ctx CRT context to use
* \param issuer_name issuer name to set
@@ -1022,7 +1010,7 @@
* \brief Set the subject name for a Certificate
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CRT context to use
* \param subject_name subject name to set
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 80adb19..8c31c09 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_X509_CSR_H
#define MBEDTLS_X509_CSR_H
@@ -87,7 +75,9 @@
/**
* \brief Load a Certificate Signing Request (CSR) in DER format
*
- * \note CSR attributes (if any) are currently silently ignored.
+ * \note Any unsupported requested extensions are silently
+ * ignored, unless the critical flag is set, in which case
+ * the CSR is rejected.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
@@ -103,6 +93,67 @@
const unsigned char *buf, size_t buflen);
/**
+ * \brief The type of certificate extension callbacks.
+ *
+ * Callbacks of this type are passed to and used by the
+ * mbedtls_x509_csr_parse_der_with_ext_cb() routine when
+ * it encounters either an unsupported extension.
+ * Future versions of the library may invoke the callback
+ * in other cases, if and when the need arises.
+ *
+ * \param p_ctx An opaque context passed to the callback.
+ * \param csr The CSR being parsed.
+ * \param oid The OID of the extension.
+ * \param critical Whether the extension is critical.
+ * \param p Pointer to the start of the extension value
+ * (the content of the OCTET STRING).
+ * \param end End of extension value.
+ *
+ * \note The callback must fail and return a negative error code
+ * if it can not parse or does not support the extension.
+ * When the callback fails to parse a critical extension
+ * mbedtls_x509_csr_parse_der_with_ext_cb() also fails.
+ * When the callback fails to parse a non critical extension
+ * mbedtls_x509_csr_parse_der_with_ext_cb() simply skips
+ * the extension and continues parsing.
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+typedef int (*mbedtls_x509_csr_ext_cb_t)(void *p_ctx,
+ mbedtls_x509_csr const *csr,
+ mbedtls_x509_buf const *oid,
+ int critical,
+ const unsigned char *p,
+ const unsigned char *end);
+
+/**
+ * \brief Load a Certificate Signing Request (CSR) in DER format
+ *
+ * \note Any unsupported requested extensions are silently
+ * ignored, unless the critical flag is set, in which case
+ * the result of the callback function decides whether
+ * CSR is rejected.
+ *
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
+ * \param csr CSR context to fill
+ * \param buf buffer holding the CRL data
+ * \param buflen size of the buffer
+ * \param cb A callback invoked for every unsupported certificate
+ * extension.
+ * \param p_ctx An opaque context passed to the callback.
+ *
+ * \return 0 if successful, or a specific X509 error code
+ */
+int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr,
+ const unsigned char *buf, size_t buflen,
+ mbedtls_x509_csr_ext_cb_t cb,
+ void *p_ctx);
+
+/**
* \brief Load a Certificate Signing Request (CSR), DER or PEM format
*
* \note See notes for \c mbedtls_x509_csr_parse_der()
@@ -180,7 +231,7 @@
* \brief Set the subject name for a CSR
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CSR context to use
* \param subject_name subject name to set
diff --git a/include/psa/build_info.h b/include/psa/build_info.h
index 34a138d..3ee6cd7 100644
--- a/include/psa/build_info.h
+++ b/include/psa/build_info.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_BUILD_INFO_H
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 6b06187..fe10ee0 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -4,19 +4,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_H
diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h
new file mode 100644
index 0000000..63fb29e
--- /dev/null
+++ b/include/psa/crypto_adjust_auto_enabled.h
@@ -0,0 +1,21 @@
+/**
+ * \file psa/crypto_adjust_auto_enabled.h
+ * \brief Adjust PSA configuration: enable always-on features
+ *
+ * Always enable certain features which require a negligible amount of code
+ * to implement, to avoid some edge cases in the configuration combinatorics.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
+#define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
+
+#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_PASSWORD 1
+#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
+#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+
+#endif /* PSA_CRYPTO_ADJUST_AUTO_ENABLED_H */
diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/include/psa/crypto_adjust_config_key_pair_types.h
new file mode 100644
index 0000000..63afc0e
--- /dev/null
+++ b/include/psa/crypto_adjust_config_key_pair_types.h
@@ -0,0 +1,91 @@
+/**
+ * \file psa/crypto_adjust_config_key_pair_types.h
+ * \brief Adjust PSA configuration for key pair types.
+ *
+ * See docs/proposed/psa-conditional-inclusion-c.md.
+ * - Support non-basic operations in a keypair type implicitly enables basic
+ * support for that keypair type.
+ * - Support for a keypair type implicitly enables the corresponding public
+ * key type.
+ * - Basic support for a keypair type implicilty enables import/export support
+ * for that keypair type. Warning: this is implementation-specific (mainly
+ * for the benefit of testing) and may change in the future!
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
+#define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
+
+/*****************************************************************
+ * ANYTHING -> BASIC
+ ****************************************************************/
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE)
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \
+ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \
+ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) || \
+ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE)
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#endif
+
+/*****************************************************************
+ * BASIC -> corresponding PUBLIC
+ ****************************************************************/
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
+#endif
+
+/*****************************************************************
+ * BASIC -> IMPORT+EXPORT
+ *
+ * (Implementation-specific, may change in the future.)
+ ****************************************************************/
+
+/* Even though KEY_PAIR symbols' feature several level of support (BASIC, IMPORT,
+ * EXPORT, GENERATE, DERIVE) we're not planning to have support only for BASIC
+ * without IMPORT/EXPORT since these last 2 features are strongly used in tests.
+ * In general it is allowed to include more feature than what is strictly
+ * requested.
+ * As a consequence IMPORT and EXPORT features will be automatically enabled
+ * as soon as the BASIC one is. */
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
+#endif
+
+#endif /* PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H */
diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h
new file mode 100644
index 0000000..332b622
--- /dev/null
+++ b/include/psa/crypto_adjust_config_synonyms.h
@@ -0,0 +1,39 @@
+/**
+ * \file psa/crypto_adjust_config_synonyms.h
+ * \brief Adjust PSA configuration: enable quasi-synonyms
+ *
+ * When two features require almost the same code, we automatically enable
+ * both when either one is requested, to reduce the combinatorics of
+ * possible configurations.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
+#define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
+
+/****************************************************************/
+/* De facto synonyms */
+/****************************************************************/
+
+#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
+#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
+#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
+#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
+#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
+#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
+#endif
+
+#endif /* PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H */
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index d9473ac..35c2e29 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -15,19 +15,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h
index cd6d51d..6b91ae7 100644
--- a/include/psa/crypto_builtin_key_derivation.h
+++ b/include/psa/crypto_builtin_key_derivation.h
@@ -15,19 +15,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H
@@ -105,7 +93,7 @@
} psa_tls12_prf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+#if defined(PSA_HAVE_SOFT_PBKDF2)
typedef enum {
PSA_PBKDF2_STATE_INIT, /* no input provided */
PSA_PBKDF2_STATE_INPUT_COST_SET, /* input cost has been set */
@@ -125,6 +113,6 @@
uint8_t MBEDTLS_PRIVATE(bytes_used);
uint32_t MBEDTLS_PRIVATE(block_number);
} psa_pbkdf2_key_derivation_t;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#endif /* PSA_HAVE_SOFT_PBKDF2 */
#endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index c78c8d0..98ab4d3 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -15,19 +15,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H
@@ -45,6 +33,7 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
+#include "mbedtls/sha3.h"
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
@@ -52,7 +41,11 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
#define MBEDTLS_PSA_BUILTIN_HASH
#endif
@@ -77,6 +70,12 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
mbedtls_sha512_context sha512;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ mbedtls_sha3_context sha3;
+#endif
} MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_hash_operation_t;
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index 70fa14e..f896fae 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@@ -12,19 +12,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_COMPAT_H
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 9da28de..5bf00f4 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -32,19 +32,7 @@
#endif
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_CONFIG_H
@@ -76,6 +64,7 @@
#define PSA_WANT_ALG_MD5 1
#define PSA_WANT_ALG_OFB 1
#define PSA_WANT_ALG_PBKDF2_HMAC 1
+#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1
#define PSA_WANT_ALG_RIPEMD160 1
#define PSA_WANT_ALG_RSA_OAEP 1
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
@@ -86,12 +75,17 @@
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_SHA_384 1
#define PSA_WANT_ALG_SHA_512 1
+#define PSA_WANT_ALG_SHA3_224 1
+#define PSA_WANT_ALG_SHA3_256 1
+#define PSA_WANT_ALG_SHA3_384 1
+#define PSA_WANT_ALG_SHA3_512 1
#define PSA_WANT_ALG_STREAM_CIPHER 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
-/* Note: when adding support, also adjust include/mbedtls/config_psa.h */
+/* XTS is not yet supported via the PSA API in Mbed TLS.
+ * Note: when adding support, also adjust include/mbedtls/config_psa.h */
//#define PSA_WANT_ALG_XTS 1
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
@@ -109,6 +103,8 @@
#define PSA_WANT_ECC_SECP_K1_256 1
#define PSA_WANT_ECC_SECP_R1_192 1
#define PSA_WANT_ECC_SECP_R1_224 1
+/* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED
+ * (see the description in mbedtls/mbedtls_config.h for details). */
#define PSA_WANT_ECC_SECP_R1_256 1
#define PSA_WANT_ECC_SECP_R1_384 1
#define PSA_WANT_ECC_SECP_R1_521 1
diff --git a/include/psa/crypto_driver_common.h b/include/psa/crypto_driver_common.h
index 26363c6..cc11d3b 100644
--- a/include/psa/crypto_driver_common.h
+++ b/include/psa/crypto_driver_common.h
@@ -17,19 +17,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_DRIVER_COMMON_H
#define PSA_CRYPTO_DRIVER_COMMON_H
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
index 068a193..d717c51 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/include/psa/crypto_driver_contexts_composites.h
@@ -16,19 +16,7 @@
* to define the implementation-defined types of PSA multi-part state objects.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
@@ -121,7 +109,7 @@
*
* The union members are the driver's context structures, and the member names
* are formatted as `'drivername'_ctx`. This allows for procedural generation
- * of both this file and the content of psa_crypto_driver_wrappers.c */
+ * of both this file and the content of psa_crypto_driver_wrappers.h */
typedef union {
unsigned dummy; /* Make sure this union is always non-empty */
diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h
index 5b4e474..2119051 100644
--- a/include/psa/crypto_driver_contexts_key_derivation.h
+++ b/include/psa/crypto_driver_contexts_key_derivation.h
@@ -15,19 +15,7 @@
* to define the implementation-defined types of PSA multi-part state objects.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H
@@ -55,7 +43,7 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms);
#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+#if defined(PSA_HAVE_SOFT_PBKDF2)
psa_pbkdf2_key_derivation_t MBEDTLS_PRIVATE(pbkdf2);
#endif
} psa_driver_key_derivation_context_t;
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
index 7f81f62..c90a5fb 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -15,19 +15,7 @@
* to define the implementation-defined types of PSA multi-part state objects.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
@@ -94,7 +82,7 @@
*
* The union members are the driver's context structures, and the member names
* are formatted as `'drivername'_ctx`. This allows for procedural generation
- * of both this file and the content of psa_crypto_driver_wrappers.c */
+ * of both this file and the content of psa_crypto_driver_wrappers.h */
typedef union {
unsigned dummy; /* Make sure this union is always non-empty */
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 4b0cc70..f132f7e 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -10,19 +10,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_EXTRA_H
@@ -440,6 +428,7 @@
* of psa_set_key_type() when you need to specify domain parameters.
*
* The format for the required domain parameters varies based on the key type.
+ * Mbed TLS supports the following key type with domain parameters:
*
* - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
* the domain parameter data consists of the public exponent,
@@ -449,32 +438,6 @@
* key data and the exponent recorded in the attribute structure is ignored.
* As an exception, the public exponent 65537 is represented by an empty
* byte string.
- * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
- * the `Dss-Params` format as defined by RFC 3279 §2.3.2.
- * ```
- * Dss-Params ::= SEQUENCE {
- * p INTEGER,
- * q INTEGER,
- * g INTEGER
- * }
- * ```
- * - For Diffie-Hellman key exchange keys
- * (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
- * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the
- * `DomainParameters` format as defined by RFC 3279 §2.3.3.
- * ```
- * DomainParameters ::= SEQUENCE {
- * p INTEGER, -- odd prime, p=jq +1
- * g INTEGER, -- generator, g
- * q INTEGER, -- factor of p-1
- * j INTEGER OPTIONAL, -- subgroup factor
- * validationParams ValidationParams OPTIONAL
- * }
- * ValidationParams ::= SEQUENCE {
- * seed BIT STRING,
- * pgenCounter INTEGER
- * }
- * ```
*
* \note This function may allocate memory or other resources.
* Once you have called this function on an attribute structure,
@@ -483,6 +446,9 @@
* \note This is an experimental extension to the interface. It may change
* in future versions of the library.
*
+ * \note Due to an implementation limitation, domain parameters are ignored
+ * for keys that are managed by a driver.
+ *
* \param[in,out] attributes Attribute structure where the specified domain
* parameters will be stored.
* If this function fails, the content of
@@ -513,6 +479,9 @@
* \note This is an experimental extension to the interface. It may change
* in future versions of the library.
*
+ * \note Due to an implementation limitation, domain parameters are not
+ * supported with keys that are managed by a driver.
+ *
* \param[in] attributes The key attribute structure to query.
* \param[out] data On success, the key domain parameters.
* \param data_size Size of the \p data buffer in bytes.
@@ -525,6 +494,8 @@
*
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The key is managed by a driver.
*/
psa_status_t psa_get_key_domain_parameters(
const psa_key_attributes_t *attributes,
@@ -569,53 +540,6 @@
/**@}*/
-/** \defgroup psa_tls_helpers TLS helper functions
- * @{
- */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#include <mbedtls/ecp.h>
-
-/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
- *
- * \note This function is provided solely for the convenience of
- * Mbed TLS and may be removed at any time without notice.
- *
- * \param grpid An Mbed TLS elliptic curve identifier
- * (`MBEDTLS_ECP_DP_xxx`).
- * \param[out] bits On success, the bit size of the curve.
- *
- * \return The corresponding PSA elliptic curve identifier
- * (`PSA_ECC_FAMILY_xxx`).
- * \return \c 0 on failure (\p grpid is not recognized).
- */
-psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
- size_t *bits);
-
-/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
- *
- * \note This function is provided solely for the convenience of
- * Mbed TLS and may be removed at any time without notice.
- *
- * \param curve A PSA elliptic curve identifier
- * (`PSA_ECC_FAMILY_xxx`).
- * \param bits The bit-length of a private key on \p curve.
- * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
- * to the nearest multiple of 8. This allows the caller
- * to infer the exact curve from the length of a key
- * which is supplied as a byte string.
- *
- * \return The corresponding Mbed TLS elliptic curve identifier
- * (`MBEDTLS_ECP_DP_xxx`).
- * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
- * \return #MBEDTLS_ECP_DP_NONE if \p bits is not
- * correct for \p curve.
- */
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy);
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
-/**@}*/
/** \defgroup psa_external_rng External random generator
* @{
diff --git a/include/psa/crypto_legacy.h b/include/psa/crypto_legacy.h
index 7a038d9..7df3614 100644
--- a/include/psa/crypto_legacy.h
+++ b/include/psa/crypto_legacy.h
@@ -13,19 +13,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PSA_CRYPTO_LEGACY_H
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 35a42f8..4d03435 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -15,19 +15,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_PLATFORM_H
@@ -35,10 +23,10 @@
#include "mbedtls/private_access.h"
/*
- * Include the build-time configuration information file. Here, we do not
+ * Include the build-time configuration information header. Here, we do not
* include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
* is basically just an alias to it. This is to ease the maintenance of the
- * PSA cryptography repository which has a different build system and
+ * TF-PSA-Crypto repository which has a different build system and
* configuration.
*/
#include "psa/build_info.h"
@@ -83,7 +71,7 @@
*/
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
#define PSA_CRYPTO_SECURE 1
-#include "../tests/include/spe/crypto_spe.h"
+#include "crypto_spe.h"
#endif // MBEDTLS_PSA_CRYPTO_SPM
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index f39e229..9ce14bb 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -17,19 +17,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_SE_DRIVER_H
#define PSA_CRYPTO_SE_DRIVER_H
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 55c0b1f..836c28c 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -22,35 +22,23 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_SIZES_H
#define PSA_CRYPTO_SIZES_H
/*
- * Include the build-time configuration information file. Here, we do not
+ * Include the build-time configuration information header. Here, we do not
* include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
* is basically just an alias to it. This is to ease the maintenance of the
- * PSA cryptography repository which has a different build system and
+ * TF-PSA-Crypto repository which has a different build system and
* configuration.
*/
#include "psa/build_info.h"
-#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
-#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
+#define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u)
+#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u)
#define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \
(c) : (b) : (a) <= (c) ? (c) : (a))
@@ -71,20 +59,20 @@
*/
#define PSA_HASH_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
- 0)
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \
+ 0u)
/** The input block size of a hash algorithm, in bytes.
*
@@ -103,20 +91,20 @@
*/
#define PSA_HASH_BLOCK_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
- 0)
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \
+ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \
+ 0u)
/** \def PSA_HASH_MAX_SIZE
*
@@ -125,26 +113,41 @@
* This macro expands to a compile-time constant integer. This value
* is the maximum size of a hash in bytes.
*/
-/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
+/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-224,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
* HMAC-SHA3-512. */
/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
* see the note on MBEDTLS_MD_MAX_SIZE for details. */
-#if defined(PSA_WANT_ALG_SHA_512)
-#define PSA_HASH_MAX_SIZE 64
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+#if defined(PSA_WANT_ALG_SHA3_224)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
+#elif defined(PSA_WANT_ALG_SHA3_256)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u
+#elif defined(PSA_WANT_ALG_SHA_512)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
#elif defined(PSA_WANT_ALG_SHA_384)
-#define PSA_HASH_MAX_SIZE 48
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
+#elif defined(PSA_WANT_ALG_SHA3_384)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u
+#elif defined(PSA_WANT_ALG_SHA3_512)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u
#elif defined(PSA_WANT_ALG_SHA_256)
-#define PSA_HASH_MAX_SIZE 32
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
#elif defined(PSA_WANT_ALG_SHA_224)
-#define PSA_HASH_MAX_SIZE 28
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
#else /* SHA-1 or smaller */
-#define PSA_HASH_MAX_SIZE 20
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
+#define PSA_HASH_MAX_SIZE 64u
+#elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
+#define PSA_HASH_MAX_SIZE 48u
+#elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
+#define PSA_HASH_MAX_SIZE 32u
+#elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
+#define PSA_HASH_MAX_SIZE 28u
+#else /* SHA-1 or smaller */
+#define PSA_HASH_MAX_SIZE 20u
#endif
/** \def PSA_MAC_MAX_SIZE
@@ -185,13 +188,13 @@
#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- ((void) (key_bits), 0))
+ ((void) (key_bits), 0u))
/** The maximum tag size for all supported AEAD algorithms, in bytes.
*
* See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg).
*/
-#define PSA_AEAD_TAG_MAX_SIZE 16
+#define PSA_AEAD_TAG_MAX_SIZE 16u
/* The maximum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
@@ -206,7 +209,7 @@
*
* Note that an implementation may set different size limits for different
* operations, and does not need to accept all key sizes up to the limit. */
-#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
+#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u
/* The minimum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
@@ -224,38 +227,38 @@
*
* Note that an implementation may set different size limits for different
* operations, and does not need to accept all key sizes up to the limit. */
-#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
/* The maximum size of an ECC key on this implementation, in bits.
* This is a vendor-specific macro. */
#if defined(PSA_WANT_ECC_SECP_R1_521)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u
#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u
#elif defined(PSA_WANT_ECC_SECP_R1_384)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
#elif defined(PSA_WANT_ECC_SECP_R1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_SECP_K1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u
#elif defined(PSA_WANT_ECC_SECP_R1_224)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
#elif defined(PSA_WANT_ECC_SECP_K1_224)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
#elif defined(PSA_WANT_ECC_SECP_R1_192)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
#elif defined(PSA_WANT_ECC_SECP_K1_192)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
#else
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
+#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u
#endif
/** This macro returns the maximum supported length of the PSK for the
@@ -273,23 +276,23 @@
* Therefore, no implementation should define a value smaller than 64
* for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE.
*/
-#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
+#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u
/* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
* which is expected to work with P-256 curve only. */
-#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65
+#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u
/* The size of a serialized K.X coordinate to be used in
* psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
* curve. */
-#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32
+#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u
/* The maximum number of iterations for PBKDF2 on this implementation, in bits.
* This is a vendor-specific macro. This can be configured if necessary */
-#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff
+#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU
/** The maximum size of a block cipher. */
-#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
+#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u
/** The size of the output of psa_mac_sign_finish(), in bytes.
*
@@ -316,7 +319,7 @@
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- ((void) (key_type), (void) (key_bits), 0))
+ ((void) (key_type), (void) (key_bits), 0u))
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
*
@@ -347,7 +350,7 @@
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
(plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
* supported key types and AEAD algorithms.
@@ -401,7 +404,7 @@
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
(ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
(ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
* supported key types and AEAD algorithms.
@@ -451,12 +454,12 @@
*/
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
- 0 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \
+ 0u : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
- 0)
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \
+ 0u)
/** The maximum default nonce size among all supported pairs of key types and
* AEAD algorithms, in bytes.
@@ -469,7 +472,7 @@
* just the largest size that may be generated by
* #psa_aead_generate_nonce().
*/
-#define PSA_AEAD_NONCE_MAX_SIZE 13
+#define PSA_AEAD_NONCE_MAX_SIZE 13u
/** A sufficient output buffer size for psa_aead_update().
*
@@ -506,7 +509,7 @@
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
(input_length) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_aead_update(), for any of the
* supported key types and AEAD algorithms.
@@ -546,7 +549,7 @@
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0)
+ 0u)
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
* supported key types and AEAD algorithms.
@@ -580,7 +583,7 @@
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0)
+ 0u)
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
* supported key types and AEAD algorithms.
@@ -591,8 +594,8 @@
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
(PSA_ALG_IS_RSA_OAEP(alg) ? \
- 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
- 11 /*PKCS#1v1.5*/)
+ 2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \
+ 11u /*PKCS#1v1.5*/)
/**
* \brief ECDSA signature size for a given curve bit size
@@ -603,7 +606,7 @@
* \note This macro returns a compile-time constant if its argument is one.
*/
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
- (PSA_BITS_TO_BYTES(curve_bits) * 2)
+ (PSA_BITS_TO_BYTES(curve_bits) * 2u)
/** Sufficient signature buffer size for psa_sign_hash().
*
@@ -633,7 +636,7 @@
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
- ((void) alg, 0))
+ ((void) alg, 0u))
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
@@ -686,7 +689,7 @@
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
* supported asymmetric encryption.
@@ -725,7 +728,7 @@
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
- 0)
+ 0u)
/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
* supported asymmetric decryption.
@@ -748,7 +751,7 @@
* - 0 to 1 bytes of leading 0 due to the sign bit.
*/
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
- ((bits) / 8 + 5)
+ ((bits) / 8u + 5u)
/* Maximum size of the export encoding of an RSA public key.
* Assumes that the public exponent is less than 2^32.
@@ -762,7 +765,7 @@
* - 7 bytes for the public exponent.
*/
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u)
/* Maximum size of the export encoding of an RSA key pair.
* Assumes that the public exponent is less than 2^32 and that the size
@@ -787,7 +790,7 @@
* - 7 bytes for the public exponent.
*/
#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
- (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
+ (9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u)
/* Maximum size of the export encoding of a DSA public key.
*
@@ -806,7 +809,7 @@
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
*/
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u)
/* Maximum size of the export encoding of a DSA key pair.
*
@@ -825,7 +828,7 @@
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
*/
#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
- (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
+ (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u)
/* Maximum size of the export encoding of an ECC public key.
*
@@ -838,7 +841,7 @@
* - 1 byte + 2 * point size.
*/
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
- (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
+ (2u * PSA_BITS_TO_BYTES(key_bits) + 1u)
/* Maximum size of the export encoding of an ECC key pair.
*
@@ -907,7 +910,7 @@
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
- 0)
+ 0u)
/** Sufficient output buffer size for psa_export_public_key().
*
@@ -958,7 +961,7 @@
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
- 0)
+ 0u)
/** Sufficient buffer size for exporting any asymmetric key pair.
*
@@ -1050,7 +1053,7 @@
*/
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \
- PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0)
+ PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u)
/** Maximum size of the output from psa_raw_key_agreement().
*
@@ -1105,15 +1108,15 @@
(alg) == PSA_ALG_CBC_NO_PADDING || \
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
- (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
- 0)
+ (alg) == PSA_ALG_STREAM_CIPHER ? 12u : \
+ (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \
+ 0u)
/** The maximum IV size for all supported cipher algorithms, in bytes.
*
* See also #PSA_CIPHER_IV_LENGTH().
*/
-#define PSA_CIPHER_IV_MAX_SIZE 16
+#define PSA_CIPHER_IV_MAX_SIZE 16u
/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
*
@@ -1138,15 +1141,15 @@
* recognized, or the parameters are incompatible,
* return 0.
*/
-#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
- (alg == PSA_ALG_CBC_PKCS7 ? \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
- (input_length) + 1) + \
- PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
- (PSA_ALG_IS_CIPHER(alg) ? \
- (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
- 0))
+#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (alg == PSA_ALG_CBC_PKCS7 ? \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ (input_length) + 1u) + \
+ PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
+ 0u))
/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
* supported key types and cipher algorithms.
@@ -1159,9 +1162,9 @@
* \param input_length Size of the input in bytes.
*
*/
-#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
- (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
- (input_length) + 1) + \
+#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
+ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
+ (input_length) + 1u) + \
PSA_CIPHER_IV_MAX_SIZE)
/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
@@ -1183,11 +1186,11 @@
* recognized, or the parameters are incompatible,
* return 0.
*/
-#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
- (PSA_ALG_IS_CIPHER(alg) && \
+#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) && \
((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
- (input_length) : \
- 0)
+ (input_length) : \
+ 0u)
/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
* supported key types and cipher algorithms.
@@ -1220,16 +1223,16 @@
* algorithm. If the key type or cipher algorithm is not
* recognized, or the parameters are incompatible, return 0.
*/
-#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
- (PSA_ALG_IS_CIPHER(alg) ? \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
- (((alg) == PSA_ALG_CBC_PKCS7 || \
- (alg) == PSA_ALG_CBC_NO_PADDING || \
- (alg) == PSA_ALG_ECB_NO_PADDING) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
- input_length) : \
- (input_length)) : 0) : \
- 0)
+#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_ALG_IS_CIPHER(alg) ? \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
+ (((alg) == PSA_ALG_CBC_PKCS7 || \
+ (alg) == PSA_ALG_CBC_NO_PADDING || \
+ (alg) == PSA_ALG_ECB_NO_PADDING) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
+ input_length) : \
+ (input_length)) : 0u) : \
+ 0u)
/** A sufficient output buffer size for psa_cipher_update(), for any of the
* supported key types and cipher algorithms.
@@ -1265,8 +1268,8 @@
(PSA_ALG_IS_CIPHER(alg) ? \
(alg == PSA_ALG_CBC_PKCS7 ? \
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
- 0) : \
- 0)
+ 0u) : \
+ 0u)
/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
* supported key types and cipher algorithms.
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index b309bc8..5e52ffd 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -43,19 +43,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_STRUCT_H
@@ -66,9 +54,14 @@
extern "C" {
#endif
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#include "mbedtls/build_info.h"
+/*
+ * Include the build-time configuration information header. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * TF-PSA-Crypto repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
/* Include the context definition for the compiled-in drivers for the primitive
* algorithms. */
@@ -261,6 +254,18 @@
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ /* Unlike normal buffers, there are three cases for domain_parameters
+ * and domain_parameters_size:
+ * - domain_parameters_size == SIZE_MAX && domain_parameters == NULL:
+ * Access to domain parameters is not supported for this key.
+ * This is a hack which should not exist, intended for keys managed
+ * by a driver, because drivers don't support domain parameters.
+ * - domain_parameters_size == 0 && domain_parameters == NULL:
+ * The domain parameters are empty.
+ * - domain_parameters_size > 0 &&
+ * domain_parameters == valid pointer to domain_parameters_size bytes:
+ * The domain parameters are non-empty.
+ */
void *MBEDTLS_PRIVATE(domain_parameters);
size_t MBEDTLS_PRIVATE(domain_parameters_size);
};
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index 445657e..e2ebd8a 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -15,26 +15,21 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TYPES_H
#define PSA_CRYPTO_TYPES_H
-/* Make sure the Mbed TLS configuration is visible. */
-#include "mbedtls/build_info.h"
+/*
+ * Include the build-time configuration information header. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * TF-PSA-Crypto repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
+
/* Define the MBEDTLS_PRIVATE macro. */
#include "mbedtls/private_access.h"
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 580e3ae..5e33f6b 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -21,19 +21,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_VALUES_H
@@ -2115,6 +2103,10 @@
*/
#define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t) 0x08800200)
+#define PSA_ALG_IS_PBKDF2(kdf_alg) \
+ (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || \
+ ((kdf_alg) == PSA_ALG_PBKDF2_AES_CMAC_PRF_128))
+
#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff)
#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000)
diff --git a/library/.gitignore b/library/.gitignore
index 5a29a43..c6a39f5 100644
--- a/library/.gitignore
+++ b/library/.gitignore
@@ -6,5 +6,6 @@
/error.c
/version_features.c
/ssl_debug_helpers_generated.c
-/psa_crypto_driver_wrappers.c
+/psa_crypto_driver_wrappers.h
+/psa_crypto_driver_wrappers_no_static.c
###END_GENERATED_FILES###
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 03e48df..5c297e0 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,7 +1,7 @@
-option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
-option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
-option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
+option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON)
+option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without
@@ -22,6 +22,7 @@
bignum_core.c
bignum_mod.c
bignum_mod_raw.c
+ block_cipher.c
camellia.c
ccm.c
chacha20.c
@@ -67,7 +68,7 @@
psa_crypto_aead.c
psa_crypto_cipher.c
psa_crypto_client.c
- psa_crypto_driver_wrappers.c
+ psa_crypto_driver_wrappers_no_static.c
psa_crypto_ecp.c
psa_crypto_ffdh.c
psa_crypto_hash.c
@@ -99,6 +100,7 @@
x509_crl.c
x509_crt.c
x509_csr.c
+ x509write.c
x509write_crt.c
x509write_csr.c
)
@@ -173,14 +175,16 @@
add_custom_command(
OUTPUT
- ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.c
+ ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.h
+ ${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers_no_static.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
)
@@ -188,7 +192,7 @@
link_to_source(error.c)
link_to_source(version_features.c)
link_to_source(ssl_debug_helpers_generated.c)
- link_to_source(psa_crypto_driver_wrappers.c)
+ link_to_source(psa_crypto_driver_wrappers_no_static.c)
endif()
if(CMAKE_COMPILER_IS_GNUCC)
@@ -212,7 +216,7 @@
endif()
if(WIN32)
- set(libs ${libs} ws2_32)
+ set(libs ${libs} ws2_32 bcrypt)
endif(WIN32)
if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
@@ -265,17 +269,20 @@
${mbedtls_static_target})
endif()
+set(p256m_target "${MBEDTLS_TARGET_PREFIX}p256m")
+set(everest_target "${MBEDTLS_TARGET_PREFIX}everest")
+
if(USE_STATIC_MBEDTLS_LIBRARY)
add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
- if(TARGET everest)
- target_link_libraries(${mbedcrypto_static_target} PUBLIC everest)
+ if(TARGET ${everest_target})
+ target_link_libraries(${mbedcrypto_static_target} PUBLIC ${everest_target})
endif()
- if(TARGET p256m)
- target_link_libraries(${mbedcrypto_static_target} PUBLIC p256m)
+ if(TARGET ${p256m_target})
+ target_link_libraries(${mbedcrypto_static_target} PUBLIC ${p256m_target})
endif()
add_library(${mbedx509_static_target} STATIC ${src_x509})
@@ -290,23 +297,23 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.4.1 SOVERSION 14)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.1 SOVERSION 15)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
- if(TARGET everest)
- target_link_libraries(${mbedcrypto_target} PUBLIC everest)
+ if(TARGET ${everest_target})
+ target_link_libraries(${mbedcrypto_target} PUBLIC ${everest_target})
endif()
- if(TARGET p256m)
- target_link_libraries(${mbedcrypto_target} PUBLIC p256m)
+ if(TARGET ${p256m_target})
+ target_link_libraries(${mbedcrypto_target} PUBLIC ${p256m_target})
endif()
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.4.1 SOVERSION 5)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.1 SOVERSION 6)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.4.1 SOVERSION 19)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.1 SOVERSION 20)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
@@ -320,7 +327,9 @@
target_include_directories(${target}
PUBLIC $<BUILD_INTERFACE:${MBEDTLS_DIR}/include/>
$<INSTALL_INTERFACE:include/>
- PRIVATE ${MBEDTLS_DIR}/library/)
+ PRIVATE ${MBEDTLS_DIR}/library/
+ # Needed to include psa_crypto_driver_wrappers.h
+ ${CMAKE_CURRENT_BINARY_DIR})
# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
if(MBEDTLS_CONFIG_FILE)
target_compile_definitions(${target}
diff --git a/library/Makefile b/library/Makefile
index 194a847..d11a98d 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -39,6 +39,10 @@
endif
endif
+ifdef WINDOWS_BUILD
+LOCAL_LDFLAGS += -lbcrypt
+endif
+
# To compile as a shared library:
ifdef SHARED
# all code is position-indep with mingw, avoid warning about useless flag
@@ -47,9 +51,9 @@
endif
endif
-SOEXT_TLS?=so.19
-SOEXT_X509?=so.5
-SOEXT_CRYPTO?=so.14
+SOEXT_TLS?=so.20
+SOEXT_X509?=so.6
+SOEXT_CRYPTO?=so.15
# Set AR_DASH= (empty string) to use an ar implementation that does not accept
# the - prefix for command line options (e.g. llvm-ar)
@@ -87,6 +91,7 @@
bignum_core.o \
bignum_mod.o \
bignum_mod_raw.o \
+ block_cipher.o \
camellia.o \
ccm.o \
chacha20.o \
@@ -132,7 +137,7 @@
psa_crypto_aead.o \
psa_crypto_cipher.o \
psa_crypto_client.o \
- psa_crypto_driver_wrappers.o \
+ psa_crypto_driver_wrappers_no_static.o \
psa_crypto_ecp.o \
psa_crypto_ffdh.o \
psa_crypto_hash.o \
@@ -167,6 +172,7 @@
x509_crl.o \
x509_crt.o \
x509_csr.o \
+ x509write.o \
x509write_crt.o \
x509write_csr.o \
pkcs7.o \
@@ -311,24 +317,33 @@
GENERATED_FILES = \
error.c version_features.c \
ssl_debug_helpers_generated.c \
- psa_crypto_driver_wrappers.c
+ psa_crypto_driver_wrappers.h \
+ psa_crypto_driver_wrappers_no_static.c
generated_files: $(GENERATED_FILES)
-error.c: ../scripts/generate_errors.pl
-error.c: ../scripts/data_files/error.fmt
-error.c: $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
+# See root Makefile
+GEN_FILES ?= yes
+ifdef GEN_FILES
+gen_file_dep =
+else
+gen_file_dep = |
+endif
+
+error.c: $(gen_file_dep) ../scripts/generate_errors.pl
+error.c: $(gen_file_dep) ../scripts/data_files/error.fmt
+error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
error.c:
echo " Gen $@"
$(PERL) ../scripts/generate_errors.pl
-ssl_debug_helpers_generated.c: ../scripts/generate_ssl_debug_helpers.py
-ssl_debug_helpers_generated.c: $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
+ssl_debug_helpers_generated.c: $(gen_file_dep) ../scripts/generate_ssl_debug_helpers.py
+ssl_debug_helpers_generated.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
ssl_debug_helpers_generated.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
-version_features.c: ../scripts/generate_features.pl
-version_features.c: ../scripts/data_files/version_features.fmt
+version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
+version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
@@ -339,12 +354,18 @@
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
-psa_crypto_driver_wrappers.c: ../scripts/generate_driver_wrappers.py
-psa_crypto_driver_wrappers.c: ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
-psa_crypto_driver_wrappers.c:
- echo " Gen $@"
+GENERATED_WRAPPER_FILES = \
+ psa_crypto_driver_wrappers.h \
+ psa_crypto_driver_wrappers_no_static.c
+$(GENERATED_WRAPPER_FILES): ../scripts/generate_driver_wrappers.py
+$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
+$(GENERATED_WRAPPER_FILES):
+ echo " Gen $(GENERATED_WRAPPER_FILES)"
$(PYTHON) ../scripts/generate_driver_wrappers.py
+psa_crypto.o:psa_crypto_driver_wrappers.h
+
clean:
ifndef WINDOWS
rm -f *.o libmbed*
diff --git a/library/aes.c b/library/aes.c
index 592ca64..f4b9739 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -2,19 +2,7 @@
* FIPS-197 compliant AES implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
@@ -33,6 +21,27 @@
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+
+#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+#if !((defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(MBEDTLS_AESCE_C)) || \
+ (defined(MBEDTLS_ARCH_IS_X64) && defined(MBEDTLS_AESNI_C)) || \
+ (defined(MBEDTLS_ARCH_IS_X86) && defined(MBEDTLS_AESNI_C)))
+#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
+#endif
+#endif
+
+#if defined(MBEDTLS_ARCH_IS_X86)
+#if defined(MBEDTLS_PADLOCK_C)
+#if !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
+#endif
+#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+#error "MBEDTLS_AES_USE_HARDWARE_ONLY cannot be defined when " \
+ "MBEDTLS_PADLOCK_C is set"
+#endif
+#endif
+#endif
+
#if defined(MBEDTLS_PADLOCK_C)
#include "padlock.h"
#endif
@@ -45,9 +54,19 @@
#include "mbedtls/platform.h"
+/*
+ * This is a convenience shorthand macro to check if we need reverse S-box and
+ * reverse tables. It's private and only defined in this file.
+ */
+#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || \
+ (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY))) && \
+ !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+#define MBEDTLS_AES_NEED_REVERSE_TABLES
+#endif
+
#if !defined(MBEDTLS_AES_ALT)
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
static int aes_padlock_ace = -1;
#endif
@@ -55,9 +74,7 @@
/*
* Forward S-box
*/
-#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
- !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
-static const unsigned char FSb[256] =
+MBEDTLS_MAYBE_UNUSED static const unsigned char FSb[256] =
{
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
@@ -92,8 +109,6 @@
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
};
-#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
- !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
/*
* Forward tables
@@ -165,36 +180,28 @@
V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \
V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C)
-#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
#define V(a, b, c, d) 0x##a##b##c##d
-static const uint32_t FT0[256] = { FT };
+MBEDTLS_MAYBE_UNUSED static const uint32_t FT0[256] = { FT };
#undef V
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-
#define V(a, b, c, d) 0x##b##c##d##a
-static const uint32_t FT1[256] = { FT };
+MBEDTLS_MAYBE_UNUSED static const uint32_t FT1[256] = { FT };
#undef V
#define V(a, b, c, d) 0x##c##d##a##b
-static const uint32_t FT2[256] = { FT };
+MBEDTLS_MAYBE_UNUSED static const uint32_t FT2[256] = { FT };
#undef V
#define V(a, b, c, d) 0x##d##a##b##c
-static const uint32_t FT3[256] = { FT };
+MBEDTLS_MAYBE_UNUSED static const uint32_t FT3[256] = { FT };
#undef V
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-
-#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) */
-
#undef FT
-#if !defined(MBEDTLS_AES_DECRYPT_ALT)
/*
* Reverse S-box
*/
-static const unsigned char RSb[256] =
+MBEDTLS_MAYBE_UNUSED static const unsigned char RSb[256] =
{
0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
@@ -229,7 +236,6 @@
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
};
-#endif /* defined(MBEDTLS_AES_DECRYPT_ALT)) */
/*
* Reverse tables
@@ -301,84 +307,60 @@
V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \
V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0)
-#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
#define V(a, b, c, d) 0x##a##b##c##d
-static const uint32_t RT0[256] = { RT };
+MBEDTLS_MAYBE_UNUSED static const uint32_t RT0[256] = { RT };
#undef V
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-
#define V(a, b, c, d) 0x##b##c##d##a
-static const uint32_t RT1[256] = { RT };
+MBEDTLS_MAYBE_UNUSED static const uint32_t RT1[256] = { RT };
#undef V
#define V(a, b, c, d) 0x##c##d##a##b
-static const uint32_t RT2[256] = { RT };
+MBEDTLS_MAYBE_UNUSED static const uint32_t RT2[256] = { RT };
#undef V
#define V(a, b, c, d) 0x##d##a##b##c
-static const uint32_t RT3[256] = { RT };
+MBEDTLS_MAYBE_UNUSED static const uint32_t RT3[256] = { RT };
#undef V
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-
-#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
-
#undef RT
-#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
/*
* Round constants
*/
-static const uint32_t RCON[10] =
+MBEDTLS_MAYBE_UNUSED static const uint32_t round_constants[10] =
{
0x00000001, 0x00000002, 0x00000004, 0x00000008,
0x00000010, 0x00000020, 0x00000040, 0x00000080,
0x0000001B, 0x00000036
};
-#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
#else /* MBEDTLS_AES_ROM_TABLES */
/*
* Forward S-box & tables
*/
-#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
- !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
-static unsigned char FSb[256];
-#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
- !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
-#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
-static uint32_t FT0[256];
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-static uint32_t FT1[256];
-static uint32_t FT2[256];
-static uint32_t FT3[256];
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
+MBEDTLS_MAYBE_UNUSED static unsigned char FSb[256];
+MBEDTLS_MAYBE_UNUSED static uint32_t FT0[256];
+MBEDTLS_MAYBE_UNUSED static uint32_t FT1[256];
+MBEDTLS_MAYBE_UNUSED static uint32_t FT2[256];
+MBEDTLS_MAYBE_UNUSED static uint32_t FT3[256];
/*
* Reverse S-box & tables
*/
-#if !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT))
-static unsigned char RSb[256];
-#endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */
+MBEDTLS_MAYBE_UNUSED static unsigned char RSb[256];
-#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
-static uint32_t RT0[256];
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-static uint32_t RT1[256];
-static uint32_t RT2[256];
-static uint32_t RT3[256];
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
+MBEDTLS_MAYBE_UNUSED static uint32_t RT0[256];
+MBEDTLS_MAYBE_UNUSED static uint32_t RT1[256];
+MBEDTLS_MAYBE_UNUSED static uint32_t RT2[256];
+MBEDTLS_MAYBE_UNUSED static uint32_t RT3[256];
-#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
/*
* Round constants
*/
-static uint32_t RCON[10];
+MBEDTLS_MAYBE_UNUSED static uint32_t round_constants[10];
/*
* Tables generation code
@@ -387,9 +369,9 @@
#define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00))
#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0)
-static int aes_init_done = 0;
+MBEDTLS_MAYBE_UNUSED static int aes_init_done = 0;
-static void aes_gen_tables(void)
+MBEDTLS_MAYBE_UNUSED static void aes_gen_tables(void)
{
int i;
uint8_t x, y, z;
@@ -409,7 +391,7 @@
* calculate the round constants
*/
for (i = 0, x = 1; i < 10; i++) {
- RCON[i] = x;
+ round_constants[i] = x;
x = XTIME(x);
}
@@ -417,7 +399,9 @@
* generate the forward and reverse S-boxes
*/
FSb[0x00] = 0x63;
+#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES)
RSb[0x63] = 0x00;
+#endif
for (i = 1; i < 256; i++) {
x = pow[255 - log[i]];
@@ -429,7 +413,9 @@
x ^= y ^ 0x63;
FSb[i] = x;
+#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES)
RSb[x] = (unsigned char) i;
+#endif
}
/*
@@ -451,9 +437,9 @@
FT3[i] = ROTL8(FT2[i]);
#endif /* !MBEDTLS_AES_FEWER_TABLES */
+#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES)
x = RSb[i];
-#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
RT0[i] = ((uint32_t) MUL(0x0E, x)) ^
((uint32_t) MUL(0x09, x) << 8) ^
((uint32_t) MUL(0x0D, x) << 16) ^
@@ -464,12 +450,10 @@
RT2[i] = ROTL8(RT1[i]);
RT3[i] = ROTL8(RT2[i]);
#endif /* !MBEDTLS_AES_FEWER_TABLES */
-#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
+#endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */
}
}
-#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
-
#undef ROTL8
#endif /* MBEDTLS_AES_ROM_TABLES */
@@ -542,19 +526,17 @@
* Note that the offset is in units of elements of buf, i.e. 32-bit words,
* i.e. an offset of 1 means 4 bytes and so on.
*/
-#if (defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)) || \
+#if (defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)) || \
(defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
#define MAY_NEED_TO_ALIGN
#endif
-#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \
- !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
-static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
+MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
{
#if defined(MAY_NEED_TO_ALIGN)
int align_16_bytes = 0;
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace == -1) {
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
}
@@ -585,8 +567,6 @@
return 0;
}
-#endif /* defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \
- !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
/*
* AES key schedule (encryption)
@@ -595,7 +575,6 @@
int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits)
{
- unsigned int i;
uint32_t *RK;
switch (keybits) {
@@ -623,21 +602,22 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
- if (mbedtls_aesce_has_support()) {
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
+ if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return mbedtls_aesce_setkey_enc((unsigned char *) RK, key, keybits);
}
#endif
- for (i = 0; i < (keybits >> 5); i++) {
+#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+ for (unsigned int i = 0; i < (keybits >> 5); i++) {
RK[i] = MBEDTLS_GET_UINT32_LE(key, i << 2);
}
switch (ctx->nr) {
case 10:
- for (i = 0; i < 10; i++, RK += 4) {
- RK[4] = RK[0] ^ RCON[i] ^
+ for (unsigned int i = 0; i < 10; i++, RK += 4) {
+ RK[4] = RK[0] ^ round_constants[i] ^
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^
@@ -652,8 +632,8 @@
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
case 12:
- for (i = 0; i < 8; i++, RK += 6) {
- RK[6] = RK[0] ^ RCON[i] ^
+ for (unsigned int i = 0; i < 8; i++, RK += 6) {
+ RK[6] = RK[0] ^ round_constants[i] ^
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^
@@ -669,8 +649,8 @@
case 14:
- for (i = 0; i < 7; i++, RK += 8) {
- RK[8] = RK[0] ^ RCON[i] ^
+ for (unsigned int i = 0; i < 7; i++, RK += 8) {
+ RK[8] = RK[0] ^ round_constants[i] ^
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^
@@ -695,20 +675,24 @@
}
return 0;
+#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */
}
#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
/*
* AES key schedule (decryption)
*/
-#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
+#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits)
{
- int i, j, ret;
+#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+ uint32_t *SK;
+#endif
+ int ret;
mbedtls_aes_context cty;
uint32_t *RK;
- uint32_t *SK;
+
mbedtls_aes_init(&cty);
@@ -730,8 +714,8 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
- if (mbedtls_aesce_has_support()) {
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
+ if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_aesce_inverse_key(
(unsigned char *) RK,
(const unsigned char *) (cty.buf + cty.rk_offset),
@@ -740,15 +724,16 @@
}
#endif
+#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
SK = cty.buf + cty.rk_offset + cty.nr * 4;
*RK++ = *SK++;
*RK++ = *SK++;
*RK++ = *SK++;
*RK++ = *SK++;
-
- for (i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8) {
- for (j = 0; j < 4; j++, SK++) {
+ SK -= 8;
+ for (int i = ctx->nr - 1; i > 0; i--, SK -= 8) {
+ for (int j = 0; j < 4; j++, SK++) {
*RK++ = AES_RT0(FSb[MBEDTLS_BYTE_0(*SK)]) ^
AES_RT1(FSb[MBEDTLS_BYTE_1(*SK)]) ^
AES_RT2(FSb[MBEDTLS_BYTE_2(*SK)]) ^
@@ -760,13 +745,13 @@
*RK++ = *SK++;
*RK++ = *SK++;
*RK++ = *SK++;
-
+#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */
exit:
mbedtls_aes_free(&cty);
return ret;
}
-#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
+#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
static int mbedtls_aes_xts_decode_keys(const unsigned char *key,
@@ -955,7 +940,7 @@
/*
* AES-ECB block decryption
*/
-#if !defined(MBEDTLS_AES_DECRYPT_ALT)
+#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16])
@@ -1012,9 +997,8 @@
return 0;
}
-#endif /* !MBEDTLS_AES_DECRYPT_ALT */
+#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
-#if defined(MAY_NEED_TO_ALIGN)
/* VIA Padlock and our intrinsics-based implementation of AESNI require
* the round keys to be aligned on a 16-byte boundary. We take care of this
* before creating them, but the AES context may have moved (this can happen
@@ -1022,7 +1006,7 @@
* calls it might have a different alignment with respect to 16-byte memory.
* So we may need to realign.
*/
-static void aes_maybe_realign(mbedtls_aes_context *ctx)
+MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
{
unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf);
if (new_offset != ctx->rk_offset) {
@@ -1032,7 +1016,6 @@
ctx->rk_offset = new_offset;
}
}
-#endif
/*
* AES-ECB block encryption/decryption
@@ -1056,23 +1039,28 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
- if (mbedtls_aesce_has_support()) {
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
+ if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return mbedtls_aesce_crypt_ecb(ctx, mode, input, output);
}
#endif
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace > 0) {
return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
}
#endif
- if (mode == MBEDTLS_AES_ENCRYPT) {
- return mbedtls_internal_aes_encrypt(ctx, input, output);
- } else {
+#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ if (mode == MBEDTLS_AES_DECRYPT) {
return mbedtls_internal_aes_decrypt(ctx, input, output);
+ } else
+#endif
+ {
+ return mbedtls_internal_aes_encrypt(ctx, input, output);
}
+#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@@ -1094,11 +1082,16 @@
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
+ /* Nothing to do if length is zero. */
+ if (length == 0) {
+ return 0;
+ }
+
if (length % 16) {
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
}
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace > 0) {
if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
return 0;
@@ -1493,6 +1486,7 @@
*
* http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
*/
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
static const unsigned char aes_test_ecb_dec[][16] =
{
{ 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
@@ -1504,6 +1498,7 @@
0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
#endif
};
+#endif
static const unsigned char aes_test_ecb_enc[][16] =
{
@@ -1850,29 +1845,33 @@
#if defined(MBEDTLS_AES_ALT)
mbedtls_printf(" AES note: alternative implementation.\n");
#else /* MBEDTLS_AES_ALT */
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
- if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
- mbedtls_printf(" AES note: using VIA Padlock.\n");
- } else
-#endif
#if defined(MBEDTLS_AESNI_HAVE_CODE)
#if MBEDTLS_AESNI_HAVE_CODE == 1
mbedtls_printf(" AES note: AESNI code present (assembly implementation).\n");
#elif MBEDTLS_AESNI_HAVE_CODE == 2
mbedtls_printf(" AES note: AESNI code present (intrinsics implementation).\n");
#else
-#error Unrecognised value for MBEDTLS_AESNI_HAVE_CODE
+#error "Unrecognised value for MBEDTLS_AESNI_HAVE_CODE"
#endif
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
mbedtls_printf(" AES note: using AESNI.\n");
} else
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
- if (mbedtls_aesce_has_support()) {
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
+ if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
+ mbedtls_printf(" AES note: using VIA Padlock.\n");
+ } else
+#endif
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
+ if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" AES note: using AESCE.\n");
} else
#endif
- mbedtls_printf(" AES note: built-in implementation.\n");
+ {
+#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+ mbedtls_printf(" AES note: built-in implementation.\n");
+#endif
+ }
#endif /* MBEDTLS_AES_ALT */
}
@@ -1881,7 +1880,7 @@
*/
{
static const int num_tests =
- sizeof(aes_test_ecb_dec) / sizeof(*aes_test_ecb_dec);
+ sizeof(aes_test_ecb_enc) / sizeof(*aes_test_ecb_enc);
for (i = 0; i < num_tests << 1; i++) {
u = i >> 1;
@@ -1892,13 +1891,24 @@
mbedtls_printf(" AES-ECB-%3u (%s): ", keybits,
(mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
}
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ if (verbose != 0) {
+ mbedtls_printf("skipped\n");
+ }
+ continue;
+ }
+#endif
memset(buf, 0, 16);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
if (mode == MBEDTLS_AES_DECRYPT) {
ret = mbedtls_aes_setkey_dec(&ctx, key, keybits);
aes_tests = aes_test_ecb_dec[u];
- } else {
+ } else
+#endif
+ {
ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
aes_tests = aes_test_ecb_enc[u];
}
diff --git a/library/aesce.c b/library/aesce.c
index ed3cca1..eaaa5b5 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -2,23 +2,20 @@
* Armv8-A Cryptographic Extension support functions for Aarch64
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \
- defined(__clang__) && __clang_major__ >= 4
+#if defined(__clang__) && (__clang_major__ >= 4)
+
+/* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8_A in the following #if,
+ * but that is defined by build_info.h, and we need this block to happen first. */
+#if defined(__ARM_ARCH)
+#if __ARM_ARCH >= 8
+#define MBEDTLS_AESCE_ARCH_IS_ARMV8_A
+#endif
+#endif
+
+#if defined(MBEDTLS_AESCE_ARCH_IS_ARMV8_A) && !defined(__ARM_FEATURE_CRYPTO)
/* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
*
* The intrinsic declaration are guarded by predefined ACLE macros in clang:
@@ -26,7 +23,7 @@
* By defining the macros ourselves we gain access to those declarations without
* requiring -march on the command line.
*
- * `arm_neon.h` could be included by any header file, so we put these defines
+ * `arm_neon.h` is included by common.h, so we put these defines
* at the top of this file, before any includes.
*/
#define __ARM_FEATURE_CRYPTO 1
@@ -39,6 +36,8 @@
#define MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG
#endif
+#endif /* defined(__clang__) && (__clang_major__ >= 4) */
+
#include <string.h>
#include "common.h"
@@ -46,12 +45,14 @@
#include "aesce.h"
-#if defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
/* Compiler version checks. */
#if defined(__clang__)
-# if __clang_major__ < 4
-# error "Minimum version of Clang for MBEDTLS_AESCE_C is 4.0."
+# if defined(MBEDTLS_ARCH_IS_ARM32) && (__clang_major__ < 11)
+# error "Minimum version of Clang for MBEDTLS_AESCE_C on 32-bit Arm or Thumb is 11.0."
+# elif defined(MBEDTLS_ARCH_IS_ARM64) && (__clang_major__ < 4)
+# error "Minimum version of Clang for MBEDTLS_AESCE_C on aarch64 is 4.0."
# endif
#elif defined(__GNUC__)
# if __GNUC__ < 6
@@ -64,12 +65,15 @@
# if _MSC_VER < 1929
# error "Minimum version of MSVC for MBEDTLS_AESCE_C is 2019 version 16.11.2."
# endif
-#endif
-
-#ifdef __ARM_NEON
-#include <arm_neon.h>
-#else
-#error "Target does not support NEON instructions"
+#elif defined(__ARMCC_VERSION)
+# if defined(MBEDTLS_ARCH_IS_ARM32) && (__ARMCC_VERSION < 6200002)
+/* TODO: We haven't verified armclang for 32-bit Arm/Thumb prior to 6.20.
+ * If someone verified that, please update this and document of
+ * `MBEDTLS_AESCE_C` in `mbedtls_config.h`. */
+# error "Minimum version of armclang for MBEDTLS_AESCE_C on 32-bit Arm is 6.20."
+# elif defined(MBEDTLS_ARCH_IS_ARM64) && (__ARMCC_VERSION < 6060000)
+# error "Minimum version of armclang for MBEDTLS_AESCE_C on aarch64 is 6.6."
+# endif
#endif
#if !(defined(__ARM_FEATURE_CRYPTO) || defined(__ARM_FEATURE_AES)) || \
@@ -94,25 +98,61 @@
#endif /* !(__ARM_FEATURE_CRYPTO || __ARM_FEATURE_AES) ||
MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG */
-#if defined(__linux__)
-#include <asm/hwcap.h>
+#if defined(__linux__) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+
#include <sys/auxv.h>
+#if !defined(HWCAP_NEON)
+#define HWCAP_NEON (1 << 12)
+#endif
+#if !defined(HWCAP2_AES)
+#define HWCAP2_AES (1 << 0)
+#endif
+#if !defined(HWCAP_AES)
+#define HWCAP_AES (1 << 3)
+#endif
+#if !defined(HWCAP_ASIMD)
+#define HWCAP_ASIMD (1 << 1)
#endif
+signed char mbedtls_aesce_has_support_result = -1;
+
+#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
/*
* AES instruction support detection routine
*/
-int mbedtls_aesce_has_support(void)
+int mbedtls_aesce_has_support_impl(void)
{
-#if defined(__linux__)
- unsigned long auxval = getauxval(AT_HWCAP);
- return (auxval & (HWCAP_ASIMD | HWCAP_AES)) ==
- (HWCAP_ASIMD | HWCAP_AES);
+ /* To avoid many calls to getauxval, cache the result. This is
+ * thread-safe, because we store the result in a char so cannot
+ * be vulnerable to non-atomic updates.
+ * It is possible that we could end up setting result more than
+ * once, but that is harmless.
+ */
+ if (mbedtls_aesce_has_support_result == -1) {
+#if defined(MBEDTLS_ARCH_IS_ARM32)
+ unsigned long auxval = getauxval(AT_HWCAP);
+ unsigned long auxval2 = getauxval(AT_HWCAP2);
+ if (((auxval & HWCAP_NEON) == HWCAP_NEON) &&
+ ((auxval2 & HWCAP2_AES) == HWCAP2_AES)) {
+ mbedtls_aesce_has_support_result = 1;
+ } else {
+ mbedtls_aesce_has_support_result = 0;
+ }
#else
- /* Assume AES instructions are supported. */
- return 1;
+ unsigned long auxval = getauxval(AT_HWCAP);
+ if ((auxval & (HWCAP_ASIMD | HWCAP_AES)) ==
+ (HWCAP_ASIMD | HWCAP_AES)) {
+ mbedtls_aesce_has_support_result = 1;
+ } else {
+ mbedtls_aesce_has_support_result = 0;
+ }
#endif
+ }
+ return mbedtls_aesce_has_support_result;
}
+#endif
+
+#endif /* defined(__linux__) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) */
/* Single round of AESCE encryption */
#define AESCE_ENCRYPT_ROUND \
@@ -185,6 +225,7 @@
/* Two rounds of AESCE decryption */
#define AESCE_DECRYPT_ROUND_X2 AESCE_DECRYPT_ROUND; AESCE_DECRYPT_ROUND
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
static uint8x16_t aesce_decrypt_block(uint8x16_t block,
unsigned char *keys,
int rounds)
@@ -216,6 +257,7 @@
return block;
}
+#endif
/*
* AES-ECB block en(de)cryption
@@ -228,10 +270,15 @@
uint8x16_t block = vld1q_u8(&input[0]);
unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset);
- if (mode == MBEDTLS_AES_ENCRYPT) {
- block = aesce_encrypt_block(block, keys, ctx->nr);
- } else {
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ if (mode == MBEDTLS_AES_DECRYPT) {
block = aesce_decrypt_block(block, keys, ctx->nr);
+ } else
+#else
+ (void) mode;
+#endif
+ {
+ block = aesce_encrypt_block(block, keys, ctx->nr);
}
vst1q_u8(&output[0], block);
@@ -241,6 +288,7 @@
/*
* Compute decryption round keys from encryption round keys
*/
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
void mbedtls_aesce_inverse_key(unsigned char *invkey,
const unsigned char *fwdkey,
int nr)
@@ -255,6 +303,7 @@
vst1q_u8(invkey + i * 16, vld1q_u8(fwdkey + j * 16));
}
+#endif
static inline uint32_t aes_rot_word(uint32_t word)
{
@@ -298,7 +347,7 @@
rki + key_len_in_words < rko_end;
rki += key_len_in_words) {
- size_t iteration = (rki - (uint32_t *) rk) / key_len_in_words;
+ size_t iteration = (size_t) (rki - (uint32_t *) rk) / key_len_in_words;
uint32_t *rko;
rko = rki + key_len_in_words;
rko[0] = aes_rot_word(aes_sub_word(rki[key_len_in_words - 1]));
@@ -351,24 +400,91 @@
#if defined(MBEDTLS_GCM_C)
-#if !defined(__clang__) && defined(__GNUC__) && __GNUC__ == 5
-/* Some intrinsics are not available for GCC 5.X. */
-#define vreinterpretq_p64_u8(a) ((poly64x2_t) a)
-#define vreinterpretq_u8_p128(a) ((uint8x16_t) a)
-static inline poly64_t vget_low_p64(poly64x2_t __a)
+#if defined(MBEDTLS_ARCH_IS_ARM32)
+
+#if defined(__clang__)
+/* On clang for A32/T32, work around some missing intrinsics and types which are listed in
+ * [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1)
+ * These are only required for GCM.
+ */
+#define vreinterpretq_u64_p64(a) ((uint64x2_t) a)
+
+typedef uint8x16_t poly128_t;
+
+static inline poly128_t vmull_p64(poly64_t a, poly64_t b)
{
- uint64x2_t tmp = (uint64x2_t) (__a);
- uint64x1_t lo = vcreate_u64(vgetq_lane_u64(tmp, 0));
- return (poly64_t) (lo);
+ poly128_t r;
+ asm ("vmull.p64 %[r], %[a], %[b]" : [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :);
+ return r;
}
-#endif /* !__clang__ && __GNUC__ && __GNUC__ == 5*/
+
+/* This is set to cause some more missing intrinsics to be defined below */
+#define COMMON_MISSING_INTRINSICS
+
+static inline poly128_t vmull_high_p64(poly64x2_t a, poly64x2_t b)
+{
+ return vmull_p64((poly64_t) (vget_high_u64((uint64x2_t) a)),
+ (poly64_t) (vget_high_u64((uint64x2_t) b)));
+}
+
+#endif /* defined(__clang__) */
+
+static inline uint8x16_t vrbitq_u8(uint8x16_t x)
+{
+ /* There is no vrbitq_u8 instruction in A32/T32, so provide
+ * an equivalent non-Neon implementation. Reverse bit order in each
+ * byte with 4x rbit, rev. */
+ asm ("ldm %[p], { r2-r5 } \n\t"
+ "rbit r2, r2 \n\t"
+ "rev r2, r2 \n\t"
+ "rbit r3, r3 \n\t"
+ "rev r3, r3 \n\t"
+ "rbit r4, r4 \n\t"
+ "rev r4, r4 \n\t"
+ "rbit r5, r5 \n\t"
+ "rev r5, r5 \n\t"
+ "stm %[p], { r2-r5 } \n\t"
+ :
+ /* Output: 16 bytes of memory pointed to by &x */
+ "+m" (*(uint8_t(*)[16]) &x)
+ :
+ [p] "r" (&x)
+ :
+ "r2", "r3", "r4", "r5"
+ );
+ return x;
+}
+
+#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */
+
+#if defined(MBEDTLS_COMPILER_IS_GCC) && __GNUC__ == 5
+/* Some intrinsics are not available for GCC 5.X. */
+#define COMMON_MISSING_INTRINSICS
+#endif /* MBEDTLS_COMPILER_IS_GCC && __GNUC__ == 5 */
+
+
+#if defined(COMMON_MISSING_INTRINSICS)
+
+/* Missing intrinsics common to both GCC 5, and Clang on 32-bit */
+
+#define vreinterpretq_p64_u8(a) ((poly64x2_t) a)
+#define vreinterpretq_u8_p128(a) ((uint8x16_t) a)
+
+static inline poly64x1_t vget_low_p64(poly64x2_t a)
+{
+ uint64x1_t r = vget_low_u64(vreinterpretq_u64_p64(a));
+ return (poly64x1_t) r;
+
+}
+
+#endif /* COMMON_MISSING_INTRINSICS */
/* vmull_p64/vmull_high_p64 wrappers.
*
* Older compilers miss some intrinsic functions for `poly*_t`. We use
* uint8x16_t and uint8x16x3_t as input/output parameters.
*/
-#if defined(__GNUC__) && !defined(__clang__)
+#if defined(MBEDTLS_COMPILER_IS_GCC)
/* GCC reports incompatible type error without cast. GCC think poly64_t and
* poly64x1_t are different, that is different with MSVC and Clang. */
#define MBEDTLS_VMULL_P64(a, b) vmull_p64((poly64_t) a, (poly64_t) b)
@@ -377,14 +493,15 @@
* error with/without cast. And I think poly64_t and poly64x1_t are same, no
* cast for clang also. */
#define MBEDTLS_VMULL_P64(a, b) vmull_p64(a, b)
-#endif
+#endif /* MBEDTLS_COMPILER_IS_GCC */
+
static inline uint8x16_t pmull_low(uint8x16_t a, uint8x16_t b)
{
return vreinterpretq_u8_p128(
MBEDTLS_VMULL_P64(
- vget_low_p64(vreinterpretq_p64_u8(a)),
- vget_low_p64(vreinterpretq_p64_u8(b))
+ (poly64_t) vget_low_p64(vreinterpretq_p64_u8(a)),
+ (poly64_t) vget_low_p64(vreinterpretq_p64_u8(b))
));
}
@@ -453,7 +570,7 @@
/* use 'asm' as an optimisation barrier to prevent loading MODULO from
* memory. It is for GNUC compatible compilers.
*/
- asm ("" : "+w" (r));
+ asm volatile ("" : "+w" (r));
#endif
uint8x16_t const MODULO = vreinterpretq_u8_u64(vshrq_n_u64(r, 64 - 8));
uint8x16_t h, m, l; /* input high/middle/low 128b */
@@ -496,6 +613,6 @@
#undef MBEDTLS_POP_TARGET_PRAGMA
#endif
-#endif /* MBEDTLS_HAVE_ARM64 */
+#endif /* MBEDTLS_AESCE_HAVE_CODE */
#endif /* MBEDTLS_AESCE_C */
diff --git a/library/aesce.h b/library/aesce.h
index b12bf76..a14d085 100644
--- a/library/aesce.h
+++ b/library/aesce.h
@@ -2,52 +2,60 @@
* \file aesce.h
*
* \brief Support hardware AES acceleration on Armv8-A processors with
- * the Armv8-A Cryptographic Extension in AArch64 execution state.
+ * the Armv8-A Cryptographic Extension.
*
* \warning These functions are only for internal use by other library
* functions; you must not call them directly.
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_AESCE_H
#define MBEDTLS_AESCE_H
#include "mbedtls/build_info.h"
+#include "common.h"
#include "mbedtls/aes.h"
-#if !defined(MBEDTLS_HAVE_ARM64)
-#if defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)
-#define MBEDTLS_HAVE_ARM64
-#endif
-#endif
-#if defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_C) \
+ && defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(MBEDTLS_HAVE_NEON_INTRINSICS) \
+ && (defined(MBEDTLS_COMPILER_IS_GCC) || defined(__clang__) || defined(MSC_VER))
+
+/* MBEDTLS_AESCE_HAVE_CODE is defined if we have a suitable target platform, and a
+ * potentially suitable compiler (compiler version & flags are not checked when defining
+ * this). */
+#define MBEDTLS_AESCE_HAVE_CODE
#ifdef __cplusplus
extern "C" {
#endif
+#if defined(__linux__) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+
+extern signed char mbedtls_aesce_has_support_result;
+
/**
* \brief Internal function to detect the crypto extension in CPUs.
*
* \return 1 if CPU has support for the feature, 0 otherwise
*/
-int mbedtls_aesce_has_support(void);
+int mbedtls_aesce_has_support_impl(void);
+
+#define MBEDTLS_AESCE_HAS_SUPPORT() (mbedtls_aesce_has_support_result == -1 ? \
+ mbedtls_aesce_has_support_impl() : \
+ mbedtls_aesce_has_support_result)
+
+#else /* defined(__linux__) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) */
+
+/* If we are not on Linux, we can't detect support so assume that it's supported.
+ * Similarly, assume support if MBEDTLS_AES_USE_HARDWARE_ONLY is set.
+ */
+#define MBEDTLS_AESCE_HAS_SUPPORT() 1
+
+#endif /* defined(__linux__) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) */
/**
* \brief Internal AES-ECB block encryption and decryption
@@ -85,6 +93,7 @@
const unsigned char b[16]);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief Internal round key inversion. This function computes
* decryption round keys from the encryption round keys.
@@ -96,6 +105,7 @@
void mbedtls_aesce_inverse_key(unsigned char *invkey,
const unsigned char *fwdkey,
int nr);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/**
* \brief Internal key expansion for encryption
@@ -114,6 +124,13 @@
}
#endif
-#endif /* MBEDTLS_HAVE_ARM64 */
+#else
+
+#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && defined(MBEDTLS_ARCH_IS_ARMV8_A)
+#error "AES hardware acceleration not supported on this platform / compiler"
+#endif
+
+#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8_A && MBEDTLS_HAVE_NEON_INTRINSICS &&
+ (MBEDTLS_COMPILER_IS_GCC || __clang__ || MSC_VER) */
#endif /* MBEDTLS_AESCE_H */
diff --git a/library/aesni.c b/library/aesni.c
index 3e3dccb..9da9f1b 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -2,19 +2,7 @@
* AES-NI support functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -33,14 +21,28 @@
#if defined(MBEDTLS_AESNI_HAVE_CODE)
#if MBEDTLS_AESNI_HAVE_CODE == 2
-#if !defined(_WIN32)
+#if defined(__GNUC__)
#include <cpuid.h>
-#else
+#elif defined(_MSC_VER)
#include <intrin.h>
+#else
+#error "`__cpuid` required by MBEDTLS_AESNI_C is not supported by the compiler"
#endif
#include <immintrin.h>
#endif
+#if defined(MBEDTLS_ARCH_IS_X86)
+#if defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC push_options
+#pragma GCC target ("pclmul,sse2,aes")
+#define MBEDTLS_POP_TARGET_PRAGMA
+#elif defined(__clang__)
+#pragma clang attribute push (__attribute__((target("pclmul,sse2,aes"))), apply_to=function)
+#define MBEDTLS_POP_TARGET_PRAGMA
+#endif
+#endif
+
+#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
/*
* AES-NI support detection routine
*/
@@ -51,7 +53,7 @@
if (!done) {
#if MBEDTLS_AESNI_HAVE_CODE == 2
- static unsigned info[4] = { 0, 0, 0, 0 };
+ static int info[4] = { 0, 0, 0, 0 };
#if defined(_MSC_VER)
__cpuid(info, 1);
#else
@@ -70,6 +72,7 @@
return (c & what) != 0;
}
+#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */
#if MBEDTLS_AESNI_HAVE_CODE == 2
@@ -91,14 +94,19 @@
++rk;
--nr;
- if (mode == 0) {
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ if (mode == MBEDTLS_AES_DECRYPT) {
while (nr != 0) {
state = _mm_aesdec_si128(state, *rk);
++rk;
--nr;
}
state = _mm_aesdeclast_si128(state, *rk);
- } else {
+ } else
+#else
+ (void) mode;
+#endif
+ {
while (nr != 0) {
state = _mm_aesenc_si128(state, *rk);
++rk;
@@ -185,7 +193,7 @@
const unsigned char a[16],
const unsigned char b[16])
{
- __m128i aa, bb, cc, dd;
+ __m128i aa = { 0 }, bb = { 0 }, cc, dd;
/* The inputs are in big-endian order, so byte-reverse them */
for (size_t i = 0; i < 16; i++) {
@@ -215,6 +223,7 @@
/*
* Compute decryption round keys from encryption round keys
*/
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
void mbedtls_aesni_inverse_key(unsigned char *invkey,
const unsigned char *fwdkey, int nr)
{
@@ -227,6 +236,7 @@
}
*ik = *fk;
}
+#endif
/*
* Key expansion, 128-bit case
@@ -394,6 +404,15 @@
}
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+#if defined(MBEDTLS_POP_TARGET_PRAGMA)
+#if defined(__clang__)
+#pragma clang attribute pop
+#elif defined(__GNUC__)
+#pragma GCC pop_options
+#endif
+#undef MBEDTLS_POP_TARGET_PRAGMA
+#endif
+
#else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
#if defined(__has_feature)
@@ -453,6 +472,7 @@
"jnz 1b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENCLAST(xmm1_xmm0) // last round
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
"jmp 3f \n\t"
"2: \n\t" // decryption loop
@@ -463,6 +483,7 @@
"jnz 2b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESDECLAST(xmm1_xmm0) // last round
+#endif
"3: \n\t"
"movdqu %%xmm0, (%4) \n\t" // export output
@@ -589,6 +610,7 @@
/*
* Compute decryption round keys from encryption round keys
*/
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
void mbedtls_aesni_inverse_key(unsigned char *invkey,
const unsigned char *fwdkey, int nr)
{
@@ -608,6 +630,7 @@
memcpy(ik, fk, 16);
}
+#endif
/*
* Key expansion, 128-bit case
diff --git a/library/aesni.h b/library/aesni.h
index 82947e4..59e27af 100644
--- a/library/aesni.h
+++ b/library/aesni.h
@@ -8,19 +8,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_AESNI_H
#define MBEDTLS_AESNI_H
@@ -32,22 +20,14 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u
-/* Can we do AESNI with inline assembly?
- * (Only implemented with gas syntax, only for 64-bit.)
- */
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
- (defined(__amd64__) || defined(__x86_64__)) && \
- !defined(MBEDTLS_HAVE_X86_64)
-#define MBEDTLS_HAVE_X86_64
-#endif
-
-#if defined(MBEDTLS_AESNI_C)
+#if defined(MBEDTLS_AESNI_C) && \
+ (defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_X86))
/* Can we do AESNI with intrinsics?
* (Only implemented with certain compilers, only for certain targets.)
*/
#undef MBEDTLS_AESNI_HAVE_INTRINSICS
-#if defined(_MSC_VER)
+#if defined(_MSC_VER) && !defined(__clang__)
/* Visual Studio supports AESNI intrinsics since VS 2008 SP1. We only support
* VS 2013 and up for other reasons anyway, so no need to check the version. */
#define MBEDTLS_AESNI_HAVE_INTRINSICS
@@ -55,7 +35,11 @@
/* GCC-like compilers: currently, we only support intrinsics if the requisite
* target flag is enabled when building the library (e.g. `gcc -mpclmul -msse2`
* or `clang -maes -mpclmul`). */
-#if defined(__GNUC__) && defined(__AES__) && defined(__PCLMUL__)
+#if (defined(__GNUC__) || defined(__clang__)) && defined(__AES__) && defined(__PCLMUL__)
+#define MBEDTLS_AESNI_HAVE_INTRINSICS
+#endif
+/* For 32-bit, we only support intrinsics */
+#if defined(MBEDTLS_ARCH_IS_X86) && (defined(__GNUC__) || defined(__clang__))
#define MBEDTLS_AESNI_HAVE_INTRINSICS
#endif
@@ -67,8 +51,14 @@
* In the long run, we will likely remove the assembly implementation. */
#if defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
-#elif defined(MBEDTLS_HAVE_X86_64)
+#elif defined(MBEDTLS_HAVE_ASM) && \
+ (defined(__GNUC__) || defined(__clang__)) && defined(MBEDTLS_ARCH_IS_X64)
+/* Can we do AESNI with inline assembly?
+ * (Only implemented with gas syntax, only for 64-bit.)
+ */
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
+#else
+#error "MBEDTLS_AESNI_C defined, but neither intrinsics nor assembly available"
#endif
#if defined(MBEDTLS_AESNI_HAVE_CODE)
@@ -88,7 +78,11 @@
*
* \return 1 if CPU has support for the feature, 0 otherwise
*/
+#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
int mbedtls_aesni_has_support(unsigned int what);
+#else
+#define mbedtls_aesni_has_support(what) 1
+#endif
/**
* \brief Internal AES-NI AES-ECB block encryption and decryption
@@ -125,6 +119,7 @@
const unsigned char a[16],
const unsigned char b[16]);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief Internal round key inversion. This function computes
* decryption round keys from the encryption round keys.
@@ -139,6 +134,7 @@
void mbedtls_aesni_inverse_key(unsigned char *invkey,
const unsigned char *fwdkey,
int nr);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/**
* \brief Internal key expansion for encryption
@@ -161,6 +157,6 @@
#endif
#endif /* MBEDTLS_AESNI_HAVE_CODE */
-#endif /* MBEDTLS_AESNI_C */
+#endif /* MBEDTLS_AESNI_C && (MBEDTLS_ARCH_IS_X64 || MBEDTLS_ARCH_IS_X86) */
#endif /* MBEDTLS_AESNI_H */
diff --git a/library/alignment.h b/library/alignment.h
index ab15986..9e1e044 100644
--- a/library/alignment.h
+++ b/library/alignment.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_LIBRARY_ALIGNMENT_H
@@ -35,11 +23,16 @@
* efficient when this is not defined.
*/
#if defined(__ARM_FEATURE_UNALIGNED) \
- || defined(__i386__) || defined(__amd64__) || defined(__x86_64__)
+ || defined(MBEDTLS_ARCH_IS_X86) || defined(MBEDTLS_ARCH_IS_X64) \
+ || defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64)
/*
* __ARM_FEATURE_UNALIGNED is defined where appropriate by armcc, gcc 7, clang 9
* (and later versions) for Arm v7 and later; all x86 platforms should have
* efficient unaligned access.
+ *
+ * https://learn.microsoft.com/en-us/cpp/build/arm64-windows-abi-conventions?view=msvc-170#alignment
+ * specifies that on Windows-on-Arm64, unaligned access is safe (except for uncached
+ * device memory).
*/
#define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS
#endif
@@ -187,6 +180,16 @@
#define MBEDTLS_BSWAP32 __rev
#endif
+/* Detect IAR built-in byteswap routine */
+#if defined(__IAR_SYSTEMS_ICC__)
+#if defined(__ARM_ACLE)
+#include <arm_acle.h>
+#define MBEDTLS_BSWAP16(x) ((uint16_t) __rev16((uint32_t) (x)))
+#define MBEDTLS_BSWAP32 __rev
+#define MBEDTLS_BSWAP64 __revll
+#endif
+#endif
+
/*
* Where compiler built-ins are not present, fall back to C code that the
* compiler may be able to detect and transform into the relevant bswap or
@@ -231,10 +234,25 @@
#endif /* !defined(MBEDTLS_BSWAP64) */
#if !defined(__BYTE_ORDER__)
+
+#if defined(__LITTLE_ENDIAN__)
+/* IAR defines __xxx_ENDIAN__, but not __BYTE_ORDER__ */
+#define MBEDTLS_IS_BIG_ENDIAN 0
+#elif defined(__BIG_ENDIAN__)
+#define MBEDTLS_IS_BIG_ENDIAN 1
+#else
static const uint16_t mbedtls_byte_order_detector = { 0x100 };
#define MBEDTLS_IS_BIG_ENDIAN (*((unsigned char *) (&mbedtls_byte_order_detector)) == 0x01)
+#endif
+
#else
-#define MBEDTLS_IS_BIG_ENDIAN ((__BYTE_ORDER__) == (__ORDER_BIG_ENDIAN__))
+
+#if (__BYTE_ORDER__) == (__ORDER_BIG_ENDIAN__)
+#define MBEDTLS_IS_BIG_ENDIAN 1
+#else
+#define MBEDTLS_IS_BIG_ENDIAN 0
+#endif
+
#endif /* !defined(__BYTE_ORDER__) */
/**
diff --git a/library/aria.c b/library/aria.c
index 0980362..ba12578 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -2,19 +2,7 @@
* ARIA implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -425,6 +413,7 @@
/*
* Set decryption key
*/
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
const unsigned char *key, unsigned int keybits)
{
@@ -454,6 +443,7 @@
return 0;
}
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/*
* Encrypt a block
@@ -884,12 +874,18 @@
/* test ECB decryption */
if (verbose) {
mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i);
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ mbedtls_printf("skipped\n");
+#endif
}
+
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i);
mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk);
ARIA_SELF_TEST_ASSERT(
memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE)
!= 0);
+#endif
}
if (verbose) {
mbedtls_printf("\n");
diff --git a/library/asn1parse.c b/library/asn1parse.c
index d257ef4..c02b233 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -2,24 +2,12 @@
* Generic ASN.1 parsing
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
-#if defined(MBEDTLS_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C)
#include "mbedtls/asn1.h"
#include "mbedtls/platform_util.h"
@@ -47,47 +35,18 @@
if ((**p & 0x80) == 0) {
*len = *(*p)++;
} else {
- switch (**p & 0x7F) {
- case 1:
- if ((end - *p) < 2) {
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- *len = (*p)[1];
- (*p) += 2;
- break;
-
- case 2:
- if ((end - *p) < 3) {
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- *len = ((size_t) (*p)[1] << 8) | (*p)[2];
- (*p) += 3;
- break;
-
- case 3:
- if ((end - *p) < 4) {
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- *len = ((size_t) (*p)[1] << 16) |
- ((size_t) (*p)[2] << 8) | (*p)[3];
- (*p) += 4;
- break;
-
- case 4:
- if ((end - *p) < 5) {
- return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
- }
-
- *len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) |
- ((size_t) (*p)[3] << 8) | (*p)[4];
- (*p) += 5;
- break;
-
- default:
- return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ int n = (**p) & 0x7F;
+ if (n == 0 || n > 4) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
+ if ((end - *p) <= n) {
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
+ *len = 0;
+ (*p)++;
+ while (n--) {
+ *len = (*len << 8) | **p;
+ (*p)++;
}
}
@@ -114,7 +73,9 @@
return mbedtls_asn1_get_len(p, end, len);
}
+#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */
+#if defined(MBEDTLS_ASN1_PARSE_C)
int mbedtls_asn1_get_bool(unsigned char **p,
const unsigned char *end,
int *val)
diff --git a/library/asn1write.c b/library/asn1write.c
index c65d937..114091d 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -2,24 +2,12 @@
* ASN.1 buffer writing functionality
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
-#if defined(MBEDTLS_ASN1_WRITE_C)
+#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C)
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
@@ -28,68 +16,40 @@
#include "mbedtls/platform.h"
+#if defined(MBEDTLS_ASN1_PARSE_C)
+#include "mbedtls/asn1.h"
+#endif
+
int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len)
{
- if (len < 0x80) {
- if (*p - start < 1) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *--(*p) = (unsigned char) len;
- return 1;
- }
-
- if (len <= 0xFF) {
- if (*p - start < 2) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *--(*p) = (unsigned char) len;
- *--(*p) = 0x81;
- return 2;
- }
-
- if (len <= 0xFFFF) {
- if (*p - start < 3) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *--(*p) = MBEDTLS_BYTE_0(len);
- *--(*p) = MBEDTLS_BYTE_1(len);
- *--(*p) = 0x82;
- return 3;
- }
-
- if (len <= 0xFFFFFF) {
- if (*p - start < 4) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *--(*p) = MBEDTLS_BYTE_0(len);
- *--(*p) = MBEDTLS_BYTE_1(len);
- *--(*p) = MBEDTLS_BYTE_2(len);
- *--(*p) = 0x83;
- return 4;
- }
-
- int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF
- len_is_valid = (len <= 0xFFFFFFFF);
+ if (len > 0xFFFFFFFF) {
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ }
#endif
- if (len_is_valid) {
- if (*p - start < 5) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
- *--(*p) = MBEDTLS_BYTE_0(len);
- *--(*p) = MBEDTLS_BYTE_1(len);
- *--(*p) = MBEDTLS_BYTE_2(len);
- *--(*p) = MBEDTLS_BYTE_3(len);
- *--(*p) = 0x84;
- return 5;
+ int required = 1;
+
+ if (len >= 0x80) {
+ for (size_t l = len; l != 0; l >>= 8) {
+ required++;
+ }
}
- return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+ if (required > (*p - start)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+
+ do {
+ *--(*p) = MBEDTLS_BYTE_0(len);
+ len >>= 8;
+ } while (len);
+
+ if (required > 1) {
+ *--(*p) = (unsigned char) (0x80 + required - 1);
+ }
+
+ return required;
}
int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag)
@@ -102,6 +62,21 @@
return 1;
}
+#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
+
+#if defined(MBEDTLS_ASN1_WRITE_C)
+static int mbedtls_asn1_write_len_and_tag(unsigned char **p,
+ const unsigned char *start,
+ size_t len,
+ unsigned char tag)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
+
+ return (int) len;
+}
int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t size)
@@ -154,10 +129,7 @@
len += 1;
}
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_INTEGER));
-
- ret = (int) len;
+ ret = mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_INTEGER);
cleanup:
return ret;
@@ -166,15 +138,9 @@
int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
-
// Write NULL
//
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, 0, MBEDTLS_ASN1_NULL);
}
int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start,
@@ -185,10 +151,7 @@
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
(const unsigned char *) oid, oid_len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID);
}
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, const unsigned char *start,
@@ -215,17 +178,12 @@
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
}
int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int boolean)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if (*p - start < 1) {
@@ -235,15 +193,11 @@
*--(*p) = (boolean) ? 255 : 0;
len++;
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BOOLEAN);
}
static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, int val, int tag)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
do {
@@ -263,10 +217,7 @@
len += 1;
}
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, tag);
}
int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val)
@@ -289,10 +240,7 @@
(const unsigned char *) text,
text_len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, tag);
}
int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start,
@@ -361,7 +309,6 @@
int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t bits)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
size_t unused_bits, byte_len;
@@ -385,10 +332,7 @@
/* Write unused bits */
*--(*p) = (unsigned char) unused_bits;
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BIT_STRING);
}
int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start,
@@ -399,13 +343,11 @@
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
-
- return (int) len;
+ return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING);
}
+#if !defined(MBEDTLS_ASN1_PARSE_C)
/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
* which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
static mbedtls_asn1_named_data *asn1_find_named_data(
@@ -423,6 +365,10 @@
return list;
}
+#else
+#define asn1_find_named_data(list, oid, len) \
+ ((mbedtls_asn1_named_data *) mbedtls_asn1_find_named_data(list, oid, len))
+#endif
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
mbedtls_asn1_named_data **head,
diff --git a/library/base64.c b/library/base64.c
index 3eb9e7c..9677dee 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -2,19 +2,7 @@
* RFC 1521 base64 encoding/decoding
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <limits.h>
@@ -24,6 +12,7 @@
#if defined(MBEDTLS_BASE64_C)
#include "mbedtls/base64.h"
+#include "base64_internal.h"
#include "constant_time_internal.h"
#include <stdint.h>
@@ -33,6 +22,39 @@
#include "mbedtls/platform.h"
#endif /* MBEDTLS_SELF_TEST */
+MBEDTLS_STATIC_TESTABLE
+unsigned char mbedtls_ct_base64_enc_char(unsigned char value)
+{
+ unsigned char digit = 0;
+ /* For each range of values, if value is in that range, mask digit with
+ * the corresponding value. Since value can only be in a single range,
+ * only at most one masking will change digit. */
+ digit |= mbedtls_ct_uchar_in_range_if(0, 25, value, 'A' + value);
+ digit |= mbedtls_ct_uchar_in_range_if(26, 51, value, 'a' + value - 26);
+ digit |= mbedtls_ct_uchar_in_range_if(52, 61, value, '0' + value - 52);
+ digit |= mbedtls_ct_uchar_in_range_if(62, 62, value, '+');
+ digit |= mbedtls_ct_uchar_in_range_if(63, 63, value, '/');
+ return digit;
+}
+
+MBEDTLS_STATIC_TESTABLE
+signed char mbedtls_ct_base64_dec_value(unsigned char c)
+{
+ unsigned char val = 0;
+ /* For each range of digits, if c is in that range, mask val with
+ * the corresponding value. Since c can only be in a single range,
+ * only at most one masking will change val. Set val to one plus
+ * the desired value so that it stays 0 if c is in none of the ranges. */
+ val |= mbedtls_ct_uchar_in_range_if('A', 'Z', c, c - 'A' + 0 + 1);
+ val |= mbedtls_ct_uchar_in_range_if('a', 'z', c, c - 'a' + 26 + 1);
+ val |= mbedtls_ct_uchar_in_range_if('0', '9', c, c - '0' + 52 + 1);
+ val |= mbedtls_ct_uchar_in_range_if('+', '+', c, c - '+' + 62 + 1);
+ val |= mbedtls_ct_uchar_in_range_if('/', '/', c, c - '/' + 63 + 1);
+ /* At this point, val is 0 if c is an invalid digit and v+1 if c is
+ * a digit with the value v. */
+ return val - 1;
+}
+
/*
* Encode a buffer into base64 format
*/
@@ -94,7 +116,7 @@
*p++ = '=';
}
- *olen = p - dst;
+ *olen = (size_t) (p - dst);
*p = 0;
return 0;
@@ -203,7 +225,7 @@
}
}
- *olen = p - dst;
+ *olen = (size_t) (p - dst);
return 0;
}
diff --git a/library/base64_internal.h b/library/base64_internal.h
new file mode 100644
index 0000000..a09bd23
--- /dev/null
+++ b/library/base64_internal.h
@@ -0,0 +1,45 @@
+/**
+ * \file base64_internal.h
+ *
+ * \brief RFC 1521 base64 encoding/decoding: interfaces for invasive testing
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_BASE64_INTERNAL
+#define MBEDTLS_BASE64_INTERNAL
+
+#include "common.h"
+
+#if defined(MBEDTLS_TEST_HOOKS)
+
+/** Given a value in the range 0..63, return the corresponding Base64 digit.
+ *
+ * The implementation assumes that letters are consecutive (e.g. ASCII
+ * but not EBCDIC).
+ *
+ * \param value A value in the range 0..63.
+ *
+ * \return A base64 digit converted from \p value.
+ */
+unsigned char mbedtls_ct_base64_enc_char(unsigned char value);
+
+/** Given a Base64 digit, return its value.
+ *
+ * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
+ * return -1.
+ *
+ * The implementation assumes that letters are consecutive (e.g. ASCII
+ * but not EBCDIC).
+ *
+ * \param c A base64 digit.
+ *
+ * \return The value of the base64 digit \p c.
+ */
+signed char mbedtls_ct_base64_dec_value(unsigned char c);
+
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#endif /* MBEDTLS_BASE64_INTERNAL */
diff --git a/library/bignum.c b/library/bignum.c
index f2a8641..1869137 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2,19 +2,7 @@
* Multi-precision integer library
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -54,6 +42,135 @@
#define MPI_VALIDATE(cond) \
MBEDTLS_INTERNAL_VALIDATE(cond)
+/*
+ * Compare signed values in constant time
+ */
+int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X,
+ const mbedtls_mpi *Y,
+ unsigned *ret)
+{
+ mbedtls_ct_condition_t different_sign, X_is_negative, Y_is_negative, result;
+
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(Y != NULL);
+ MPI_VALIDATE_RET(ret != NULL);
+
+ if (X->n != Y->n) {
+ return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ }
+
+ /*
+ * Set N_is_negative to MBEDTLS_CT_FALSE if N >= 0, MBEDTLS_CT_TRUE if N < 0.
+ * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0.
+ */
+ X_is_negative = mbedtls_ct_bool((X->s & 2) >> 1);
+ Y_is_negative = mbedtls_ct_bool((Y->s & 2) >> 1);
+
+ /*
+ * If the signs are different, then the positive operand is the bigger.
+ * That is if X is negative (X_is_negative == 1), then X < Y is true and it
+ * is false if X is positive (X_is_negative == 0).
+ */
+ different_sign = mbedtls_ct_bool_ne(X_is_negative, Y_is_negative); // true if different sign
+ result = mbedtls_ct_bool_and(different_sign, X_is_negative);
+
+ /*
+ * Assuming signs are the same, compare X and Y. We switch the comparison
+ * order if they are negative so that we get the right result, regardles of
+ * sign.
+ */
+
+ /* This array is used to conditionally swap the pointers in const time */
+ void * const p[2] = { X->p, Y->p };
+ size_t i = mbedtls_ct_size_if_else_0(X_is_negative, 1);
+ mbedtls_ct_condition_t lt = mbedtls_mpi_core_lt_ct(p[i], p[i ^ 1], X->n);
+
+ /*
+ * Store in result iff the signs are the same (i.e., iff different_sign == false). If
+ * the signs differ, result has already been set, so we don't change it.
+ */
+ result = mbedtls_ct_bool_or(result,
+ mbedtls_ct_bool_and(mbedtls_ct_bool_not(different_sign), lt));
+
+ *ret = mbedtls_ct_uint_if_else_0(result, 1);
+
+ return 0;
+}
+
+/*
+ * Conditionally assign X = Y, without leaking information
+ * about whether the assignment was made or not.
+ * (Leaking information about the respective sizes of X and Y is ok however.)
+ */
+#if defined(_MSC_VER) && defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) && \
+ (_MSC_FULL_VER < 193131103)
+/*
+ * MSVC miscompiles this function if it's inlined prior to Visual Studio 2022 version 17.1. See:
+ * https://developercommunity.visualstudio.com/t/c-compiler-miscompiles-part-of-mbedtls-library-on/1646989
+ */
+__declspec(noinline)
+#endif
+int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X,
+ const mbedtls_mpi *Y,
+ unsigned char assign)
+{
+ int ret = 0;
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(Y != NULL);
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
+
+ {
+ mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign);
+
+ X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s);
+
+ mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign);
+
+ mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign);
+ for (size_t i = Y->n; i < X->n; i++) {
+ X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]);
+ }
+ }
+
+cleanup:
+ return ret;
+}
+
+/*
+ * Conditionally swap X and Y, without leaking information
+ * about whether the swap was made or not.
+ * Here it is not ok to simply swap the pointers, which would lead to
+ * different memory access patterns when X and Y are used afterwards.
+ */
+int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X,
+ mbedtls_mpi *Y,
+ unsigned char swap)
+{
+ int ret = 0;
+ int s;
+ MPI_VALIDATE_RET(X != NULL);
+ MPI_VALIDATE_RET(Y != NULL);
+
+ if (X == Y) {
+ return 0;
+ }
+
+ mbedtls_ct_condition_t do_swap = mbedtls_ct_bool(swap);
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n));
+
+ s = X->s;
+ X->s = (int) mbedtls_ct_uint_if(do_swap, Y->s, X->s);
+ Y->s = (int) mbedtls_ct_uint_if(do_swap, s, Y->s);
+
+ mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, do_swap);
+
+cleanup:
+ return ret;
+}
+
/* Implementation that should never be optimized out by the compiler */
#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n))
@@ -258,6 +375,10 @@
return (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z;
}
+/* Convert x to a sign, i.e. to 1, if x is positive, or -1, if x is negative.
+ * This looks awkward but generates smaller code than (x < 0 ? -1 : 1) */
+#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1)
+
/*
* Set value from integer
*/
@@ -270,7 +391,7 @@
memset(X->p, 0, X->n * ciL);
X->p[0] = mpi_sint_abs(z);
- X->s = (z < 0) ? -1 : 1;
+ X->s = TO_SIGN(z);
cleanup:
@@ -326,16 +447,35 @@
*/
size_t mbedtls_mpi_lsb(const mbedtls_mpi *X)
{
- size_t i, j, count = 0;
+ size_t i;
MBEDTLS_INTERNAL_VALIDATE_RET(X != NULL, 0);
+#if defined(__has_builtin)
+#if (MBEDTLS_MPI_UINT_MAX == UINT_MAX) && __has_builtin(__builtin_ctz)
+ #define mbedtls_mpi_uint_ctz __builtin_ctz
+#elif (MBEDTLS_MPI_UINT_MAX == ULONG_MAX) && __has_builtin(__builtin_ctzl)
+ #define mbedtls_mpi_uint_ctz __builtin_ctzl
+#elif (MBEDTLS_MPI_UINT_MAX == ULLONG_MAX) && __has_builtin(__builtin_ctzll)
+ #define mbedtls_mpi_uint_ctz __builtin_ctzll
+#endif
+#endif
+
+#if defined(mbedtls_mpi_uint_ctz)
for (i = 0; i < X->n; i++) {
- for (j = 0; j < biL; j++, count++) {
+ if (X->p[i] != 0) {
+ return i * biL + mbedtls_mpi_uint_ctz(X->p[i]);
+ }
+ }
+#else
+ size_t count = 0;
+ for (i = 0; i < X->n; i++) {
+ for (size_t j = 0; j < biL; j++, count++) {
if (((X->p[i] >> j) & 1) != 0) {
return count;
}
}
}
+#endif
return 0;
}
@@ -562,7 +702,7 @@
}
*p++ = '\0';
- *olen = p - buf;
+ *olen = (size_t) (p - buf);
cleanup:
@@ -796,9 +936,8 @@
}
}
- if (i == 0 && j == 0) {
- return 0;
- }
+ /* If i == j == 0, i.e. abs(X) == abs(Y),
+ * we end up returning 0 at the end of the function. */
if (i > j) {
return 1;
@@ -880,7 +1019,7 @@
MPI_VALIDATE_RET(X != NULL);
*p = mpi_sint_abs(z);
- Y.s = (z < 0) ? -1 : 1;
+ Y.s = TO_SIGN(z);
Y.n = 1;
Y.p = p;
@@ -1068,7 +1207,7 @@
MPI_VALIDATE_RET(A != NULL);
p[0] = mpi_sint_abs(b);
- B.s = (b < 0) ? -1 : 1;
+ B.s = TO_SIGN(b);
B.n = 1;
B.p = p;
@@ -1086,7 +1225,7 @@
MPI_VALIDATE_RET(A != NULL);
p[0] = mpi_sint_abs(b);
- B.s = (b < 0) ? -1 : 1;
+ B.s = TO_SIGN(b);
B.n = 1;
B.p = p;
@@ -1436,7 +1575,7 @@
MPI_VALIDATE_RET(A != NULL);
p[0] = mpi_sint_abs(b);
- B.s = (b < 0) ? -1 : 1;
+ B.s = TO_SIGN(b);
B.n = 1;
B.p = p;
@@ -1602,10 +1741,8 @@
for (size_t i = 0; i < T_size; i++) {
MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(R, &T[i],
- (unsigned char) mbedtls_ct_size_bool_eq(i,
- idx)));
+ (unsigned char) mbedtls_ct_uint_eq(i, idx)));
}
-
cleanup:
return ret;
}
@@ -1680,8 +1817,9 @@
* and squarings. Firstly, when multiplying by an element of the window
* W[i], we do a constant-trace table lookup to obfuscate i. This leaves
* squarings as having a different memory access patterns from other
- * multiplications. So secondly, we put the accumulator X in the table as
- * well, and also do a constant-trace table lookup to multiply by X.
+ * multiplications. So secondly, we put the accumulator in the table as
+ * well, and also do a constant-trace table lookup to multiply by the
+ * accumulator which is W[x_index].
*
* This way, all multiplications take the form of a lookup-and-multiply.
* The number of lookup-and-multiply operations inside each iteration of
@@ -1694,19 +1832,16 @@
* observe both memory accesses and branches. However, branch prediction
* exploitation typically requires many traces of execution over the same
* data, which is defeated by randomized blinding.
- *
- * To achieve this, we make a copy of X and we use the table entry in each
- * calculation from this point on.
*/
const size_t x_index = 0;
mbedtls_mpi_init(&W[x_index]);
- mbedtls_mpi_copy(&W[x_index], X);
j = N->n + 1;
- /* All W[i] and X must have at least N->n limbs for the mpi_montmul()
- * and mpi_montred() calls later. Here we ensure that W[1] and X are
- * large enough, and later we'll grow other W[i] to the same length.
- * They must not be shrunk midway through this function!
+ /* All W[i] including the accumulator must have at least N->n limbs for
+ * the mpi_montmul() and mpi_montred() calls later. Here we ensure that
+ * W[1] and the accumulator W[x_index] are large enough. later we'll grow
+ * other W[i] to the same length. They must not be shrunk midway through
+ * this function!
*/
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[x_index], j));
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], j));
@@ -1887,7 +2022,7 @@
/*
* Load the result in the output variable.
*/
- mbedtls_mpi_copy(X, &W[x_index]);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &W[x_index]));
cleanup:
@@ -2165,29 +2300,30 @@
#if defined(MBEDTLS_GENPRIME)
-static const int small_prime[] =
-{
- 3, 5, 7, 11, 13, 17, 19, 23,
- 29, 31, 37, 41, 43, 47, 53, 59,
- 61, 67, 71, 73, 79, 83, 89, 97,
- 101, 103, 107, 109, 113, 127, 131, 137,
- 139, 149, 151, 157, 163, 167, 173, 179,
- 181, 191, 193, 197, 199, 211, 223, 227,
- 229, 233, 239, 241, 251, 257, 263, 269,
- 271, 277, 281, 283, 293, 307, 311, 313,
- 317, 331, 337, 347, 349, 353, 359, 367,
- 373, 379, 383, 389, 397, 401, 409, 419,
- 421, 431, 433, 439, 443, 449, 457, 461,
- 463, 467, 479, 487, 491, 499, 503, 509,
- 521, 523, 541, 547, 557, 563, 569, 571,
- 577, 587, 593, 599, 601, 607, 613, 617,
- 619, 631, 641, 643, 647, 653, 659, 661,
- 673, 677, 683, 691, 701, 709, 719, 727,
- 733, 739, 743, 751, 757, 761, 769, 773,
- 787, 797, 809, 811, 821, 823, 827, 829,
- 839, 853, 857, 859, 863, 877, 881, 883,
- 887, 907, 911, 919, 929, 937, 941, 947,
- 953, 967, 971, 977, 983, 991, 997, -103
+/* Gaps between primes, starting at 3. https://oeis.org/A001223 */
+static const unsigned char small_prime_gaps[] = {
+ 2, 2, 4, 2, 4, 2, 4, 6,
+ 2, 6, 4, 2, 4, 6, 6, 2,
+ 6, 4, 2, 6, 4, 6, 8, 4,
+ 2, 4, 2, 4, 14, 4, 6, 2,
+ 10, 2, 6, 6, 4, 6, 6, 2,
+ 10, 2, 4, 2, 12, 12, 4, 2,
+ 4, 6, 2, 10, 6, 6, 6, 2,
+ 6, 4, 2, 10, 14, 4, 2, 4,
+ 14, 6, 10, 2, 4, 6, 8, 6,
+ 6, 4, 6, 8, 4, 8, 10, 2,
+ 10, 2, 6, 4, 6, 8, 4, 2,
+ 4, 12, 8, 4, 8, 4, 6, 12,
+ 2, 18, 6, 10, 6, 6, 2, 6,
+ 10, 6, 6, 2, 6, 6, 4, 2,
+ 12, 10, 2, 4, 6, 6, 2, 12,
+ 4, 6, 8, 10, 8, 10, 8, 6,
+ 6, 4, 8, 6, 4, 8, 4, 14,
+ 10, 12, 2, 10, 2, 4, 2, 10,
+ 14, 4, 2, 4, 14, 4, 2, 4,
+ 20, 4, 8, 10, 8, 4, 6, 6,
+ 14, 4, 6, 6, 8, 6, /*reaches 997*/
+ 0 /* the last entry is effectively unused */
};
/*
@@ -2204,20 +2340,20 @@
int ret = 0;
size_t i;
mbedtls_mpi_uint r;
+ unsigned p = 3; /* The first odd prime */
if ((X->p[0] & 1) == 0) {
return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
}
- for (i = 0; small_prime[i] > 0; i++) {
- if (mbedtls_mpi_cmp_int(X, small_prime[i]) <= 0) {
- return 1;
- }
-
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, small_prime[i]));
-
+ for (i = 0; i < sizeof(small_prime_gaps); p += small_prime_gaps[i], i++) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, p));
if (r == 0) {
- return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ if (mbedtls_mpi_cmp_int(X, p) == 0) {
+ return 1;
+ } else {
+ return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ }
}
}
diff --git a/library/bignum_core.c b/library/bignum_core.c
index 8bf819c..dfed60d 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -2,19 +2,7 @@
* Core bignum functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -77,38 +65,17 @@
return 0;
}
-/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
- * into the storage form used by mbedtls_mpi. */
-static mbedtls_mpi_uint mpi_bigendian_to_host_c(mbedtls_mpi_uint a)
-{
- uint8_t i;
- unsigned char *a_ptr;
- mbedtls_mpi_uint tmp = 0;
-
- for (i = 0, a_ptr = (unsigned char *) &a; i < ciL; i++, a_ptr++) {
- tmp <<= CHAR_BIT;
- tmp |= (mbedtls_mpi_uint) *a_ptr;
- }
-
- return tmp;
-}
-
static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a)
{
if (MBEDTLS_IS_BIG_ENDIAN) {
/* Nothing to do on bigendian systems. */
return a;
} else {
- switch (sizeof(mbedtls_mpi_uint)) {
- case 4:
- return (mbedtls_mpi_uint) MBEDTLS_BSWAP32((uint32_t) a);
- case 8:
- return (mbedtls_mpi_uint) MBEDTLS_BSWAP64((uint64_t) a);
- }
-
- /* Fall back to C-based reordering if we don't know the byte order
- * or we couldn't use a compiler-specific builtin. */
- return mpi_bigendian_to_host_c(a);
+#if defined(MBEDTLS_HAVE_INT32)
+ return (mbedtls_mpi_uint) MBEDTLS_BSWAP32(a);
+#elif defined(MBEDTLS_HAVE_INT64)
+ return (mbedtls_mpi_uint) MBEDTLS_BSWAP64(a);
+#endif
}
}
@@ -144,54 +111,92 @@
/* Whether min <= A, in constant time.
* A_limbs must be at least 1. */
-unsigned mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min,
- const mbedtls_mpi_uint *A,
- size_t A_limbs)
+mbedtls_ct_condition_t mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min,
+ const mbedtls_mpi_uint *A,
+ size_t A_limbs)
{
/* min <= least significant limb? */
- unsigned min_le_lsl = 1 ^ mbedtls_ct_mpi_uint_lt(A[0], min);
+ mbedtls_ct_condition_t min_le_lsl = mbedtls_ct_uint_ge(A[0], min);
/* limbs other than the least significant one are all zero? */
- mbedtls_mpi_uint msll_mask = 0;
+ mbedtls_ct_condition_t msll_mask = MBEDTLS_CT_FALSE;
for (size_t i = 1; i < A_limbs; i++) {
- msll_mask |= A[i];
+ msll_mask = mbedtls_ct_bool_or(msll_mask, mbedtls_ct_bool(A[i]));
}
- /* The most significant limbs of A are not all zero iff msll_mask != 0. */
- unsigned msll_nonzero = mbedtls_ct_mpi_uint_mask(msll_mask) & 1;
/* min <= A iff the lowest limb of A is >= min or the other limbs
* are not all zero. */
- return min_le_lsl | msll_nonzero;
+ return mbedtls_ct_bool_or(msll_mask, min_le_lsl);
+}
+
+mbedtls_ct_condition_t mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A,
+ const mbedtls_mpi_uint *B,
+ size_t limbs)
+{
+ mbedtls_ct_condition_t ret = MBEDTLS_CT_FALSE, cond = MBEDTLS_CT_FALSE, done = MBEDTLS_CT_FALSE;
+
+ for (size_t i = limbs; i > 0; i--) {
+ /*
+ * If B[i - 1] < A[i - 1] then A < B is false and the result must
+ * remain 0.
+ *
+ * Again even if we can make a decision, we just mark the result and
+ * the fact that we are done and continue looping.
+ */
+ cond = mbedtls_ct_uint_lt(B[i - 1], A[i - 1]);
+ done = mbedtls_ct_bool_or(done, cond);
+
+ /*
+ * If A[i - 1] < B[i - 1] then A < B is true.
+ *
+ * Again even if we can make a decision, we just mark the result and
+ * the fact that we are done and continue looping.
+ */
+ cond = mbedtls_ct_uint_lt(A[i - 1], B[i - 1]);
+ ret = mbedtls_ct_bool_or(ret, mbedtls_ct_bool_and(cond, mbedtls_ct_bool_not(done)));
+ done = mbedtls_ct_bool_or(done, cond);
+ }
+
+ /*
+ * If all the limbs were equal, then the numbers are equal, A < B is false
+ * and leaving the result 0 is correct.
+ */
+
+ return ret;
}
void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
size_t limbs,
- unsigned char assign)
+ mbedtls_ct_condition_t assign)
{
if (X == A) {
return;
}
- mbedtls_ct_mpi_uint_cond_assign(limbs, X, A, assign);
+ /* This function is very performance-sensitive for RSA. For this reason
+ * we have the loop below, instead of calling mbedtls_ct_memcpy_if
+ * (this is more optimal since here we don't have to handle the case where
+ * we copy awkwardly sized data).
+ */
+ for (size_t i = 0; i < limbs; i++) {
+ X[i] = mbedtls_ct_mpi_uint_if(assign, A[i], X[i]);
+ }
}
void mbedtls_mpi_core_cond_swap(mbedtls_mpi_uint *X,
mbedtls_mpi_uint *Y,
size_t limbs,
- unsigned char swap)
+ mbedtls_ct_condition_t swap)
{
if (X == Y) {
return;
}
- /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
- mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(swap);
-
for (size_t i = 0; i < limbs; i++) {
mbedtls_mpi_uint tmp = X[i];
- X[i] = (X[i] & ~limb_mask) | (Y[i] & limb_mask);
- Y[i] = (Y[i] & ~limb_mask) | (tmp & limb_mask);
+ X[i] = mbedtls_ct_mpi_uint_if(swap, Y[i], X[i]);
+ Y[i] = mbedtls_ct_mpi_uint_if(swap, tmp, Y[i]);
}
}
@@ -422,11 +427,10 @@
{
mbedtls_mpi_uint c = 0;
- /* all-bits 0 if cond is 0, all-bits 1 if cond is non-0 */
- const mbedtls_mpi_uint mask = mbedtls_ct_mpi_uint_mask(cond);
+ mbedtls_ct_condition_t do_add = mbedtls_ct_bool(cond);
for (size_t i = 0; i < limbs; i++) {
- mbedtls_mpi_uint add = mask & A[i];
+ mbedtls_mpi_uint add = mbedtls_ct_mpi_uint_if_else_0(do_add, A[i]);
mbedtls_mpi_uint t = c + X[i];
c = (t < X[i]);
t += add;
@@ -568,7 +572,11 @@
* So the correct return value is already in X if (carry ^ borrow) = 0,
* but is in (the lower AN_limbs limbs of) T if (carry ^ borrow) = 1.
*/
- mbedtls_ct_mpi_uint_cond_assign(AN_limbs, X, T, (unsigned char) (carry ^ borrow));
+ mbedtls_ct_memcpy_if(mbedtls_ct_bool(carry ^ borrow),
+ (unsigned char *) X,
+ (unsigned char *) T,
+ NULL,
+ AN_limbs * sizeof(mbedtls_mpi_uint));
}
int mbedtls_mpi_core_get_mont_r2_unsafe(mbedtls_mpi *X,
@@ -593,7 +601,7 @@
size_t index)
{
for (size_t i = 0; i < count; i++, table += limbs) {
- unsigned char assign = mbedtls_ct_size_bool_eq(i, index);
+ mbedtls_ct_condition_t assign = mbedtls_ct_uint_eq(i, index);
mbedtls_mpi_core_cond_assign(dest, table, limbs, assign);
}
}
@@ -633,7 +641,7 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
- unsigned ge_lower = 1, lt_upper = 0;
+ mbedtls_ct_condition_t ge_lower = MBEDTLS_CT_TRUE, lt_upper = MBEDTLS_CT_FALSE;
size_t n_bits = mbedtls_mpi_core_bitlen(N, limbs);
size_t n_bytes = (n_bits + 7) / 8;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -678,7 +686,7 @@
ge_lower = mbedtls_mpi_core_uint_le_mpi(min, X, limbs);
lt_upper = mbedtls_mpi_core_lt_ct(X, N, limbs);
- } while (ge_lower == 0 || lt_upper == 0);
+ } while (mbedtls_ct_bool_and(ge_lower, lt_upper) == MBEDTLS_CT_FALSE);
cleanup:
return ret;
@@ -686,16 +694,16 @@
static size_t exp_mod_get_window_size(size_t Ebits)
{
- size_t wsize = (Ebits > 671) ? 6 : (Ebits > 239) ? 5 :
- (Ebits > 79) ? 4 : 1;
-
-#if (MBEDTLS_MPI_WINDOW_SIZE < 6)
- if (wsize > MBEDTLS_MPI_WINDOW_SIZE) {
- wsize = MBEDTLS_MPI_WINDOW_SIZE;
- }
+#if MBEDTLS_MPI_WINDOW_SIZE >= 6
+ return (Ebits > 671) ? 6 : (Ebits > 239) ? 5 : (Ebits > 79) ? 4 : 1;
+#elif MBEDTLS_MPI_WINDOW_SIZE == 5
+ return (Ebits > 239) ? 5 : (Ebits > 79) ? 4 : 1;
+#elif MBEDTLS_MPI_WINDOW_SIZE > 1
+ return (Ebits > 79) ? MBEDTLS_MPI_WINDOW_SIZE : 1;
+#else
+ (void) Ebits;
+ return 1;
#endif
-
- return wsize;
}
size_t mbedtls_mpi_core_exp_mod_working_limbs(size_t AN_limbs, size_t E_limbs)
diff --git a/library/bignum_core.h b/library/bignum_core.h
index 21a5a11..b56be0a 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -62,19 +62,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_BIGNUM_CORE_H
@@ -86,6 +74,8 @@
#include "mbedtls/bignum.h"
#endif
+#include "constant_time_internal.h"
+
#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */
#define biL (ciL << 3) /** bits in limb */
#define biH (ciL << 2) /** half limb size */
@@ -142,11 +132,29 @@
* \param A_limbs The number of limbs of \p A.
* This must be at least 1.
*
- * \return 1 if \p min is less than or equal to \p A, otherwise 0.
+ * \return MBEDTLS_CT_TRUE if \p min is less than or equal to \p A, otherwise MBEDTLS_CT_FALSE.
*/
-unsigned mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min,
- const mbedtls_mpi_uint *A,
- size_t A_limbs);
+mbedtls_ct_condition_t mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min,
+ const mbedtls_mpi_uint *A,
+ size_t A_limbs);
+
+/**
+ * \brief Check if one unsigned MPI is less than another in constant
+ * time.
+ *
+ * \param A The left-hand MPI. This must point to an array of limbs
+ * with the same allocated length as \p B.
+ * \param B The right-hand MPI. This must point to an array of limbs
+ * with the same allocated length as \p A.
+ * \param limbs The number of limbs in \p A and \p B.
+ * This must not be 0.
+ *
+ * \return MBEDTLS_CT_TRUE if \p A is less than \p B.
+ * MBEDTLS_CT_FALSE if \p A is greater than or equal to \p B.
+ */
+mbedtls_ct_condition_t mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A,
+ const mbedtls_mpi_uint *B,
+ size_t limbs);
/**
* \brief Perform a safe conditional copy of an MPI which doesn't reveal
@@ -158,21 +166,17 @@
* \param[in] A The address of the source MPI. This must be initialized.
* \param limbs The number of limbs of \p A.
* \param assign The condition deciding whether to perform the
- * assignment or not. Must be either 0 or 1:
- * * \c 1: Perform the assignment `X = A`.
- * * \c 0: Keep the original value of \p X.
+ * assignment or not. Callers will need to use
+ * the constant time interface (e.g. `mbedtls_ct_bool()`)
+ * to construct this argument.
*
* \note This function avoids leaking any information about whether
* the assignment was done or not.
- *
- * \warning If \p assign is neither 0 nor 1, the result of this function
- * is indeterminate, and the resulting value in \p X might be
- * neither its original value nor the value in \p A.
*/
void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
size_t limbs,
- unsigned char assign);
+ mbedtls_ct_condition_t assign);
/**
* \brief Perform a safe conditional swap of two MPIs which doesn't reveal
@@ -184,21 +188,15 @@
* This must be initialized.
* \param limbs The number of limbs of \p X and \p Y.
* \param swap The condition deciding whether to perform
- * the swap or not. Must be either 0 or 1:
- * * \c 1: Swap the values of \p X and \p Y.
- * * \c 0: Keep the original values of \p X and \p Y.
+ * the swap or not.
*
* \note This function avoids leaking any information about whether
* the swap was done or not.
- *
- * \warning If \p swap is neither 0 nor 1, the result of this function
- * is indeterminate, and both \p X and \p Y might end up with
- * values different to either of the original ones.
*/
void mbedtls_mpi_core_cond_swap(mbedtls_mpi_uint *X,
mbedtls_mpi_uint *Y,
size_t limbs,
- unsigned char swap);
+ mbedtls_ct_condition_t swap);
/** Import X from unsigned binary data, little-endian.
*
diff --git a/library/bignum_mod.c b/library/bignum_mod.c
index 4d67829..dfd332a 100644
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@@ -2,24 +2,12 @@
* Modular bignum functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
-#if defined(MBEDTLS_BIGNUM_C)
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ECP_WITH_MPI_UINT)
#include <string.h>
@@ -403,4 +391,4 @@
return ret;
}
-#endif /* MBEDTLS_BIGNUM_C */
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ECP_WITH_MPI_UINT */
diff --git a/library/bignum_mod.h b/library/bignum_mod.h
index 39e8fd2..963d888 100644
--- a/library/bignum_mod.h
+++ b/library/bignum_mod.h
@@ -63,19 +63,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_BIGNUM_MOD_H
diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c
index eff5627..5343bc6 100644
--- a/library/bignum_mod_raw.c
+++ b/library/bignum_mod_raw.c
@@ -2,24 +2,12 @@
* Low-level modular bignum functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
-#if defined(MBEDTLS_BIGNUM_C)
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ECP_WITH_MPI_UINT)
#include <string.h>
@@ -40,7 +28,7 @@
const mbedtls_mpi_mod_modulus *N,
unsigned char assign)
{
- mbedtls_mpi_core_cond_assign(X, A, N->limbs, assign);
+ mbedtls_mpi_core_cond_assign(X, A, N->limbs, mbedtls_ct_bool(assign));
}
void mbedtls_mpi_mod_raw_cond_swap(mbedtls_mpi_uint *X,
@@ -48,7 +36,7 @@
const mbedtls_mpi_mod_modulus *N,
unsigned char swap)
{
- mbedtls_mpi_core_cond_swap(X, Y, N->limbs, swap);
+ mbedtls_mpi_core_cond_swap(X, Y, N->limbs, mbedtls_ct_bool(swap));
}
int mbedtls_mpi_mod_raw_read(mbedtls_mpi_uint *X,
@@ -285,4 +273,4 @@
(void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) borrow);
}
-#endif /* MBEDTLS_BIGNUM_C */
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ECP_WITH_MPI_UINT */
diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h
index c5ff937..7bb4ca3 100644
--- a/library/bignum_mod_raw.h
+++ b/library/bignum_mod_raw.h
@@ -60,19 +60,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_BIGNUM_MOD_RAW_H
diff --git a/library/bignum_mod_raw_invasive.h b/library/bignum_mod_raw_invasive.h
index ead8394..94a0d06 100644
--- a/library/bignum_mod_raw_invasive.h
+++ b/library/bignum_mod_raw_invasive.h
@@ -6,19 +6,7 @@
*/
/**
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_BIGNUM_MOD_RAW_INVASIVE_H
diff --git a/library/block_cipher.c b/library/block_cipher.c
new file mode 100644
index 0000000..1118d3a
--- /dev/null
+++ b/library/block_cipher.c
@@ -0,0 +1,116 @@
+/**
+ * \file block_cipher.c
+ *
+ * \brief Lightweight abstraction layer for block ciphers with 128 bit blocks,
+ * for use by the GCM and CCM modules.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "common.h"
+
+#include "block_cipher_internal.h"
+
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+
+void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx)
+{
+ switch (ctx->id) {
+#if defined(MBEDTLS_AES_C)
+ case MBEDTLS_BLOCK_CIPHER_ID_AES:
+ mbedtls_aes_free(&ctx->ctx.aes);
+ break;
+#endif
+#if defined(MBEDTLS_ARIA_C)
+ case MBEDTLS_BLOCK_CIPHER_ID_ARIA:
+ mbedtls_aria_free(&ctx->ctx.aria);
+ break;
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+ case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA:
+ mbedtls_camellia_free(&ctx->ctx.camellia);
+ break;
+#endif
+ default:
+ break;
+ }
+ ctx->id = MBEDTLS_BLOCK_CIPHER_ID_NONE;
+}
+
+int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx,
+ mbedtls_cipher_id_t cipher_id)
+{
+ switch (cipher_id) {
+#if defined(MBEDTLS_AES_C)
+ case MBEDTLS_CIPHER_ID_AES:
+ ctx->id = MBEDTLS_BLOCK_CIPHER_ID_AES;
+ mbedtls_aes_init(&ctx->ctx.aes);
+ return 0;
+#endif
+#if defined(MBEDTLS_ARIA_C)
+ case MBEDTLS_CIPHER_ID_ARIA:
+ ctx->id = MBEDTLS_BLOCK_CIPHER_ID_ARIA;
+ mbedtls_aria_init(&ctx->ctx.aria);
+ return 0;
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+ case MBEDTLS_CIPHER_ID_CAMELLIA:
+ ctx->id = MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA;
+ mbedtls_camellia_init(&ctx->ctx.camellia);
+ return 0;
+#endif
+ default:
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
+}
+
+int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx,
+ const unsigned char *key,
+ unsigned key_bitlen)
+{
+ switch (ctx->id) {
+#if defined(MBEDTLS_AES_C)
+ case MBEDTLS_BLOCK_CIPHER_ID_AES:
+ return mbedtls_aes_setkey_enc(&ctx->ctx.aes, key, key_bitlen);
+#endif
+#if defined(MBEDTLS_ARIA_C)
+ case MBEDTLS_BLOCK_CIPHER_ID_ARIA:
+ return mbedtls_aria_setkey_enc(&ctx->ctx.aria, key, key_bitlen);
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+ case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA:
+ return mbedtls_camellia_setkey_enc(&ctx->ctx.camellia, key, key_bitlen);
+#endif
+ default:
+ return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
+ }
+}
+
+int mbedtls_block_cipher_encrypt(mbedtls_block_cipher_context_t *ctx,
+ const unsigned char input[16],
+ unsigned char output[16])
+{
+ switch (ctx->id) {
+#if defined(MBEDTLS_AES_C)
+ case MBEDTLS_BLOCK_CIPHER_ID_AES:
+ return mbedtls_aes_crypt_ecb(&ctx->ctx.aes, MBEDTLS_AES_ENCRYPT,
+ input, output);
+#endif
+#if defined(MBEDTLS_ARIA_C)
+ case MBEDTLS_BLOCK_CIPHER_ID_ARIA:
+ return mbedtls_aria_crypt_ecb(&ctx->ctx.aria, input, output);
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+ case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA:
+ return mbedtls_camellia_crypt_ecb(&ctx->ctx.camellia,
+ MBEDTLS_CAMELLIA_ENCRYPT,
+ input, output);
+#endif
+ default:
+ return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
+ }
+}
+
+#endif /* MBEDTLS_BLOCK_CIPHER_C */
diff --git a/library/block_cipher_internal.h b/library/block_cipher_internal.h
new file mode 100644
index 0000000..c57338b
--- /dev/null
+++ b/library/block_cipher_internal.h
@@ -0,0 +1,99 @@
+/**
+ * \file block_cipher_internal.h
+ *
+ * \brief Lightweight abstraction layer for block ciphers with 128 bit blocks,
+ * for use by the GCM and CCM modules.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_BLOCK_CIPHER_INTERNAL_H
+#define MBEDTLS_BLOCK_CIPHER_INTERNAL_H
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/cipher.h"
+
+#include "mbedtls/block_cipher.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Initialize the context.
+ * This must be the first API call before using the context.
+ *
+ * \param ctx The context to initialize.
+ */
+static inline void mbedtls_block_cipher_init(mbedtls_block_cipher_context_t *ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+}
+
+/**
+ * \brief Set the block cipher to use with this context.
+ * This must be called after mbedtls_block_cipher_init().
+ *
+ * \param ctx The context to set up.
+ * \param cipher_id The identifier of the cipher to use.
+ * This must be either AES, ARIA or Camellia.
+ * Warning: this is a ::mbedtls_cipher_id_t,
+ * not a ::mbedtls_block_cipher_id_t!
+ *
+ * \retval \c 0 on success.
+ * \retval #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if \p cipher_id was
+ * invalid.
+ */
+int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx,
+ mbedtls_cipher_id_t cipher_id);
+
+/**
+ * \brief Set the key into the context.
+ *
+ * \param ctx The context to configure.
+ * \param key The buffer holding the key material.
+ * \param key_bitlen The size of the key in bits.
+ *
+ * \retval \c 0 on success.
+ * \retval #MBEDTLS_ERR_CIPHER_INVALID_CONTEXT if the context was not
+ * properly set up before calling this function.
+ * \retval One of #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH,
+ * #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ * #MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA if \p key_bitlen is
+ * invalid.
+ */
+int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx,
+ const unsigned char *key,
+ unsigned key_bitlen);
+
+/**
+ * \brief Encrypt one block (16 bytes) with the configured key.
+ *
+ * \param ctx The context holding the key.
+ * \param input The buffer holding the input block. Must be 16 bytes.
+ * \param output The buffer to which the output block will be written.
+ * Must be writable and 16 bytes long.
+ * This must either not overlap with \p input, or be equal.
+ *
+ * \retval \c 0 on success.
+ * \retval #MBEDTLS_ERR_CIPHER_INVALID_CONTEXT if the context was not
+ * properly set up before calling this function.
+ * \retval Another negative value if encryption failed.
+ */
+int mbedtls_block_cipher_encrypt(mbedtls_block_cipher_context_t *ctx,
+ const unsigned char input[16],
+ unsigned char output[16]);
+/**
+ * \brief Clear the context.
+ *
+ * \param ctx The context to clear.
+ */
+void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_BLOCK_CIPHER_INTERNAL_H */
diff --git a/library/bn_mul.h b/library/bn_mul.h
index ab1a66a..0738469 100644
--- a/library/bn_mul.h
+++ b/library/bn_mul.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* Multiply source vector [s] with b, add result
diff --git a/library/camellia.c b/library/camellia.c
index 409727d..b1c0a08 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -2,19 +2,7 @@
* Camellia implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The Camellia block cipher was designed by NTT and Mitsubishi Electric
@@ -411,6 +399,7 @@
/*
* Camellia key schedule (decryption)
*/
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits)
@@ -456,6 +445,7 @@
return ret;
}
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/*
* Camellia-ECB block encryption/decryption
@@ -900,14 +890,26 @@
(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
}
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ if (v == MBEDTLS_CAMELLIA_DECRYPT) {
+ if (verbose != 0) {
+ mbedtls_printf("skipped\n");
+ }
+ continue;
+ }
+#endif
+
for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
if (v == MBEDTLS_CAMELLIA_DECRYPT) {
mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
memcpy(src, camellia_test_ecb_cipher[u][i], 16);
memcpy(dst, camellia_test_ecb_plain[i], 16);
- } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
+ } else
+#endif
+ { /* MBEDTLS_CAMELLIA_ENCRYPT */
mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
memcpy(src, camellia_test_ecb_plain[i], 16);
memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
diff --git a/library/ccm.c b/library/ccm.c
index cd689c8..6b137d7 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -2,19 +2,7 @@
* NIST SP800-38C compliant CCM implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -33,6 +21,11 @@
#include "mbedtls/ccm.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/constant_time.h"
+
+#if !defined(MBEDTLS_CIPHER_C)
+#include "block_cipher_internal.h"
+#endif
#include <string.h>
@@ -62,6 +55,8 @@
unsigned int keybits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+#if defined(MBEDTLS_CIPHER_C)
const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
@@ -84,8 +79,19 @@
MBEDTLS_ENCRYPT)) != 0) {
return ret;
}
+#else
+ mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
- return 0;
+ if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
+
+ if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
+ return MBEDTLS_ERR_CCM_BAD_INPUT;
+ }
+#endif
+
+ return ret;
}
/*
@@ -96,7 +102,11 @@
if (ctx == NULL) {
return;
}
+#if defined(MBEDTLS_CIPHER_C)
mbedtls_cipher_free(&ctx->cipher_ctx);
+#else
+ mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
+#endif
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
}
@@ -115,12 +125,16 @@
const unsigned char *input,
unsigned char *output)
{
- size_t olen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char tmp_buf[16] = { 0 };
- if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
- &olen)) != 0) {
+#if defined(MBEDTLS_CIPHER_C)
+ size_t olen = 0;
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen);
+#else
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf);
+#endif
+ if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
return ret;
@@ -143,7 +157,10 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
- size_t len_left, olen;
+ size_t len_left;
+#if defined(MBEDTLS_CIPHER_C)
+ size_t olen;
+#endif
/* length calculation can be done only after both
* mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed
@@ -189,7 +206,12 @@
}
/* Start CBC-MAC with first block*/
- if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
+#if defined(MBEDTLS_CIPHER_C)
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
+#else
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#endif
+ if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
return ret;
}
@@ -269,7 +291,10 @@
size_t add_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t olen, use_len, offset;
+ size_t use_len, offset;
+#if defined(MBEDTLS_CIPHER_C)
+ size_t olen;
+#endif
if (ctx->state & CCM_STATE__ERROR) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
@@ -309,8 +334,12 @@
add += use_len;
if (use_len + offset == 16 || ctx->processed == ctx->add_len) {
- if ((ret =
- mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
+#if defined(MBEDTLS_CIPHER_C)
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
+#else
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#endif
+ if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
return ret;
}
@@ -333,7 +362,10 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
- size_t use_len, offset, olen;
+ size_t use_len, offset;
+#if defined(MBEDTLS_CIPHER_C)
+ size_t olen;
+#endif
unsigned char local_output[16];
@@ -371,8 +403,12 @@
mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
- if ((ret =
- mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
+#if defined(MBEDTLS_CIPHER_C)
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
+#else
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#endif
+ if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
goto exit;
}
@@ -400,11 +436,14 @@
mbedtls_xor(ctx->y + offset, ctx->y + offset, local_output, use_len);
memcpy(output, local_output, use_len);
- mbedtls_platform_zeroize(local_output, 16);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
- if ((ret =
- mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
+#if defined(MBEDTLS_CIPHER_C)
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
+#else
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
+#endif
+ if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
goto exit;
}
@@ -533,13 +572,8 @@
const unsigned char *tag2,
size_t tag_len)
{
- unsigned char i;
- int diff;
-
/* Check tag in "constant-time" */
- for (diff = 0, i = 0; i < tag_len; i++) {
- diff |= tag1[i] ^ tag2[i];
- }
+ int diff = mbedtls_ct_memcmp(tag1, tag2, tag_len);
if (diff != 0) {
return MBEDTLS_ERR_CCM_AUTH_FAILED;
diff --git a/library/chacha20.c b/library/chacha20.c
index cbb01f4..acaae5b 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -6,19 +6,7 @@
* \author Daniel King <damaki.gh@gmail.com>
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 0124d75..a1314ea 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -4,19 +4,7 @@
* \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -25,6 +13,7 @@
#include "mbedtls/chachapoly.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/constant_time.h"
#include <string.h>
@@ -310,7 +299,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
- size_t i;
int diff;
if ((ret = chachapoly_crypt_and_tag(ctx,
@@ -320,9 +308,7 @@
}
/* Check tag in "constant-time" */
- for (diff = 0, i = 0; i < sizeof(check_tag); i++) {
- diff |= tag[i] ^ check_tag[i];
- }
+ diff = mbedtls_ct_memcmp(tag, check_tag, sizeof(check_tag));
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h
index b7d87fe..6469e9f 100644
--- a/library/check_crypto_config.h
+++ b/library/check_crypto_config.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
diff --git a/library/cipher.c b/library/cipher.c
index de7f837..0683677 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1,24 +1,12 @@
/**
* \file cipher.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -30,6 +18,7 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
+#include "constant_time_internal.h"
#include <stdlib.h>
#include <string.h>
@@ -262,23 +251,15 @@
memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
- if (NULL == (ctx->cipher_ctx = mbedtls_cipher_get_base(cipher_info)->ctx_alloc_func())) {
- return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+ if (mbedtls_cipher_get_base(cipher_info)->ctx_alloc_func != NULL) {
+ ctx->cipher_ctx = mbedtls_cipher_get_base(cipher_info)->ctx_alloc_func();
+ if (ctx->cipher_ctx == NULL) {
+ return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+ }
}
ctx->cipher_info = cipher_info;
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- /*
- * Ignore possible errors caused by a cipher mode that doesn't use padding
- */
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
- (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_PKCS7);
-#else
- (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_NONE);
-#endif
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
return 0;
}
@@ -329,6 +310,12 @@
if (ctx->cipher_info == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ if (MBEDTLS_MODE_ECB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) &&
+ MBEDTLS_DECRYPT == operation) {
+ return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+ }
+#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
if (ctx->psa_enabled == 1) {
@@ -396,6 +383,7 @@
ctx->key_bitlen = key_bitlen;
ctx->operation = operation;
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/*
* For OFB, CFB and CTR mode always use the encryption key schedule
*/
@@ -411,6 +399,12 @@
return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_dec_func(ctx->cipher_ctx, key,
ctx->key_bitlen);
}
+#else
+ if (operation == MBEDTLS_ENCRYPT || operation == MBEDTLS_DECRYPT) {
+ return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key,
+ ctx->key_bitlen);
+ }
+#endif
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
@@ -848,7 +842,7 @@
size_t *data_len)
{
size_t i, pad_idx;
- unsigned char padding_len, bad = 0;
+ unsigned char padding_len;
if (NULL == input || NULL == data_len) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
@@ -857,18 +851,19 @@
padding_len = input[input_len - 1];
*data_len = input_len - padding_len;
- /* Avoid logical || since it results in a branch */
- bad |= padding_len > input_len;
- bad |= padding_len == 0;
+ mbedtls_ct_condition_t bad = mbedtls_ct_uint_gt(padding_len, input_len);
+ bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_eq(padding_len, 0));
/* The number of bytes checked must be independent of padding_len,
* so pick input_len, which is usually 8 or 16 (one block) */
pad_idx = input_len - padding_len;
for (i = 0; i < input_len; i++) {
- bad |= (input[i] ^ padding_len) * (i >= pad_idx);
+ mbedtls_ct_condition_t in_padding = mbedtls_ct_uint_ge(i, pad_idx);
+ mbedtls_ct_condition_t different = mbedtls_ct_uint_ne(input[i], padding_len);
+ bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_and(in_padding, different));
}
- return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
+ return mbedtls_ct_error_if_else_0(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING);
}
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
@@ -891,24 +886,28 @@
static int get_one_and_zeros_padding(unsigned char *input, size_t input_len,
size_t *data_len)
{
- size_t i;
- unsigned char done = 0, prev_done, bad;
-
if (NULL == input || NULL == data_len) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- bad = 0x80;
+ mbedtls_ct_condition_t in_padding = MBEDTLS_CT_TRUE;
+ mbedtls_ct_condition_t bad = MBEDTLS_CT_TRUE;
+
*data_len = 0;
- for (i = input_len; i > 0; i--) {
- prev_done = done;
- done |= (input[i - 1] != 0);
- *data_len |= (i - 1) * (done != prev_done);
- bad ^= input[i - 1] * (done != prev_done);
+
+ for (ptrdiff_t i = (ptrdiff_t) (input_len) - 1; i >= 0; i--) {
+ mbedtls_ct_condition_t is_nonzero = mbedtls_ct_bool(input[i]);
+
+ mbedtls_ct_condition_t hit_first_nonzero = mbedtls_ct_bool_and(is_nonzero, in_padding);
+
+ *data_len = mbedtls_ct_size_if(hit_first_nonzero, i, *data_len);
+
+ bad = mbedtls_ct_bool_if(hit_first_nonzero, mbedtls_ct_uint_ne(input[i], 0x80), bad);
+
+ in_padding = mbedtls_ct_bool_and(in_padding, mbedtls_ct_bool_not(is_nonzero));
}
- return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
-
+ return mbedtls_ct_error_if_else_0(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING);
}
#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
@@ -932,7 +931,8 @@
size_t *data_len)
{
size_t i, pad_idx;
- unsigned char padding_len, bad = 0;
+ unsigned char padding_len;
+ mbedtls_ct_condition_t bad;
if (NULL == input || NULL == data_len) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
@@ -942,16 +942,19 @@
*data_len = input_len - padding_len;
/* Avoid logical || since it results in a branch */
- bad |= padding_len > input_len;
- bad |= padding_len == 0;
+ bad = mbedtls_ct_uint_gt(padding_len, input_len);
+ bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_eq(padding_len, 0));
/* The number of bytes checked must be independent of padding_len */
pad_idx = input_len - padding_len;
for (i = 0; i < input_len - 1; i++) {
- bad |= input[i] * (i >= pad_idx);
+ mbedtls_ct_condition_t is_padding = mbedtls_ct_uint_ge(i, pad_idx);
+ mbedtls_ct_condition_t nonzero_pad_byte;
+ nonzero_pad_byte = mbedtls_ct_bool_if_else_0(is_padding, mbedtls_ct_bool(input[i]));
+ bad = mbedtls_ct_bool_or(bad, nonzero_pad_byte);
}
- return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
+ return mbedtls_ct_error_if_else_0(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING);
}
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
@@ -962,18 +965,14 @@
static void add_zeros_padding(unsigned char *output,
size_t output_len, size_t data_len)
{
- size_t i;
-
- for (i = data_len; i < output_len; i++) {
- output[i] = 0x00;
- }
+ memset(output + data_len, 0, output_len - data_len);
}
static int get_zeros_padding(unsigned char *input, size_t input_len,
size_t *data_len)
{
size_t i;
- unsigned char done = 0, prev_done;
+ mbedtls_ct_condition_t done = MBEDTLS_CT_FALSE, prev_done;
if (NULL == input || NULL == data_len) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
@@ -982,8 +981,8 @@
*data_len = 0;
for (i = input_len; i > 0; i--) {
prev_done = done;
- done |= (input[i-1] != 0);
- *data_len |= i * (done != prev_done);
+ done = mbedtls_ct_bool_or(done, mbedtls_ct_uint_ne(input[i-1], 0));
+ *data_len = mbedtls_ct_size_if(mbedtls_ct_bool_ne(done, prev_done), i, *data_len);
}
return 0;
@@ -1027,6 +1026,16 @@
*olen = 0;
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+ /* CBC mode requires padding so we make sure a call to
+ * mbedtls_cipher_set_padding_mode has been done successfully. */
+ if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
+ if (ctx->get_padding == NULL) {
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
+ }
+#endif
+
if (MBEDTLS_MODE_CFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_OFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_CTR == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index da4e739..c173899 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -1,24 +1,12 @@
/**
* \file cipher_wrap.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -80,7 +68,7 @@
#if defined(MBEDTLS_CAMELLIA_C)
MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA,
#endif
-#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA)
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES,
#endif
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C)
@@ -104,7 +92,7 @@
#if defined(MBEDTLS_DES_C)
MBEDTLS_CIPHER_BASE_INDEX_DES,
#endif
-#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA)
MBEDTLS_CIPHER_BASE_INDEX_GCM_AES,
#endif
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C)
@@ -120,8 +108,10 @@
MBEDTLS_CIPHER_BASE_INDEX_NULL_BASE,
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS) && defined(MBEDTLS_AES_C)
- MBEDTLS_CIPHER_BASE_INDEX_XTS_AES
+ MBEDTLS_CIPHER_BASE_INDEX_XTS_AES,
#endif
+ /* Prevent compile failure due to empty enum */
+ MBEDTLS_CIPHER_BASE_PREVENT_EMPTY_ENUM
};
#if defined(MBEDTLS_GCM_C)
@@ -236,11 +226,13 @@
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
return mbedtls_aes_setkey_dec((mbedtls_aes_context *) ctx, key, key_bitlen);
}
+#endif
static int aes_setkey_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
@@ -289,7 +281,9 @@
NULL,
#endif
aes_setkey_enc_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
aes_setkey_dec_wrap,
+#endif
aes_ctx_alloc,
aes_ctx_free
};
@@ -305,6 +299,7 @@
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ecb_info = {
"AES-192-ECB",
16,
@@ -326,6 +321,7 @@
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t aes_128_cbc_info = {
@@ -339,6 +335,7 @@
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_cbc_info = {
"AES-192-CBC",
16,
@@ -360,6 +357,7 @@
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#endif
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -374,6 +372,7 @@
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_cfb128_info = {
"AES-192-CFB128",
16,
@@ -395,6 +394,7 @@
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#endif
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
@@ -409,6 +409,7 @@
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ofb_info = {
"AES-192-OFB",
16,
@@ -430,6 +431,7 @@
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#endif
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -444,6 +446,7 @@
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ctr_info = {
"AES-192-CTR",
16,
@@ -465,6 +468,7 @@
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
+#endif
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -543,6 +547,7 @@
MBEDTLS_CIPHER_BASE_INDEX_XTS_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_256_xts_info = {
"AES-256-XTS",
16,
@@ -553,16 +558,20 @@
0,
MBEDTLS_CIPHER_BASE_INDEX_XTS_AES
};
+#endif
#endif /* MBEDTLS_CIPHER_MODE_XTS */
+#endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
key, key_bitlen);
}
+#endif /* MBEDTLS_GCM_C && MBEDTLS_AES_C */
+#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA)
static const mbedtls_cipher_base_t gcm_aes_info = {
MBEDTLS_CIPHER_ID_AES,
NULL,
@@ -584,12 +593,23 @@
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
+#if defined(MBEDTLS_GCM_C)
gcm_aes_setkey_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
gcm_aes_setkey_wrap,
+#endif
gcm_ctx_alloc,
gcm_ctx_free,
+#else
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+#endif /* MBEDTLS_GCM_C */
};
+#endif /* MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA */
+#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA)
static const mbedtls_cipher_info_t aes_128_gcm_info = {
"AES-128-GCM",
16,
@@ -601,6 +621,7 @@
MBEDTLS_CIPHER_BASE_INDEX_GCM_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_gcm_info = {
"AES-192-GCM",
16,
@@ -622,16 +643,19 @@
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
MBEDTLS_CIPHER_BASE_INDEX_GCM_AES
};
-#endif /* MBEDTLS_GCM_C */
+#endif
+#endif /* MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA */
-#if defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
key, key_bitlen);
}
+#endif /* MBEDTLS_CCM_C && MBEDTLS_AES_C */
+#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA)
static const mbedtls_cipher_base_t ccm_aes_info = {
MBEDTLS_CIPHER_ID_AES,
NULL,
@@ -653,12 +677,23 @@
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
NULL,
#endif
+#if defined(MBEDTLS_CCM_C)
ccm_aes_setkey_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
ccm_aes_setkey_wrap,
+#endif
ccm_ctx_alloc,
ccm_ctx_free,
+#else
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+#endif
};
+#endif /* MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA */
+#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA)
static const mbedtls_cipher_info_t aes_128_ccm_info = {
"AES-128-CCM",
16,
@@ -670,6 +705,7 @@
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ccm_info = {
"AES-192-CCM",
16,
@@ -691,7 +727,10 @@
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
};
+#endif
+#endif /* MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA */
+#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_AES_VIA_LEGACY_OR_USE_PSA)
static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = {
"AES-128-CCM*-NO-TAG",
16,
@@ -703,6 +742,7 @@
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ccm_star_no_tag_info = {
"AES-192-CCM*-NO-TAG",
16,
@@ -724,9 +764,9 @@
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
};
-#endif /* MBEDTLS_CCM_C */
+#endif
+#endif /* MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_AES_VIA_LEGACY_OR_USE_PSA */
-#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_CAMELLIA_C)
@@ -767,11 +807,13 @@
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
return mbedtls_camellia_setkey_dec((mbedtls_camellia_context *) ctx, key, key_bitlen);
}
+#endif
static int camellia_setkey_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
@@ -821,7 +863,9 @@
NULL,
#endif
camellia_setkey_enc_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
camellia_setkey_dec_wrap,
+#endif
camellia_ctx_alloc,
camellia_ctx_free
};
@@ -994,7 +1038,9 @@
NULL,
#endif
gcm_camellia_setkey_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
gcm_camellia_setkey_wrap,
+#endif
gcm_ctx_alloc,
gcm_ctx_free,
};
@@ -1063,7 +1109,9 @@
NULL,
#endif
ccm_camellia_setkey_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
ccm_camellia_setkey_wrap,
+#endif
ccm_ctx_alloc,
ccm_ctx_free,
};
@@ -1177,11 +1225,13 @@
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
{
return mbedtls_aria_setkey_dec((mbedtls_aria_context *) ctx, key, key_bitlen);
}
+#endif
static int aria_setkey_enc_wrap(void *ctx, const unsigned char *key,
unsigned int key_bitlen)
@@ -1231,7 +1281,9 @@
NULL,
#endif
aria_setkey_enc_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
aria_setkey_dec_wrap,
+#endif
aria_ctx_alloc,
aria_ctx_free
};
@@ -1404,7 +1456,9 @@
NULL,
#endif
gcm_aria_setkey_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
gcm_aria_setkey_wrap,
+#endif
gcm_ctx_alloc,
gcm_ctx_free,
};
@@ -1473,7 +1527,9 @@
NULL,
#endif
ccm_aria_setkey_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
ccm_aria_setkey_wrap,
+#endif
ccm_ctx_alloc,
ccm_ctx_free,
};
@@ -1893,7 +1949,9 @@
chacha20_stream_wrap,
#endif
chacha20_setkey_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
chacha20_setkey_wrap,
+#endif
chacha20_ctx_alloc,
chacha20_ctx_free
};
@@ -1968,7 +2026,9 @@
NULL,
#endif
chachapoly_setkey_wrap,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
chachapoly_setkey_wrap,
+#endif
chachapoly_ctx_alloc,
chachapoly_ctx_free
};
@@ -2036,7 +2096,9 @@
null_crypt_stream,
#endif
null_setkey,
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
null_setkey,
+#endif
null_ctx_alloc,
null_ctx_free
};
@@ -2123,6 +2185,7 @@
MBEDTLS_CIPHER_BASE_INDEX_KW_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_nist_kw_info = {
"AES-192-KW",
16,
@@ -2144,6 +2207,7 @@
0,
MBEDTLS_CIPHER_BASE_INDEX_KW_AES
};
+#endif
static const mbedtls_cipher_info_t aes_128_nist_kwp_info = {
"AES-128-KWP",
@@ -2156,6 +2220,7 @@
MBEDTLS_CIPHER_BASE_INDEX_KW_AES
};
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_nist_kwp_info = {
"AES-192-KWP",
16,
@@ -2177,52 +2242,73 @@
0,
MBEDTLS_CIPHER_BASE_INDEX_KW_AES
};
+#endif
#endif /* MBEDTLS_NIST_KW_C */
const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
{
#if defined(MBEDTLS_AES_C)
{ MBEDTLS_CIPHER_AES_128_ECB, &aes_128_ecb_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_ECB, &aes_192_ecb_info },
{ MBEDTLS_CIPHER_AES_256_ECB, &aes_256_ecb_info },
+#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_CIPHER_AES_128_CBC, &aes_128_cbc_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CBC, &aes_192_cbc_info },
{ MBEDTLS_CIPHER_AES_256_CBC, &aes_256_cbc_info },
#endif
+#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{ MBEDTLS_CIPHER_AES_128_CFB128, &aes_128_cfb128_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CFB128, &aes_192_cfb128_info },
{ MBEDTLS_CIPHER_AES_256_CFB128, &aes_256_cfb128_info },
#endif
+#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
{ MBEDTLS_CIPHER_AES_128_OFB, &aes_128_ofb_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_OFB, &aes_192_ofb_info },
{ MBEDTLS_CIPHER_AES_256_OFB, &aes_256_ofb_info },
#endif
+#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{ MBEDTLS_CIPHER_AES_128_CTR, &aes_128_ctr_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CTR, &aes_192_ctr_info },
{ MBEDTLS_CIPHER_AES_256_CTR, &aes_256_ctr_info },
#endif
+#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
{ MBEDTLS_CIPHER_AES_128_XTS, &aes_128_xts_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info },
#endif
-#if defined(MBEDTLS_GCM_C)
+#endif
+#endif /* MBEDTLS_AES_C */
+#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA)
{ MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info },
{ MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info },
#endif
-#if defined(MBEDTLS_CCM_C)
+#endif
+#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA)
{ MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info },
{ MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info },
+#endif
+#endif
+#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_AES_VIA_LEGACY_OR_USE_PSA)
{ MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info },
{ MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, &aes_256_ccm_star_no_tag_info },
#endif
-#endif /* MBEDTLS_AES_C */
+#endif
#if defined(MBEDTLS_CAMELLIA_C)
{ MBEDTLS_CIPHER_CAMELLIA_128_ECB, &camellia_128_ecb_info },
@@ -2313,12 +2399,16 @@
#if defined(MBEDTLS_NIST_KW_C)
{ MBEDTLS_CIPHER_AES_128_KW, &aes_128_nist_kw_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_KW, &aes_192_nist_kw_info },
{ MBEDTLS_CIPHER_AES_256_KW, &aes_256_nist_kw_info },
+#endif
{ MBEDTLS_CIPHER_AES_128_KWP, &aes_128_nist_kwp_info },
+#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_KWP, &aes_192_nist_kwp_info },
{ MBEDTLS_CIPHER_AES_256_KWP, &aes_256_nist_kwp_info },
#endif
+#endif
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
{ MBEDTLS_CIPHER_NULL, &null_cipher_info },
@@ -2341,7 +2431,7 @@
#if defined(MBEDTLS_CAMELLIA_C)
[MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA] = &camellia_info,
#endif
-#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA)
[MBEDTLS_CIPHER_BASE_INDEX_CCM_AES] = &ccm_aes_info,
#endif
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C)
@@ -2365,7 +2455,7 @@
#if defined(MBEDTLS_DES_C)
[MBEDTLS_CIPHER_BASE_INDEX_DES] = &des_info,
#endif
-#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA)
[MBEDTLS_CIPHER_BASE_INDEX_GCM_AES] = &gcm_aes_info,
#endif
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C)
diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h
index c85a4ef..f229151 100644
--- a/library/cipher_wrap.h
+++ b/library/cipher_wrap.h
@@ -7,19 +7,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CIPHER_WRAP_H
#define MBEDTLS_CIPHER_WRAP_H
@@ -36,6 +24,50 @@
extern "C" {
#endif
+/* Support for GCM either through Mbed TLS SW implementation or PSA */
+#if defined(MBEDTLS_GCM_C) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
+#define MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA
+#endif
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES))
+#define MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA
+#endif
+
+#if defined(MBEDTLS_CCM_C) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
+#define MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA
+#endif
+
+#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES))
+#define MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA
+#endif
+
+#if defined(MBEDTLS_CCM_C) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG))
+#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA
+#endif
+
+#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && \
+ defined(PSA_WANT_KEY_TYPE_AES))
+#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_AES_VIA_LEGACY_OR_USE_PSA
+#endif
+
+#if defined(MBEDTLS_CHACHAPOLY_C) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
+#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA
+#endif
+
+#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) || \
+ defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) || \
+ defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) || \
+ defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA)
+#define MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA
+#endif
+
/**
* Base cipher information. The non-mode specific functions and values.
*/
@@ -93,9 +125,11 @@
int (*setkey_enc_func)(void *ctx, const unsigned char *key,
unsigned int key_bitlen);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/** Set key for decryption purposes */
int (*setkey_dec_func)(void *ctx, const unsigned char *key,
unsigned int key_bitlen);
+#endif
/** Allocate a new context */
void * (*ctx_alloc_func)(void);
diff --git a/library/cmac.c b/library/cmac.c
index 333248e..f40cae2 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -4,19 +4,7 @@
* \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -114,7 +102,7 @@
unsigned char *K1, unsigned char *K2)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char L[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
size_t olen, block_size;
mbedtls_platform_zeroize(L, sizeof(L));
@@ -152,7 +140,7 @@
* We can't use the padding option from the cipher layer, as it only works for
* CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition.
*/
-static void cmac_pad(unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
+static void cmac_pad(unsigned char padded_block[MBEDTLS_CMAC_MAX_BLOCK_SIZE],
size_t padded_block_len,
const unsigned char *last_block,
size_t last_block_len)
@@ -283,9 +271,9 @@
{
mbedtls_cmac_context_t *cmac_ctx;
unsigned char *state, *last_block;
- unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
- unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
- unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char K1[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
+ unsigned char K2[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
+ unsigned char M_last[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen, block_size;
@@ -332,7 +320,7 @@
mbedtls_platform_zeroize(cmac_ctx->unprocessed_block,
sizeof(cmac_ctx->unprocessed_block));
- mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX);
+ mbedtls_platform_zeroize(state, MBEDTLS_CMAC_MAX_BLOCK_SIZE);
return ret;
}
@@ -750,8 +738,8 @@
int i, ret = 0;
mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info;
- unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
- unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char K1[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
+ unsigned char K2[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if (cipher_info == NULL) {
@@ -845,7 +833,7 @@
{
const mbedtls_cipher_info_t *cipher_info;
int i, ret = 0;
- unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
if (cipher_info == NULL) {
diff --git a/library/common.h b/library/common.h
index 97dc1d3..e532777 100644
--- a/library/common.h
+++ b/library/common.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_LIBRARY_COMMON_H
@@ -33,7 +21,20 @@
#if defined(__ARM_NEON)
#include <arm_neon.h>
-#endif /* __ARM_NEON */
+#define MBEDTLS_HAVE_NEON_INTRINSICS
+#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64)
+#include <arm64_neon.h>
+#define MBEDTLS_HAVE_NEON_INTRINSICS
+#endif
+
+
+#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \
+ && !defined(__llvm__) && !defined(__INTEL_COMPILER)
+/* Defined if the compiler really is gcc and not clang, etc */
+#define MBEDTLS_COMPILER_IS_GCC
+#define MBEDTLS_GCC_VERSION \
+ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+#endif
/** Helper to define a function as static except when building invasive tests.
*
@@ -181,14 +182,16 @@
{
size_t i = 0;
#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
-#if defined(__ARM_NEON)
+#if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \
+ (!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300))
+ /* Old GCC versions generate a warning here, so disable the NEON path for these compilers */
for (; (i + 16) <= n; i += 16) {
uint8x16_t v1 = vld1q_u8(a + i);
uint8x16_t v2 = vld1q_u8(b + i);
uint8x16_t x = veorq_u8(v1, v2);
vst1q_u8(r + i, x);
}
-#elif defined(__amd64__) || defined(__x86_64__) || defined(__aarch64__)
+#elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64)
/* This codepath probably only makes sense on architectures with 64-bit registers */
for (; (i + 8) <= n; i += 8) {
uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
@@ -227,7 +230,7 @@
{
size_t i = 0;
#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
-#if defined(__amd64__) || defined(__x86_64__) || defined(__aarch64__)
+#if defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64)
/* This codepath probably only makes sense on architectures with 64-bit registers */
for (; (i + 8) <= n; i += 8) {
uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i);
@@ -288,7 +291,7 @@
/* Normal case (64-bit pointers): use "r" as the constraint for pointer operands to asm */
#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "r"
#else
-#error Unrecognised pointer size for aarch64
+#error "Unrecognised pointer size for aarch64"
#endif
#endif
@@ -306,22 +309,34 @@
#define MBEDTLS_STATIC_ASSERT(expr, msg)
#endif
-/* Define compiler branch hints */
#if defined(__has_builtin)
-#if __has_builtin(__builtin_expect)
+#define MBEDTLS_HAS_BUILTIN(x) __has_builtin(x)
+#else
+#define MBEDTLS_HAS_BUILTIN(x) 0
+#endif
+
+/* Define compiler branch hints */
+#if MBEDTLS_HAS_BUILTIN(__builtin_expect)
#define MBEDTLS_LIKELY(x) __builtin_expect(!!(x), 1)
#define MBEDTLS_UNLIKELY(x) __builtin_expect(!!(x), 0)
-#endif
-#endif
-#if !defined(MBEDTLS_LIKELY)
+#else
#define MBEDTLS_LIKELY(x) x
#define MBEDTLS_UNLIKELY(x) x
#endif
-#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \
- && !defined(__llvm__) && !defined(__INTEL_COMPILER)
-/* Defined if the compiler really is gcc and not clang, etc */
-#define MBEDTLS_COMPILER_IS_GCC
+/* MBEDTLS_ASSUME may be used to provide additional information to the compiler
+ * which can result in smaller code-size. */
+#if MBEDTLS_HAS_BUILTIN(__builtin_assume)
+/* clang provides __builtin_assume */
+#define MBEDTLS_ASSUME(x) __builtin_assume(x)
+#elif MBEDTLS_HAS_BUILTIN(__builtin_unreachable)
+/* gcc and IAR can use __builtin_unreachable */
+#define MBEDTLS_ASSUME(x) do { if (!(x)) __builtin_unreachable(); } while (0)
+#elif defined(_MSC_VER)
+/* Supported by MSVC since VS 2005 */
+#define MBEDTLS_ASSUME(x) __assume(x)
+#else
+#define MBEDTLS_ASSUME(x) do { } while (0)
#endif
/* For gcc -Os, override with -O2 for a given function.
@@ -334,4 +349,31 @@
#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE
#endif
+/* Suppress compiler warnings for unused functions and variables. */
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute)
+# if __has_attribute(unused)
+# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
+# endif
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__)
+# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__)
+/* IAR does support __attribute__((unused)), but only if the -e flag (extended language support)
+ * is given; the pragma always works.
+ * Unfortunately the pragma affects the rest of the file where it is used, but this is harmless.
+ * Check for version 5.2 or later - this pragma may be supported by earlier versions, but I wasn't
+ * able to find documentation).
+ */
+# if (__VER__ >= 5020000)
+# define MBEDTLS_MAYBE_UNUSED _Pragma("diag_suppress=Pe177")
+# endif
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER)
+# define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189))
+#endif
+#if !defined(MBEDTLS_MAYBE_UNUSED)
+# define MBEDTLS_MAYBE_UNUSED
+#endif
+
#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/constant_time.c b/library/constant_time.c
index 5265005..d212ddf 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -2,19 +2,7 @@
* Constant-time functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -22,42 +10,24 @@
* might be translated to branches by some compilers on some platforms.
*/
+#include <stdint.h>
+#include <limits.h>
+
#include "common.h"
#include "constant_time_internal.h"
#include "mbedtls/constant_time.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#include "bignum_core.h"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C)
-#include "ssl_misc.h"
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-#if defined(MBEDTLS_BASE64_C)
-#include "constant_time_invasive.h"
-#endif
-
#include <string.h>
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#include "psa/crypto.h"
-/* Define a local translating function to save code size by not using too many
- * arguments in each translating place. */
-static int local_err_translation(psa_status_t status)
-{
- return psa_status_to_mbedtls(status, psa_to_ssl_errors,
- ARRAY_LENGTH(psa_to_ssl_errors),
- psa_generic_status_to_mbedtls);
-}
-#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
+#if !defined(MBEDTLS_CT_ASM)
+/*
+ * Define an object with the value zero, such that the compiler cannot prove that it
+ * has the value zero (because it is volatile, it "may be modified in ways unknown to
+ * the implementation").
+ */
+volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0;
#endif
/*
@@ -70,15 +40,12 @@
* Some of these definitions could be moved into alignment.h but for now they are
* only used here.
*/
-#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && defined(MBEDTLS_HAVE_ASM)
-#if ((defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) && \
- (UINTPTR_MAX == 0xfffffffful)) || defined(__aarch64__)
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && \
+ ((defined(MBEDTLS_CT_ARM_ASM) && (UINTPTR_MAX == 0xfffffffful)) || \
+ defined(MBEDTLS_CT_AARCH64_ASM))
/* We check pointer sizes to avoid issues with them not matching register size requirements */
#define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS
-#endif
-#endif
-#if defined(MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS)
static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsigned char *p)
{
/* This is UB, even where it's safe:
@@ -86,14 +53,17 @@
* so instead the same thing is expressed in assembly below.
*/
uint32_t r;
-#if defined(__arm__) || defined(__thumb__) || defined(__thumb2__)
+#if defined(MBEDTLS_CT_ARM_ASM)
asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :);
-#elif defined(__aarch64__)
+#elif defined(MBEDTLS_CT_AARCH64_ASM)
asm volatile ("ldr %w0, [%1]" : "=r" (r) : MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT(p) :);
+#else
+#error "No assembly defined for mbedtls_get_unaligned_volatile_uint32"
#endif
return r;
}
-#endif /* MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS */
+#endif /* defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) &&
+ (defined(MBEDTLS_CT_ARM_ASM) || defined(MBEDTLS_CT_AARCH64_ASM)) */
int mbedtls_ct_memcmp(const void *a,
const void *b,
@@ -126,339 +96,119 @@
diff |= x ^ y;
}
+
+#if (INT_MAX < INT32_MAX)
+ /* We don't support int smaller than 32-bits, but if someone tried to build
+ * with this configuration, there is a risk that, for differing data, the
+ * only bits set in diff are in the top 16-bits, and would be lost by a
+ * simple cast from uint32 to int.
+ * This would have significant security implications, so protect against it. */
+#error "mbedtls_ct_memcmp() requires minimum 32-bit ints"
+#else
+ /* The bit-twiddling ensures that when we cast uint32_t to int, we are casting
+ * a value that is in the range 0..INT_MAX - a value larger than this would
+ * result in implementation defined behaviour.
+ *
+ * This ensures that the value returned by the function is non-zero iff
+ * diff is non-zero.
+ */
+ return (int) ((diff & 0xffff) | (diff >> 16));
+#endif
+}
+
+#if defined(MBEDTLS_NIST_KW_C)
+
+int mbedtls_ct_memcmp_partial(const void *a,
+ const void *b,
+ size_t n,
+ size_t skip_head,
+ size_t skip_tail)
+{
+ unsigned int diff = 0;
+
+ volatile const unsigned char *A = (volatile const unsigned char *) a;
+ volatile const unsigned char *B = (volatile const unsigned char *) b;
+
+ size_t valid_end = n - skip_tail;
+
+ for (size_t i = 0; i < n; i++) {
+ unsigned char x = A[i], y = B[i];
+ unsigned int d = x ^ y;
+ mbedtls_ct_condition_t valid = mbedtls_ct_bool_and(mbedtls_ct_uint_ge(i, skip_head),
+ mbedtls_ct_uint_lt(i, valid_end));
+ diff |= mbedtls_ct_uint_if_else_0(valid, d);
+ }
+
+ /* Since we go byte-by-byte, the only bits set will be in the bottom 8 bits, so the
+ * cast from uint to int is safe. */
return (int) diff;
}
-unsigned mbedtls_ct_uint_mask(unsigned value)
-{
- /* MSVC has a warning about unary minus on unsigned, but this is
- * well-defined and precisely what we want to do here */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
#endif
- return -((value | -value) >> (sizeof(value) * 8 - 1));
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-}
-
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-
-size_t mbedtls_ct_size_mask(size_t value)
-{
- /* MSVC has a warning about unary minus on unsigned integer types,
- * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
- return -((value | -value) >> (sizeof(value) * 8 - 1));
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-}
-
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value)
-{
- /* MSVC has a warning about unary minus on unsigned, but this is
- * well-defined and precisely what we want to do here */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
- return -((value | -value) >> (sizeof(value) * 8 - 1));
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-
-/** Constant-flow mask generation for "less than" comparison:
- * - if \p x < \p y, return all-bits 1, that is (size_t) -1
- * - otherwise, return all bits 0, that is 0
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param x The first value to analyze.
- * \param y The second value to analyze.
- *
- * \return All-bits-one if \p x is less than \p y, otherwise zero.
- */
-static size_t mbedtls_ct_size_mask_lt(size_t x,
- size_t y)
-{
- /* This has the most significant bit set if and only if x < y */
- const size_t sub = x - y;
-
- /* sub1 = (x < y) ? 1 : 0 */
- const size_t sub1 = sub >> (sizeof(sub) * 8 - 1);
-
- /* mask = (x < y) ? 0xff... : 0x00... */
- const size_t mask = mbedtls_ct_size_mask(sub1);
-
- return mask;
-}
-
-size_t mbedtls_ct_size_mask_ge(size_t x,
- size_t y)
-{
- return ~mbedtls_ct_size_mask_lt(x, y);
-}
-
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
-
-#if defined(MBEDTLS_BASE64_C)
-
-/* Return 0xff if low <= c <= high, 0 otherwise.
- *
- * Constant flow with respect to c.
- */
-MBEDTLS_STATIC_TESTABLE
-unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low,
- unsigned char high,
- unsigned char c)
-{
- /* low_mask is: 0 if low <= c, 0x...ff if low > c */
- unsigned low_mask = ((unsigned) c - low) >> 8;
- /* high_mask is: 0 if c <= high, 0x...ff if c > high */
- unsigned high_mask = ((unsigned) high - c) >> 8;
- return ~(low_mask | high_mask) & 0xff;
-}
-
-#endif /* MBEDTLS_BASE64_C */
-
-unsigned mbedtls_ct_size_bool_eq(size_t x,
- size_t y)
-{
- /* diff = 0 if x == y, non-zero otherwise */
- const size_t diff = x ^ y;
-
- /* MSVC has a warning about unary minus on unsigned integer types,
- * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
- /* diff_msb's most significant bit is equal to x != y */
- const size_t diff_msb = (diff | (size_t) -diff);
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
- /* diff1 = (x != y) ? 1 : 0 */
- const unsigned diff1 = diff_msb >> (sizeof(diff_msb) * 8 - 1);
-
- return 1 ^ diff1;
-}
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-/** Constant-flow "greater than" comparison:
- * return x > y
- *
- * This is equivalent to \p x > \p y, but is likely to be compiled
- * to code using bitwise operation rather than a branch.
- *
- * \param x The first value to analyze.
- * \param y The second value to analyze.
- *
- * \return 1 if \p x greater than \p y, otherwise 0.
- */
-static unsigned mbedtls_ct_size_gt(size_t x,
- size_t y)
-{
- /* Return the sign bit (1 for negative) of (y - x). */
- return (y - x) >> (sizeof(size_t) * 8 - 1);
-}
-
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x,
- const mbedtls_mpi_uint y)
-{
- mbedtls_mpi_uint ret;
- mbedtls_mpi_uint cond;
-
- /*
- * Check if the most significant bits (MSB) of the operands are different.
- */
- cond = (x ^ y);
- /*
- * If the MSB are the same then the difference x-y will be negative (and
- * have its MSB set to 1 during conversion to unsigned) if and only if x<y.
- */
- ret = (x - y) & ~cond;
- /*
- * If the MSB are different, then the operand with the MSB of 1 is the
- * bigger. (That is if y has MSB of 1, then x<y is true and it is false if
- * the MSB of y is 0.)
- */
- ret |= y & cond;
-
-
- ret = ret >> (sizeof(mbedtls_mpi_uint) * 8 - 1);
-
- return (unsigned) ret;
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-unsigned mbedtls_ct_uint_if(unsigned condition,
- unsigned if1,
- unsigned if0)
-{
- unsigned mask = mbedtls_ct_uint_mask(condition);
- return (mask & if1) | (~mask & if0);
-}
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-void mbedtls_ct_mpi_uint_cond_assign(size_t n,
- mbedtls_mpi_uint *dest,
- const mbedtls_mpi_uint *src,
- unsigned char condition)
-{
- size_t i;
-
- /* MSVC has a warning about unary minus on unsigned integer types,
- * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
- /* all-bits 1 if condition is 1, all-bits 0 if condition is 0 */
- const mbedtls_mpi_uint mask = -condition;
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
- for (i = 0; i < n; i++) {
- dest[i] = (src[i] & mask) | (dest[i] & ~mask);
- }
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_BASE64_C)
-
-unsigned char mbedtls_ct_base64_enc_char(unsigned char value)
-{
- unsigned char digit = 0;
- /* For each range of values, if value is in that range, mask digit with
- * the corresponding value. Since value can only be in a single range,
- * only at most one masking will change digit. */
- digit |= mbedtls_ct_uchar_mask_of_range(0, 25, value) & ('A' + value);
- digit |= mbedtls_ct_uchar_mask_of_range(26, 51, value) & ('a' + value - 26);
- digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52);
- digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+';
- digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/';
- return digit;
-}
-
-signed char mbedtls_ct_base64_dec_value(unsigned char c)
-{
- unsigned char val = 0;
- /* For each range of digits, if c is in that range, mask val with
- * the corresponding value. Since c can only be in a single range,
- * only at most one masking will change val. Set val to one plus
- * the desired value so that it stays 0 if c is in none of the ranges. */
- val |= mbedtls_ct_uchar_mask_of_range('A', 'Z', c) & (c - 'A' + 0 + 1);
- val |= mbedtls_ct_uchar_mask_of_range('a', 'z', c) & (c - 'a' + 26 + 1);
- val |= mbedtls_ct_uchar_mask_of_range('0', '9', c) & (c - '0' + 52 + 1);
- val |= mbedtls_ct_uchar_mask_of_range('+', '+', c) & (c - '+' + 62 + 1);
- val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1);
- /* At this point, val is 0 if c is an invalid digit and v+1 if c is
- * a digit with the value v. */
- return val - 1;
-}
-
-#endif /* MBEDTLS_BASE64_C */
-
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-
-/** Shift some data towards the left inside a buffer.
- *
- * `mbedtls_ct_mem_move_to_left(start, total, offset)` is functionally
- * equivalent to
- * ```
- * memmove(start, start + offset, total - offset);
- * memset(start + offset, 0, total - offset);
- * ```
- * but it strives to use a memory access pattern (and thus total timing)
- * that does not depend on \p offset. This timing independence comes at
- * the expense of performance.
- *
- * \param start Pointer to the start of the buffer.
- * \param total Total size of the buffer.
- * \param offset Offset from which to copy \p total - \p offset bytes.
- */
-static void mbedtls_ct_mem_move_to_left(void *start,
- size_t total,
- size_t offset)
+void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset)
{
volatile unsigned char *buf = start;
- size_t i, n;
- if (total == 0) {
- return;
- }
- for (i = 0; i < total; i++) {
- unsigned no_op = mbedtls_ct_size_gt(total - offset, i);
+ for (size_t i = 0; i < total; i++) {
+ mbedtls_ct_condition_t no_op = mbedtls_ct_uint_gt(total - offset, i);
/* The first `total - offset` passes are a no-op. The last
* `offset` passes shift the data one byte to the left and
* zero out the last byte. */
- for (n = 0; n < total - 1; n++) {
+ for (size_t n = 0; n < total - 1; n++) {
unsigned char current = buf[n];
- unsigned char next = buf[n+1];
+ unsigned char next = buf[n+1];
buf[n] = mbedtls_ct_uint_if(no_op, current, next);
}
- buf[total-1] = mbedtls_ct_uint_if(no_op, buf[total-1], 0);
+ buf[total-1] = mbedtls_ct_uint_if_else_0(no_op, buf[total-1]);
}
}
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-
-void mbedtls_ct_memcpy_if_eq(unsigned char *dest,
- const unsigned char *src,
- size_t len,
- size_t c1,
- size_t c2)
+void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition,
+ unsigned char *dest,
+ const unsigned char *src1,
+ const unsigned char *src2,
+ size_t len)
{
- /* mask = c1 == c2 ? 0xff : 0x00 */
- const size_t equal = mbedtls_ct_size_bool_eq(c1, c2);
+#if defined(MBEDTLS_CT_SIZE_64)
+ const uint64_t mask = (uint64_t) condition;
+ const uint64_t not_mask = (uint64_t) ~mbedtls_ct_compiler_opaque(condition);
+#else
+ const uint32_t mask = (uint32_t) condition;
+ const uint32_t not_mask = (uint32_t) ~mbedtls_ct_compiler_opaque(condition);
+#endif
+
+ /* If src2 is NULL, setup src2 so that we read from the destination address.
+ *
+ * This means that if src2 == NULL && condition is false, the result will be a
+ * no-op because we read from dest and write the same data back into dest.
+ */
+ if (src2 == NULL) {
+ src2 = dest;
+ }
/* dest[i] = c1 == c2 ? src[i] : dest[i] */
size_t i = 0;
#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
- const uint32_t mask32 = (uint32_t) mbedtls_ct_size_mask(equal);
- const unsigned char mask = (unsigned char) mask32 & 0xff;
-
- for (; (i + 4) <= len; i += 4) {
- uint32_t a = mbedtls_get_unaligned_uint32(src + i) & mask32;
- uint32_t b = mbedtls_get_unaligned_uint32(dest + i) & ~mask32;
- mbedtls_put_unaligned_uint32(dest + i, a | b);
+#if defined(MBEDTLS_CT_SIZE_64)
+ for (; (i + 8) <= len; i += 8) {
+ uint64_t a = mbedtls_get_unaligned_uint64(src1 + i) & mask;
+ uint64_t b = mbedtls_get_unaligned_uint64(src2 + i) & not_mask;
+ mbedtls_put_unaligned_uint64(dest + i, a | b);
}
#else
- const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal);
+ for (; (i + 4) <= len; i += 4) {
+ uint32_t a = mbedtls_get_unaligned_uint32(src1 + i) & mask;
+ uint32_t b = mbedtls_get_unaligned_uint32(src2 + i) & not_mask;
+ mbedtls_put_unaligned_uint32(dest + i, a | b);
+ }
+#endif /* defined(MBEDTLS_CT_SIZE_64) */
#endif /* MBEDTLS_EFFICIENT_UNALIGNED_ACCESS */
for (; i < len; i++) {
- dest[i] = (src[i] & mask) | (dest[i] & ~mask);
+ dest[i] = (src1[i] & mask) | (src2[i] & not_mask);
}
}
@@ -472,547 +222,27 @@
size_t offsetval;
for (offsetval = offset_min; offsetval <= offset_max; offsetval++) {
- mbedtls_ct_memcpy_if_eq(dest, src + offsetval, len,
- offsetval, offset);
+ mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offsetval, offset), dest, src + offsetval, NULL,
+ len);
}
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
-#if defined(PSA_WANT_ALG_SHA_384)
-#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_384)
-#elif defined(PSA_WANT_ALG_SHA_256)
-#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_256)
-#else /* See check_config.h */
-#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_1)
-#endif
-
-int mbedtls_ct_hmac(mbedtls_svc_key_id_t key,
- psa_algorithm_t mac_alg,
- const unsigned char *add_data,
- size_t add_data_len,
- const unsigned char *data,
- size_t data_len_secret,
- size_t min_data_len,
- size_t max_data_len,
- unsigned char *output)
-{
- /*
- * This function breaks the HMAC abstraction and uses psa_hash_clone()
- * extension in order to get constant-flow behaviour.
- *
- * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
- * concatenation, and okey/ikey are the XOR of the key with some fixed bit
- * patterns (see RFC 2104, sec. 2).
- *
- * We'll first compute ikey/okey, then inner_hash = HASH(ikey + msg) by
- * hashing up to minlen, then cloning the context, and for each byte up
- * to maxlen finishing up the hash computation, keeping only the
- * correct result.
- *
- * Then we only need to compute HASH(okey + inner_hash) and we're done.
- */
- psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH(mac_alg);
- const size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg);
- unsigned char key_buf[MAX_HASH_BLOCK_LENGTH];
- const size_t hash_size = PSA_HASH_LENGTH(hash_alg);
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- size_t hash_length;
-
- unsigned char aux_out[PSA_HASH_MAX_SIZE];
- psa_hash_operation_t aux_operation = PSA_HASH_OPERATION_INIT;
- size_t offset;
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
- size_t mac_key_length;
- size_t i;
-
-#define PSA_CHK(func_call) \
- do { \
- status = (func_call); \
- if (status != PSA_SUCCESS) \
- goto cleanup; \
- } while (0)
-
- /* Export MAC key
- * We assume key length is always exactly the output size
- * which is never more than the block size, thus we use block_size
- * as the key buffer size.
- */
- PSA_CHK(psa_export_key(key, key_buf, block_size, &mac_key_length));
-
- /* Calculate ikey */
- for (i = 0; i < mac_key_length; i++) {
- key_buf[i] = (unsigned char) (key_buf[i] ^ 0x36);
- }
- for (; i < block_size; ++i) {
- key_buf[i] = 0x36;
- }
-
- PSA_CHK(psa_hash_setup(&operation, hash_alg));
-
- /* Now compute inner_hash = HASH(ikey + msg) */
- PSA_CHK(psa_hash_update(&operation, key_buf, block_size));
- PSA_CHK(psa_hash_update(&operation, add_data, add_data_len));
- PSA_CHK(psa_hash_update(&operation, data, min_data_len));
-
- /* Fill the hash buffer in advance with something that is
- * not a valid hash (barring an attack on the hash and
- * deliberately-crafted input), in case the caller doesn't
- * check the return status properly. */
- memset(output, '!', hash_size);
-
- /* For each possible length, compute the hash up to that point */
- for (offset = min_data_len; offset <= max_data_len; offset++) {
- PSA_CHK(psa_hash_clone(&operation, &aux_operation));
- PSA_CHK(psa_hash_finish(&aux_operation, aux_out,
- PSA_HASH_MAX_SIZE, &hash_length));
- /* Keep only the correct inner_hash in the output buffer */
- mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
- offset, data_len_secret);
-
- if (offset < max_data_len) {
- PSA_CHK(psa_hash_update(&operation, data + offset, 1));
- }
- }
-
- /* Abort current operation to prepare for final operation */
- PSA_CHK(psa_hash_abort(&operation));
-
- /* Calculate okey */
- for (i = 0; i < mac_key_length; i++) {
- key_buf[i] = (unsigned char) ((key_buf[i] ^ 0x36) ^ 0x5C);
- }
- for (; i < block_size; ++i) {
- key_buf[i] = 0x5C;
- }
-
- /* Now compute HASH(okey + inner_hash) */
- PSA_CHK(psa_hash_setup(&operation, hash_alg));
- PSA_CHK(psa_hash_update(&operation, key_buf, block_size));
- PSA_CHK(psa_hash_update(&operation, output, hash_size));
- PSA_CHK(psa_hash_finish(&operation, output, hash_size, &hash_length));
-
-#undef PSA_CHK
-
-cleanup:
- mbedtls_platform_zeroize(key_buf, MAX_HASH_BLOCK_LENGTH);
- mbedtls_platform_zeroize(aux_out, PSA_HASH_MAX_SIZE);
-
- psa_hash_abort(&operation);
- psa_hash_abort(&aux_operation);
- return PSA_TO_MBEDTLS_ERR(status);
-}
-
-#undef MAX_HASH_BLOCK_LENGTH
-
-#else
-int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
- const unsigned char *add_data,
- size_t add_data_len,
- const unsigned char *data,
- size_t data_len_secret,
- size_t min_data_len,
- size_t max_data_len,
- unsigned char *output)
-{
- /*
- * This function breaks the HMAC abstraction and uses the md_clone()
- * extension to the MD API in order to get constant-flow behaviour.
- *
- * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
- * concatenation, and okey/ikey are the XOR of the key with some fixed bit
- * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx.
- *
- * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to
- * minlen, then cloning the context, and for each byte up to maxlen
- * finishing up the hash computation, keeping only the correct result.
- *
- * Then we only need to compute HASH(okey + inner_hash) and we're done.
- */
- const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info);
- /* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5,
- * all of which have the same block size except SHA-384. */
- const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
- const unsigned char * const ikey = ctx->hmac_ctx;
- const unsigned char * const okey = ikey + block_size;
- const size_t hash_size = mbedtls_md_get_size(ctx->md_info);
-
- unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
- mbedtls_md_context_t aux;
- size_t offset;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_md_init(&aux);
-
-#define MD_CHK(func_call) \
- do { \
- ret = (func_call); \
- if (ret != 0) \
- goto cleanup; \
- } while (0)
-
- MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0));
-
- /* After hmac_start() of hmac_reset(), ikey has already been hashed,
- * so we can start directly with the message */
- MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len));
- MD_CHK(mbedtls_md_update(ctx, data, min_data_len));
-
- /* Fill the hash buffer in advance with something that is
- * not a valid hash (barring an attack on the hash and
- * deliberately-crafted input), in case the caller doesn't
- * check the return status properly. */
- memset(output, '!', hash_size);
-
- /* For each possible length, compute the hash up to that point */
- for (offset = min_data_len; offset <= max_data_len; offset++) {
- MD_CHK(mbedtls_md_clone(&aux, ctx));
- MD_CHK(mbedtls_md_finish(&aux, aux_out));
- /* Keep only the correct inner_hash in the output buffer */
- mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
- offset, data_len_secret);
-
- if (offset < max_data_len) {
- MD_CHK(mbedtls_md_update(ctx, data + offset, 1));
- }
- }
-
- /* The context needs to finish() before it starts() again */
- MD_CHK(mbedtls_md_finish(ctx, aux_out));
-
- /* Now compute HASH(okey + inner_hash) */
- MD_CHK(mbedtls_md_starts(ctx));
- MD_CHK(mbedtls_md_update(ctx, okey, block_size));
- MD_CHK(mbedtls_md_update(ctx, output, hash_size));
- MD_CHK(mbedtls_md_finish(ctx, output));
-
- /* Done, get ready for next time */
- MD_CHK(mbedtls_md_hmac_reset(ctx));
-
-#undef MD_CHK
-
-cleanup:
- mbedtls_md_free(&aux);
- return ret;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-#define MPI_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
-
-/*
- * Conditionally assign X = Y, without leaking information
- * about whether the assignment was made or not.
- * (Leaking information about the respective sizes of X and Y is ok however.)
- */
-#if defined(_MSC_VER) && defined(_M_ARM64) && (_MSC_FULL_VER < 193131103)
-/*
- * MSVC miscompiles this function if it's inlined prior to Visual Studio 2022 version 17.1. See:
- * https://developercommunity.visualstudio.com/t/c-compiler-miscompiles-part-of-mbedtls-library-on/1646989
- */
-__declspec(noinline)
-#endif
-int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X,
- const mbedtls_mpi *Y,
- unsigned char assign)
-{
- int ret = 0;
- MPI_VALIDATE_RET(X != NULL);
- MPI_VALIDATE_RET(Y != NULL);
-
- /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
- mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(assign);
-
- MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
-
- X->s = (int) mbedtls_ct_uint_if(assign, Y->s, X->s);
-
- mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, assign);
-
- for (size_t i = Y->n; i < X->n; i++) {
- X->p[i] &= ~limb_mask;
- }
-
-cleanup:
- return ret;
-}
-
-/*
- * Conditionally swap X and Y, without leaking information
- * about whether the swap was made or not.
- * Here it is not ok to simply swap the pointers, which would lead to
- * different memory access patterns when X and Y are used afterwards.
- */
-int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X,
- mbedtls_mpi *Y,
- unsigned char swap)
-{
- int ret = 0;
- int s;
- MPI_VALIDATE_RET(X != NULL);
- MPI_VALIDATE_RET(Y != NULL);
-
- if (X == Y) {
- return 0;
- }
-
- MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
- MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n));
-
- s = X->s;
- X->s = (int) mbedtls_ct_uint_if(swap, Y->s, X->s);
- Y->s = (int) mbedtls_ct_uint_if(swap, s, Y->s);
-
- mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, swap);
-
-cleanup:
- return ret;
-}
-
-/*
- * Compare unsigned values in constant time
- */
-unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A,
- const mbedtls_mpi_uint *B,
- size_t limbs)
-{
- unsigned ret, cond, done;
-
- /* The value of any of these variables is either 0 or 1 for the rest of
- * their scope. */
- ret = cond = done = 0;
-
- for (size_t i = limbs; i > 0; i--) {
- /*
- * If B[i - 1] < A[i - 1] then A < B is false and the result must
- * remain 0.
- *
- * Again even if we can make a decision, we just mark the result and
- * the fact that we are done and continue looping.
- */
- cond = mbedtls_ct_mpi_uint_lt(B[i - 1], A[i - 1]);
- done |= cond;
-
- /*
- * If A[i - 1] < B[i - 1] then A < B is true.
- *
- * Again even if we can make a decision, we just mark the result and
- * the fact that we are done and continue looping.
- */
- cond = mbedtls_ct_mpi_uint_lt(A[i - 1], B[i - 1]);
- ret |= cond & (1 - done);
- done |= cond;
- }
-
- /*
- * If all the limbs were equal, then the numbers are equal, A < B is false
- * and leaving the result 0 is correct.
- */
-
- return ret;
-}
-
-/*
- * Compare signed values in constant time
- */
-int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X,
- const mbedtls_mpi *Y,
- unsigned *ret)
-{
- size_t i;
- /* The value of any of these variables is either 0 or 1 at all times. */
- unsigned cond, done, X_is_negative, Y_is_negative;
-
- MPI_VALIDATE_RET(X != NULL);
- MPI_VALIDATE_RET(Y != NULL);
- MPI_VALIDATE_RET(ret != NULL);
-
- if (X->n != Y->n) {
- return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- }
-
- /*
- * Set sign_N to 1 if N >= 0, 0 if N < 0.
- * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0.
- */
- X_is_negative = (X->s & 2) >> 1;
- Y_is_negative = (Y->s & 2) >> 1;
-
- /*
- * If the signs are different, then the positive operand is the bigger.
- * That is if X is negative (X_is_negative == 1), then X < Y is true and it
- * is false if X is positive (X_is_negative == 0).
- */
- cond = (X_is_negative ^ Y_is_negative);
- *ret = cond & X_is_negative;
-
- /*
- * This is a constant-time function. We might have the result, but we still
- * need to go through the loop. Record if we have the result already.
- */
- done = cond;
-
- for (i = X->n; i > 0; i--) {
- /*
- * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both
- * X and Y are negative.
- *
- * Again even if we can make a decision, we just mark the result and
- * the fact that we are done and continue looping.
- */
- cond = mbedtls_ct_mpi_uint_lt(Y->p[i - 1], X->p[i - 1]);
- *ret |= cond & (1 - done) & X_is_negative;
- done |= cond;
-
- /*
- * If X->p[i - 1] < Y->p[i - 1] then X < Y is true if and only if both
- * X and Y are positive.
- *
- * Again even if we can make a decision, we just mark the result and
- * the fact that we are done and continue looping.
- */
- cond = mbedtls_ct_mpi_uint_lt(X->p[i - 1], Y->p[i - 1]);
- *ret |= cond & (1 - done) & (1 - X_is_negative);
- done |= cond;
- }
-
- return 0;
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input,
- size_t ilen,
- unsigned char *output,
- size_t output_max_len,
- size_t *olen)
+void mbedtls_ct_zeroize_if(mbedtls_ct_condition_t condition, void *buf, size_t len)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i, plaintext_max_size;
-
- /* The following variables take sensitive values: their value must
- * not leak into the observable behavior of the function other than
- * the designated outputs (output, olen, return value). Otherwise
- * this would open the execution of the function to
- * side-channel-based variants of the Bleichenbacher padding oracle
- * attack. Potential side channels include overall timing, memory
- * access patterns (especially visible to an adversary who has access
- * to a shared memory cache), and branches (especially visible to
- * an adversary who has access to a shared code cache or to a shared
- * branch predictor). */
- size_t pad_count = 0;
- unsigned bad = 0;
- unsigned char pad_done = 0;
- size_t plaintext_size = 0;
- unsigned output_too_large;
-
- plaintext_max_size = (output_max_len > ilen - 11) ? ilen - 11
- : output_max_len;
-
- /* Check and get padding length in constant time and constant
- * memory trace. The first byte must be 0. */
- bad |= input[0];
-
-
- /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
- * where PS must be at least 8 nonzero bytes. */
- bad |= input[1] ^ MBEDTLS_RSA_CRYPT;
-
- /* Read the whole buffer. Set pad_done to nonzero if we find
- * the 0x00 byte and remember the padding length in pad_count. */
- for (i = 2; i < ilen; i++) {
- pad_done |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1;
- pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1;
+ uint32_t mask = (uint32_t) ~condition;
+ uint8_t *p = (uint8_t *) buf;
+ size_t i = 0;
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+ for (; (i + 4) <= len; i += 4) {
+ mbedtls_put_unaligned_uint32((void *) (p + i),
+ mbedtls_get_unaligned_uint32((void *) (p + i)) & mask);
}
-
-
- /* If pad_done is still zero, there's no data, only unfinished padding. */
- bad |= mbedtls_ct_uint_if(pad_done, 0, 1);
-
- /* There must be at least 8 bytes of padding. */
- bad |= mbedtls_ct_size_gt(8, pad_count);
-
- /* If the padding is valid, set plaintext_size to the number of
- * remaining bytes after stripping the padding. If the padding
- * is invalid, avoid leaking this fact through the size of the
- * output: use the maximum message size that fits in the output
- * buffer. Do it without branches to avoid leaking the padding
- * validity through timing. RSA keys are small enough that all the
- * size_t values involved fit in unsigned int. */
- plaintext_size = mbedtls_ct_uint_if(
- bad, (unsigned) plaintext_max_size,
- (unsigned) (ilen - pad_count - 3));
-
- /* Set output_too_large to 0 if the plaintext fits in the output
- * buffer and to 1 otherwise. */
- output_too_large = mbedtls_ct_size_gt(plaintext_size,
- plaintext_max_size);
-
- /* Set ret without branches to avoid timing attacks. Return:
- * - INVALID_PADDING if the padding is bad (bad != 0).
- * - OUTPUT_TOO_LARGE if the padding is good but the decrypted
- * plaintext does not fit in the output buffer.
- * - 0 if the padding is correct. */
- ret = -(int) mbedtls_ct_uint_if(
- bad, -MBEDTLS_ERR_RSA_INVALID_PADDING,
- mbedtls_ct_uint_if(output_too_large,
- -MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
- 0));
-
- /* If the padding is bad or the plaintext is too large, zero the
- * data that we're about to copy to the output buffer.
- * We need to copy the same amount of data
- * from the same buffer whether the padding is good or not to
- * avoid leaking the padding validity through overall timing or
- * through memory or cache access patterns. */
- bad = mbedtls_ct_uint_mask(bad | output_too_large);
- for (i = 11; i < ilen; i++) {
- input[i] &= ~bad;
+#endif
+ for (; i < len; i++) {
+ p[i] = p[i] & mask;
}
-
- /* If the plaintext is too large, truncate it to the buffer size.
- * Copy anyway to avoid revealing the length through timing, because
- * revealing the length is as bad as revealing the padding validity
- * for a Bleichenbacher attack. */
- plaintext_size = mbedtls_ct_uint_if(output_too_large,
- (unsigned) plaintext_max_size,
- (unsigned) plaintext_size);
-
- /* Move the plaintext to the leftmost position where it can start in
- * the working buffer, i.e. make it start plaintext_max_size from
- * the end of the buffer. Do this with a memory access trace that
- * does not depend on the plaintext size. After this move, the
- * starting location of the plaintext is no longer sensitive
- * information. */
- mbedtls_ct_mem_move_to_left(input + ilen - plaintext_max_size,
- plaintext_max_size,
- plaintext_max_size - plaintext_size);
-
- /* Finally copy the decrypted plaintext plus trailing zeros into the output
- * buffer. If output_max_len is 0, then output may be an invalid pointer
- * and the result of memcpy() would be undefined; prevent undefined
- * behavior making sure to depend only on output_max_len (the size of the
- * user-provided output buffer), which is independent from plaintext
- * length, validity of padding, success of the decryption, and other
- * secrets. */
- if (output_max_len != 0) {
- memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size);
- }
-
- /* Report the amount of data we copied to the output buffer. In case
- * of errors (bad padding or output too large), the value of *olen
- * when this function returns is not specified. Making it equivalent
- * to the good case limits the risks of leaking the padding validity. */
- *olen = plaintext_size;
-
- return ret;
}
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
+#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */
diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h
new file mode 100644
index 0000000..2a4574b
--- /dev/null
+++ b/library/constant_time_impl.h
@@ -0,0 +1,556 @@
+/**
+ * Constant-time functions
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONSTANT_TIME_IMPL_H
+#define MBEDTLS_CONSTANT_TIME_IMPL_H
+
+#include <stddef.h>
+
+#include "common.h"
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "mbedtls/bignum.h"
+#endif
+
+/*
+ * To improve readability of constant_time_internal.h, the static inline
+ * definitions are here, and constant_time_internal.h has only the declarations.
+ *
+ * This results in duplicate declarations of the form:
+ * static inline void f(); // from constant_time_internal.h
+ * static inline void f() { ... } // from constant_time_impl.h
+ * when constant_time_internal.h is included.
+ *
+ * This appears to behave as if the declaration-without-definition was not present
+ * (except for warnings if gcc -Wredundant-decls or similar is used).
+ *
+ * Disable -Wredundant-decls so that gcc does not warn about this. This is re-enabled
+ * at the bottom of this file.
+ */
+#if defined(MBEDTLS_COMPILER_IS_GCC) && (__GNUC__ > 4)
+ #pragma GCC diagnostic push
+ #pragma GCC diagnostic ignored "-Wredundant-decls"
+#endif
+
+/* Disable asm under Memsan because it confuses Memsan and generates false errors.
+ *
+ * We also disable under Valgrind by default, because it's more useful
+ * for Valgrind to test the plain C implementation. MBEDTLS_TEST_CONSTANT_FLOW_ASM //no-check-names
+ * may be set to permit building asm under Valgrind.
+ */
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) || \
+ (defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) && !defined(MBEDTLS_TEST_CONSTANT_FLOW_ASM)) //no-check-names
+#define MBEDTLS_CT_NO_ASM
+#elif defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+#define MBEDTLS_CT_NO_ASM
+#endif
+#endif
+
+/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \
+ __ARMCC_VERSION >= 6000000) && !defined(MBEDTLS_CT_NO_ASM)
+#define MBEDTLS_CT_ASM
+#if (defined(__arm__) || defined(__thumb__) || defined(__thumb2__))
+#define MBEDTLS_CT_ARM_ASM
+#elif defined(__aarch64__)
+#define MBEDTLS_CT_AARCH64_ASM
+#elif defined(__amd64__) || defined(__x86_64__)
+#define MBEDTLS_CT_X86_64_ASM
+#elif defined(__i386__)
+#define MBEDTLS_CT_X86_ASM
+#endif
+#endif
+
+#define MBEDTLS_CT_SIZE (sizeof(mbedtls_ct_uint_t) * 8)
+
+
+/* ============================================================================
+ * Core const-time primitives
+ */
+
+/* Ensure that the compiler cannot know the value of x (i.e., cannot optimise
+ * based on its value) after this function is called.
+ *
+ * If we are not using assembly, this will be fairly inefficient, so its use
+ * should be minimised.
+ */
+
+#if !defined(MBEDTLS_CT_ASM)
+extern volatile mbedtls_ct_uint_t mbedtls_ct_zero;
+#endif
+
+/**
+ * \brief Ensure that a value cannot be known at compile time.
+ *
+ * \param x The value to hide from the compiler.
+ * \return The same value that was passed in, such that the compiler
+ * cannot prove its value (even for calls of the form
+ * x = mbedtls_ct_compiler_opaque(1), x will be unknown).
+ *
+ * \note This is mainly used in constructing mbedtls_ct_condition_t
+ * values and performing operations over them, to ensure that
+ * there is no way for the compiler to ever know anything about
+ * the value of an mbedtls_ct_condition_t.
+ */
+static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x)
+{
+#if defined(MBEDTLS_CT_ASM)
+ asm volatile ("" : [x] "+r" (x) :);
+ return x;
+#else
+ return x ^ mbedtls_ct_zero;
+#endif
+}
+
+/*
+ * Selecting unified syntax is needed for gcc, and harmless on clang.
+ *
+ * This is needed because on Thumb 1, condition flags are always set, so
+ * e.g. "negs" is supported but "neg" is not (on Thumb 2, both exist).
+ *
+ * Under Thumb 1 unified syntax, only the "negs" form is accepted, and
+ * under divided syntax, only the "neg" form is accepted. clang only
+ * supports unified syntax.
+ *
+ * On Thumb 2 and Arm, both compilers are happy with the "s" suffix,
+ * although we don't actually care about setting the flags.
+ *
+ * For old versions of gcc (see #8516 for details), restore divided
+ * syntax afterwards - otherwise old versions of gcc seem to apply
+ * unified syntax globally, which breaks other asm code.
+ */
+#if defined(MBEDTLS_COMPILER_IS_GCC) && defined(__thumb__) && !defined(__thumb2__) && \
+ (__GNUC__ < 11) && !defined(__ARM_ARCH_2__)
+#define RESTORE_ASM_SYNTAX ".syntax divided \n\t"
+#else
+#define RESTORE_ASM_SYNTAX
+#endif
+
+/* Convert a number into a condition in constant time. */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x)
+{
+ /*
+ * Define mask-generation code that, as far as possible, will not use branches or conditional instructions.
+ *
+ * For some platforms / type sizes, we define assembly to assure this.
+ *
+ * Otherwise, we define a plain C fallback which (in May 2023) does not get optimised into
+ * conditional instructions or branches by trunk clang, gcc, or MSVC v19.
+ */
+#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ mbedtls_ct_uint_t s;
+ asm volatile ("neg %x[s], %x[x] \n\t"
+ "orr %x[x], %x[s], %x[x] \n\t"
+ "asr %x[x], %x[x], 63 \n\t"
+ :
+ [s] "=&r" (s),
+ [x] "+&r" (x)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s;
+ asm volatile (".syntax unified \n\t"
+ "negs %[s], %[x] \n\t"
+ "orrs %[x], %[x], %[s] \n\t"
+ "asrs %[x], %[x], #31 \n\t"
+ RESTORE_ASM_SYNTAX
+ :
+ [s] "=&l" (s),
+ [x] "+&l" (x)
+ :
+ :
+ "cc" /* clobbers flag bits */
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ uint64_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "neg %[s] \n\t"
+ "or %[x], %[s] \n\t"
+ "sar $63, %[s] \n\t"
+ :
+ [s] "=&a" (s)
+ :
+ [x] "D" (x)
+ :
+ );
+ return (mbedtls_ct_condition_t) s;
+#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "neg %[s] \n\t"
+ "or %[s], %[x] \n\t"
+ "sar $31, %[x] \n\t"
+ :
+ [s] "=&c" (s),
+ [x] "+&a" (x)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#else
+ const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x);
+#if defined(_MSC_VER)
+ /* MSVC has a warning about unary minus on unsigned, but this is
+ * well-defined and precisely what we want to do here */
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+ // y is negative (i.e., top bit set) iff x is non-zero
+ mbedtls_ct_int_t y = (-xo) | -(xo >> 1);
+
+ // extract only the sign bit of y so that y == 1 (if x is non-zero) or 0 (if x is zero)
+ y = (((mbedtls_ct_uint_t) y) >> (MBEDTLS_CT_SIZE - 1));
+
+ // -y has all bits set (if x is non-zero), or all bits clear (if x is zero)
+ return (mbedtls_ct_condition_t) (-y);
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+#endif
+}
+
+static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition,
+ mbedtls_ct_uint_t if1,
+ mbedtls_ct_uint_t if0)
+{
+#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t"
+ "mvn %x[condition], %x[condition] \n\t"
+ "and %x[condition], %x[condition], %x[if0] \n\t"
+ "orr %x[condition], %x[if1], %x[condition]"
+ :
+ [condition] "+&r" (condition),
+ [if1] "+&r" (if1)
+ :
+ [if0] "r" (if0)
+ :
+ );
+ return (mbedtls_ct_uint_t) condition;
+#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ asm volatile (".syntax unified \n\t"
+ "ands %[if1], %[if1], %[condition] \n\t"
+ "mvns %[condition], %[condition] \n\t"
+ "ands %[condition], %[condition], %[if0] \n\t"
+ "orrs %[condition], %[if1], %[condition] \n\t"
+ RESTORE_ASM_SYNTAX
+ :
+ [condition] "+&l" (condition),
+ [if1] "+&l" (if1)
+ :
+ [if0] "l" (if0)
+ :
+ "cc"
+ );
+ return (mbedtls_ct_uint_t) condition;
+#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ asm volatile ("and %[condition], %[if1] \n\t"
+ "not %[condition] \n\t"
+ "and %[condition], %[if0] \n\t"
+ "or %[if1], %[if0] \n\t"
+ :
+ [condition] "+&D" (condition),
+ [if1] "+&S" (if1),
+ [if0] "+&a" (if0)
+ :
+ :
+ );
+ return if0;
+#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ asm volatile ("and %[condition], %[if1] \n\t"
+ "not %[condition] \n\t"
+ "and %[if0], %[condition] \n\t"
+ "or %[condition], %[if1] \n\t"
+ :
+ [condition] "+&c" (condition),
+ [if1] "+&a" (if1)
+ :
+ [if0] "b" (if0)
+ :
+ );
+ return if1;
+#else
+ mbedtls_ct_condition_t not_cond =
+ (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition));
+ return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0));
+#endif
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
+{
+#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ uint64_t s1;
+ asm volatile ("eor %x[s1], %x[y], %x[x] \n\t"
+ "sub %x[x], %x[x], %x[y] \n\t"
+ "bic %x[x], %x[x], %x[s1] \n\t"
+ "and %x[s1], %x[s1], %x[y] \n\t"
+ "orr %x[s1], %x[x], %x[s1] \n\t"
+ "asr %x[x], %x[s1], 63"
+ :
+ [s1] "=&r" (s1),
+ [x] "+&r" (x)
+ :
+ [y] "r" (y)
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s1;
+ asm volatile (
+ ".syntax unified \n\t"
+#if defined(__thumb__) && !defined(__thumb2__)
+ "movs %[s1], %[x] \n\t"
+ "eors %[s1], %[s1], %[y] \n\t"
+#else
+ "eors %[s1], %[x], %[y] \n\t"
+#endif
+ "subs %[x], %[x], %[y] \n\t"
+ "bics %[x], %[x], %[s1] \n\t"
+ "ands %[y], %[s1], %[y] \n\t"
+ "orrs %[x], %[x], %[y] \n\t"
+ "asrs %[x], %[x], #31 \n\t"
+ RESTORE_ASM_SYNTAX
+ :
+ [s1] "=&l" (s1),
+ [x] "+&l" (x),
+ [y] "+&l" (y)
+ :
+ :
+ "cc"
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ uint64_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "xor %[y], %[s] \n\t"
+ "sub %[y], %[x] \n\t"
+ "and %[s], %[y] \n\t"
+ "not %[s] \n\t"
+ "and %[s], %[x] \n\t"
+ "or %[y], %[x] \n\t"
+ "sar $63, %[x] \n\t"
+ :
+ [s] "=&a" (s),
+ [x] "+&D" (x),
+ [y] "+&S" (y)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "xor %[y], %[s] \n\t"
+ "sub %[y], %[x] \n\t"
+ "and %[s], %[y] \n\t"
+ "not %[s] \n\t"
+ "and %[s], %[x] \n\t"
+ "or %[y], %[x] \n\t"
+ "sar $31, %[x] \n\t"
+ :
+ [s] "=&b" (s),
+ [x] "+&a" (x),
+ [y] "+&c" (y)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#else
+ /* Ensure that the compiler cannot optimise the following operations over x and y,
+ * even if it knows the value of x and y.
+ */
+ const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x);
+ const mbedtls_ct_uint_t yo = mbedtls_ct_compiler_opaque(y);
+ /*
+ * Check if the most significant bits (MSB) of the operands are different.
+ * cond is true iff the MSBs differ.
+ */
+ mbedtls_ct_condition_t cond = mbedtls_ct_bool((xo ^ yo) >> (MBEDTLS_CT_SIZE - 1));
+
+ /*
+ * If the MSB are the same then the difference x-y will be negative (and
+ * have its MSB set to 1 during conversion to unsigned) if and only if x<y.
+ *
+ * If the MSB are different, then the operand with the MSB of 1 is the
+ * bigger. (That is if y has MSB of 1, then x<y is true and it is false if
+ * the MSB of y is 0.)
+ */
+
+ // Select either y, or x - y
+ mbedtls_ct_uint_t ret = mbedtls_ct_if(cond, yo, (mbedtls_ct_uint_t) (xo - yo));
+
+ // Extract only the MSB of ret
+ ret = ret >> (MBEDTLS_CT_SIZE - 1);
+
+ // Convert to a condition (i.e., all bits set iff non-zero)
+ return mbedtls_ct_bool(ret);
+#endif
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
+{
+ /* diff = 0 if x == y, non-zero otherwise */
+ const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y);
+
+ /* all ones if x != y, 0 otherwise */
+ return mbedtls_ct_bool(diff);
+}
+
+static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low,
+ unsigned char high,
+ unsigned char c,
+ unsigned char t)
+{
+ const unsigned char co = (unsigned char) mbedtls_ct_compiler_opaque(c);
+ const unsigned char to = (unsigned char) mbedtls_ct_compiler_opaque(t);
+
+ /* low_mask is: 0 if low <= c, 0x...ff if low > c */
+ unsigned low_mask = ((unsigned) co - low) >> 8;
+ /* high_mask is: 0 if c <= high, 0x...ff if c > high */
+ unsigned high_mask = ((unsigned) high - co) >> 8;
+
+ return (unsigned char) (~(low_mask | high_mask)) & to;
+}
+
+/* ============================================================================
+ * Everything below here is trivial wrapper functions
+ */
+
+static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition,
+ size_t if1,
+ size_t if0)
+{
+ return (size_t) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0);
+}
+
+static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition,
+ unsigned if1,
+ unsigned if0)
+{
+ return (unsigned) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_if(mbedtls_ct_condition_t condition,
+ mbedtls_ct_condition_t if1,
+ mbedtls_ct_condition_t if0)
+{
+ return (mbedtls_ct_condition_t) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1,
+ (mbedtls_ct_uint_t) if0);
+}
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition,
+ mbedtls_mpi_uint if1,
+ mbedtls_mpi_uint if0)
+{
+ return (mbedtls_mpi_uint) mbedtls_ct_if(condition,
+ (mbedtls_ct_uint_t) if1,
+ (mbedtls_ct_uint_t) if0);
+}
+
+#endif
+
+static inline size_t mbedtls_ct_size_if_else_0(mbedtls_ct_condition_t condition, size_t if1)
+{
+ return (size_t) (condition & if1);
+}
+
+static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1)
+{
+ return (unsigned) (condition & if1);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_if_else_0(mbedtls_ct_condition_t condition,
+ mbedtls_ct_condition_t if1)
+{
+ return (mbedtls_ct_condition_t) (condition & if1);
+}
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition,
+ mbedtls_mpi_uint if1)
+{
+ return (mbedtls_mpi_uint) (condition & if1);
+}
+
+#endif /* MBEDTLS_BIGNUM_C */
+
+static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0)
+{
+ /* Coverting int -> uint -> int here is safe, because we require if1 and if0 to be
+ * in the range -32767..0, and we require 32-bit int and uint types.
+ *
+ * This means that (0 <= -if0 < INT_MAX), so negating if0 is safe, and similarly for
+ * converting back to int.
+ */
+ return -((int) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) (-if1),
+ (mbedtls_ct_uint_t) (-if0)));
+}
+
+static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, int if1)
+{
+ return -((int) (condition & (-if1)));
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y)
+{
+ return ~mbedtls_ct_uint_ne(x, y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y)
+{
+ return mbedtls_ct_uint_lt(y, x);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y)
+{
+ return ~mbedtls_ct_uint_lt(x, y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y)
+{
+ return ~mbedtls_ct_uint_gt(x, y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y)
+{
+ return (mbedtls_ct_condition_t) (x ^ y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_and(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y)
+{
+ return (mbedtls_ct_condition_t) (x & y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_or(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y)
+{
+ return (mbedtls_ct_condition_t) (x | y);
+}
+
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t x)
+{
+ return (mbedtls_ct_condition_t) (~x);
+}
+
+#if defined(MBEDTLS_COMPILER_IS_GCC) && (__GNUC__ > 4)
+/* Restore warnings for -Wredundant-decls on gcc */
+ #pragma GCC diagnostic pop
+#endif
+
+#endif /* MBEDTLS_CONSTANT_TIME_IMPL_H */
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index c4a32c7..61a5c6d 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -2,242 +2,512 @@
* Constant-time functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CONSTANT_TIME_INTERNAL_H
#define MBEDTLS_CONSTANT_TIME_INTERNAL_H
+#include <stdint.h>
+#include <stddef.h>
+
#include "common.h"
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
#endif
-#if defined(MBEDTLS_SSL_TLS_C)
-#include "ssl_misc.h"
+/* The constant-time interface provides various operations that are likely
+ * to result in constant-time code that does not branch or use conditional
+ * instructions for secret data (for secret pointers, this also applies to
+ * the data pointed to).
+ *
+ * It has three main parts:
+ *
+ * - boolean operations
+ * These are all named mbedtls_ct_<type>_<operation>.
+ * They operate over <type> and return mbedtls_ct_condition_t.
+ * All arguments are considered secret.
+ * example: bool x = y | z => x = mbedtls_ct_bool_or(y, z)
+ * example: bool x = y == z => x = mbedtls_ct_uint_eq(y, z)
+ *
+ * - conditional data selection
+ * These are all named mbedtls_ct_<type>_if and mbedtls_ct_<type>_if_else_0
+ * All arguments are considered secret.
+ * example: size_t a = x ? b : c => a = mbedtls_ct_size_if(x, b, c)
+ * example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint_if_else_0(x, b)
+ *
+ * - block memory operations
+ * Only some arguments are considered secret, as documented for each
+ * function.
+ * example: if (x) memcpy(...) => mbedtls_ct_memcpy_if(x, ...)
+ *
+ * mbedtls_ct_condition_t must be treated as opaque and only created and
+ * manipulated via the functions in this header. The compiler should never
+ * be able to prove anything about its value at compile-time.
+ *
+ * mbedtls_ct_uint_t is an unsigned integer type over which constant time
+ * operations may be performed via the functions in this header. It is as big
+ * as the larger of size_t and mbedtls_mpi_uint, i.e. it is safe to cast
+ * to/from "unsigned int", "size_t", and "mbedtls_mpi_uint" (and any other
+ * not-larger integer types).
+ *
+ * For Arm (32-bit, 64-bit and Thumb), x86 and x86-64, assembly implementations
+ * are used to ensure that the generated code is constant time. For other
+ * architectures, it uses a plain C fallback designed to yield constant-time code
+ * (this has been observed to be constant-time on latest gcc, clang and MSVC
+ * as of May 2023).
+ *
+ * For readability, the static inline definitions are separated out into
+ * constant_time_impl.h.
+ */
+
+#if (SIZE_MAX > 0xffffffffffffffffULL)
+/* Pointer size > 64-bit */
+typedef size_t mbedtls_ct_condition_t;
+typedef size_t mbedtls_ct_uint_t;
+typedef ptrdiff_t mbedtls_ct_int_t;
+#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(SIZE_MAX))
+#elif (SIZE_MAX > 0xffffffff) || defined(MBEDTLS_HAVE_INT64)
+/* 32-bit < pointer size <= 64-bit, or 64-bit MPI */
+typedef uint64_t mbedtls_ct_condition_t;
+typedef uint64_t mbedtls_ct_uint_t;
+typedef int64_t mbedtls_ct_int_t;
+#define MBEDTLS_CT_SIZE_64
+#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(UINT64_MAX))
+#else
+/* Pointer size <= 32-bit, and no 64-bit MPIs */
+typedef uint32_t mbedtls_ct_condition_t;
+typedef uint32_t mbedtls_ct_uint_t;
+typedef int32_t mbedtls_ct_int_t;
+#define MBEDTLS_CT_SIZE_32
+#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(UINT32_MAX))
#endif
+#define MBEDTLS_CT_FALSE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(0))
-#include <stddef.h>
-
-
-/** Turn a value into a mask:
- * - if \p value == 0, return the all-bits 0 mask, aka 0
- * - otherwise, return the all-bits 1 mask, aka (unsigned) -1
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param value The value to analyze.
- *
- * \return Zero if \p value is zero, otherwise all-bits-one.
+/* ============================================================================
+ * Boolean operations
*/
-unsigned mbedtls_ct_uint_mask(unsigned value);
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-
-/** Turn a value into a mask:
- * - if \p value == 0, return the all-bits 0 mask, aka 0
- * - otherwise, return the all-bits 1 mask, aka (size_t) -1
+/** Convert a number into a mbedtls_ct_condition_t.
*
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
+ * \param x Number to convert.
*
- * \param value The value to analyze.
+ * \return MBEDTLS_CT_TRUE if \p x != 0, or MBEDTLS_CT_FALSE if \p x == 0
*
- * \return Zero if \p value is zero, otherwise all-bits-one.
*/
-size_t mbedtls_ct_size_mask(size_t value);
+static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x);
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-/** Turn a value into a mask:
- * - if \p value == 0, return the all-bits 0 mask, aka 0
- * - otherwise, return the all-bits 1 mask, aka (mbedtls_mpi_uint) -1
+/** Boolean "not equal" operation.
*
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
+ * Functionally equivalent to:
*
- * \param value The value to analyze.
- *
- * \return Zero if \p value is zero, otherwise all-bits-one.
- */
-mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value);
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-
-/** Constant-flow mask generation for "greater or equal" comparison:
- * - if \p x >= \p y, return all-bits 1, that is (size_t) -1
- * - otherwise, return all bits 0, that is 0
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
+ * \p x != \p y
*
* \param x The first value to analyze.
* \param y The second value to analyze.
*
- * \return All-bits-one if \p x is greater or equal than \p y,
- * otherwise zero.
+ * \return MBEDTLS_CT_TRUE if \p x != \p y, otherwise MBEDTLS_CT_FALSE.
*/
-size_t mbedtls_ct_size_mask_ge(size_t x,
- size_t y);
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
-
-/** Constant-flow boolean "equal" comparison:
- * return x == y
+/** Boolean "equals" operation.
*
- * This is equivalent to \p x == \p y, but is likely to be compiled
- * to code using bitwise operation rather than a branch.
+ * Functionally equivalent to:
+ *
+ * \p x == \p y
*
* \param x The first value to analyze.
* \param y The second value to analyze.
*
- * \return 1 if \p x equals to \p y, otherwise 0.
+ * \return MBEDTLS_CT_TRUE if \p x == \p y, otherwise MBEDTLS_CT_FALSE.
*/
-unsigned mbedtls_ct_size_bool_eq(size_t x,
- size_t y);
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y);
-#if defined(MBEDTLS_BIGNUM_C)
-
-/** Decide if an integer is less than the other, without branches.
+/** Boolean "less than" operation.
*
- * This is equivalent to \p x < \p y, but is likely to be compiled
- * to code using bitwise operation rather than a branch.
+ * Functionally equivalent to:
+ *
+ * \p x < \p y
*
* \param x The first value to analyze.
* \param y The second value to analyze.
*
- * \return 1 if \p x is less than \p y, otherwise 0.
+ * \return MBEDTLS_CT_TRUE if \p x < \p y, otherwise MBEDTLS_CT_FALSE.
*/
-unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x,
- const mbedtls_mpi_uint y);
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
-/**
- * \brief Check if one unsigned MPI is less than another in constant
- * time.
+/** Boolean "greater than" operation.
*
- * \param A The left-hand MPI. This must point to an array of limbs
- * with the same allocated length as \p B.
- * \param B The right-hand MPI. This must point to an array of limbs
- * with the same allocated length as \p A.
- * \param limbs The number of limbs in \p A and \p B.
- * This must not be 0.
+ * Functionally equivalent to:
*
- * \return The result of the comparison:
- * \c 1 if \p A is less than \p B.
- * \c 0 if \p A is greater than or equal to \p B.
+ * \p x > \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x > \p y, otherwise MBEDTLS_CT_FALSE.
*/
-unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A,
- const mbedtls_mpi_uint *B,
- size_t limbs);
-#endif /* MBEDTLS_BIGNUM_C */
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y);
-/** Choose between two integer values without branches.
+/** Boolean "greater or equal" operation.
*
- * This is equivalent to `condition ? if1 : if0`, but is likely to be compiled
- * to code using bitwise operation rather than a branch.
+ * Functionally equivalent to:
+ *
+ * \p x >= \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x >= \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y);
+
+/** Boolean "less than or equal" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x <= \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x <= \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x,
+ mbedtls_ct_uint_t y);
+
+/** Boolean not-equals operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x != \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \note This is more efficient than mbedtls_ct_uint_ne if both arguments are
+ * mbedtls_ct_condition_t.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x != \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y);
+
+/** Boolean "and" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x && \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x && \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_and(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y);
+
+/** Boolean "or" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * \p x || \p y
+ *
+ * \param x The first value to analyze.
+ * \param y The second value to analyze.
+ *
+ * \return MBEDTLS_CT_TRUE if \p x || \p y,
+ * otherwise MBEDTLS_CT_FALSE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_or(mbedtls_ct_condition_t x,
+ mbedtls_ct_condition_t y);
+
+/** Boolean "not" operation.
+ *
+ * Functionally equivalent to:
+ *
+ * ! \p x
+ *
+ * \param x The value to invert
+ *
+ * \return MBEDTLS_CT_FALSE if \p x, otherwise MBEDTLS_CT_TRUE.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t x);
+
+
+/* ============================================================================
+ * Data selection operations
+ */
+
+/** Choose between two size_t values.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
*
* \param condition Condition to test.
- * \param if1 Value to use if \p condition is nonzero.
- * \param if0 Value to use if \p condition is zero.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
*
- * \return \c if1 if \p condition is nonzero, otherwise \c if0.
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
*/
-unsigned mbedtls_ct_uint_if(unsigned condition,
- unsigned if1,
- unsigned if0);
+static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition,
+ size_t if1,
+ size_t if0);
+
+/** Choose between two unsigned values.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
+ */
+static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition,
+ unsigned if1,
+ unsigned if0);
+
+/** Choose between two mbedtls_ct_condition_t values.
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
+ */
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_if(mbedtls_ct_condition_t condition,
+ mbedtls_ct_condition_t if1,
+ mbedtls_ct_condition_t if0);
#if defined(MBEDTLS_BIGNUM_C)
-/** Conditionally assign a value without branches.
+/** Choose between two mbedtls_mpi_uint values.
*
- * This is equivalent to `if ( condition ) dest = src`, but is likely
- * to be compiled to code using bitwise operation rather than a branch.
+ * Functionally equivalent to:
*
- * \param n \p dest and \p src must be arrays of limbs of size n.
- * \param dest The MPI to conditionally assign to. This must point
- * to an initialized MPI.
- * \param src The MPI to be assigned from. This must point to an
- * initialized MPI.
- * \param condition Condition to test, must be 0 or 1.
+ * condition ? if1 : if0.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
*/
-void mbedtls_ct_mpi_uint_cond_assign(size_t n,
- mbedtls_mpi_uint *dest,
- const mbedtls_mpi_uint *src,
- unsigned char condition);
+static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, \
+ mbedtls_mpi_uint if1, \
+ mbedtls_mpi_uint if0);
-#endif /* MBEDTLS_BIGNUM_C */
+#endif
-#if defined(MBEDTLS_BASE64_C)
-
-/** Given a value in the range 0..63, return the corresponding Base64 digit.
+/** Choose between an unsigned value and 0.
*
- * The implementation assumes that letters are consecutive (e.g. ASCII
- * but not EBCDIC).
+ * Functionally equivalent to:
*
- * \param value A value in the range 0..63.
+ * condition ? if1 : 0.
*
- * \return A base64 digit converted from \p value.
+ * Functionally equivalent to mbedtls_ct_uint_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
*/
-unsigned char mbedtls_ct_base64_enc_char(unsigned char value);
+static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1);
-/** Given a Base64 digit, return its value.
+/** Choose between an mbedtls_ct_condition_t and 0.
*
- * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
- * return -1.
+ * Functionally equivalent to:
*
- * The implementation assumes that letters are consecutive (e.g. ASCII
- * but not EBCDIC).
+ * condition ? if1 : 0.
*
- * \param c A base64 digit.
+ * Functionally equivalent to mbedtls_ct_bool_if(condition, if1, 0) but
+ * results in smaller code size.
*
- * \return The value of the base64 digit \p c.
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
*/
-signed char mbedtls_ct_base64_dec_value(unsigned char c);
+static inline mbedtls_ct_condition_t mbedtls_ct_bool_if_else_0(mbedtls_ct_condition_t condition,
+ mbedtls_ct_condition_t if1);
-#endif /* MBEDTLS_BASE64_C */
-
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-
-/** Conditional memcpy without branches.
+/** Choose between a size_t value and 0.
*
- * This is equivalent to `if ( c1 == c2 ) memcpy(dest, src, len)`, but is likely
- * to be compiled to code using bitwise operation rather than a branch.
+ * Functionally equivalent to:
*
- * \param dest The pointer to conditionally copy to.
- * \param src The pointer to copy from. Shouldn't overlap with \p dest.
- * \param len The number of bytes to copy.
- * \param c1 The first value to analyze in the condition.
- * \param c2 The second value to analyze in the condition.
+ * condition ? if1 : 0.
+ *
+ * Functionally equivalent to mbedtls_ct_size_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
*/
-void mbedtls_ct_memcpy_if_eq(unsigned char *dest,
- const unsigned char *src,
- size_t len,
- size_t c1, size_t c2);
+static inline size_t mbedtls_ct_size_if_else_0(mbedtls_ct_condition_t condition, size_t if1);
-/** Copy data from a secret position with constant flow.
+#if defined(MBEDTLS_BIGNUM_C)
+
+/** Choose between an mbedtls_mpi_uint value and 0.
*
- * This function copies \p len bytes from \p src_base + \p offset_secret to \p
- * dst, with a code flow and memory access pattern that does not depend on \p
- * offset_secret, but only on \p offset_min, \p offset_max and \p len.
- * Functionally equivalent to `memcpy(dst, src + offset_secret, len)`.
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : 0.
+ *
+ * Functionally equivalent to mbedtls_ct_mpi_uint_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
+ */
+static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition,
+ mbedtls_mpi_uint if1);
+
+#endif
+
+/** Constant-flow char selection
+ *
+ * \param low Secret. Bottom of range
+ * \param high Secret. Top of range
+ * \param c Secret. Value to compare to range
+ * \param t Secret. Value to return, if in range
+ *
+ * \return \p t if \p low <= \p c <= \p high, 0 otherwise.
+ */
+static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low,
+ unsigned char high,
+ unsigned char c,
+ unsigned char t);
+
+/** Choose between two error values. The values must be in the range [-32767..0].
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0 Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
+ */
+static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0);
+
+/** Choose between an error value and 0. The error value must be in the range [-32767..0].
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : 0.
+ *
+ * Functionally equivalent to mbedtls_ct_error_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition Condition to test.
+ * \param if1 Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
+ */
+static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, int if1);
+
+/* ============================================================================
+ * Block memory operations
+ */
+
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
+
+/** Conditionally set a block of memory to zero.
+ *
+ * Regardless of the condition, every byte will be read once and written to
+ * once.
+ *
+ * \param condition Secret. Condition to test.
+ * \param buf Secret. Pointer to the start of the buffer.
+ * \param len Number of bytes to set to zero.
+ *
+ * \warning Unlike mbedtls_platform_zeroize, this does not have the same guarantees
+ * about not being optimised away if the memory is never read again.
+ */
+void mbedtls_ct_zeroize_if(mbedtls_ct_condition_t condition, void *buf, size_t len);
+
+/** Shift some data towards the left inside a buffer.
+ *
+ * Functionally equivalent to:
+ *
+ * memmove(start, start + offset, total - offset);
+ * memset(start + (total - offset), 0, offset);
+ *
+ * Timing independence comes at the expense of performance.
+ *
+ * \param start Secret. Pointer to the start of the buffer.
+ * \param total Total size of the buffer.
+ * \param offset Secret. Offset from which to copy \p total - \p offset bytes.
+ */
+void mbedtls_ct_memmove_left(void *start,
+ size_t total,
+ size_t offset);
+
+#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */
+
+/** Conditional memcpy.
+ *
+ * Functionally equivalent to:
+ *
+ * if (condition) {
+ * memcpy(dest, src1, len);
+ * } else {
+ * if (src2 != NULL)
+ * memcpy(dest, src2, len);
+ * }
+ *
+ * It will always read len bytes from src1.
+ * If src2 != NULL, it will always read len bytes from src2.
+ * If src2 == NULL, it will instead read len bytes from dest (as if src2 == dest).
+ *
+ * \param condition The condition
+ * \param dest Secret. Destination pointer.
+ * \param src1 Secret. Pointer to copy from (if \p condition == MBEDTLS_CT_TRUE).
+ * This may be equal to \p dest, but may not overlap in other ways.
+ * \param src2 Secret (contents only - may branch to determine if this parameter is NULL).
+ * Pointer to copy from (if \p condition == MBEDTLS_CT_FALSE and \p src2 is not NULL). May be NULL.
+ * This may be equal to \p dest, but may not overlap it in other ways. It may overlap with \p src1.
+ * \param len Number of bytes to copy.
+ */
+void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition,
+ unsigned char *dest,
+ const unsigned char *src1,
+ const unsigned char *src2,
+ size_t len
+ );
+
+/** Copy data from a secret position.
+ *
+ * Functionally equivalent to:
+ *
+ * memcpy(dst, src + offset, len)
+ *
+ * This function copies \p len bytes from \p src + \p offset to
+ * \p dst, with a code flow and memory access pattern that does not depend on
+ * \p offset, but only on \p offset_min, \p offset_max and \p len.
*
* \note This function reads from \p dest, but the value that
* is read does not influence the result and this
@@ -246,12 +516,12 @@
* positives from static or dynamic analyzers, especially
* if \p dest is not initialized.
*
- * \param dest The destination buffer. This must point to a writable
+ * \param dest Secret. The destination buffer. This must point to a writable
* buffer of at least \p len bytes.
- * \param src The base of the source buffer. This must point to a
+ * \param src Secret. The base of the source buffer. This must point to a
* readable buffer of at least \p offset_max + \p len
- * bytes. Shouldn't overlap with \p dest.
- * \param offset The offset in the source buffer from which to copy.
+ * bytes. Shouldn't overlap with \p dest
+ * \param offset Secret. The offset in the source buffer from which to copy.
* This must be no less than \p offset_min and no greater
* than \p offset_max.
* \param offset_min The minimal value of \p offset.
@@ -265,99 +535,45 @@
size_t offset_max,
size_t len);
-/** Compute the HMAC of variable-length data with constant flow.
- *
- * This function computes the HMAC of the concatenation of \p add_data and \p
- * data, and does with a code flow and memory access pattern that does not
- * depend on \p data_len_secret, but only on \p min_data_len and \p
- * max_data_len. In particular, this function always reads exactly \p
- * max_data_len bytes from \p data.
- *
- * \param ctx The HMAC context. It must have keys configured
- * with mbedtls_md_hmac_starts() and use one of the
- * following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
- * It is reset using mbedtls_md_hmac_reset() after
- * the computation is complete to prepare for the
- * next computation.
- * \param add_data The first part of the message whose HMAC is being
- * calculated. This must point to a readable buffer
- * of \p add_data_len bytes.
- * \param add_data_len The length of \p add_data in bytes.
- * \param data The buffer containing the second part of the
- * message. This must point to a readable buffer
- * of \p max_data_len bytes.
- * \param data_len_secret The length of the data to process in \p data.
- * This must be no less than \p min_data_len and no
- * greater than \p max_data_len.
- * \param min_data_len The minimal length of the second part of the
- * message, read from \p data.
- * \param max_data_len The maximal length of the second part of the
- * message, read from \p data.
- * \param output The HMAC will be written here. This must point to
- * a writable buffer of sufficient size to hold the
- * HMAC value.
- *
- * \retval 0 on success.
- * \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
- * The hardware accelerator failed.
+/* Documented in include/mbedtls/constant_time.h. a and b are secret.
+
+ int mbedtls_ct_memcmp(const void *a,
+ const void *b,
+ size_t n);
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ct_hmac(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const unsigned char *add_data,
- size_t add_data_len,
- const unsigned char *data,
- size_t data_len_secret,
- size_t min_data_len,
- size_t max_data_len,
- unsigned char *output);
-#else
-int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
- const unsigned char *add_data,
- size_t add_data_len,
- const unsigned char *data,
- size_t data_len_secret,
- size_t min_data_len,
- size_t max_data_len,
- unsigned char *output);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+#if defined(MBEDTLS_NIST_KW_C)
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-
-/** This function performs the unpadding part of a PKCS#1 v1.5 decryption
- * operation (EME-PKCS1-v1_5 decoding).
+/** Constant-time buffer comparison without branches.
*
- * \note The return value from this function is a sensitive value
- * (this is unusual). #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE shouldn't happen
- * in a well-written application, but 0 vs #MBEDTLS_ERR_RSA_INVALID_PADDING
- * is often a situation that an attacker can provoke and leaking which
- * one is the result is precisely the information the attacker wants.
+ * Similar to mbedtls_ct_memcmp, except that the result only depends on part of
+ * the input data - differences in the head or tail are ignored. Functionally equivalent to:
*
- * \param input The input buffer which is the payload inside PKCS#1v1.5
- * encryption padding, called the "encoded message EM"
- * by the terminology.
- * \param ilen The length of the payload in the \p input buffer.
- * \param output The buffer for the payload, called "message M" by the
- * PKCS#1 terminology. This must be a writable buffer of
- * length \p output_max_len bytes.
- * \param olen The address at which to store the length of
- * the payload. This must not be \c NULL.
- * \param output_max_len The length in bytes of the output buffer \p output.
+ * memcmp(a + skip_head, b + skip_head, size - skip_head - skip_tail)
*
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
- * The output buffer is too small for the unpadded payload.
- * \return #MBEDTLS_ERR_RSA_INVALID_PADDING
- * The input doesn't contain properly formatted padding.
+ * Time taken depends on \p n, but not on \p skip_head or \p skip_tail .
+ *
+ * Behaviour is undefined if ( \p skip_head + \p skip_tail) > \p n.
+ *
+ * \param a Secret. Pointer to the first buffer, containing at least \p n bytes. May not be NULL.
+ * \param b Secret. Pointer to the second buffer, containing at least \p n bytes. May not be NULL.
+ * \param n The number of bytes to examine (total size of the buffers).
+ * \param skip_head Secret. The number of bytes to treat as non-significant at the start of the buffer.
+ * These bytes will still be read.
+ * \param skip_tail Secret. The number of bytes to treat as non-significant at the end of the buffer.
+ * These bytes will still be read.
+ *
+ * \return Zero if the contents of the two buffers are the same, otherwise non-zero.
*/
-int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input,
- size_t ilen,
- unsigned char *output,
- size_t output_max_len,
- size_t *olen);
+int mbedtls_ct_memcmp_partial(const void *a,
+ const void *b,
+ size_t n,
+ size_t skip_head,
+ size_t skip_tail);
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
+#endif
+
+/* Include the implementation of static inline functions above. */
+#include "constant_time_impl.h"
#endif /* MBEDTLS_CONSTANT_TIME_INTERNAL_H */
diff --git a/library/constant_time_invasive.h b/library/constant_time_invasive.h
deleted file mode 100644
index c176b28..0000000
--- a/library/constant_time_invasive.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * \file constant_time_invasive.h
- *
- * \brief Constant-time module: interfaces for invasive testing only.
- *
- * The interfaces in this file are intended for testing purposes only.
- * They SHOULD NOT be made available in library integrations except when
- * building the library for testing.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CONSTANT_TIME_INVASIVE_H
-#define MBEDTLS_CONSTANT_TIME_INVASIVE_H
-
-#include "common.h"
-
-#if defined(MBEDTLS_TEST_HOOKS)
-
-/** Turn a value into a mask:
- * - if \p low <= \p c <= \p high,
- * return the all-bits 1 mask, aka (unsigned) -1
- * - otherwise, return the all-bits 0 mask, aka 0
- *
- * \param low The value to analyze.
- * \param high The value to analyze.
- * \param c The value to analyze.
- *
- * \return All-bits-one if \p low <= \p c <= \p high, otherwise zero.
- */
-unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low,
- unsigned char high,
- unsigned char c);
-
-#endif /* MBEDTLS_TEST_HOOKS */
-
-#endif /* MBEDTLS_CONSTANT_TIME_INVASIVE_H */
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index fdd753d..da34f95 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -2,19 +2,7 @@
* CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The NIST SP 800-90 DRBGs are described in the following publication.
@@ -36,15 +24,60 @@
#include <stdio.h>
#endif
+/* Using error translation functions from PSA to MbedTLS */
+#if !defined(MBEDTLS_AES_C)
+#include "psa_util_internal.h"
+#endif
+
#include "mbedtls/platform.h"
+#if !defined(MBEDTLS_AES_C)
+static psa_status_t ctr_drbg_setup_psa_context(mbedtls_ctr_drbg_psa_context *psa_ctx,
+ unsigned char *key, size_t key_len)
+{
+ psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status;
+
+ psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&key_attr, PSA_ALG_ECB_NO_PADDING);
+ psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES);
+ status = psa_import_key(&key_attr, key, key_len, &psa_ctx->key_id);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
+ status = psa_cipher_encrypt_setup(&psa_ctx->operation, psa_ctx->key_id, PSA_ALG_ECB_NO_PADDING);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
+exit:
+ psa_reset_key_attributes(&key_attr);
+ return status;
+}
+
+static void ctr_drbg_destroy_psa_contex(mbedtls_ctr_drbg_psa_context *psa_ctx)
+{
+ psa_cipher_abort(&psa_ctx->operation);
+ psa_destroy_key(psa_ctx->key_id);
+
+ psa_ctx->operation = psa_cipher_operation_init();
+ psa_ctx->key_id = MBEDTLS_SVC_KEY_ID_INIT;
+}
+#endif
+
/*
* CTR_DRBG context initialization
*/
void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx)
{
memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context));
+#if defined(MBEDTLS_AES_C)
mbedtls_aes_init(&ctx->aes_ctx);
+#else
+ ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ ctx->psa_ctx.operation = psa_cipher_operation_init();
+#endif
/* Indicate that the entropy nonce length is not set explicitly.
* See mbedtls_ctr_drbg_set_nonce_len(). */
ctx->reseed_counter = -1;
@@ -68,7 +101,11 @@
mbedtls_mutex_free(&ctx->mutex);
}
#endif
+#if defined(MBEDTLS_AES_C)
mbedtls_aes_free(&ctx->aes_ctx);
+#else
+ ctr_drbg_destroy_psa_contex(&ctx->psa_ctx);
+#endif
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context));
ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
ctx->reseed_counter = -1;
@@ -129,8 +166,17 @@
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
unsigned char *p, *iv;
- mbedtls_aes_context aes_ctx;
int ret = 0;
+#if defined(MBEDTLS_AES_C)
+ mbedtls_aes_context aes_ctx;
+#else
+ psa_status_t status;
+ size_t tmp_len;
+ mbedtls_ctr_drbg_psa_context psa_ctx;
+
+ psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_ctx.operation = psa_cipher_operation_init();
+#endif
int i, j;
size_t buf_len, use_len;
@@ -141,7 +187,6 @@
memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
MBEDTLS_CTR_DRBG_BLOCKSIZE + 16);
- mbedtls_aes_init(&aes_ctx);
/*
* Construct IV (16 bytes) and S in buffer
@@ -163,10 +208,20 @@
key[i] = i;
}
+#if defined(MBEDTLS_AES_C)
+ mbedtls_aes_init(&aes_ctx);
+
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
+#else
+ status = ctr_drbg_setup_psa_context(&psa_ctx, key, sizeof(key));
+ if (status != PSA_SUCCESS) {
+ ret = psa_generic_status_to_mbedtls(status);
+ goto exit;
+ }
+#endif
/*
* Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
@@ -182,10 +237,19 @@
use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ?
MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
+#if defined(MBEDTLS_AES_C)
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
chain, chain)) != 0) {
goto exit;
}
+#else
+ status = psa_cipher_update(&psa_ctx.operation, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE,
+ chain, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len);
+ if (status != PSA_SUCCESS) {
+ ret = psa_generic_status_to_mbedtls(status);
+ goto exit;
+ }
+#endif
}
memcpy(tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE);
@@ -199,23 +263,46 @@
/*
* Do final encryption with reduced data
*/
+#if defined(MBEDTLS_AES_C)
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
+#else
+ ctr_drbg_destroy_psa_contex(&psa_ctx);
+
+ status = ctr_drbg_setup_psa_context(&psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE);
+ if (status != PSA_SUCCESS) {
+ ret = psa_generic_status_to_mbedtls(status);
+ goto exit;
+ }
+#endif
iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
p = output;
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
+#if defined(MBEDTLS_AES_C)
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
iv, iv)) != 0) {
goto exit;
}
+#else
+ status = psa_cipher_update(&psa_ctx.operation, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE,
+ iv, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len);
+ if (status != PSA_SUCCESS) {
+ ret = psa_generic_status_to_mbedtls(status);
+ goto exit;
+ }
+#endif
memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE);
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
}
exit:
+#if defined(MBEDTLS_AES_C)
mbedtls_aes_free(&aes_ctx);
+#else
+ ctr_drbg_destroy_psa_contex(&psa_ctx);
+#endif
/*
* tidy up the stack
*/
@@ -248,6 +335,10 @@
unsigned char *p = tmp;
int i, j;
int ret = 0;
+#if !defined(MBEDTLS_AES_C)
+ psa_status_t status;
+ size_t tmp_len;
+#endif
memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
@@ -264,10 +355,19 @@
/*
* Crypt counter block
*/
+#if defined(MBEDTLS_AES_C)
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, p)) != 0) {
goto exit;
}
+#else
+ status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter),
+ p, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len);
+ if (status != PSA_SUCCESS) {
+ ret = psa_generic_status_to_mbedtls(status);
+ goto exit;
+ }
+#endif
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
}
@@ -279,10 +379,20 @@
/*
* Update key and counter
*/
+#if defined(MBEDTLS_AES_C)
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit;
}
+#else
+ ctr_drbg_destroy_psa_contex(&ctx->psa_ctx);
+
+ status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE);
+ if (status != PSA_SUCCESS) {
+ ret = psa_generic_status_to_mbedtls(status);
+ goto exit;
+ }
+#endif
memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
MBEDTLS_CTR_DRBG_BLOCKSIZE);
@@ -459,10 +569,20 @@
good_nonce_len(ctx->entropy_len));
/* Initialize with an empty key. */
+#if defined(MBEDTLS_AES_C)
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
return ret;
}
+#else
+ psa_status_t status;
+
+ status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, key, MBEDTLS_CTR_DRBG_KEYSIZE);
+ if (status != PSA_SUCCESS) {
+ ret = psa_generic_status_to_mbedtls(status);
+ return status;
+ }
+#endif
/* Do the initial seeding. */
if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len,
@@ -543,10 +663,22 @@
/*
* Crypt counter block
*/
+#if defined(MBEDTLS_AES_C)
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, tmp)) != 0) {
goto exit;
}
+#else
+ psa_status_t status;
+ size_t tmp_len;
+
+ status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter),
+ tmp, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len);
+ if (status != PSA_SUCCESS) {
+ ret = psa_generic_status_to_mbedtls(status);
+ goto exit;
+ }
+#endif
use_len = (output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE)
? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len;
diff --git a/library/debug.c b/library/debug.c
index 56bc3f6..a9d58e5 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -2,19 +2,7 @@
* Debugging routines
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -144,7 +132,6 @@
debug_send_line(ssl, level, file, line, str);
- idx = 0;
memset(txt, 0, sizeof(txt));
for (i = 0; i < len; i++) {
if (i >= 4096) {
@@ -202,17 +189,54 @@
}
#endif /* MBEDTLS_ECP_LIGHT */
-#if defined(MBEDTLS_BIGNUM_C)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line, const char *text,
+ const unsigned char *buf, size_t len)
+{
+ char str[DEBUG_BUF_SIZE];
+ size_t i, idx = 0;
+
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n",
+ text, (unsigned int) len * 8);
+
+ debug_send_line(ssl, level, file, line, str);
+
+ for (i = 0; i < len; i++) {
+ if (i >= 4096) {
+ break;
+ }
+
+ if (i % 16 == 0) {
+ if (i > 0) {
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+ debug_send_line(ssl, level, file, line, str);
+
+ idx = 0;
+ }
+ }
+
+ idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x",
+ (unsigned int) buf[i]);
+ }
+
+ if (len > 0) {
+ for (/* i = i */; i % 16 != 0; i++) {
+ idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " ");
+ }
+
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+ debug_send_line(ssl, level, file, line, str);
+ }
+}
+
void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_pk_context *pk)
{
char str[DEBUG_BUF_SIZE];
- mbedtls_mpi mpi;
- const uint8_t *mpi_start;
- size_t mpi_len;
- int ret;
+ const uint8_t *coord_start;
+ size_t coord_len;
if (NULL == ssl ||
NULL == ssl->conf ||
@@ -223,32 +247,21 @@
/* For the description of pk->pk_raw content please refer to the description
* psa_export_public_key() function. */
- mpi_len = (pk->pub_raw_len - 1)/2;
+ coord_len = (pk->pub_raw_len - 1)/2;
/* X coordinate */
- mbedtls_mpi_init(&mpi);
- mpi_start = pk->pub_raw + 1;
- ret = mbedtls_mpi_read_binary(&mpi, mpi_start, mpi_len);
- if (ret != 0) {
- return;
- }
+ coord_start = pk->pub_raw + 1;
mbedtls_snprintf(str, sizeof(str), "%s(X)", text);
- mbedtls_debug_print_mpi(ssl, level, file, line, str, &mpi);
- mbedtls_mpi_free(&mpi);
+ mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len);
/* Y coordinate */
- mbedtls_mpi_init(&mpi);
- mpi_start = mpi_start + mpi_len;
- ret = mbedtls_mpi_read_binary(&mpi, mpi_start, mpi_len);
- if (ret != 0) {
- return;
- }
+ coord_start = coord_start + coord_len;
mbedtls_snprintf(str, sizeof(str), "%s(Y)", text);
- mbedtls_debug_print_mpi(ssl, level, file, line, str, &mpi);
- mbedtls_mpi_free(&mpi);
+ mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len);
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+#if defined(MBEDTLS_BIGNUM_C)
void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_mpi *X)
@@ -324,19 +337,21 @@
mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name);
name[sizeof(name) - 1] = '\0';
+#if defined(MBEDTLS_RSA_C)
if (items[i].type == MBEDTLS_PK_DEBUG_MPI) {
mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value);
} else
+#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
if (items[i].type == MBEDTLS_PK_DEBUG_ECP) {
mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value);
} else
-#endif
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) {
mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value);
} else
-#endif
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
{ debug_send_line(ssl, level, file, line,
"should not happen\n"); }
}
@@ -351,7 +366,7 @@
start = text;
for (cur = text; *cur != '\0'; cur++) {
if (*cur == '\n') {
- size_t len = cur - start + 1;
+ size_t len = (size_t) (cur - start) + 1;
if (len > DEBUG_BUF_SIZE - 1) {
len = DEBUG_BUF_SIZE - 1;
}
diff --git a/library/des.c b/library/des.c
index eaddf28..f0032b3 100644
--- a/library/des.c
+++ b/library/des.c
@@ -2,19 +2,7 @@
* FIPS-46-3 compliant Triple-DES implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* DES, on which TDES is based, was originally designed by Horst Feistel
diff --git a/library/dhm.c b/library/dhm.c
index 174137d..bcc07f5 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -2,19 +2,7 @@
* Diffie-Hellman-Merkle key exchange
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The following sources were referenced in the design of this implementation
@@ -60,10 +48,10 @@
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
- n = ((*p)[0] << 8) | (*p)[1];
+ n = MBEDTLS_GET_UINT16_BE(*p, 0);
(*p) += 2;
- if ((int) (end - *p) < n) {
+ if ((size_t) (end - *p) < (size_t) n) {
return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
@@ -269,7 +257,7 @@
DHM_MPI_EXPORT(&ctx->G, n2);
DHM_MPI_EXPORT(&ctx->GX, n3);
- *olen = p - output;
+ *olen = (size_t) (p - output);
cleanup:
if (ret != 0 && ret > -128) {
diff --git a/library/ecdh.c b/library/ecdh.c
index 58ef881..52b1617 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -2,19 +2,7 @@
* Elliptic curve Diffie-Hellman
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -375,7 +363,7 @@
const unsigned char *end)
{
return mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf,
- end - *buf);
+ (size_t) (end - *buf));
}
/*
@@ -391,7 +379,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
- if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf))
+ if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, (size_t) (end - *buf)))
!= 0) {
return ret;
}
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 1faec16..2f7a996 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -2,19 +2,7 @@
* Elliptic curve DSA
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -373,7 +361,7 @@
#if defined(MBEDTLS_ECP_RESTARTABLE)
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
- mbedtls_mpi_copy(r, pr);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(r, pr));
}
#endif
@@ -447,7 +435,7 @@
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(d, data, grp_len));
MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, data + grp_len, grp_len));
- mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len);
+ MBEDTLS_MPI_CHK(mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len));
#if defined(MBEDTLS_ECP_RESTARTABLE)
if (rs_ctx != NULL && rs_ctx->det != NULL) {
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 19ad2c6..cdf5d7e 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -2,19 +2,7 @@
* Elliptic curve J-PAKE
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -180,7 +168,7 @@
}
ret = mbedtls_ecp_point_write_binary(grp, P, pf,
- &len, *p + 4, end - (*p + 4));
+ &len, *p + 4, (size_t) (end - (*p + 4)));
if (ret != 0) {
return ret;
}
@@ -238,7 +226,7 @@
/* Compute hash */
MBEDTLS_MPI_CHK(mbedtls_ecjpake_compute_hash(md_type,
- buf, p - buf, hash));
+ buf, (size_t) (p - buf), hash));
/* Turn it into an integer mod n */
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash,
@@ -281,7 +269,7 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, (size_t) (end - *p)));
if (end < *p || (size_t) (end - *p) < 1) {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
@@ -358,7 +346,7 @@
/* Write it out */
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, &V,
- pf, &len, *p, end - *p));
+ pf, &len, *p, (size_t) (end - *p)));
*p += len;
len = mbedtls_mpi_size(&h); /* actually r */
@@ -404,7 +392,7 @@
* ECSchnorrZKP zkp;
* } ECJPAKEKeyKP;
*/
- MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p));
+ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, (size_t) (end - *p)));
if (mbedtls_ecp_is_zero(X)) {
ret = MBEDTLS_ERR_ECP_INVALID_KEY;
goto cleanup;
@@ -443,7 +431,7 @@
MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X,
f_rng, p_rng));
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, X,
- pf, &len, *p, end - *p));
+ pf, &len, *p, (size_t) (end - *p)));
*p += len;
/* Generate and write proof */
@@ -516,7 +504,7 @@
MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_type, grp, pf, G, xm2, Xb, id,
&p, end, f_rng, p_rng));
- *olen = p - buf;
+ *olen = (size_t) (p - buf);
cleanup:
return ret;
@@ -705,7 +693,7 @@
goto cleanup;
}
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_group(&ctx->grp, &ec_len,
- p, end - p));
+ p, (size_t) (end - p)));
p += ec_len;
}
@@ -714,7 +702,7 @@
goto cleanup;
}
MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(&ctx->grp, &Xm,
- ctx->point_format, &ec_len, p, end - p));
+ ctx->point_format, &ec_len, p, (size_t) (end - p)));
p += ec_len;
MBEDTLS_MPI_CHK(ecjpake_zkp_write(ctx->md_type, &ctx->grp,
@@ -722,7 +710,7 @@
&G, &xm, &Xm, ID_MINE,
&p, end, f_rng, p_rng));
- *olen = p - buf;
+ *olen = (size_t) (p - buf);
cleanup:
mbedtls_ecp_point_free(&G);
@@ -1131,7 +1119,7 @@
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* 'reference handshake' tests can only be run against implementations
* for which we have 100% control over how the random ephemeral keys
- * are generated. This is only the case for the internal mbed TLS
+ * are generated. This is only the case for the internal Mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
if (verbose != 0) {
diff --git a/library/ecp.c b/library/ecp.c
index 870773c..ee86cbc 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2,19 +2,7 @@
* Elliptic curves over GF(p): generic functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -958,9 +946,8 @@
/*
* Next two bytes are the namedcurve value
*/
- tls_id = *(*buf)++;
- tls_id <<= 8;
- tls_id |= *(*buf)++;
+ tls_id = MBEDTLS_GET_UINT16_BE(*buf, 0);
+ *buf += 2;
if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) {
return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
@@ -1087,13 +1074,7 @@
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \
} while (0)
-#if (defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
- !(defined(MBEDTLS_ECP_NO_FALLBACK) && \
- defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
- defined(MBEDTLS_ECP_ADD_MIXED_ALT))) || \
- (defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \
- !(defined(MBEDTLS_ECP_NO_FALLBACK) && \
- defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)))
+MBEDTLS_MAYBE_UNUSED
static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp,
mbedtls_mpi *X,
const mbedtls_mpi *A,
@@ -1105,7 +1086,6 @@
cleanup:
return ret;
}
-#endif /* All functions referencing mbedtls_mpi_sub_mod() are alt-implemented without fallback */
/*
* Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int.
@@ -1128,6 +1108,7 @@
return ret;
}
+MBEDTLS_MAYBE_UNUSED
static inline int mbedtls_mpi_mul_int_mod(const mbedtls_ecp_group *grp,
mbedtls_mpi *X,
const mbedtls_mpi *A,
@@ -1141,6 +1122,7 @@
return ret;
}
+MBEDTLS_MAYBE_UNUSED
static inline int mbedtls_mpi_sub_int_mod(const mbedtls_ecp_group *grp,
mbedtls_mpi *X,
const mbedtls_mpi *A,
@@ -1157,10 +1139,7 @@
#define MPI_ECP_SUB_INT(X, A, c) \
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c))
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
- !(defined(MBEDTLS_ECP_NO_FALLBACK) && \
- defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
- defined(MBEDTLS_ECP_ADD_MIXED_ALT))
+MBEDTLS_MAYBE_UNUSED
static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp,
mbedtls_mpi *X,
size_t count)
@@ -1171,8 +1150,6 @@
cleanup:
return ret;
}
-#endif \
- /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */
/*
* Macro wrappers around ECP modular arithmetic
@@ -1255,7 +1232,7 @@
MPI_ECP_SQR(rhs, X);
/* Special case for A = -3 */
- if (grp->A.p == NULL) {
+ if (mbedtls_ecp_group_a_is_minus_3(grp)) {
MPI_ECP_SUB_INT(rhs, rhs, 3);
} else {
MPI_ECP_ADD(rhs, rhs, &grp->A);
@@ -1526,7 +1503,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Special case for A = -3 */
- if (grp->A.p == NULL) {
+ if (mbedtls_ecp_group_a_is_minus_3(grp)) {
/* tmp[0] <- M = 3(X + Z^2)(X - Z^2) */
MPI_ECP_SQR(&tmp[1], &P->Z);
MPI_ECP_ADD(&tmp[2], &P->X, &tmp[1]);
@@ -3289,7 +3266,10 @@
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen));
}
#endif
- MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
+
+ if (ret == 0) {
+ MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
+ }
cleanup:
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 7b850e5..577e23b 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -2,19 +2,7 @@
* Elliptic curves over GF(p): curve-specific data and functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c
index d431dcf..4ee0f58 100644
--- a/library/ecp_curves_new.c
+++ b/library/ecp_curves_new.c
@@ -2,19 +2,7 @@
* Elliptic curves over GF(p): curve-specific data and functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/ecp_internal_alt.h b/library/ecp_internal_alt.h
index f663d67..668edc7 100644
--- a/library/ecp_internal_alt.h
+++ b/library/ecp_internal_alt.h
@@ -6,19 +6,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index bb3b127..ff9f9ec 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ECP_INVASIVE_H
#define MBEDTLS_ECP_INVASIVE_H
diff --git a/library/entropy.c b/library/entropy.c
index 0007917..e3bc851 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -2,19 +2,7 @@
* Entropy accumulator implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index f90167c..de2e038 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -2,19 +2,7 @@
* Platform-specific and custom entropy polling functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#if defined(__linux__) && !defined(_GNU_SOURCE)
@@ -49,34 +37,35 @@
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
-#if _WIN32_WINNT >= 0x0501 /* _WIN32_WINNT_WINXP */
-#include <wincrypt.h>
+#include <bcrypt.h>
+#include <intsafe.h>
int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
size_t *olen)
{
- HCRYPTPROV provider;
((void) data);
*olen = 0;
- if (CryptAcquireContext(&provider, NULL, NULL,
- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- }
+ /*
+ * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
+ * 64-bit Windows platforms. Extract entropy in chunks of len (dependent
+ * on ULONG_MAX) size.
+ */
+ while (len != 0) {
+ unsigned long ulong_bytes =
+ (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len;
- if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
- CryptReleaseContext(provider, 0);
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- }
+ if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes,
+ BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
- CryptReleaseContext(provider, 0);
- *olen = len;
+ *olen += ulong_bytes;
+ len -= ulong_bytes;
+ }
return 0;
}
-#else /* !_WIN32_WINNT_WINXP */
-#error Entropy not available before Windows XP, use MBEDTLS_NO_PLATFORM_ENTROPY
-#endif /* !_WIN32_WINNT_WINXP */
#else /* _WIN32 && !EFIX64 && !EFI32 */
/*
@@ -99,7 +88,7 @@
memset(buf, 0, buflen);
#endif
#endif
- return syscall(SYS_getrandom, buf, buflen, flags);
+ return (int) syscall(SYS_getrandom, buf, buflen, flags);
}
#endif /* SYS_getrandom */
#endif /* __linux__ || __midipix__ */
@@ -113,7 +102,7 @@
#define HAVE_GETRANDOM
static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
{
- return getrandom(buf, buflen, flags);
+ return (int) getrandom(buf, buflen, flags);
}
#endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
(__DragonFly__ && __DragonFly_version >= 500700) */
@@ -167,7 +156,7 @@
#if defined(HAVE_GETRANDOM)
ret = getrandom_wrapper(output, len, 0);
if (ret >= 0) {
- *olen = ret;
+ *olen = (size_t) ret;
return 0;
} else if (errno != ENOSYS) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
diff --git a/library/entropy_poll.h b/library/entropy_poll.h
index 3cfd4a4..6b4aec0 100644
--- a/library/entropy_poll.h
+++ b/library/entropy_poll.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_ENTROPY_POLL_H
#define MBEDTLS_ENTROPY_POLL_H
@@ -50,7 +38,7 @@
/**
* \brief Entropy poll callback for a hardware source
*
- * \warning This is not provided by mbed TLS!
+ * \warning This is not provided by Mbed TLS!
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls_config.h.
*
* \note This must accept NULL as its first argument.
diff --git a/library/gcm.c b/library/gcm.c
index a05e4c3..8181ec8 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -2,19 +2,7 @@
* NIST SP800-38D compliant GCM implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -35,6 +23,11 @@
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/constant_time.h"
+
+#if !defined(MBEDTLS_CIPHER_C)
+#include "block_cipher_internal.h"
+#endif
#include <string.h>
@@ -70,10 +63,16 @@
uint64_t hi, lo;
uint64_t vl, vh;
unsigned char h[16];
- size_t olen = 0;
memset(h, 0, 16);
- if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) {
+
+#if defined(MBEDTLS_CIPHER_C)
+ size_t olen = 0;
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen);
+#else
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h);
+#endif
+ if (ret != 0) {
return ret;
}
@@ -97,8 +96,8 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
- if (mbedtls_aesce_has_support()) {
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
+ if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return 0;
}
#endif
@@ -135,12 +134,14 @@
unsigned int keybits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const mbedtls_cipher_info_t *cipher_info;
if (keybits != 128 && keybits != 192 && keybits != 256) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
+#if defined(MBEDTLS_CIPHER_C)
+ const mbedtls_cipher_info_t *cipher_info;
+
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
MBEDTLS_MODE_ECB);
if (cipher_info == NULL) {
@@ -161,6 +162,17 @@
MBEDTLS_ENCRYPT)) != 0) {
return ret;
}
+#else
+ mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
+
+ if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
+ return ret;
+ }
+
+ if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
+ return ret;
+ }
+#endif
if ((ret = gcm_gen_table(ctx)) != 0) {
return ret;
@@ -208,8 +220,8 @@
}
#endif /* MBEDTLS_AESNI_HAVE_CODE */
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
- if (mbedtls_aesce_has_support()) {
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
+ if (MBEDTLS_AESCE_HAS_SUPPORT()) {
unsigned char h[16];
/* mbedtls_aesce_gcm_mult needs big-endian input */
@@ -263,8 +275,11 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char work_buf[16];
const unsigned char *p;
- size_t use_len, olen = 0;
+ size_t use_len;
uint64_t iv_bits;
+#if defined(MBEDTLS_CIPHER_C)
+ size_t olen = 0;
+#endif
/* IV is limited to 2^64 bits, so 2^61 bytes */
/* IV is not allowed to be zero length */
@@ -304,8 +319,13 @@
gcm_mult(ctx, ctx->y, ctx->y);
}
- if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16,
- ctx->base_ectr, &olen)) != 0) {
+
+#if defined(MBEDTLS_CIPHER_C)
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen);
+#else
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr);
+#endif
+ if (ret != 0) {
return ret;
}
@@ -397,11 +417,15 @@
const unsigned char *input,
unsigned char *output)
{
- size_t olen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr,
- &olen)) != 0) {
+#if defined(MBEDTLS_CIPHER_C)
+ size_t olen = 0;
+ ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen);
+#else
+ ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr);
+#endif
+ if (ret != 0) {
mbedtls_platform_zeroize(ectr, 16);
return ret;
}
@@ -601,7 +625,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
- size_t i;
int diff;
if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length,
@@ -611,9 +634,7 @@
}
/* Check tag in "constant-time" */
- for (diff = 0, i = 0; i < tag_len; i++) {
- diff |= tag[i] ^ check_tag[i];
- }
+ diff = mbedtls_ct_memcmp(tag, check_tag, tag_len);
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
@@ -628,7 +649,11 @@
if (ctx == NULL) {
return;
}
+#if defined(MBEDTLS_CIPHER_C)
mbedtls_cipher_free(&ctx->cipher_ctx);
+#else
+ mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
+#endif
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context));
}
@@ -884,6 +909,13 @@
mbedtls_printf(" GCM note: using AESNI.\n");
} else
#endif
+
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
+ if (MBEDTLS_AESCE_HAS_SUPPORT()) {
+ mbedtls_printf(" GCM note: using AESCE.\n");
+ } else
+#endif
+
mbedtls_printf(" GCM note: built-in implementation.\n");
#endif /* MBEDTLS_GCM_ALT */
}
diff --git a/library/hkdf.c b/library/hkdf.c
index a3f071e..631ac24 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c
@@ -2,19 +2,7 @@
* HKDF implementation -- RFC 5869
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index af205aa..90174d5 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -2,19 +2,7 @@
* HMAC_DRBG implementation (NIST SP 800-90)
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
diff --git a/library/lmots.c b/library/lmots.c
index 9d79694..c7091b4 100644
--- a/library/lmots.c
+++ b/library/lmots.c
@@ -2,19 +2,7 @@
* The LM-OTS one-time public-key signature scheme
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -81,29 +69,6 @@
int (*mbedtls_lmots_sign_private_key_invalidated_hook)(unsigned char *) = NULL;
#endif /* defined(MBEDTLS_TEST_HOOKS) */
-void mbedtls_lms_unsigned_int_to_network_bytes(unsigned int val, size_t len,
- unsigned char *bytes)
-{
- size_t idx;
-
- for (idx = 0; idx < len; idx++) {
- bytes[idx] = (val >> ((len - 1 - idx) * 8)) & 0xFF;
- }
-}
-
-unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len,
- const unsigned char *bytes)
-{
- size_t idx;
- unsigned int val = 0;
-
- for (idx = 0; idx < len; idx++) {
- val |= ((unsigned int) bytes[idx]) << (8 * (len - 1 - idx));
- }
-
- return val;
-}
-
/* Calculate the checksum digits that are appended to the end of the LMOTS digit
* string. See NIST SP800-208 section 3.1 or RFC8554 Algorithm 2 for details of
* the checksum algorithm.
@@ -203,8 +168,7 @@
}
checksum = lmots_checksum_calculate(params, out);
- mbedtls_lms_unsigned_int_to_network_bytes(checksum, CHECKSUM_LEN,
- out + MBEDTLS_LMOTS_N_HASH_LEN(params->type));
+ MBEDTLS_PUT_UINT16_BE(checksum, out, MBEDTLS_LMOTS_N_HASH_LEN(params->type));
exit:
psa_hash_abort(&op);
@@ -293,17 +257,13 @@
goto exit;
}
- mbedtls_lms_unsigned_int_to_network_bytes(i_digit_idx,
- I_DIGIT_IDX_LEN,
- i_digit_idx_bytes);
+ MBEDTLS_PUT_UINT16_BE(i_digit_idx, i_digit_idx_bytes, 0);
status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN);
if (status != PSA_SUCCESS) {
goto exit;
}
- mbedtls_lms_unsigned_int_to_network_bytes(j_hash_idx,
- J_HASH_IDX_LEN,
- j_hash_idx_bytes);
+ j_hash_idx_bytes[0] = (uint8_t) j_hash_idx;
status = psa_hash_update(&op, j_hash_idx_bytes, J_HASH_IDX_LEN);
if (status != PSA_SUCCESS) {
goto exit;
@@ -437,11 +397,8 @@
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- ctx->params.type =
- (mbedtls_lmots_algorithm_type_t) mbedtls_lms_network_bytes_to_unsigned_int(
- MBEDTLS_LMOTS_TYPE_LEN,
- key +
- MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
+ ctx->params.type = (mbedtls_lmots_algorithm_type_t)
+ MBEDTLS_GET_UINT32_BE(key, MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
if (key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
@@ -476,9 +433,7 @@
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type,
- MBEDTLS_LMOTS_TYPE_LEN,
- key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
+ MBEDTLS_PUT_UINT32_BE(ctx->params.type, key, MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
memcpy(key + PUBLIC_KEY_I_KEY_ID_OFFSET,
ctx->params.I_key_identifier,
@@ -571,9 +526,7 @@
return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
- if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN,
- sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET) !=
- MBEDTLS_LMOTS_SHA256_N32_W8) {
+ if (MBEDTLS_GET_UINT32_BE(sig, MBEDTLS_LMOTS_SIG_TYPE_OFFSET) != MBEDTLS_LMOTS_SHA256_N32_W8) {
return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
@@ -619,7 +572,7 @@
size_t output_hash_len;
unsigned int i_digit_idx;
unsigned char i_digit_idx_bytes[2];
- unsigned char const_bytes[1];
+ unsigned char const_bytes[1] = { 0xFF };
if (ctx->have_private_key) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
@@ -635,12 +588,7 @@
I_key_identifier,
sizeof(ctx->params.I_key_identifier));
- mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
- ctx->params.q_leaf_identifier);
-
- mbedtls_lms_unsigned_int_to_network_bytes(0xFF, sizeof(const_bytes),
- const_bytes);
+ MBEDTLS_PUT_UINT32_BE(q_leaf_identifier, ctx->params.q_leaf_identifier, 0);
for (i_digit_idx = 0;
i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type);
@@ -664,8 +612,7 @@
goto exit;
}
- mbedtls_lms_unsigned_int_to_network_bytes(i_digit_idx, I_DIGIT_IDX_LEN,
- i_digit_idx_bytes);
+ MBEDTLS_PUT_UINT16_BE(i_digit_idx, i_digit_idx_bytes, 0);
status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN);
if (status != PSA_SUCCESS) {
goto exit;
@@ -786,9 +733,7 @@
goto exit;
}
- mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type,
- MBEDTLS_LMOTS_TYPE_LEN,
- sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
+ MBEDTLS_PUT_UINT32_BE(ctx->params.type, sig, MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
/* Test hook to check if sig is being written to before we invalidate the
* private key.
diff --git a/library/lmots.h b/library/lmots.h
index 98d1941..cf92d32 100644
--- a/library/lmots.h
+++ b/library/lmots.h
@@ -8,19 +8,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_LMOTS_H
@@ -56,29 +44,6 @@
extern int (*mbedtls_lmots_sign_private_key_invalidated_hook)(unsigned char *);
#endif /* defined(MBEDTLS_TEST_HOOKS) */
-/**
- * \brief This function converts an unsigned int into a
- * network-byte-order (big endian) string.
- *
- * \param val The unsigned integer value
- * \param len The length of the string.
- * \param bytes The string to output into.
- */
-void mbedtls_lms_unsigned_int_to_network_bytes(unsigned int val, size_t len,
- unsigned char *bytes);
-
-/**
- * \brief This function converts a network-byte-order
- * (big endian) string into an unsigned integer.
- *
- * \param len The length of the string.
- * \param bytes The string.
- *
- * \return The corresponding LMS error code.
- */
-unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len,
- const unsigned char *bytes);
-
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief This function converts a \ref psa_status_t to a
diff --git a/library/lms.c b/library/lms.c
index c06f9c2..08fe753 100644
--- a/library/lms.c
+++ b/library/lms.c
@@ -2,19 +2,7 @@
* The LMS stateful-hash public-key signature scheme
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -124,7 +112,7 @@
goto exit;
}
- mbedtls_lms_unsigned_int_to_network_bytes(r_node_idx, 4, r_node_idx_bytes);
+ MBEDTLS_PUT_UINT32_BE(r_node_idx, r_node_idx_bytes, 0);
status = psa_hash_update(&op, r_node_idx_bytes, 4);
if (status != PSA_SUCCESS) {
goto exit;
@@ -198,7 +186,7 @@
goto exit;
}
- mbedtls_lms_unsigned_int_to_network_bytes(r_node_idx, 4, r_node_idx_bytes);
+ MBEDTLS_PUT_UINT32_BE(r_node_idx, r_node_idx_bytes, 0);
status = psa_hash_update(&op, r_node_idx_bytes, 4);
if (status != PSA_SUCCESS) {
goto exit;
@@ -249,10 +237,7 @@
mbedtls_lms_algorithm_type_t type;
mbedtls_lmots_algorithm_type_t otstype;
- type = (mbedtls_lms_algorithm_type_t) mbedtls_lms_network_bytes_to_unsigned_int(
- MBEDTLS_LMS_TYPE_LEN,
- key +
- PUBLIC_KEY_TYPE_OFFSET);
+ type = (mbedtls_lms_algorithm_type_t) MBEDTLS_GET_UINT32_BE(key, PUBLIC_KEY_TYPE_OFFSET);
if (type != MBEDTLS_LMS_SHA256_M32_H10) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
@@ -262,10 +247,8 @@
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- otstype = (mbedtls_lmots_algorithm_type_t) mbedtls_lms_network_bytes_to_unsigned_int(
- MBEDTLS_LMOTS_TYPE_LEN,
- key +
- PUBLIC_KEY_OTSTYPE_OFFSET);
+ otstype = (mbedtls_lmots_algorithm_type_t)
+ MBEDTLS_GET_UINT32_BE(key, PUBLIC_KEY_OTSTYPE_OFFSET);
if (otstype != MBEDTLS_LMOTS_SHA256_N32_W8) {
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
@@ -294,12 +277,8 @@
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- mbedtls_lms_unsigned_int_to_network_bytes(
- ctx->params.type,
- MBEDTLS_LMS_TYPE_LEN, key + PUBLIC_KEY_TYPE_OFFSET);
- mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.otstype,
- MBEDTLS_LMOTS_TYPE_LEN,
- key + PUBLIC_KEY_OTSTYPE_OFFSET);
+ MBEDTLS_PUT_UINT32_BE(ctx->params.type, key, PUBLIC_KEY_TYPE_OFFSET);
+ MBEDTLS_PUT_UINT32_BE(ctx->params.otstype, key, PUBLIC_KEY_OTSTYPE_OFFSET);
memcpy(key + PUBLIC_KEY_I_KEY_ID_OFFSET,
ctx->params.I_key_identifier,
MBEDTLS_LMOTS_I_KEY_ID_LEN);
@@ -351,9 +330,7 @@
return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
- if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN,
- sig + SIG_OTS_SIG_OFFSET +
- MBEDTLS_LMOTS_SIG_TYPE_OFFSET)
+ if (MBEDTLS_GET_UINT32_BE(sig, SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET)
!= MBEDTLS_LMOTS_SHA256_N32_W8) {
return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
@@ -362,15 +339,13 @@
return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
- if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMS_TYPE_LEN,
- sig + SIG_TYPE_OFFSET(ctx->params.otstype))
+ if (MBEDTLS_GET_UINT32_BE(sig, SIG_TYPE_OFFSET(ctx->params.otstype))
!= MBEDTLS_LMS_SHA256_M32_H10) {
return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
- q_leaf_identifier = mbedtls_lms_network_bytes_to_unsigned_int(
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN, sig + SIG_Q_LEAF_ID_OFFSET);
+ q_leaf_identifier = MBEDTLS_GET_UINT32_BE(sig, SIG_Q_LEAF_ID_OFFSET);
if (q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type)) {
return MBEDTLS_ERR_LMS_VERIFY_FAILED;
@@ -379,9 +354,7 @@
memcpy(ots_params.I_key_identifier,
ctx->params.I_key_identifier,
MBEDTLS_LMOTS_I_KEY_ID_LEN);
- mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
- ots_params.q_leaf_identifier);
+ MBEDTLS_PUT_UINT32_BE(q_leaf_identifier, ots_params.q_leaf_identifier, 0);
ots_params.type = ctx->params.otstype;
ret = mbedtls_lmots_calculate_public_key_candidate(&ots_params,
@@ -517,7 +490,7 @@
unsigned int height;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(ctx->params.type),
+ tree = mbedtls_calloc((size_t) MERKLE_TREE_NODE_AM(ctx->params.type),
node_bytes);
if (tree == NULL) {
return MBEDTLS_ERR_LMS_ALLOC_FAILED;
@@ -542,7 +515,7 @@
exit:
mbedtls_zeroize_and_free(tree, node_bytes *
- MERKLE_TREE_NODE_AM(ctx->params.type));
+ (size_t) MERKLE_TREE_NODE_AM(ctx->params.type));
return ret;
}
@@ -681,7 +654,7 @@
return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(priv_ctx->params.type),
+ tree = mbedtls_calloc((size_t) MERKLE_TREE_NODE_AM(priv_ctx->params.type),
node_bytes);
if (tree == NULL) {
return MBEDTLS_ERR_LMS_ALLOC_FAILED;
@@ -704,7 +677,7 @@
exit:
mbedtls_zeroize_and_free(tree, node_bytes *
- MERKLE_TREE_NODE_AM(priv_ctx->params.type));
+ (size_t) MERKLE_TREE_NODE_AM(priv_ctx->params.type));
return ret;
}
@@ -765,12 +738,8 @@
return ret;
}
- mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type,
- MBEDTLS_LMS_TYPE_LEN,
- sig + SIG_TYPE_OFFSET(ctx->params.otstype));
- mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
- sig + SIG_Q_LEAF_ID_OFFSET);
+ MBEDTLS_PUT_UINT32_BE(ctx->params.type, sig, SIG_TYPE_OFFSET(ctx->params.otstype));
+ MBEDTLS_PUT_UINT32_BE(q_leaf_identifier, sig, SIG_Q_LEAF_ID_OFFSET);
ret = get_merkle_path(ctx,
MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,
diff --git a/library/md.c b/library/md.c
index 7c4c69f..12a3ea2 100644
--- a/library/md.c
+++ b/library/md.c
@@ -1,24 +1,12 @@
/**
* \file md.c
*
- * \brief Generic message digest wrapper for mbed TLS
+ * \brief Generic message digest wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -232,6 +220,22 @@
case MBEDTLS_MD_SHA512:
return PSA_ALG_SHA_512;
#endif
+#if defined(MBEDTLS_MD_SHA3_224_VIA_PSA)
+ case MBEDTLS_MD_SHA3_224:
+ return PSA_ALG_SHA3_224;
+#endif
+#if defined(MBEDTLS_MD_SHA3_256_VIA_PSA)
+ case MBEDTLS_MD_SHA3_256:
+ return PSA_ALG_SHA3_256;
+#endif
+#if defined(MBEDTLS_MD_SHA3_384_VIA_PSA)
+ case MBEDTLS_MD_SHA3_384:
+ return PSA_ALG_SHA3_384;
+#endif
+#if defined(MBEDTLS_MD_SHA3_512_VIA_PSA)
+ case MBEDTLS_MD_SHA3_512:
+ return PSA_ALG_SHA3_512;
+#endif
default:
return PSA_ALG_NONE;
}
diff --git a/library/md5.c b/library/md5.c
index 138a320..e4a87a2 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -2,19 +2,7 @@
* RFC 1321 compliant MD5 implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The MD5 algorithm was designed by Ron Rivest in 1991.
@@ -286,7 +274,7 @@
memset(ctx->buffer + used, 0, 64 - used);
if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
memset(ctx->buffer, 0, 56);
@@ -303,7 +291,7 @@
MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60);
if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
/*
@@ -314,7 +302,11 @@
MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8);
MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_md5_free(ctx);
+ return ret;
}
#endif /* !MBEDTLS_MD5_ALT */
diff --git a/library/md_psa.h b/library/md_psa.h
index 8e00bb1..b201263 100644
--- a/library/md_psa.h
+++ b/library/md_psa.h
@@ -5,19 +5,7 @@
* PSA Crypto; it is a helper for the transition period.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_MD_PSA_H
#define MBEDTLS_MD_PSA_H
diff --git a/library/md_wrap.h b/library/md_wrap.h
index 166b43b..dad1235 100644
--- a/library/md_wrap.h
+++ b/library/md_wrap.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_MD_WRAP_H
#define MBEDTLS_MD_WRAP_H
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index e5052ce..79b0a8b 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -2,19 +2,7 @@
* Buffer-based memory allocator
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/mps_common.h b/library/mps_common.h
index 33b518b..f9fe099 100644
--- a/library/mps_common.h
+++ b/library/mps_common.h
@@ -1,20 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/library/mps_error.h b/library/mps_error.h
index 15570d2..016a84c 100644
--- a/library/mps_error.h
+++ b/library/mps_error.h
@@ -1,20 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/library/mps_reader.c b/library/mps_reader.c
index dc2a91c..27d0c04 100644
--- a/library/mps_reader.c
+++ b/library/mps_reader.c
@@ -2,21 +2,7 @@
* Message Processing Stack, Reader implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/mps_reader.h b/library/mps_reader.h
index bff6705..3193a5e 100644
--- a/library/mps_reader.h
+++ b/library/mps_reader.h
@@ -1,20 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/library/mps_trace.c b/library/mps_trace.c
index 9ba1f85..69f6e5a 100644
--- a/library/mps_trace.c
+++ b/library/mps_trace.c
@@ -2,21 +2,7 @@
* Message Processing Stack, Trace module
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of Mbed TLS (https://tls.mbed.org)
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/mps_trace.h b/library/mps_trace.h
index 6f0455f..b456b2f 100644
--- a/library/mps_trace.h
+++ b/library/mps_trace.h
@@ -1,20 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
diff --git a/library/net_sockets.c b/library/net_sockets.c
index db80447..edec587 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -2,19 +2,7 @@
* TCP/IP or UDP/IP networking functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
@@ -328,7 +316,7 @@
*/
int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
mbedtls_net_context *client_ctx,
- void *client_ip, size_t buf_size, size_t *ip_len)
+ void *client_ip, size_t buf_size, size_t *cip_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int type;
@@ -411,22 +399,22 @@
if (client_ip != NULL) {
if (client_addr.ss_family == AF_INET) {
struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
- *ip_len = sizeof(addr4->sin_addr.s_addr);
+ *cip_len = sizeof(addr4->sin_addr.s_addr);
- if (buf_size < *ip_len) {
+ if (buf_size < *cip_len) {
return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
}
- memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len);
+ memcpy(client_ip, &addr4->sin_addr.s_addr, *cip_len);
} else {
struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
- *ip_len = sizeof(addr6->sin6_addr.s6_addr);
+ *cip_len = sizeof(addr6->sin6_addr.s6_addr);
- if (buf_size < *ip_len) {
+ if (buf_size < *cip_len) {
return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
}
- memcpy(client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
+ memcpy(client_ip, &addr6->sin6_addr.s6_addr, *cip_len);
}
}
diff --git a/library/nist_kw.c b/library/nist_kw.c
index fbd7221..f15425b 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -3,19 +3,7 @@
* only
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* Definition of Key Wrapping:
@@ -35,6 +23,7 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
+#include "constant_time_internal.h"
#include <stdint.h>
#include <string.h>
@@ -333,9 +322,9 @@
unsigned char *output, size_t *out_len, size_t out_size)
{
int ret = 0;
- size_t i, olen;
+ size_t olen;
unsigned char A[KW_SEMIBLOCK_LENGTH];
- unsigned char diff, bad_padding = 0;
+ int diff;
*out_len = 0;
if (out_size < in_len - KW_SEMIBLOCK_LENGTH) {
@@ -420,19 +409,15 @@
* larger than 8, because of the type wrap around.
*/
padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
- if (padlen > 7) {
- padlen &= 7;
- ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
- }
+ ret = mbedtls_ct_error_if(mbedtls_ct_uint_gt(padlen, 7),
+ MBEDTLS_ERR_CIPHER_AUTH_FAILED, ret);
+ padlen &= 7;
/* Check padding in "constant-time" */
- for (diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++) {
- if (i >= KW_SEMIBLOCK_LENGTH - padlen) {
- diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
- } else {
- bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
- }
- }
+ const uint8_t zero[KW_SEMIBLOCK_LENGTH] = { 0 };
+ diff = mbedtls_ct_memcmp_partial(
+ &output[*out_len - KW_SEMIBLOCK_LENGTH], zero,
+ KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH - padlen, 0);
if (diff != 0) {
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
@@ -454,7 +439,6 @@
*out_len = 0;
}
- mbedtls_platform_zeroize(&bad_padding, sizeof(bad_padding));
mbedtls_platform_zeroize(&diff, sizeof(diff));
mbedtls_platform_zeroize(A, sizeof(A));
diff --git a/library/oid.c b/library/oid.c
index 47a311b..d8339c1 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -4,19 +4,7 @@
* \brief Object Identifier (OID) database
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -554,72 +542,72 @@
static const oid_ecp_grp_t oid_ecp_grp[] =
{
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_SECP192R1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"),
MBEDTLS_ECP_DP_SECP192R1,
},
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_SECP192R1 */
+#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"),
MBEDTLS_ECP_DP_SECP224R1,
},
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_SECP224R1 */
+#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"),
MBEDTLS_ECP_DP_SECP256R1,
},
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_SECP256R1 */
+#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"),
MBEDTLS_ECP_DP_SECP384R1,
},
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_SECP384R1 */
+#if defined(MBEDTLS_ECP_HAVE_SECP521R1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"),
MBEDTLS_ECP_DP_SECP521R1,
},
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_SECP521R1 */
+#if defined(MBEDTLS_ECP_HAVE_SECP192K1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"),
MBEDTLS_ECP_DP_SECP192K1,
},
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_SECP192K1 */
+#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"),
MBEDTLS_ECP_DP_SECP224K1,
},
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_SECP224K1 */
+#if defined(MBEDTLS_ECP_HAVE_SECP256K1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"),
MBEDTLS_ECP_DP_SECP256K1,
},
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_SECP256K1 */
+#if defined(MBEDTLS_ECP_HAVE_BP256R1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"),
MBEDTLS_ECP_DP_BP256R1,
},
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_BP256R1 */
+#if defined(MBEDTLS_ECP_HAVE_BP384R1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"),
MBEDTLS_ECP_DP_BP384R1,
},
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_BP384R1 */
+#if defined(MBEDTLS_ECP_HAVE_BP512R1)
{
OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"),
MBEDTLS_ECP_DP_BP512R1,
},
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+#endif /* MBEDTLS_ECP_HAVE_BP512R1 */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_ECP_DP_NONE,
@@ -645,18 +633,18 @@
static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] =
{
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
{
OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"),
MBEDTLS_ECP_DP_CURVE25519,
},
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#endif /* MBEDTLS_ECP_HAVE_CURVE25519 */
+#if defined(MBEDTLS_ECP_HAVE_CURVE448)
{
OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"),
MBEDTLS_ECP_DP_CURVE448,
},
-#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+#endif /* MBEDTLS_ECP_HAVE_CURVE448 */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_ECP_DP_NONE,
@@ -761,6 +749,30 @@
MBEDTLS_MD_RIPEMD160,
},
#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_224)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224, "id-sha3-224", "SHA-3-224"),
+ MBEDTLS_MD_SHA3_224,
+ },
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_256)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256, "id-sha3-256", "SHA-3-256"),
+ MBEDTLS_MD_SHA3_256,
+ },
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_384)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384, "id-sha3-384", "SHA-3-384"),
+ MBEDTLS_MD_SHA3_384,
+ },
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_512)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"),
+ MBEDTLS_MD_SHA3_512,
+ },
+#endif
{
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE,
@@ -796,7 +808,7 @@
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"),
MBEDTLS_MD_SHA224,
},
-#endif
+#endif /* MBEDTLS_MD_CAN_SHA224 */
#if defined(MBEDTLS_MD_CAN_SHA256)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"),
@@ -815,6 +827,36 @@
MBEDTLS_MD_SHA512,
},
#endif /* MBEDTLS_MD_CAN_SHA512 */
+#if defined(MBEDTLS_MD_CAN_SHA3_224)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"),
+ MBEDTLS_MD_SHA3_224,
+ },
+#endif /* MBEDTLS_MD_CAN_SHA3_224 */
+#if defined(MBEDTLS_MD_CAN_SHA3_256)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"),
+ MBEDTLS_MD_SHA3_256,
+ },
+#endif /* MBEDTLS_MD_CAN_SHA3_256 */
+#if defined(MBEDTLS_MD_CAN_SHA3_384)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"),
+ MBEDTLS_MD_SHA3_384,
+ },
+#endif /* MBEDTLS_MD_CAN_SHA3_384 */
+#if defined(MBEDTLS_MD_CAN_SHA3_512)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"),
+ MBEDTLS_MD_SHA3_512,
+ },
+#endif /* MBEDTLS_MD_CAN_SHA3_512 */
+#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"),
+ MBEDTLS_MD_RIPEMD160,
+ },
+#endif /* MBEDTLS_MD_CAN_RIPEMD160 */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE,
@@ -1087,7 +1129,7 @@
}
}
- encoded_len = out_ptr - oid->p;
+ encoded_len = (size_t) (out_ptr - oid->p);
resized_mem = mbedtls_calloc(encoded_len, 1);
if (resized_mem == NULL) {
ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED;
diff --git a/library/padlock.c b/library/padlock.c
index f42c40f..1f00691 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -2,19 +2,7 @@
* VIA PadLock support functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* This implementation is based on the VIA PadLock Programming Guide:
@@ -31,7 +19,7 @@
#include <string.h>
-#if defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
/*
* PadLock detection routine
@@ -108,6 +96,7 @@
return 0;
}
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* PadLock AES-CBC buffer en(de)cryption
*/
@@ -161,7 +150,8 @@
return 0;
}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_HAVE_X86 */
+#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
#endif /* MBEDTLS_PADLOCK_C */
diff --git a/library/padlock.h b/library/padlock.h
index b5f0d7d..92d72af 100644
--- a/library/padlock.h
+++ b/library/padlock.h
@@ -9,19 +9,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PADLOCK_H
#define MBEDTLS_PADLOCK_H
@@ -38,13 +26,16 @@
#endif
#endif
-/* Some versions of ASan result in errors about not enough registers */
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
+/*
+ * - `padlock` is implements with GNUC assembly for x86 target.
+ * - Some versions of ASan result in errors about not enough registers.
+ */
+#if defined(MBEDTLS_PADLOCK_C) && \
+ defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \
+ defined(MBEDTLS_HAVE_ASM) && \
!defined(MBEDTLS_HAVE_ASAN)
-#ifndef MBEDTLS_HAVE_X86
-#define MBEDTLS_HAVE_X86
-#endif
+#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
#include <stdint.h>
diff --git a/library/pem.c b/library/pem.c
index bd269dd..539134c 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -2,19 +2,7 @@
* Privacy Enhanced Mail (PEM) decoding
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -310,7 +298,7 @@
if (*end == '\n') {
end++;
}
- *use_len = end - data;
+ *use_len = (size_t) (end - data);
enc = 0;
@@ -395,7 +383,7 @@
return MBEDTLS_ERR_PEM_INVALID_DATA;
}
- ret = mbedtls_base64_decode(NULL, 0, &len, s1, s2 - s1);
+ ret = mbedtls_base64_decode(NULL, 0, &len, s1, (size_t) (s2 - s1));
if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
@@ -405,7 +393,7 @@
return MBEDTLS_ERR_PEM_ALLOC_FAILED;
}
- if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) {
+ if ((ret = mbedtls_base64_decode(buf, len, &len, s1, (size_t) (s2 - s1))) != 0) {
mbedtls_zeroize_and_free(buf, len);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
}
@@ -520,7 +508,7 @@
p += strlen(footer);
*p++ = '\0';
- *olen = p - buf;
+ *olen = (size_t) (p - buf);
/* Clean any remaining data previously written to the buffer */
memset(buf + *olen, 0, buf_len - *olen);
diff --git a/library/pk.c b/library/pk.c
index 03c1e35..61ac0df 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -2,19 +2,7 @@
* Public Key abstraction layer
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -30,6 +18,9 @@
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
+#if defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "rsa_internal.h"
+#endif
#endif
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "mbedtls/ecp.h"
@@ -38,7 +29,7 @@
#include "mbedtls/ecdsa.h"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa_util_internal.h"
#include "md_psa.h"
#endif
@@ -53,9 +44,9 @@
{
ctx->pk_info = NULL;
ctx->pk_ctx = NULL;
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
ctx->priv_id = MBEDTLS_SVC_KEY_ID_INIT;
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
memset(ctx->pub_raw, 0, sizeof(ctx->pub_raw));
ctx->pub_raw_len = 0;
@@ -323,7 +314,6 @@
}
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t key_alg, key_alg2;
psa_status_t status;
status = psa_get_key_attributes(ctx->priv_id, &attributes);
@@ -331,8 +321,15 @@
return 0;
}
- key_alg = psa_get_key_algorithm(&attributes);
- key_alg2 = psa_get_key_enrollment_algorithm(&attributes);
+ psa_algorithm_t key_alg = psa_get_key_algorithm(&attributes);
+ /* Key's enrollment is available only when MBEDTLS_PSA_CRYPTO_CLIENT is
+ * defined, i.e. when the Mbed TLS implementation of PSA Crypto is being used.
+ * Even though we don't officially support using other implementations of PSA
+ * Crypto with TLS and X.509 (yet), we're still trying to simplify the life of
+ * people who would like to try it before it's officially supported. */
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+ psa_algorithm_t key_alg2 = psa_get_key_enrollment_algorithm(&attributes);
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
key_usage = psa_get_key_usage_flags(&attributes);
psa_reset_key_attributes(&attributes);
@@ -341,18 +338,23 @@
}
/*
- * Common case: the key alg or alg2 only allows alg.
+ * Common case: the key alg [or alg2] only allows alg.
* This will match PSA_ALG_RSA_PKCS1V15_CRYPT & PSA_ALG_IS_ECDH
* directly.
* This would also match ECDSA/RSA_PKCS1V15_SIGN/RSA_PSS with
- * a fixed hash on key_alg/key_alg2.
+ * a fixed hash on key_alg [or key_alg2].
*/
- if (alg == key_alg || alg == key_alg2) {
+ if (alg == key_alg) {
return 1;
}
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+ if (alg == key_alg2) {
+ return 1;
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/*
- * If key_alg or key_alg2 is a hash-and-sign with a wildcard for the hash,
+ * If key_alg [or key_alg2] is a hash-and-sign with a wildcard for the hash,
* and alg is the same hash-and-sign family with any hash,
* then alg is compliant with this key alg
*/
@@ -363,12 +365,13 @@
(alg & ~PSA_ALG_HASH_MASK) == (key_alg & ~PSA_ALG_HASH_MASK)) {
return 1;
}
-
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
if (PSA_ALG_IS_SIGN_HASH(key_alg2) &&
PSA_ALG_SIGN_GET_HASH(key_alg2) == PSA_ALG_ANY_HASH &&
(alg & ~PSA_ALG_HASH_MASK) == (key_alg2 & ~PSA_ALG_HASH_MASK)) {
return 1;
}
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
}
return 0;
@@ -514,9 +517,11 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_rsassa_pss_options *pss_opts;
+#if SIZE_MAX > UINT_MAX
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+#endif
if (options == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -577,7 +582,7 @@
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
} else
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
if (sig_len < mbedtls_pk_get_len(ctx)) {
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
@@ -670,7 +675,6 @@
f_rng, p_rng, NULL);
}
-#if defined(MBEDTLS_PSA_CRYPTO_C)
/*
* Make a signature given a signature type.
*/
@@ -682,11 +686,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
-#if defined(MBEDTLS_RSA_C)
- psa_algorithm_t psa_md_alg;
-#endif /* MBEDTLS_RSA_C */
- *sig_len = 0;
-
if (ctx->pk_info == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
@@ -700,8 +699,10 @@
sig, sig_size, sig_len, f_rng, p_rng);
}
-#if defined(MBEDTLS_RSA_C)
- psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ const psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
if (psa_md_alg == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
@@ -718,12 +719,31 @@
return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PSS(psa_md_alg),
ctx->pk_ctx, hash, hash_len,
sig, sig_size, sig_len);
-#else /* MBEDTLS_RSA_C */
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-#endif /* !MBEDTLS_RSA_C */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+ if (sig_size < mbedtls_pk_get_len(ctx)) {
+ return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
+ }
+
+ if (pk_hashlen_helper(md_alg, &hash_len) != 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ mbedtls_rsa_context *const rsa_ctx = mbedtls_pk_rsa(*ctx);
+
+ const int ret = mbedtls_rsa_rsassa_pss_sign_no_mode_check(rsa_ctx, f_rng, p_rng, md_alg,
+ (unsigned int) hash_len, hash, sig);
+ if (ret == 0) {
+ *sig_len = rsa_ctx->len;
+ }
+ return ret;
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#else
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
/*
* Decrypt message
diff --git a/library/pk_internal.h b/library/pk_internal.h
index 416ef23..025ee8b 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -6,19 +6,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PK_INTERNAL_H
#define MBEDTLS_PK_INTERNAL_H
@@ -31,9 +19,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
-#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa_util_internal.h"
#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
@@ -42,9 +28,23 @@
#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_pk_ecdsa_errors, \
psa_pk_status_to_mbedtls)
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+/* Headers/footers for PEM files */
+#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----"
+#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----"
+#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----"
+#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----"
+#define PEM_BEGIN_PUBLIC_KEY_RSA "-----BEGIN RSA PUBLIC KEY-----"
+#define PEM_END_PUBLIC_KEY_RSA "-----END RSA PUBLIC KEY-----"
+#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----"
+#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----"
+#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----"
+#define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----"
+#define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----"
+#define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----END ENCRYPTED PRIVATE KEY-----"
+
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
/**
* Public function mbedtls_pk_ec() can be used to get direct access to the
* wrapped ecp_keypair structure pointed to the pk_ctx. However this is not
@@ -80,8 +80,10 @@
return NULL;
}
}
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */
-static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_context *pk)
{
mbedtls_ecp_group_id id;
@@ -112,10 +114,34 @@
}
/* Helper for Montgomery curves */
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448)
#define MBEDTLS_PK_HAVE_RFC8410_CURVES
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */
+#endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */
+
+#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
+ ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
+
+static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
+{
+ mbedtls_ecp_group_id id = mbedtls_pk_get_ec_group_id(pk);
+
+ return MBEDTLS_PK_IS_RFC8410_GROUP_ID(id);
+}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+/* Helper for (deterministic) ECDSA */
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_DETERMINISTIC_ECDSA
+#else
+#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_ECDSA
+#endif
+
+#if defined(MBEDTLS_TEST_HOOKS)
+MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
+ mbedtls_pk_context *pk,
+ unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+#endif
#endif /* MBEDTLS_PK_INTERNAL_H */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 4ee761e..9247945 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -2,19 +2,7 @@
* Public Key abstraction layer: wrapper functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -38,17 +26,14 @@
#include "mbedtls/ecdsa.h"
#endif
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa_util_internal.h"
+#include "psa/crypto.h"
+
+#if defined(MBEDTLS_RSA_C)
#include "pkwrite.h"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include "psa_util_internal.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#include "mbedtls/asn1write.h"
#include "mbedtls/asn1.h"
@@ -61,123 +46,6 @@
#include <stdint.h>
#include <string.h>
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-int mbedtls_pk_error_from_psa(psa_status_t status)
-{
- switch (status) {
- case PSA_SUCCESS:
- return 0;
- case PSA_ERROR_INVALID_HANDLE:
- return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
- case PSA_ERROR_NOT_PERMITTED:
- return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
- case PSA_ERROR_BUFFER_TOO_SMALL:
- return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
- case PSA_ERROR_NOT_SUPPORTED:
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- case PSA_ERROR_INVALID_ARGUMENT:
- return MBEDTLS_ERR_PK_INVALID_ALG;
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return MBEDTLS_ERR_PK_ALLOC_FAILED;
- case PSA_ERROR_BAD_STATE:
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- case PSA_ERROR_COMMUNICATION_FAILURE:
- case PSA_ERROR_HARDWARE_FAILURE:
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
- case PSA_ERROR_DATA_CORRUPT:
- case PSA_ERROR_DATA_INVALID:
- case PSA_ERROR_STORAGE_FAILURE:
- return MBEDTLS_ERR_PK_FILE_IO_ERROR;
- case PSA_ERROR_CORRUPTION_DETECTED:
- return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- default:
- return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
- }
-}
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
- defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-int mbedtls_pk_error_from_psa_rsa(psa_status_t status)
-{
- switch (status) {
- case PSA_ERROR_NOT_PERMITTED:
- case PSA_ERROR_INVALID_ARGUMENT:
- case PSA_ERROR_INVALID_HANDLE:
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
- case PSA_ERROR_BUFFER_TOO_SMALL:
- return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
- case PSA_ERROR_INSUFFICIENT_ENTROPY:
- return MBEDTLS_ERR_RSA_RNG_FAILED;
- case PSA_ERROR_INVALID_SIGNATURE:
- return MBEDTLS_ERR_RSA_VERIFY_FAILED;
- case PSA_ERROR_INVALID_PADDING:
- return MBEDTLS_ERR_RSA_INVALID_PADDING;
- case PSA_SUCCESS:
- return 0;
- case PSA_ERROR_NOT_SUPPORTED:
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return MBEDTLS_ERR_PK_ALLOC_FAILED;
- case PSA_ERROR_BAD_STATE:
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- case PSA_ERROR_COMMUNICATION_FAILURE:
- case PSA_ERROR_HARDWARE_FAILURE:
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
- case PSA_ERROR_DATA_CORRUPT:
- case PSA_ERROR_DATA_INVALID:
- case PSA_ERROR_STORAGE_FAILURE:
- return MBEDTLS_ERR_PK_FILE_IO_ERROR;
- case PSA_ERROR_CORRUPTION_DETECTED:
- return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- default:
- return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
- }
-}
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status)
-{
- switch (status) {
- case PSA_ERROR_NOT_PERMITTED:
- case PSA_ERROR_INVALID_ARGUMENT:
- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
- case PSA_ERROR_INVALID_HANDLE:
- return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
- case PSA_ERROR_BUFFER_TOO_SMALL:
- return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
- case PSA_ERROR_INSUFFICIENT_ENTROPY:
- return MBEDTLS_ERR_ECP_RANDOM_FAILED;
- case PSA_ERROR_INVALID_SIGNATURE:
- return MBEDTLS_ERR_ECP_VERIFY_FAILED;
- case PSA_SUCCESS:
- return 0;
- case PSA_ERROR_NOT_SUPPORTED:
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return MBEDTLS_ERR_PK_ALLOC_FAILED;
- case PSA_ERROR_BAD_STATE:
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- case PSA_ERROR_COMMUNICATION_FAILURE:
- case PSA_ERROR_HARDWARE_FAILURE:
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
- case PSA_ERROR_DATA_CORRUPT:
- case PSA_ERROR_DATA_INVALID:
- case PSA_ERROR_STORAGE_FAILURE:
- return MBEDTLS_ERR_PK_FILE_IO_ERROR;
- case PSA_ERROR_CORRUPTION_DETECTED:
- return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- default:
- return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
- }
-}
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_RSA_C)
static int rsa_can_do(mbedtls_pk_type_t type)
{
@@ -208,9 +76,11 @@
PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
size_t rsa_len = mbedtls_rsa_get_len(rsa);
+#if SIZE_MAX > UINT_MAX
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+#endif
if (sig_len < rsa_len) {
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
@@ -262,9 +132,11 @@
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
size_t rsa_len = mbedtls_rsa_get_len(rsa);
+#if SIZE_MAX > UINT_MAX
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+#endif
if (sig_len < rsa_len) {
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
@@ -289,7 +161,7 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
mbedtls_rsa_context *rsa_ctx,
const unsigned char *hash, size_t hash_len,
@@ -302,11 +174,16 @@
psa_status_t status;
mbedtls_pk_context key;
int key_len;
- unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
+ unsigned char *buf = NULL;
+ buf = mbedtls_calloc(1, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES);
+ if (buf == NULL) {
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
*sig_len = mbedtls_rsa_get_len(rsa_ctx);
if (sig_size < *sig_len) {
+ mbedtls_free(buf);
return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
}
@@ -314,8 +191,9 @@
* re-construct one to make it happy */
key.pk_info = &pk_info;
key.pk_ctx = rsa_ctx;
- key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf));
+ key_len = mbedtls_pk_write_key_der(&key, buf, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES);
if (key_len <= 0) {
+ mbedtls_free(buf);
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
@@ -323,7 +201,7 @@
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
status = psa_import_key(&attributes,
- buf + sizeof(buf) - key_len, key_len,
+ buf + MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES - key_len, key_len,
&key_id);
if (status != PSA_SUCCESS) {
ret = PSA_PK_TO_MBEDTLS_ERR(status);
@@ -339,13 +217,14 @@
ret = 0;
cleanup:
+ mbedtls_free(buf);
status = psa_destroy_key(key_id);
if (ret == 0 && status != PSA_SUCCESS) {
ret = PSA_PK_TO_MBEDTLS_ERR(status);
}
return ret;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
@@ -375,9 +254,11 @@
{
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
+#if SIZE_MAX > UINT_MAX
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+#endif
*sig_len = mbedtls_rsa_get_len(rsa);
if (sig_size < *sig_len) {
@@ -954,36 +835,34 @@
return 0;
}
-/* Common helper for ECDSA sign using PSA functions. */
+/* Common helper for ECDSA sign using PSA functions.
+ * Instead of extracting key's properties in order to check which kind of ECDSA
+ * signature it supports, we try both deterministic and non-deterministic.
+ */
static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status;
- psa_algorithm_t psa_sig_md;
- psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg;
- status = psa_get_key_attributes(key_id, &key_attr);
- if (status != PSA_SUCCESS) {
+ status = psa_sign_hash(key_id,
+ PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)),
+ hash, hash_len, sig, sig_size, sig_len);
+ if (status == PSA_SUCCESS) {
+ goto done;
+ } else if (status != PSA_ERROR_NOT_PERMITTED) {
return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
}
- alg = psa_get_key_algorithm(&key_attr);
- psa_reset_key_attributes(&key_attr);
- if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
- psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
- } else {
- psa_sig_md = PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
- }
-
- status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len,
- sig, sig_size, sig_len);
+ status = psa_sign_hash(key_id,
+ PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)),
+ hash, hash_len, sig, sig_size, sig_len);
if (status != PSA_SUCCESS) {
return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
}
+done:
ret = pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size);
return ret;
@@ -1024,13 +903,8 @@
psa_ecc_family_t curve =
mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
size_t key_len = PSA_BITS_TO_BYTES(curve_bits);
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- psa_algorithm_t psa_sig_md =
- PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
-#else
- psa_algorithm_t psa_sig_md =
- PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
-#endif
+ psa_algorithm_t psa_hash = mbedtls_md_psa_alg_from_type(md_alg);
+ psa_algorithm_t psa_sig_md = MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(psa_hash);
((void) f_rng);
((void) p_rng);
@@ -1558,9 +1432,11 @@
{
mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx;
+#if SIZE_MAX > UINT_MAX
if (UINT_MAX < hash_len) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+#endif
*sig_len = rsa_alt->key_len_func(rsa_alt->key);
if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index b1e0218..be096da 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PK_WRAP_H
@@ -27,9 +15,9 @@
#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif
struct mbedtls_pk_info_t {
/** Public key type */
@@ -137,24 +125,6 @@
extern const mbedtls_pk_info_t mbedtls_ecdsa_opaque_info;
extern const mbedtls_pk_info_t mbedtls_rsa_opaque_info;
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status);
-#endif
-#endif
-
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa(psa_status_t status);
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
- defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status);
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
#if defined(MBEDTLS_RSA_C)
int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
mbedtls_rsa_context *rsa_ctx,
@@ -163,6 +133,6 @@
size_t *sig_len);
#endif /* MBEDTLS_RSA_C */
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/library/pkcs12.c b/library/pkcs12.c
index db31722..160dc47 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -2,19 +2,7 @@
* PKCS#12 Personal Information Exchange Syntax
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The PKCS #12 Personal Information Exchange Syntax Standard v1.1
@@ -129,18 +117,49 @@
#undef PKCS12_MAX_PWDLEN
+#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output, size_t output_size,
+ size_t *output_len);
+#endif
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t len,
unsigned char *output)
{
+ size_t output_len = 0;
+
+ /* We assume caller of the function is providing a big enough output buffer
+ * so we pass output_size as SIZE_MAX to pass checks, However, no guarantees
+ * for the output size actually being correct.
+ */
+ return mbedtls_pkcs12_pbe_ext(pbe_params, mode, cipher_type, md_type,
+ pwd, pwdlen, data, len, output, SIZE_MAX,
+ &output_len);
+}
+#endif
+
+int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output, size_t output_size,
+ size_t *output_len)
+{
int ret, keylen = 0;
unsigned char key[32];
unsigned char iv[16];
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t cipher_ctx;
- size_t olen = 0;
+ size_t iv_len = 0;
+ size_t finish_olen = 0;
+ unsigned int padlen = 0;
if (pwd == NULL && pwdlen != 0) {
return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
@@ -153,9 +172,23 @@
keylen = (int) mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
+ if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
+ if (output_size < len) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ }
+
+ if (mode == MBEDTLS_PKCS12_PBE_ENCRYPT) {
+ padlen = cipher_info->block_size - (len % cipher_info->block_size);
+ if (output_size < (len + padlen)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ }
+
+ iv_len = mbedtls_cipher_info_get_iv_size(cipher_info);
if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
key, keylen,
- iv, mbedtls_cipher_info_get_iv_size(cipher_info))) != 0) {
+ iv, iv_len)) != 0) {
return ret;
}
@@ -165,31 +198,38 @@
goto exit;
}
- if ((ret =
- mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen,
- (mbedtls_operation_t) mode)) != 0) {
+ if ((ret = mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen,
+ (mbedtls_operation_t) mode)) != 0) {
goto exit;
}
- if ((ret =
- mbedtls_cipher_set_iv(&cipher_ctx, iv,
- mbedtls_cipher_info_get_iv_size(cipher_info))) != 0) {
- goto exit;
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+ {
+ /* PKCS12 uses CBC with PKCS7 padding */
+ mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
+#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ /* For historical reasons, when decrypting, this function works when
+ * decrypting even when support for PKCS7 padding is disabled. In this
+ * case, it ignores the padding, and so will never report a
+ * password mismatch.
+ */
+ if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
+ padding = MBEDTLS_PADDING_NONE;
+ }
+#endif
+ if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
+ goto exit;
+ }
}
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
- if ((ret = mbedtls_cipher_reset(&cipher_ctx)) != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len,
- output, &olen)) != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + olen, &olen)) != 0) {
+ ret = mbedtls_cipher_crypt(&cipher_ctx, iv, iv_len, data, len, output, &finish_olen);
+ if (ret == MBEDTLS_ERR_CIPHER_INVALID_PADDING) {
ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
}
+ *output_len += finish_olen;
+
exit:
mbedtls_platform_zeroize(key, sizeof(key));
mbedtls_platform_zeroize(iv, sizeof(iv));
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 5d415ca..d6209bd 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -6,19 +6,7 @@
* \author Mathias Olsson <mathias@kompetensum.com>
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* PKCS#5 includes PBKDF2 and more
@@ -111,21 +99,47 @@
return 0;
}
+#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output, size_t output_size,
+ size_t *output_len);
+#endif
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t datalen,
unsigned char *output)
{
+ size_t output_len = 0;
+
+ /* We assume caller of the function is providing a big enough output buffer
+ * so we pass output_size as SIZE_MAX to pass checks, However, no guarantees
+ * for the output size actually being correct.
+ */
+ return mbedtls_pkcs5_pbes2_ext(pbe_params, mode, pwd, pwdlen, data,
+ datalen, output, SIZE_MAX, &output_len);
+}
+#endif
+
+int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output, size_t output_size,
+ size_t *output_len)
+{
int ret, iterations = 0, keylen = 0;
unsigned char *p, *end;
mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
mbedtls_asn1_buf salt;
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
unsigned char key[32], iv[32];
- size_t olen = 0;
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_type_t cipher_alg;
mbedtls_cipher_context_t cipher_ctx;
+ unsigned int padlen = 0;
p = pbe_params->p;
end = p + pbe_params->len;
@@ -183,6 +197,19 @@
return MBEDTLS_ERR_PKCS5_INVALID_FORMAT;
}
+ if (mode == MBEDTLS_PKCS5_DECRYPT) {
+ if (output_size < datalen) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ }
+
+ if (mode == MBEDTLS_PKCS5_ENCRYPT) {
+ padlen = cipher_info->block_size - (datalen % cipher_info->block_size);
+ if (output_size < (datalen + padlen)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ }
+
mbedtls_cipher_init(&cipher_ctx);
memcpy(iv, enc_scheme_params.p, enc_scheme_params.len);
@@ -202,8 +229,30 @@
goto exit;
}
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+ {
+ /* PKCS5 uses CBC with PKCS7 padding (which is the same as
+ * "PKCS5 padding" except that it's typically only called PKCS5
+ * with 64-bit-block ciphers).
+ */
+ mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
+#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ /* For historical reasons, when decrypting, this function works when
+ * decrypting even when support for PKCS7 padding is disabled. In this
+ * case, it ignores the padding, and so will never report a
+ * password mismatch.
+ */
+ if (mode == MBEDTLS_DECRYPT) {
+ padding = MBEDTLS_PADDING_NONE;
+ }
+#endif
+ if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len,
- data, datalen, output, &olen)) != 0) {
+ data, datalen, output, output_len)) != 0) {
ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
}
diff --git a/library/pkcs7.c b/library/pkcs7.c
index cf05afd..0869c2e 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -1,18 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -328,7 +316,7 @@
goto out;
}
- signer->issuer_raw.len = *p - signer->issuer_raw.p;
+ signer->issuer_raw.len = (size_t) (*p - signer->issuer_raw.p);
ret = mbedtls_x509_get_serial(p, end_issuer_and_sn, &signer->serial);
if (ret != 0) {
diff --git a/library/pkparse.c b/library/pkparse.c
index f03ace2..6ce7fcf 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -2,19 +2,7 @@
* Public Key layer for parsing key files and structures
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -25,24 +13,24 @@
#include "mbedtls/asn1.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
+#include "mbedtls/platform.h"
#include "mbedtls/error.h"
+#include "mbedtls/ecp.h"
#include "pk_internal.h"
#include <string.h>
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
+#include "psa/crypto.h"
+#endif
+
+/* Key types */
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
#endif
-#include "mbedtls/ecp.h"
-#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
-#include "pkwrite.h"
-#endif
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
-#include "pk_internal.h"
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
+
+/* Extended formats */
#if defined(MBEDTLS_PEM_PARSE_C)
#include "mbedtls/pem.h"
#endif
@@ -53,174 +41,351 @@
#include "mbedtls/pkcs12.h"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include "psa_util_internal.h"
-#endif
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-/* Helper for Montgomery curves */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
-#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
- ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PK_HAVE_RFC8410_CURVES */
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Load all data from a file into a given buffer.
+/***********************************************************************
*
- * The file is expected to contain either PEM or DER encoded data.
- * A terminating null byte is always appended. It is included in the announced
- * length only if the data looks like it is PEM encoded.
+ * ECC setters
+ *
+ * 1. This is an abstraction layer around MBEDTLS_PK_USE_PSA_EC_DATA:
+ * this macro will not appear outside this section.
+ * 2. All inputs are raw: no metadata, no ASN.1 until the next section.
+ *
+ **********************************************************************/
+
+/*
+ * Set the group used by this key.
+ *
+ * [in/out] pk: in: must have been pk_setup() to an ECC type
+ * out: will have group (curve) information set
+ * [in] grp_in: a supported group ID (not NONE)
*/
-int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n)
+static int pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
{
- FILE *f;
- long size;
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ size_t ec_bits;
+ psa_ecc_family_t ec_family = mbedtls_ecc_group_to_psa(grp_id, &ec_bits);
- if ((f = fopen(path, "rb")) == NULL) {
- return MBEDTLS_ERR_PK_FILE_IO_ERROR;
+ /* group may already be initialized; if so, make sure IDs match */
+ if ((pk->ec_family != 0 && pk->ec_family != ec_family) ||
+ (pk->ec_bits != 0 && pk->ec_bits != ec_bits)) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
}
- /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf(f, NULL);
-
- fseek(f, 0, SEEK_END);
- if ((size = ftell(f)) == -1) {
- fclose(f);
- return MBEDTLS_ERR_PK_FILE_IO_ERROR;
- }
- fseek(f, 0, SEEK_SET);
-
- *n = (size_t) size;
-
- if (*n + 1 == 0 ||
- (*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
- fclose(f);
- return MBEDTLS_ERR_PK_ALLOC_FAILED;
- }
-
- if (fread(*buf, 1, *n, f) != *n) {
- fclose(f);
-
- mbedtls_zeroize_and_free(*buf, *n);
-
- return MBEDTLS_ERR_PK_FILE_IO_ERROR;
- }
-
- fclose(f);
-
- (*buf)[*n] = '\0';
-
- if (strstr((const char *) *buf, "-----BEGIN ") != NULL) {
- ++*n;
- }
+ /* set group */
+ pk->ec_family = ec_family;
+ pk->ec_bits = ec_bits;
return 0;
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk);
+
+ /* grp may already be initialized; if so, make sure IDs match */
+ if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE &&
+ mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
+
+ /* set group */
+ return mbedtls_ecp_group_load(&(ecp->grp), grp_id);
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
}
/*
- * Load and parse a private key
- */
-int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
- const char *path, const char *pwd,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t n;
- unsigned char *buf;
-
- if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
- return ret;
- }
-
- if (pwd == NULL) {
- ret = mbedtls_pk_parse_key(ctx, buf, n, NULL, 0, f_rng, p_rng);
- } else {
- ret = mbedtls_pk_parse_key(ctx, buf, n,
- (const unsigned char *) pwd, strlen(pwd), f_rng, p_rng);
- }
-
- mbedtls_zeroize_and_free(buf, n);
-
- return ret;
-}
-
-/*
- * Load and parse a public key
- */
-int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t n;
- unsigned char *buf;
-
- if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
- return ret;
- }
-
- ret = mbedtls_pk_parse_public_key(ctx, buf, n);
-
- mbedtls_zeroize_and_free(buf, n);
-
- return ret;
-}
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
-/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
+ * Set the private key material
*
- * ECParameters ::= CHOICE {
- * namedCurve OBJECT IDENTIFIER
- * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
- * -- implicitCurve NULL
- * }
+ * [in/out] pk: in: must have the group set already, see pk_ecc_set_group().
+ * out: will have the private key set.
+ * [in] key, key_len: the raw private key (no ASN.1 wrapping).
*/
-static int pk_get_ecparams(unsigned char **p, const unsigned char *end,
- mbedtls_asn1_buf *params)
+static int pk_ecc_set_key(mbedtls_pk_context *pk,
+ unsigned char *key, size_t key_len)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_usage_t flags;
+ psa_status_t status;
- if (end - *p < 1) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family));
+ if (pk->ec_family == PSA_ECC_FAMILY_MONTGOMERY) {
+ /* Do not set algorithm here because Montgomery keys cannot do ECDSA and
+ * the PK module cannot do ECDH. When the key will be used in TLS for
+ * ECDH, it will be exported and then re-imported with proper flags
+ * and algorithm. */
+ flags = PSA_KEY_USAGE_EXPORT;
+ } else {
+ psa_set_key_algorithm(&attributes,
+ MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(PSA_ALG_ANY_HASH));
+ flags = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_EXPORT;
}
+ psa_set_key_usage_flags(&attributes, flags);
- /* Tag may be either OID or SEQUENCE */
- params->tag = **p;
- if (params->tag != MBEDTLS_ASN1_OID
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
- && params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)
-#endif
- ) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
- }
+ status = psa_import_key(&attributes, key, key_len, &pk->priv_id);
+ return psa_pk_status_to_mbedtls(status);
- if ((ret = mbedtls_asn1_get_tag(p, end, ¶ms->len, params->tag)) != 0) {
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
+ mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
+ int ret = mbedtls_ecp_read_key(eck->grp.id, eck, key, key_len);
+ if (ret != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
+ return 0;
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+}
- params->p = *p;
- *p += params->len;
+/*
+ * Derive a public key from its private counterpart.
+ * Computationally intensive, only use when public key is not available.
+ *
+ * [in/out] pk: in: must have the private key set, see pk_ecc_set_key().
+ * out: will have the public key set.
+ * [in] prv, prv_len: the raw private key (see note below).
+ * [in] f_rng, p_rng: RNG function and context.
+ *
+ * Note: the private key information is always available from pk,
+ * however for convenience the serialized version is also passed,
+ * as it's available at each calling site, and useful in some configs
+ * (as otherwise we would have to re-serialize it from the pk context).
+ *
+ * There are three implementations of this function:
+ * 1. MBEDTLS_PK_USE_PSA_EC_DATA,
+ * 2. MBEDTLS_USE_PSA_CRYPTO but not MBEDTLS_PK_USE_PSA_EC_DATA,
+ * 3. not MBEDTLS_USE_PSA_CRYPTO.
+ */
+static int pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk,
+ const unsigned char *prv, size_t prv_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
+{
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- if (*p != end) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ (void) f_rng;
+ (void) p_rng;
+ (void) prv;
+ (void) prv_len;
+ psa_status_t status;
+
+ status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw),
+ &pk->pub_raw_len);
+ return psa_pk_status_to_mbedtls(status);
+
+#elif defined(MBEDTLS_USE_PSA_CRYPTO) /* && !MBEDTLS_PK_USE_PSA_EC_DATA */
+
+ (void) f_rng;
+ (void) p_rng;
+ psa_status_t status;
+
+ mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx;
+ size_t curve_bits;
+ psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(eck->grp.id, &curve_bits);
+
+ /* Import private key into PSA, from serialized input */
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
+ psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
+ status = psa_import_key(&key_attr, prv, prv_len, &key_id);
+ if (status != PSA_SUCCESS) {
+ return psa_pk_status_to_mbedtls(status);
+ }
+
+ /* Export public key from PSA */
+ unsigned char pub[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
+ size_t pub_len;
+ status = psa_export_public_key(key_id, pub, sizeof(pub), &pub_len);
+ psa_status_t destruction_status = psa_destroy_key(key_id);
+ if (status != PSA_SUCCESS) {
+ return psa_pk_status_to_mbedtls(status);
+ } else if (destruction_status != PSA_SUCCESS) {
+ return psa_pk_status_to_mbedtls(destruction_status);
+ }
+
+ /* Load serialized public key into ecp_keypair structure */
+ return mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, pub, pub_len);
+
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+
+ (void) prv;
+ (void) prv_len;
+
+ mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx;
+ return mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng);
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+}
+
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+/*
+ * Set the public key: fallback using ECP_LIGHT in the USE_PSA_EC_DATA case.
+ *
+ * Normally, when MBEDTLS_PK_USE_PSA_EC_DATA is enabled, we only use PSA
+ * functions to handle keys. However, currently psa_import_key() does not
+ * support compressed points. In case that support was explicitly requested,
+ * this fallback uses ECP functions to get the job done. This is the reason
+ * why MBEDTLS_PK_PARSE_EC_COMPRESSED auto-enables MBEDTLS_ECP_LIGHT.
+ *
+ * [in/out] pk: in: must have the group set, see pk_ecc_set_group().
+ * out: will have the public key set.
+ * [in] pub, pub_len: the public key as an ECPoint,
+ * in any format supported by ECP.
+ *
+ * Return:
+ * - 0 on success;
+ * - MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the format is potentially valid
+ * but not supported;
+ * - another error code otherwise.
+ */
+static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk,
+ const unsigned char *pub,
+ size_t pub_len)
+{
+#if !defined(MBEDTLS_PK_PARSE_EC_COMPRESSED)
+ (void) pk;
+ (void) pub;
+ (void) pub_len;
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+#else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
+ mbedtls_ecp_keypair ecp_key;
+ mbedtls_ecp_group_id ecp_group_id;
+ int ret;
+
+ ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
+
+ mbedtls_ecp_keypair_init(&ecp_key);
+ ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id);
+ if (ret != 0) {
+ goto exit;
+ }
+ ret = mbedtls_ecp_point_read_binary(&(ecp_key.grp), &ecp_key.Q,
+ pub, pub_len);
+ if (ret != 0) {
+ goto exit;
+ }
+ ret = mbedtls_ecp_point_write_binary(&(ecp_key.grp), &ecp_key.Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &pk->pub_raw_len, pk->pub_raw,
+ sizeof(pk->pub_raw));
+
+exit:
+ mbedtls_ecp_keypair_free(&ecp_key);
+ return ret;
+#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
+}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
+/*
+ * Set the public key.
+ *
+ * [in/out] pk: in: must have its group set, see pk_ecc_set_group().
+ * out: will have the public key set.
+ * [in] pub, pub_len: the raw public key (an ECPoint).
+ *
+ * Return:
+ * - 0 on success;
+ * - MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the format is potentially valid
+ * but not supported;
+ * - another error code otherwise.
+ */
+static int pk_ecc_set_pubkey(mbedtls_pk_context *pk,
+ const unsigned char *pub, size_t pub_len)
+{
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+
+ /* Load the key */
+ if (!PSA_ECC_FAMILY_IS_WEIERSTRASS(pk->ec_family) || *pub == 0x04) {
+ /* Format directly supported by PSA:
+ * - non-Weierstrass curves that only have one format;
+ * - uncompressed format for Weierstrass curves. */
+ if (pub_len > sizeof(pk->pub_raw)) {
+ return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
+ }
+ memcpy(pk->pub_raw, pub, pub_len);
+ pk->pub_raw_len = pub_len;
+ } else {
+ /* Other format, try the fallback */
+ int ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, pub, pub_len);
+ if (ret != 0) {
+ return ret;
+ }
+ }
+
+ /* Validate the key by trying to import it */
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT;
+
+ psa_set_key_usage_flags(&key_attrs, 0);
+ psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family));
+ psa_set_key_bits(&key_attrs, pk->ec_bits);
+
+ if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len,
+ &key_id) != PSA_SUCCESS) ||
+ (psa_destroy_key(key_id) != PSA_SUCCESS)) {
+ return MBEDTLS_ERR_PK_INVALID_PUBKEY;
}
return 0;
+
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
+ int ret;
+ mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx;
+ ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, pub, pub_len);
+ if (ret != 0) {
+ return ret;
+ }
+ return mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q);
+
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
}
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+/***********************************************************************
+ *
+ * Low-level ECC parsing: optional support for SpecifiedECDomain
+ *
+ * There are two functions here that are used by the rest of the code:
+ * - pk_ecc_tag_is_speficied_ec_domain()
+ * - pk_ecc_group_id_from_specified()
+ *
+ * All the other functions are internal to this section.
+ *
+ * The two "public" functions have a dummy variant provided
+ * in configs without MBEDTLS_PK_PARSE_EC_EXTENDED. This acts as an
+ * abstraction layer for this macro, which should not appear outside
+ * this section.
+ *
+ **********************************************************************/
+
+#if !defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+/* See the "real" version for documentation */
+static int pk_ecc_tag_is_specified_ec_domain(int tag)
+{
+ (void) tag;
+ return 0;
+}
+
+/* See the "real" version for documentation */
+static int pk_ecc_group_id_from_specified(const mbedtls_asn1_buf *params,
+ mbedtls_ecp_group_id *grp_id)
+{
+ (void) params;
+ (void) grp_id;
+ return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+}
+#else /* MBEDTLS_PK_PARSE_EC_EXTENDED */
+/*
+ * Tell if the passed tag might be the start of SpecifiedECDomain
+ * (that is, a sequence).
+ */
+static int pk_ecc_tag_is_specified_ec_domain(int tag)
+{
+ return tag == (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+}
+
/*
* Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
* WARNING: the resulting group should only be used with
- * pk_group_id_from_specified(), since its base point may not be set correctly
+ * pk_ecc_group_id_from_specified(), since its base point may not be set correctly
* if it was encoded compressed.
*
* SpecifiedECDomain ::= SEQUENCE {
@@ -429,8 +594,8 @@
/*
* Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
*/
-static int pk_group_id_from_specified(const mbedtls_asn1_buf *params,
- mbedtls_ecp_group_id *grp_id)
+static int pk_ecc_group_id_from_specified(const mbedtls_asn1_buf *params,
+ mbedtls_ecp_group_id *grp_id)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group grp;
@@ -445,7 +610,7 @@
cleanup:
/* The API respecting lifecycle for mbedtls_ecp_group struct is
- * _init(), _load() and _free(). In pk_group_id_from_specified() the
+ * _init(), _load() and _free(). In pk_ecc_group_id_from_specified() the
* temporary grp breaks that flow and it's members are populated
* by pk_group_id_from_group(). As such mbedtls_ecp_group_free()
* which is assuming a group populated by _setup() may not clean-up
@@ -461,28 +626,52 @@
}
#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-/* Functions pk_use_ecparams() and pk_use_ecparams_rfc8410() update the
- * ecp_keypair structure with proper group ID. The purpose of this helper
- * function is to update ec_family and ec_bits accordingly. */
-static int pk_update_psa_ecparams(mbedtls_pk_context *pk,
- mbedtls_ecp_group_id grp_id)
+/***********************************************************************
+ *
+ * Unsorted (yet!) from this point on until the next section header
+ *
+ **********************************************************************/
+
+/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
+ *
+ * ECParameters ::= CHOICE {
+ * namedCurve OBJECT IDENTIFIER
+ * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
+ * -- implicitCurve NULL
+ * }
+ */
+static int pk_get_ecparams(unsigned char **p, const unsigned char *end,
+ mbedtls_asn1_buf *params)
{
- psa_ecc_family_t ec_family;
- size_t bits;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ec_family = mbedtls_ecc_group_to_psa(grp_id, &bits);
-
- if ((pk->ec_family != 0) && (pk->ec_family != ec_family)) {
- return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ if (end - *p < 1) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA);
}
- pk->ec_family = ec_family;
- pk->ec_bits = bits;
+ /* Acceptable tags: OID for namedCurve, or specifiedECDomain */
+ params->tag = **p;
+ if (params->tag != MBEDTLS_ASN1_OID &&
+ !pk_ecc_tag_is_specified_ec_domain(params->tag)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
+
+ if ((ret = mbedtls_asn1_get_tag(p, end, ¶ms->len, params->tag)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
+
+ params->p = *p;
+ *p += params->len;
+
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
return 0;
}
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/*
* Use EC parameters to initialise an EC group
@@ -502,89 +691,13 @@
return MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE;
}
} else {
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
- if ((ret = pk_group_id_from_specified(params, &grp_id)) != 0) {
+ ret = pk_ecc_group_id_from_specified(params, &grp_id);
+ if (ret != 0) {
return ret;
}
-#else
- return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
-#endif
}
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- ret = pk_update_psa_ecparams(pk, grp_id);
-#else
- /* grp may already be initialized; if so, make sure IDs match */
- if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE &&
- mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) {
- return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
- }
-
- if ((ret = mbedtls_ecp_group_load(&(mbedtls_pk_ec_rw(*pk)->grp),
- grp_id)) != 0) {
- return ret;
- }
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-
- return ret;
-}
-
-/*
- * Helper function for deriving a public key from its private counterpart.
- */
-static int pk_derive_public_key(mbedtls_pk_context *pk,
- const unsigned char *d, size_t d_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
-{
- int ret;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_status_t status;
- (void) f_rng;
- (void) p_rng;
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- (void) d;
- (void) d_len;
-
- status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw),
- &pk->pub_raw_len);
- ret = psa_pk_status_to_mbedtls(status);
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
- mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx;
- unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
- size_t key_len;
- mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
- size_t curve_bits;
- psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(eck->grp.id, &curve_bits);
- psa_status_t destruction_status;
-
- psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
- psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
-
- status = psa_import_key(&key_attr, d, d_len, &key_id);
- ret = psa_pk_status_to_mbedtls(status);
- if (ret != 0) {
- return ret;
- }
-
- status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len);
- ret = psa_pk_status_to_mbedtls(status);
- destruction_status = psa_destroy_key(key_id);
- if (ret != 0) {
- return ret;
- } else if (destruction_status != PSA_SUCCESS) {
- return psa_pk_status_to_mbedtls(destruction_status);
- }
- ret = mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len);
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#else /* MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx;
- (void) d;
- (void) d_len;
-
- ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return ret;
+ return pk_ecc_set_group(pk, grp_id);
}
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
@@ -596,22 +709,11 @@
mbedtls_ecp_group_id grp_id,
mbedtls_pk_context *pk)
{
- int ret;
-
if (params->tag != 0 || params->len != 0) {
return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
}
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- ret = pk_update_psa_ecparams(pk, grp_id);
-#else
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk);
- ret = mbedtls_ecp_group_load(&(ecp->grp), grp_id);
- if (ret != 0) {
- return ret;
- }
-#endif
- return ret;
+ return pk_ecc_set_group(pk, grp_id);
}
/*
@@ -634,32 +736,18 @@
return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
}
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t status;
-
- psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family));
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT |
- PSA_KEY_USAGE_DERIVE);
- psa_set_key_algorithm(&attributes, PSA_ALG_ECDH);
-
- status = psa_import_key(&attributes, key, len, &pk->priv_id);
- if (status != PSA_SUCCESS) {
- ret = psa_pk_status_to_mbedtls(status);
+ /*
+ * Load the private key
+ */
+ ret = pk_ecc_set_key(pk, key, len);
+ if (ret != 0) {
return ret;
}
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
- mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
-
- if ((ret = mbedtls_ecp_read_key(eck->grp.id, eck, key, len)) != 0) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
- }
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/* pk_parse_key_pkcs8_unencrypted_der() only supports version 1 PKCS8 keys,
* which never contain a public key. As such, derive the public key
* unconditionally. */
- if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) {
+ if ((ret = pk_ecc_set_pubkey_from_prv(pk, key, len, f_rng, p_rng)) != 0) {
return ret;
}
@@ -667,116 +755,6 @@
}
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) && defined(MBEDTLS_PK_PARSE_EC_COMPRESSED)
-/*
- * Create a temporary ecp_keypair for converting an EC point in compressed
- * format to an uncompressed one
- */
-static int pk_convert_compressed_ec(mbedtls_pk_context *pk,
- const unsigned char *in_start, size_t in_len,
- size_t *out_buf_len, unsigned char *out_buf,
- size_t out_buf_size)
-{
- mbedtls_ecp_keypair ecp_key;
- mbedtls_ecp_group_id ecp_group_id;
- int ret;
-
- ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
-
- mbedtls_ecp_keypair_init(&ecp_key);
- ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id);
- if (ret != 0) {
- return ret;
- }
- ret = mbedtls_ecp_point_read_binary(&(ecp_key.grp), &ecp_key.Q,
- in_start, in_len);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_ecp_point_write_binary(&(ecp_key.grp), &ecp_key.Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED,
- out_buf_len, out_buf, out_buf_size);
-
-exit:
- mbedtls_ecp_keypair_free(&ecp_key);
- return ret;
-}
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA && MBEDTLS_PK_PARSE_EC_COMPRESSED */
-
-/*
- * EC public key is an EC point
- *
- * The caller is responsible for clearing the structure upon failure if
- * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
- * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
- */
-static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end,
- mbedtls_pk_context *pk)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- mbedtls_svc_key_id_t key;
- psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT;
- size_t len = (end - *p);
-
- if (len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
- /* Compressed point format are not supported yet by PSA crypto. As a
- * consequence ecp functions are used to "convert" the point to
- * uncompressed format */
- if ((**p == 0x02) || (**p == 0x03)) {
-#if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED)
- ret = pk_convert_compressed_ec(pk, *p, len,
- &(pk->pub_raw_len), pk->pub_raw,
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
- if (ret != 0) {
- return ret;
- }
-#else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
- } else {
- /* Uncompressed format */
- if ((end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) {
- return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
- }
- memcpy(pk->pub_raw, *p, (end - *p));
- pk->pub_raw_len = end - *p;
- }
-
- /* Validate the key by trying to importing it */
- psa_set_key_usage_flags(&key_attrs, 0);
- psa_set_key_algorithm(&key_attrs, PSA_ALG_ECDSA_ANY);
- psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family));
- psa_set_key_bits(&key_attrs, pk->ec_bits);
-
- if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len,
- &key) != PSA_SUCCESS) ||
- (psa_destroy_key(key) != PSA_SUCCESS)) {
- mbedtls_platform_zeroize(pk->pub_raw, MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
- pk->pub_raw_len = 0;
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
- ret = 0;
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
- mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx;
- if ((ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q,
- (const unsigned char *) *p,
- end - *p)) == 0) {
- ret = mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q);
- }
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-
- /*
- * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
- */
- *p = (unsigned char *) end;
-
- return ret;
-}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C)
@@ -947,7 +925,8 @@
ret = pk_use_ecparams(&alg_params, pk);
}
if (ret == 0) {
- ret = pk_get_ecpubkey(p, end, pk);
+ ret = pk_ecc_set_pubkey(pk, *p, (size_t) (end - *p));
+ *p += end - *p;
}
} else
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
@@ -1170,12 +1149,6 @@
unsigned char *d;
unsigned char *end = p + keylen;
unsigned char *end2;
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t status;
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
- mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/*
* RFC 5915, or SEC1 Appendix C.4
@@ -1230,12 +1203,13 @@
}
}
-
-#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- if ((ret = mbedtls_ecp_read_key(eck->grp.id, eck, d, d_len)) != 0) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ /*
+ * Load the private key
+ */
+ ret = pk_ecc_set_key(pk, d, d_len);
+ if (ret != 0) {
+ return ret;
}
-#endif
if (p != end) {
/*
@@ -1256,11 +1230,11 @@
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
- if ((ret = pk_get_ecpubkey(&p, end2, pk)) == 0) {
+ if ((ret = pk_ecc_set_pubkey(pk, p, (size_t) (end2 - p))) == 0) {
pubkey_done = 1;
} else {
/*
- * The only acceptable failure mode of pk_get_ecpubkey() above
+ * The only acceptable failure mode of pk_ecc_set_pubkey() above
* is if the point format is not recognized.
*/
if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) {
@@ -1272,29 +1246,8 @@
}
}
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family));
- /* Setting largest masks for usage and key algorithms */
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH |
- PSA_KEY_USAGE_SIGN_MESSAGE |
- PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE);
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- psa_set_key_algorithm(&attributes,
- PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH));
-#else
- psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
-#endif
- psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDH);
-
- status = psa_import_key(&attributes, d, d_len, &pk->priv_id);
- if (status != PSA_SUCCESS) {
- ret = psa_pk_status_to_mbedtls(status);
- return ret;
- }
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-
if (!pubkey_done) {
- if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) {
+ if ((ret = pk_ecc_set_pubkey_from_prv(pk, d, d_len, f_rng, p_rng)) != 0) {
return ret;
}
}
@@ -1303,6 +1256,12 @@
}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+/***********************************************************************
+ *
+ * PKCS#8 parsing functions
+ *
+ **********************************************************************/
+
/*
* Parse an unencrypted PKCS#8 encoded private key
*
@@ -1420,6 +1379,12 @@
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+ end = p + len;
+ if (end != (key + keylen)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
+
return 0;
}
@@ -1433,7 +1398,7 @@
*
*/
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-static int pk_parse_key_pkcs8_encrypted_der(
+MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
mbedtls_pk_context *pk,
unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen,
@@ -1444,10 +1409,11 @@
unsigned char *buf;
unsigned char *p, *end;
mbedtls_asn1_buf pbe_alg_oid, pbe_params;
-#if defined(MBEDTLS_PKCS12_C)
+#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
mbedtls_cipher_type_t cipher_alg;
mbedtls_md_type_t md_alg;
#endif
+ size_t outlen = 0;
p = key;
end = p + keylen;
@@ -1491,11 +1457,11 @@
/*
* Decrypt EncryptedData with appropriate PBE
*/
-#if defined(MBEDTLS_PKCS12_C)
+#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) {
- if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
- cipher_alg, md_alg,
- pwd, pwdlen, p, len, buf)) != 0) {
+ if ((ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
+ cipher_alg, md_alg,
+ pwd, pwdlen, p, len, buf, len, &outlen)) != 0) {
if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) {
return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
}
@@ -1506,10 +1472,10 @@
decrypted = 1;
} else
#endif /* MBEDTLS_PKCS12_C */
-#if defined(MBEDTLS_PKCS5_C)
+#if defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid) == 0) {
- if ((ret = mbedtls_pkcs5_pbes2(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
- p, len, buf)) != 0) {
+ if ((ret = mbedtls_pkcs5_pbes2_ext(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
+ p, len, buf, len, &outlen)) != 0) {
if (ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH) {
return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
}
@@ -1527,11 +1493,16 @@
if (decrypted == 0) {
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
-
- return pk_parse_key_pkcs8_unencrypted_der(pk, buf, len, f_rng, p_rng);
+ return pk_parse_key_pkcs8_unencrypted_der(pk, buf, outlen, f_rng, p_rng);
}
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
+/***********************************************************************
+ *
+ * Top-level functions, with format auto-discovery
+ *
+ **********************************************************************/
+
/*
* Parse a private key
*/
@@ -1560,8 +1531,7 @@
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else {
ret = mbedtls_pem_read_buffer(&pem,
- "-----BEGIN RSA PRIVATE KEY-----",
- "-----END RSA PRIVATE KEY-----",
+ PEM_BEGIN_PRIVATE_KEY_RSA, PEM_END_PRIVATE_KEY_RSA,
key, pwd, pwdlen, &len);
}
@@ -1590,8 +1560,8 @@
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else {
ret = mbedtls_pem_read_buffer(&pem,
- "-----BEGIN EC PRIVATE KEY-----",
- "-----END EC PRIVATE KEY-----",
+ PEM_BEGIN_PRIVATE_KEY_EC,
+ PEM_END_PRIVATE_KEY_EC,
key, pwd, pwdlen, &len);
}
if (ret == 0) {
@@ -1620,8 +1590,7 @@
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else {
ret = mbedtls_pem_read_buffer(&pem,
- "-----BEGIN PRIVATE KEY-----",
- "-----END PRIVATE KEY-----",
+ PEM_BEGIN_PRIVATE_KEY_PKCS8, PEM_END_PRIVATE_KEY_PKCS8,
key, NULL, 0, &len);
}
if (ret == 0) {
@@ -1642,13 +1611,13 @@
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else {
ret = mbedtls_pem_read_buffer(&pem,
- "-----BEGIN ENCRYPTED PRIVATE KEY-----",
- "-----END ENCRYPTED PRIVATE KEY-----",
+ PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8,
+ PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8,
key, NULL, 0, &len);
}
if (ret == 0) {
- if ((ret = pk_parse_key_pkcs8_encrypted_der(pk, pem.buf, pem.buflen,
- pwd, pwdlen, f_rng, p_rng)) != 0) {
+ if ((ret = mbedtls_pk_parse_key_pkcs8_encrypted_der(pk, pem.buf, pem.buflen,
+ pwd, pwdlen, f_rng, p_rng)) != 0) {
mbedtls_pk_free(pk);
}
@@ -1680,8 +1649,8 @@
memcpy(key_copy, key, keylen);
- ret = pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen,
- pwd, pwdlen, f_rng, p_rng);
+ ret = mbedtls_pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen,
+ pwd, pwdlen, f_rng, p_rng);
mbedtls_zeroize_and_free(key_copy, keylen);
}
@@ -1769,8 +1738,7 @@
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else {
ret = mbedtls_pem_read_buffer(&pem,
- "-----BEGIN RSA PUBLIC KEY-----",
- "-----END RSA PUBLIC KEY-----",
+ PEM_BEGIN_PUBLIC_KEY_RSA, PEM_END_PUBLIC_KEY_RSA,
key, NULL, 0, &len);
}
@@ -1803,8 +1771,7 @@
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else {
ret = mbedtls_pem_read_buffer(&pem,
- "-----BEGIN PUBLIC KEY-----",
- "-----END PUBLIC KEY-----",
+ PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
key, NULL, 0, &len);
}
@@ -1851,4 +1818,112 @@
return ret;
}
+/***********************************************************************
+ *
+ * Top-level functions, with filesystem support
+ *
+ **********************************************************************/
+
+#if defined(MBEDTLS_FS_IO)
+/*
+ * Load all data from a file into a given buffer.
+ *
+ * The file is expected to contain either PEM or DER encoded data.
+ * A terminating null byte is always appended. It is included in the announced
+ * length only if the data looks like it is PEM encoded.
+ */
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n)
+{
+ FILE *f;
+ long size;
+
+ if ((f = fopen(path, "rb")) == NULL) {
+ return MBEDTLS_ERR_PK_FILE_IO_ERROR;
+ }
+
+ /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+ mbedtls_setbuf(f, NULL);
+
+ fseek(f, 0, SEEK_END);
+ if ((size = ftell(f)) == -1) {
+ fclose(f);
+ return MBEDTLS_ERR_PK_FILE_IO_ERROR;
+ }
+ fseek(f, 0, SEEK_SET);
+
+ *n = (size_t) size;
+
+ if (*n + 1 == 0 ||
+ (*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
+ fclose(f);
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
+
+ if (fread(*buf, 1, *n, f) != *n) {
+ fclose(f);
+
+ mbedtls_zeroize_and_free(*buf, *n);
+
+ return MBEDTLS_ERR_PK_FILE_IO_ERROR;
+ }
+
+ fclose(f);
+
+ (*buf)[*n] = '\0';
+
+ if (strstr((const char *) *buf, "-----BEGIN ") != NULL) {
+ ++*n;
+ }
+
+ return 0;
+}
+
+/*
+ * Load and parse a private key
+ */
+int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
+ const char *path, const char *pwd,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t n;
+ unsigned char *buf;
+
+ if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+ return ret;
+ }
+
+ if (pwd == NULL) {
+ ret = mbedtls_pk_parse_key(ctx, buf, n, NULL, 0, f_rng, p_rng);
+ } else {
+ ret = mbedtls_pk_parse_key(ctx, buf, n,
+ (const unsigned char *) pwd, strlen(pwd), f_rng, p_rng);
+ }
+
+ mbedtls_zeroize_and_free(buf, n);
+
+ return ret;
+}
+
+/*
+ * Load and parse a public key
+ */
+int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t n;
+ unsigned char *buf;
+
+ if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+ return ret;
+ }
+
+ ret = mbedtls_pk_parse_public_key(ctx, buf, n);
+
+ mbedtls_zeroize_and_free(buf, n);
+
+ return ret;
+}
+#endif /* MBEDTLS_FS_IO */
+
#endif /* MBEDTLS_PK_PARSE_C */
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 4ec0b81..1f0d399 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -2,19 +2,7 @@
* Public Key layer for writing key files and structures
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -30,9 +18,6 @@
#include <string.h>
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
@@ -44,9 +29,6 @@
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pkwrite.h"
#endif
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
#if defined(MBEDTLS_PEM_WRITE_C)
#include "mbedtls/pem.h"
#endif
@@ -57,62 +39,22 @@
#endif
#include "mbedtls/platform.h"
-/* Helper for Montgomery curves */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
-#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
-static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
-{
- mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk);
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- if (id == MBEDTLS_ECP_DP_CURVE25519) {
- return 1;
- }
+/* Helpers for properly sizing buffers aimed at holding public keys or
+ * key-pairs based on build symbols. */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+#define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
+#define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH
+#elif defined(MBEDTLS_USE_PSA_CRYPTO)
+#define PK_MAX_EC_PUBLIC_KEY_SIZE PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
+#define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH
+#else
+#define PK_MAX_EC_PUBLIC_KEY_SIZE MBEDTLS_ECP_MAX_PT_LEN
+#define PK_MAX_EC_KEY_PAIR_SIZE MBEDTLS_ECP_MAX_BYTES
#endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
- if (id == MBEDTLS_ECP_DP_CURVE448) {
- return 1;
- }
-#endif
- return 0;
-}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/* It is assumed that the input key is opaque */
-static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
-{
- psa_ecc_family_t ec_family = 0;
- psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT;
-
- if (psa_get_key_attributes(pk->priv_id, &key_attrs) != PSA_SUCCESS) {
- return 0;
- }
- ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&key_attrs));
- psa_reset_key_attributes(&key_attrs);
-
- return ec_family;
-}
-#endif /* MBETLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/* It is assumed that the input key is opaque */
-static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk)
-{
- psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t opaque_key_type;
-
- if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
- return 0;
- }
- opaque_key_type = psa_get_key_type(&opaque_attrs);
- psa_reset_key_attributes(&opaque_attrs);
-
- return opaque_key_type;
-}
-#endif /* MBETLS_USE_PSA_CRYPTO */
-
+/******************************************************************************
+ * Internal functions for RSA keys.
+ ******************************************************************************/
#if defined(MBEDTLS_RSA_C)
/*
* RSAPublicKey ::= SEQUENCE {
@@ -157,425 +99,7 @@
return (int) len;
}
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *pk)
-{
- size_t len = 0;
- uint8_t buf[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
-
- if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
- if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
- } else {
- len = pk->pub_raw_len;
- memcpy(buf, pk->pub_raw, len);
- }
-
- if (*p < start || (size_t) (*p - start) < len) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *p -= len;
- memcpy(*p, buf, len);
-
- return (int) len;
-}
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
-static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *pk)
-{
- size_t len = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- uint8_t buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
-#else
- unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk);
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
- if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
- *p -= len;
- memcpy(*p, buf, len);
- return (int) len;
- } else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- {
- if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED,
- &len, buf, sizeof(buf))) != 0) {
- return ret;
- }
- }
-
- if (*p < start || (size_t) (*p - start) < len) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- *p -= len;
- memcpy(*p, buf, len);
-
- return (int) len;
-}
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-
-/*
- * ECParameters ::= CHOICE {
- * namedCurve OBJECT IDENTIFIER
- * }
- */
-static int pk_write_ec_param(unsigned char **p, unsigned char *start,
- mbedtls_ecp_group_id grp_id)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
- const char *oid;
- size_t oid_len;
-
- if ((ret = mbedtls_oid_get_oid_by_ec_grp(grp_id, &oid, &oid_len)) != 0) {
- return ret;
- }
-
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
-
- return (int) len;
-}
-
-/*
- * privateKey OCTET STRING -- always of length ceil(log2(n)/8)
- */
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-static int pk_write_ec_private(unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *pk)
-{
- size_t byte_length;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
- psa_status_t status;
-
- if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
- status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
- if (status != PSA_SUCCESS) {
- ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
- return ret;
- }
- } else {
- status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
- if (status != PSA_SUCCESS) {
- ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
- goto exit;
- }
- }
-
- ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
-exit:
- mbedtls_platform_zeroize(tmp, sizeof(tmp));
- return ret;
-}
-#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
-static int pk_write_ec_private(unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *pk)
-{
- size_t byte_length;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
- psa_status_t status;
-#else
- unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
- status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
- if (status != PSA_SUCCESS) {
- ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
- return ret;
- }
- } else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- {
- mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
- byte_length = (ec->grp.pbits + 7) / 8;
-
- ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
- if (ret != 0) {
- goto exit;
- }
- }
- ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
-exit:
- mbedtls_platform_zeroize(tmp, sizeof(tmp));
- return ret;
-}
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *pk)
-{
- size_t buffer_size;
- size_t len = 0;
-
- if (*p < start) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
- buffer_size = (size_t) (*p - start);
- if (psa_export_public_key(pk->priv_id, start, buffer_size,
- &len) != PSA_SUCCESS) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
- *p -= len;
- memmove(*p, start, len);
-
- return (int) len;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
- const mbedtls_pk_context *key)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
-
-#if defined(MBEDTLS_RSA_C)
- if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
- MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key));
- } else
-#endif
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
- MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
- } else
-#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
- MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key));
- } else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-
- return (int) len;
-}
-
-int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char *c;
- int has_par = 1;
- size_t len = 0, par_len = 0, oid_len = 0;
- mbedtls_pk_type_t pk_type;
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
-#endif
- const char *oid;
-
- if (size == 0) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- c = buf + size;
-
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key));
-
- if (c - buf < 1) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
-
- /*
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- */
- *--c = 0;
- len += 1;
-
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
-
- pk_type = mbedtls_pk_get_type(key);
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- if (pk_type == MBEDTLS_PK_ECKEY) {
- ec_grp_id = mbedtls_pk_get_group_id(key);
- }
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (pk_type == MBEDTLS_PK_OPAQUE) {
- psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key);
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) {
- pk_type = MBEDTLS_PK_ECKEY;
- ec_grp_id = mbedtls_pk_get_group_id(key);
- } else
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
- if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) {
- /* The rest of the function works as for legacy RSA contexts. */
- pk_type = MBEDTLS_PK_RSA;
- }
- }
- /* `pk_type` will have been changed to non-opaque by here if this function can handle it */
- if (pk_type == MBEDTLS_PK_OPAQUE) {
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- if (pk_type == MBEDTLS_PK_ECKEY) {
- /* Some groups have their own AlgorithmIdentifier OID, others are handled
- * by mbedtls_oid_get_oid_by_pk_alg() below */
- ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len);
-
- if (ret == 0) {
- /* Currently, none of the supported algorithms that have their own
- * AlgorithmIdentifier OID have any parameters */
- has_par = 0;
- } else if (ret == MBEDTLS_ERR_OID_NOT_FOUND) {
- MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id));
- } else {
- return ret;
- }
- }
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
-
- if (oid_len == 0) {
- if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
- &oid_len)) != 0) {
- return ret;
- }
- }
-
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, oid, oid_len,
- par_len, has_par));
-
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE));
-
- return (int) len;
-}
-
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
-#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
-/*
- * RFC8410 section 7
- *
- * OneAsymmetricKey ::= SEQUENCE {
- * version Version,
- * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
- * privateKey PrivateKey,
- * attributes [0] IMPLICIT Attributes OPTIONAL,
- * ...,
- * [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]],
- * ...
- * }
- * ...
- * CurvePrivateKey ::= OCTET STRING
- */
-static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf,
- const mbedtls_pk_context *pk)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
- size_t oid_len = 0;
- const char *oid;
- mbedtls_ecp_group_id grp_id;
-
- /* privateKey */
- MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING));
-
- grp_id = mbedtls_pk_get_group_id(pk);
- /* privateKeyAlgorithm */
- if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) {
- return ret;
- }
- MBEDTLS_ASN1_CHK_ADD(len,
- mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0));
-
- /* version */
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0));
-
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE));
-
- return (int) len;
-}
-#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
-
-/*
- * RFC 5915, or SEC1 Appendix C.4
- *
- * ECPrivateKey ::= SEQUENCE {
- * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
- * privateKey OCTET STRING,
- * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
- * publicKey [1] BIT STRING OPTIONAL
- * }
- */
-static int pk_write_ec_der(unsigned char **p, unsigned char *buf,
- const mbedtls_pk_context *pk)
-{
- size_t len = 0;
- int ret;
- size_t pub_len = 0, par_len = 0;
- mbedtls_ecp_group_id grp_id;
-
- /* publicKey */
- MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk));
-
- if (*p - buf < 1) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
- }
- (*p)--;
- **p = 0;
- pub_len += 1;
-
- MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
- MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING));
-
- MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
- MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 1));
- len += pub_len;
-
- /* parameters */
- grp_id = mbedtls_pk_get_group_id(pk);
- MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id));
- MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len));
- MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 0));
- len += par_len;
-
- /* privateKey */
- MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
-
- /* version */
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1));
-
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE));
-
- return (int) len;
-}
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
-
-#if defined(MBEDTLS_RSA_C)
static int pk_write_rsa_der(unsigned char **p, unsigned char *buf,
const mbedtls_pk_context *pk)
{
@@ -685,19 +209,366 @@
}
#endif /* MBEDTLS_RSA_C */
-int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
-{
- unsigned char *c;
- size_t len = 0;
-#if defined(MBEDTLS_RSA_C)
- int is_rsa_opaque = 0;
-#endif /* MBEDTLS_RSA_C */
+/******************************************************************************
+ * Internal functions for EC keys.
+ ******************************************************************************/
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- int is_ec_opaque = 0;
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *pk)
+{
+ size_t len = 0;
+ uint8_t buf[PK_MAX_EC_PUBLIC_KEY_SIZE];
+
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ } else {
+ len = pk->pub_raw_len;
+ memcpy(buf, pk->pub_raw, len);
+ }
+
+ if (*p < start || (size_t) (*p - start) < len) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+
+ *p -= len;
+ memcpy(*p, buf, len);
+
+ return (int) len;
+}
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *pk)
+{
+ size_t len = 0;
+ unsigned char buf[PK_MAX_EC_PUBLIC_KEY_SIZE];
+ mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk);
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_type_t opaque_key_type;
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ *p -= len;
+ memcpy(*p, buf, len);
+ return (int) len;
+ } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ {
+ if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, buf, sizeof(buf))) != 0) {
+ return ret;
+ }
+ }
+
+ if (*p < start || (size_t) (*p - start) < len) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+
+ *p -= len;
+ memcpy(*p, buf, len);
+
+ return (int) len;
+}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
+/*
+ * privateKey OCTET STRING -- always of length ceil(log2(n)/8)
+ */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+static int pk_write_ec_private(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *pk)
+{
+ size_t byte_length;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE];
+ psa_status_t status;
+
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
+ if (status != PSA_SUCCESS) {
+ ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
+ return ret;
+ }
+ } else {
+ status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
+ if (status != PSA_SUCCESS) {
+ ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
+ goto exit;
+ }
+ }
+
+ ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
+exit:
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ return ret;
+}
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+static int pk_write_ec_private(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *pk)
+{
+ size_t byte_length;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char tmp[PK_MAX_EC_KEY_PAIR_SIZE];
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status;
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
+ if (status != PSA_SUCCESS) {
+ ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
+ return ret;
+ }
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ {
+ mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
+ byte_length = (ec->grp.pbits + 7) / 8;
+
+ ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
+ if (ret != 0) {
+ goto exit;
+ }
+ }
+ ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
+exit:
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ return ret;
+}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
+/*
+ * ECParameters ::= CHOICE {
+ * namedCurve OBJECT IDENTIFIER
+ * }
+ */
+static int pk_write_ec_param(unsigned char **p, unsigned char *start,
+ mbedtls_ecp_group_id grp_id)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len = 0;
+ const char *oid;
+ size_t oid_len;
+
+ if ((ret = mbedtls_oid_get_oid_by_ec_grp(grp_id, &oid, &oid_len)) != 0) {
+ return ret;
+ }
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
+
+ return (int) len;
+}
+
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+/*
+ * RFC8410 section 7
+ *
+ * OneAsymmetricKey ::= SEQUENCE {
+ * version Version,
+ * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+ * privateKey PrivateKey,
+ * attributes [0] IMPLICIT Attributes OPTIONAL,
+ * ...,
+ * [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]],
+ * ...
+ * }
+ * ...
+ * CurvePrivateKey ::= OCTET STRING
+ */
+static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf,
+ const mbedtls_pk_context *pk)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len = 0;
+ size_t oid_len = 0;
+ const char *oid;
+ mbedtls_ecp_group_id grp_id;
+
+ /* privateKey */
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING));
+
+ grp_id = mbedtls_pk_get_ec_group_id(pk);
+ /* privateKeyAlgorithm */
+ if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) {
+ return ret;
+ }
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0));
+
+ /* version */
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0));
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+
+ return (int) len;
+}
+#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
+
+/*
+ * RFC 5915, or SEC1 Appendix C.4
+ *
+ * ECPrivateKey ::= SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ */
+static int pk_write_ec_der(unsigned char **p, unsigned char *buf,
+ const mbedtls_pk_context *pk)
+{
+ size_t len = 0;
+ int ret;
+ size_t pub_len = 0, par_len = 0;
+ mbedtls_ecp_group_id grp_id;
+
+ /* publicKey */
+ MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk));
+
+ if (*p - buf < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ (*p)--;
+ **p = 0;
+ pub_len += 1;
+
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING));
+
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 1));
+ len += pub_len;
+
+ /* parameters */
+ grp_id = mbedtls_pk_get_ec_group_id(pk);
+ MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id));
+ MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len));
+ MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 0));
+ len += par_len;
+
+ /* privateKey */
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
+
+ /* version */
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1));
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+
+ return (int) len;
+}
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+
+/******************************************************************************
+ * Internal functions for Opaque keys.
+ ******************************************************************************/
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *pk)
+{
+ size_t buffer_size;
+ size_t len = 0;
+
+ if (*p < start) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ buffer_size = (size_t) (*p - start);
+ if (psa_export_public_key(pk->priv_id, start, buffer_size,
+ &len) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ *p -= len;
+ memmove(*p, start, len);
+
+ return (int) len;
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+/******************************************************************************
+ * Generic helpers
+ ******************************************************************************/
+
+/* Extend the public mbedtls_pk_get_type() by getting key type also in case of
+ * opaque keys. */
+static mbedtls_pk_type_t pk_get_type_ext(const mbedtls_pk_context *pk)
+{
+ mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (pk_type == MBEDTLS_PK_OPAQUE) {
+ psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t opaque_key_type;
+
+ if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
+ return MBEDTLS_PK_NONE;
+ }
+ opaque_key_type = psa_get_key_type(&opaque_attrs);
+ psa_reset_key_attributes(&opaque_attrs);
+
+ if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) {
+ return MBEDTLS_PK_ECKEY;
+ } else if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) {
+ return MBEDTLS_PK_RSA;
+ } else {
+ return MBEDTLS_PK_NONE;
+ }
+ } else
+#endif
+ return pk_type;
+}
+
+/******************************************************************************
+ * Public functions for writing private/public DER keys.
+ ******************************************************************************/
+int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *key)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len = 0;
+
+#if defined(MBEDTLS_RSA_C)
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key));
+ } else
+#endif
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
+ } else
+#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key));
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+
+ return (int) len;
+}
+
+int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *c;
+ int has_par = 1;
+ size_t len = 0, par_len = 0, oid_len = 0;
+ mbedtls_pk_type_t pk_type;
+ const char *oid = NULL;
if (size == 0) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
@@ -705,25 +576,75 @@
c = buf + size;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
- opaque_key_type = pk_get_opaque_key_type(key);
-#if defined(MBEDTLS_RSA_C)
- is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key));
+
+ if (c - buf < 1) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ /*
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ */
+ *--c = 0;
+ len += 1;
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
+
+ pk_type = pk_get_type_ext(key);
+
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+ if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) {
+ mbedtls_ecp_group_id ec_grp_id = mbedtls_pk_get_ec_group_id(key);
+ if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
+ ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len);
+ if (ret != 0) {
+ return ret;
+ }
+ has_par = 0;
+ } else {
+ MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id));
+ }
+ }
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+
+ /* At this point oid_len is not null only for EC Montgomery keys. */
+ if (oid_len == 0) {
+ ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, &oid_len);
+ if (ret != 0) {
+ return ret;
+ }
+ }
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, oid, oid_len,
+ par_len, has_par));
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+
+ return (int) len;
+}
+
+int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
+{
+ unsigned char *c;
+
+ if (size == 0) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+
+ c = buf + size;
#if defined(MBEDTLS_RSA_C)
- if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) {
+ if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) {
return pk_write_rsa_der(&c, buf, key);
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
+ if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (mbedtls_pk_is_rfc8410(key)) {
return pk_write_ec_rfc8410_der(&c, buf, key);
@@ -733,22 +654,13 @@
} else
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-
- return (int) len;
}
+/******************************************************************************
+ * Public functions for wrinting private/public PEM keys.
+ ******************************************************************************/
#if defined(MBEDTLS_PEM_WRITE_C)
-#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"
-#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"
-
-#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----\n"
-#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"
-#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
-#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
-#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----\n"
-#define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----\n"
-
#define PUB_DER_MAX_BYTES \
(MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \
MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES : MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES)
@@ -759,92 +671,77 @@
int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char output_buf[PUB_DER_MAX_BYTES];
+ unsigned char *output_buf = NULL;
+ output_buf = mbedtls_calloc(1, PUB_DER_MAX_BYTES);
+ if (output_buf == NULL) {
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
size_t olen = 0;
if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
- sizeof(output_buf))) < 0) {
- return ret;
+ PUB_DER_MAX_BYTES)) < 0) {
+ goto cleanup;
}
- if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
- output_buf + sizeof(output_buf) - ret,
+ if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY "\n", PEM_END_PUBLIC_KEY "\n",
+ output_buf + PUB_DER_MAX_BYTES - ret,
ret, buf, size, &olen)) != 0) {
- return ret;
+ goto cleanup;
}
- return 0;
+ ret = 0;
+cleanup:
+ mbedtls_free(output_buf);
+ return ret;
}
int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char output_buf[PRV_DER_MAX_BYTES];
+ unsigned char *output_buf = NULL;
+ output_buf = mbedtls_calloc(1, PRV_DER_MAX_BYTES);
+ if (output_buf == NULL) {
+ return MBEDTLS_ERR_PK_ALLOC_FAILED;
+ }
const char *begin, *end;
size_t olen = 0;
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- int is_ec_opaque = 0;
-#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
- int is_montgomery_opaque = 0;
-#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
-#if defined(MBEDTLS_RSA_C)
- int is_rsa_opaque = 0;
-#endif
- if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) {
- return ret;
+ if ((ret = mbedtls_pk_write_key_der(key, output_buf, PRV_DER_MAX_BYTES)) < 0) {
+ goto cleanup;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
- psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key);
-
#if defined(MBEDTLS_RSA_C)
- is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
-#endif
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
-#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
- if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) {
- is_montgomery_opaque = 1;
- }
-#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_RSA_C)
- if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) {
- begin = PEM_BEGIN_PRIVATE_KEY_RSA;
- end = PEM_END_PRIVATE_KEY_RSA;
+ if (pk_get_type_ext(key) == MBEDTLS_PK_RSA) {
+ begin = PEM_BEGIN_PRIVATE_KEY_RSA "\n";
+ end = PEM_END_PRIVATE_KEY_RSA "\n";
} else
#endif
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
-#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
- if (is_montgomery_opaque ||
- ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) &&
- (mbedtls_pk_is_rfc8410(key)))) {
- begin = PEM_BEGIN_PRIVATE_KEY_PKCS8;
- end = PEM_END_PRIVATE_KEY_PKCS8;
- } else
-#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
- {
- begin = PEM_BEGIN_PRIVATE_KEY_EC;
- end = PEM_END_PRIVATE_KEY_EC;
+ if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) {
+ if (mbedtls_pk_is_rfc8410(key)) {
+ begin = PEM_BEGIN_PRIVATE_KEY_PKCS8 "\n";
+ end = PEM_END_PRIVATE_KEY_PKCS8 "\n";
+ } else {
+ begin = PEM_BEGIN_PRIVATE_KEY_EC "\n";
+ end = PEM_END_PRIVATE_KEY_EC "\n";
}
} else
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ {
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ goto cleanup;
+ }
if ((ret = mbedtls_pem_write_buffer(begin, end,
- output_buf + sizeof(output_buf) - ret,
+ output_buf + PRV_DER_MAX_BYTES - ret,
ret, buf, size, &olen)) != 0) {
- return ret;
+ goto cleanup;
}
- return 0;
+ ret = 0;
+cleanup:
+ mbedtls_zeroize_and_free(output_buf, PRV_DER_MAX_BYTES);
+ return ret;
}
#endif /* MBEDTLS_PEM_WRITE_C */
diff --git a/library/pkwrite.h b/library/pkwrite.h
index aa2f17b..544ab2f 100644
--- a/library/pkwrite.h
+++ b/library/pkwrite.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PK_WRITE_H
@@ -27,6 +15,10 @@
#include "mbedtls/pk.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* Max sizes of key per types. Shown as tag + len (+ content).
*/
@@ -74,6 +66,19 @@
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+
+/* Find the maximum number of bytes necessary to store an EC point. When USE_PSA
+ * is defined this means looking for the maximum between PSA and built-in
+ * supported curves. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define MBEDTLS_PK_MAX_ECC_BYTES (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
+ MBEDTLS_ECP_MAX_BYTES ? \
+ PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \
+ MBEDTLS_ECP_MAX_BYTES)
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#define MBEDTLS_PK_MAX_ECC_BYTES MBEDTLS_ECP_MAX_BYTES
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* EC public keys:
* SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
@@ -85,7 +90,7 @@
* + 2 * ECP_MAX (coords) [1]
* }
*/
-#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_ECP_MAX_BYTES)
+#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_PK_MAX_ECC_BYTES)
/*
* EC private keys:
@@ -96,7 +101,7 @@
* publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above
* }
*/
-#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES)
+#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_PK_MAX_ECC_BYTES)
#else /* MBEDTLS_PK_HAVE_ECC_KEYS */
diff --git a/library/platform.c b/library/platform.c
index b15b7b2..890c4cb 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -2,19 +2,7 @@
* Platform abstraction layer
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/platform_util.c b/library/platform_util.c
index 63b7c41..63643d2 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -3,19 +3,7 @@
* library.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -126,6 +114,26 @@
#else
memset_func(buf, 0, len);
#endif
+
+#if defined(__GNUC__)
+ /* For clang and recent gcc, pretend that we have some assembly that reads the
+ * zero'd memory as an additional protection against being optimised away. */
+#if defined(__clang__) || (__GNUC__ >= 10)
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wvla"
+#elif defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wvla"
+#endif
+ asm volatile ("" : : "m" (*(char (*)[len]) buf) :);
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#elif defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC diagnostic pop
+#endif
+#endif
+#endif
}
}
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
@@ -235,17 +243,17 @@
#include <time.h>
#if !defined(_WIN32) && \
(defined(unix) || defined(__unix) || defined(__unix__) || \
- (defined(__APPLE__) && defined(__MACH__)))
+ (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__))
#include <unistd.h>
-#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */
-#if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L)
+#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__) || __HAIKU__) */
+#if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L) || defined(__HAIKU__)
mbedtls_ms_time_t mbedtls_ms_time(void)
{
int ret;
struct timespec tv;
mbedtls_ms_time_t current_ms;
-#if defined(__linux__)
+#if defined(__linux__) && defined(CLOCK_BOOTTIME)
ret = clock_gettime(CLOCK_BOOTTIME, &tv);
#else
ret = clock_gettime(CLOCK_MONOTONIC, &tv);
diff --git a/library/poly1305.c b/library/poly1305.c
index f4e1d3f..c9ebe9e 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -4,19 +4,7 @@
* \brief Poly1305 authentication algorithm.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 2b9eca8..10d17b6 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -34,6 +22,7 @@
#include "psa_crypto_core.h"
#include "psa_crypto_invasive.h"
#include "psa_crypto_driver_wrappers.h"
+#include "psa_crypto_driver_wrappers_no_static.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_ffdh.h"
#include "psa_crypto_hash.h"
@@ -64,6 +53,7 @@
#include "mbedtls/cipher.h"
#include "mbedtls/ccm.h"
#include "mbedtls/cmac.h"
+#include "mbedtls/constant_time.h"
#include "mbedtls/des.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/ecp.h"
@@ -71,7 +61,6 @@
#include "mbedtls/error.h"
#include "mbedtls/gcm.h"
#include "mbedtls/md5.h"
-#include "mbedtls/md.h"
#include "mbedtls/pk.h"
#include "pk_wrap.h"
#include "mbedtls/platform_util.h"
@@ -104,9 +93,9 @@
#define RNG_SEEDED 2
typedef struct {
- unsigned initialized : 1;
- unsigned rng_state : 2;
- unsigned drivers_initialized : 1;
+ uint8_t initialized;
+ uint8_t rng_state;
+ uint8_t drivers_initialized;
mbedtls_psa_random_context_t rng;
} psa_global_data_t;
@@ -152,9 +141,15 @@
case 0:
return PSA_SUCCESS;
+#if defined(MBEDTLS_AES_C)
case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
return PSA_ERROR_NOT_SUPPORTED;
+ case MBEDTLS_ERR_AES_BAD_INPUT_DATA:
+ return PSA_ERROR_INVALID_ARGUMENT;
+#endif
+
+#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_ASN1_WRITE_C)
case MBEDTLS_ERR_ASN1_OUT_OF_DATA:
case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:
case MBEDTLS_ERR_ASN1_INVALID_LENGTH:
@@ -165,26 +160,34 @@
return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:
return PSA_ERROR_BUFFER_TOO_SMALL;
-
-#if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
- case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
#endif
+
+#if defined(MBEDTLS_CAMELLIA_C)
+ case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
return PSA_ERROR_NOT_SUPPORTED;
+#endif
+#if defined(MBEDTLS_CCM_C)
case MBEDTLS_ERR_CCM_BAD_INPUT:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_CCM_AUTH_FAILED:
return PSA_ERROR_INVALID_SIGNATURE;
+#endif
+#if defined(MBEDTLS_CHACHA20_C)
case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
+#endif
+#if defined(MBEDTLS_CHACHAPOLY_C)
case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE:
return PSA_ERROR_BAD_STATE;
case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED:
return PSA_ERROR_INVALID_SIGNATURE;
+#endif
+#if defined(MBEDTLS_CIPHER_C)
case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
@@ -199,6 +202,7 @@
return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
return PSA_ERROR_CORRUPTION_DETECTED;
+#endif
#if !(defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \
defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE))
@@ -213,20 +217,24 @@
return PSA_ERROR_INSUFFICIENT_ENTROPY;
#endif
+#if defined(MBEDTLS_DES_C)
case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
return PSA_ERROR_NOT_SUPPORTED;
+#endif
case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
return PSA_ERROR_INSUFFICIENT_ENTROPY;
+#if defined(MBEDTLS_GCM_C)
case MBEDTLS_ERR_GCM_AUTH_FAILED:
return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL:
return PSA_ERROR_BUFFER_TOO_SMALL;
case MBEDTLS_ERR_GCM_BAD_INPUT:
return PSA_ERROR_INVALID_ARGUMENT;
+#endif
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
@@ -241,17 +249,24 @@
return PSA_ERROR_INSUFFICIENT_ENTROPY;
#endif
+#if defined(MBEDTLS_MD_LIGHT)
case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MD_ALLOC_FAILED:
return PSA_ERROR_INSUFFICIENT_MEMORY;
+#if defined(MBEDTLS_FS_IO)
case MBEDTLS_ERR_MD_FILE_IO_ERROR:
return PSA_ERROR_STORAGE_FAILURE;
+#endif
+#endif
+#if defined(MBEDTLS_BIGNUM_C)
+#if defined(MBEDTLS_FS_IO)
case MBEDTLS_ERR_MPI_FILE_IO_ERROR:
return PSA_ERROR_STORAGE_FAILURE;
+#endif
case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
@@ -266,14 +281,19 @@
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_ALLOC_FAILED:
return PSA_ERROR_INSUFFICIENT_MEMORY;
+#endif
+#if defined(MBEDTLS_PK_C)
case MBEDTLS_ERR_PK_ALLOC_FAILED:
return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_PK_TYPE_MISMATCH:
case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || defined(MBEDTLS_FS_IO) || \
+ defined(MBEDTLS_PSA_ITS_FILE_C)
case MBEDTLS_ERR_PK_FILE_IO_ERROR:
return PSA_ERROR_STORAGE_FAILURE;
+#endif
case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
return PSA_ERROR_INVALID_ARGUMENT;
@@ -292,12 +312,14 @@
return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_PK_BUFFER_TOO_SMALL:
return PSA_ERROR_BUFFER_TOO_SMALL;
+#endif
case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED:
return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
return PSA_ERROR_NOT_SUPPORTED;
+#if defined(MBEDTLS_RSA_C)
case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_RSA_INVALID_PADDING:
@@ -315,7 +337,9 @@
return PSA_ERROR_BUFFER_TOO_SMALL;
case MBEDTLS_ERR_RSA_RNG_FAILED:
return PSA_ERROR_INSUFFICIENT_ENTROPY;
+#endif
+#if defined(MBEDTLS_ECP_LIGHT)
case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
case MBEDTLS_ERR_ECP_INVALID_KEY:
return PSA_ERROR_INVALID_ARGUMENT;
@@ -331,8 +355,11 @@
case MBEDTLS_ERR_ECP_RANDOM_FAILED:
return PSA_ERROR_INSUFFICIENT_ENTROPY;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
case MBEDTLS_ERR_ECP_IN_PROGRESS:
return PSA_OPERATION_INCOMPLETE;
+#endif
+#endif
case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
return PSA_ERROR_CORRUPTION_DETECTED;
@@ -381,155 +408,6 @@
}
-
-
-/****************************************************************/
-/* Key management */
-/****************************************************************/
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
- size_t *bits)
-{
- switch (grpid) {
- case MBEDTLS_ECP_DP_SECP192R1:
- *bits = 192;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_SECP224R1:
- *bits = 224;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_SECP256R1:
- *bits = 256;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_SECP384R1:
- *bits = 384;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_SECP521R1:
- *bits = 521;
- return PSA_ECC_FAMILY_SECP_R1;
- case MBEDTLS_ECP_DP_BP256R1:
- *bits = 256;
- return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
- case MBEDTLS_ECP_DP_BP384R1:
- *bits = 384;
- return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
- case MBEDTLS_ECP_DP_BP512R1:
- *bits = 512;
- return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
- case MBEDTLS_ECP_DP_CURVE25519:
- *bits = 255;
- return PSA_ECC_FAMILY_MONTGOMERY;
- case MBEDTLS_ECP_DP_SECP192K1:
- *bits = 192;
- return PSA_ECC_FAMILY_SECP_K1;
- case MBEDTLS_ECP_DP_SECP224K1:
- *bits = 224;
- return PSA_ECC_FAMILY_SECP_K1;
- case MBEDTLS_ECP_DP_SECP256K1:
- *bits = 256;
- return PSA_ECC_FAMILY_SECP_K1;
- case MBEDTLS_ECP_DP_CURVE448:
- *bits = 448;
- return PSA_ECC_FAMILY_MONTGOMERY;
- default:
- *bits = 0;
- return 0;
- }
-}
-
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy)
-{
- switch (curve) {
- case PSA_ECC_FAMILY_SECP_R1:
- switch (bits) {
-#if defined(PSA_WANT_ECC_SECP_R1_192)
- case 192:
- return MBEDTLS_ECP_DP_SECP192R1;
-#endif
-#if defined(PSA_WANT_ECC_SECP_R1_224)
- case 224:
- return MBEDTLS_ECP_DP_SECP224R1;
-#endif
-#if defined(PSA_WANT_ECC_SECP_R1_256)
- case 256:
- return MBEDTLS_ECP_DP_SECP256R1;
-#endif
-#if defined(PSA_WANT_ECC_SECP_R1_384)
- case 384:
- return MBEDTLS_ECP_DP_SECP384R1;
-#endif
-#if defined(PSA_WANT_ECC_SECP_R1_521)
- case 521:
- return MBEDTLS_ECP_DP_SECP521R1;
- case 528:
- if (bits_is_sloppy) {
- return MBEDTLS_ECP_DP_SECP521R1;
- }
- break;
-#endif
- }
- break;
-
- case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
- switch (bits) {
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
- case 256:
- return MBEDTLS_ECP_DP_BP256R1;
-#endif
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
- case 384:
- return MBEDTLS_ECP_DP_BP384R1;
-#endif
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
- case 512:
- return MBEDTLS_ECP_DP_BP512R1;
-#endif
- }
- break;
-
- case PSA_ECC_FAMILY_MONTGOMERY:
- switch (bits) {
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
- case 255:
- return MBEDTLS_ECP_DP_CURVE25519;
- case 256:
- if (bits_is_sloppy) {
- return MBEDTLS_ECP_DP_CURVE25519;
- }
- break;
-#endif
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
- case 448:
- return MBEDTLS_ECP_DP_CURVE448;
-#endif
- }
- break;
-
- case PSA_ECC_FAMILY_SECP_K1:
- switch (bits) {
-#if defined(PSA_WANT_ECC_SECP_K1_192)
- case 192:
- return MBEDTLS_ECP_DP_SECP192K1;
-#endif
-#if defined(PSA_WANT_ECC_SECP_K1_224)
- case 224:
- return MBEDTLS_ECP_DP_SECP224K1;
-#endif
-#if defined(PSA_WANT_ECC_SECP_K1_256)
- case 256:
- return MBEDTLS_ECP_DP_SECP256K1;
-#endif
- }
- break;
- }
-
- (void) bits_is_sloppy;
- return MBEDTLS_ECP_DP_NONE;
-}
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type,
size_t bits)
{
@@ -1325,9 +1203,9 @@
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
case PSA_KEY_TYPE_RSA_KEY_PAIR:
case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
- /* TODO: reporting the public exponent for opaque keys
- * is not yet implemented.
- * https://github.com/ARMmbed/mbed-crypto/issues/216
+ /* TODO: This is a temporary situation where domain parameters are deprecated,
+ * but we need it for namely generating an RSA key with a non-default exponent.
+ * This would be improved after https://github.com/Mbed-TLS/mbedtls/issues/6494.
*/
if (!psa_key_lifetime_is_external(slot->attr.lifetime)) {
mbedtls_rsa_context *rsa = NULL;
@@ -1347,6 +1225,12 @@
mbedtls_free(rsa);
}
break;
+#else
+ case PSA_KEY_TYPE_RSA_KEY_PAIR:
+ case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
+ attributes->domain_parameters = NULL;
+ attributes->domain_parameters_size = SIZE_MAX;
+ break;
#endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
@@ -1796,6 +1680,8 @@
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ slot->status = PSA_SLOT_OCCUPIED;
+
return PSA_SUCCESS;
}
@@ -2356,7 +2242,7 @@
goto exit;
}
- if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
+ if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
@@ -2405,7 +2291,7 @@
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
+ if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
@@ -2787,7 +2673,7 @@
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if (mbedtls_psa_safer_memcmp(mac, actual_mac, actual_mac_length) != 0) {
+ if (mbedtls_ct_memcmp(mac, actual_mac, actual_mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
@@ -4109,7 +3995,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
- size_t default_iv_length;
+ size_t default_iv_length = 0;
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
@@ -4719,7 +4605,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
- size_t required_nonce_size;
+ size_t required_nonce_size = 0;
*nonce_length = 0;
@@ -5093,7 +4979,7 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+ defined(PSA_HAVE_SOFT_PBKDF2)
#define AT_LEAST_ONE_BUILTIN_KDF
#endif /* At least one builtin KDF */
@@ -5193,8 +5079,8 @@
sizeof(operation->ctx.tls12_ecjpake_to_pms.data));
} else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
- if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+#if defined(PSA_HAVE_SOFT_PBKDF2)
+ if (PSA_ALG_IS_PBKDF2(kdf_alg)) {
if (operation->ctx.pbkdf2.salt != NULL) {
mbedtls_zeroize_and_free(operation->ctx.pbkdf2.salt,
operation->ctx.pbkdf2.salt_length);
@@ -5202,7 +5088,7 @@
status = PSA_SUCCESS;
} else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) */
+#endif /* defined(PSA_HAVE_SOFT_PBKDF2) */
{
status = PSA_ERROR_BAD_STATE;
}
@@ -5529,7 +5415,7 @@
}
#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+#if defined(PSA_HAVE_SOFT_PBKDF2)
static psa_status_t psa_key_derivation_pbkdf2_generate_block(
psa_pbkdf2_key_derivation_t *pbkdf2,
psa_algorithm_t prf_alg,
@@ -5578,11 +5464,14 @@
memcpy(U_accumulator, U_i, prf_output_length);
for (i = 1; i < pbkdf2->input_cost; i++) {
+ /* We are passing prf_output_length as mac_size because the driver
+ * function directly sets mac_output_length as mac_size upon success.
+ * See https://github.com/Mbed-TLS/mbedtls/issues/7801 */
status = psa_driver_wrapper_mac_compute(attributes,
pbkdf2->password,
pbkdf2->password_length,
prf_alg, U_i, prf_output_length,
- U_i, sizeof(U_i),
+ U_i, prf_output_length,
&mac_output_length);
if (status != PSA_SUCCESS) {
goto cleanup;
@@ -5614,6 +5503,10 @@
prf_alg = PSA_ALG_HMAC(PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg));
prf_output_length = PSA_HASH_LENGTH(prf_alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
+ } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
+ prf_alg = PSA_ALG_CMAC;
+ prf_output_length = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
@@ -5658,7 +5551,7 @@
return PSA_SUCCESS;
}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#endif /* PSA_HAVE_SOFT_PBKDF2 */
psa_status_t psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *operation,
@@ -5713,12 +5606,12 @@
&operation->ctx.tls12_ecjpake_to_pms, output, output_length);
} else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
- if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+#if defined(PSA_HAVE_SOFT_PBKDF2)
+ if (PSA_ALG_IS_PBKDF2(kdf_alg)) {
status = psa_key_derivation_pbkdf2_read(&operation->ctx.pbkdf2, kdf_alg,
output, output_length);
} else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#endif /* PSA_HAVE_SOFT_PBKDF2 */
{
(void) kdf_alg;
@@ -6145,6 +6038,11 @@
return 1;
}
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128)
+ if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
+ return 1;
+ }
+#endif
return 0;
}
@@ -6170,10 +6068,14 @@
}
/* All currently supported key derivation algorithms (apart from
- * ecjpake to pms) are based on a hash algorithm. */
+ * ecjpake to pms and pbkdf2_aes_cmac_128) are based on a hash algorithm. */
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
size_t hash_size = PSA_HASH_LENGTH(hash_alg);
- if (kdf_alg != PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+ if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+ hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256);
+ } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
+ hash_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC);
+ } else {
if (hash_size == 0) {
return PSA_ERROR_NOT_SUPPORTED;
}
@@ -6185,8 +6087,6 @@
if (status != PSA_SUCCESS) {
return status;
}
- } else {
- hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256);
}
if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
@@ -6558,7 +6458,7 @@
memcpy(cur, data, data_length);
cur += data_length;
- status = psa_tls12_prf_set_key(prf, pms, cur - pms);
+ status = psa_tls12_prf_set_key(prf, pms, (size_t) (cur - pms));
mbedtls_zeroize_and_free(pms, pms_len);
return status;
@@ -6638,7 +6538,7 @@
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+#if defined(PSA_HAVE_SOFT_PBKDF2)
static psa_status_t psa_pbkdf2_set_input_cost(
psa_pbkdf2_key_derivation_t *pbkdf2,
psa_key_derivation_step_t step,
@@ -6670,20 +6570,17 @@
const uint8_t *data,
size_t data_length)
{
- if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET &&
- pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) {
+ if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
+ pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET;
+ } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
+ /* Appending to existing salt. No state change. */
+ } else {
return PSA_ERROR_BAD_STATE;
}
- if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
- pbkdf2->salt = mbedtls_calloc(1, data_length);
- if (pbkdf2->salt == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
-
- memcpy(pbkdf2->salt, data, data_length);
- pbkdf2->salt_length = data_length;
- } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
+ if (data_length == 0) {
+ /* Appending an empty string, nothing to do. */
+ } else {
uint8_t *next_salt;
next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length);
@@ -6691,18 +6588,18 @@
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
- memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length);
+ if (pbkdf2->salt_length != 0) {
+ memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length);
+ }
memcpy(next_salt + pbkdf2->salt_length, data, data_length);
pbkdf2->salt_length += data_length;
mbedtls_free(pbkdf2->salt);
pbkdf2->salt = next_salt;
}
-
- pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET;
-
return PSA_SUCCESS;
}
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg,
const uint8_t *input,
size_t input_len,
@@ -6719,6 +6616,39 @@
}
return status;
}
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128)
+static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input,
+ size_t input_len,
+ uint8_t *output,
+ size_t *output_len)
+{
+ psa_status_t status = PSA_SUCCESS;
+ if (input_len != PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC)) {
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t zeros[16] = { 0 };
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros)));
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+ /* Passing PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC) as
+ * mac_size as the driver function sets mac_output_length = mac_size
+ * on success. See https://github.com/Mbed-TLS/mbedtls/issues/7801 */
+ status = psa_driver_wrapper_mac_compute(&attributes,
+ zeros, sizeof(zeros),
+ PSA_ALG_CMAC, input, input_len,
+ output,
+ PSA_MAC_LENGTH(PSA_KEY_TYPE_AES,
+ 128U,
+ PSA_ALG_CMAC),
+ output_len);
+ } else {
+ memcpy(output, input, input_len);
+ *output_len = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC);
+ }
+ return status;
+}
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */
static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2,
psa_algorithm_t kdf_alg,
@@ -6730,13 +6660,23 @@
return PSA_ERROR_BAD_STATE;
}
- if (data_length != 0) {
- if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
- psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg);
- status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length,
- pbkdf2->password,
- &pbkdf2->password_length);
- }
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+ if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+ psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg);
+ status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length,
+ pbkdf2->password,
+ &pbkdf2->password_length);
+ } else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128)
+ if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
+ status = psa_pbkdf2_cmac_set_password(data, data_length,
+ pbkdf2->password,
+ &pbkdf2->password_length);
+ } else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */
+ {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET;
@@ -6759,7 +6699,7 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#endif /* PSA_HAVE_SOFT_PBKDF2 */
/** Check whether the given key type is acceptable for the given
* input step of a key derivation.
@@ -6856,12 +6796,12 @@
&operation->ctx.tls12_ecjpake_to_pms, step, data, data_length);
} else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
- if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+#if defined(PSA_HAVE_SOFT_PBKDF2)
+ if (PSA_ALG_IS_PBKDF2(kdf_alg)) {
status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg,
step, data, data_length);
} else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#endif /* PSA_HAVE_SOFT_PBKDF2 */
{
/* This can't happen unless the operation object was not initialized */
(void) data;
@@ -6885,12 +6825,12 @@
psa_status_t status;
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
- if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+#if defined(PSA_HAVE_SOFT_PBKDF2)
+ if (PSA_ALG_IS_PBKDF2(kdf_alg)) {
status = psa_pbkdf2_set_input_cost(
&operation->ctx.pbkdf2, step, value);
} else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#endif /* PSA_HAVE_SOFT_PBKDF2 */
{
(void) step;
(void) value;
@@ -7605,6 +7545,11 @@
}
global_data.drivers_initialized = 1;
+ status = psa_initialize_key_slots();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
/* Initialize and seed the random generator. */
mbedtls_psa_random_init(&global_data.rng);
global_data.rng_state = RNG_INITIALIZED;
@@ -7614,11 +7559,6 @@
}
global_data.rng_state = RNG_SEEDED;
- status = psa_initialize_key_slots();
- if (status != PSA_SUCCESS) {
- goto exit;
- }
-
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
status = psa_crypto_load_transaction();
if (status == PSA_SUCCESS) {
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 85d1f39..49aa961 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -43,19 +31,15 @@
psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t key_bits;
- const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_id_t cipher_id;
-
+ mbedtls_cipher_mode_t mode;
+ size_t key_bits = attributes->core.bits;
(void) key_buffer_size;
- key_bits = attributes->core.bits;
-
- cipher_info = mbedtls_cipher_info_from_psa(alg,
- attributes->core.type, key_bits,
- &cipher_id);
- if (cipher_info == NULL) {
- return PSA_ERROR_NOT_SUPPORTED;
+ status = mbedtls_cipher_values_from_psa(alg, attributes->core.type,
+ &key_bits, &mode, &cipher_id);
+ if (status != PSA_SUCCESS) {
+ return status;
}
switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index 4b24b0f..a339219 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_AEAD_H
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index b997a07..3132854 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -31,14 +19,122 @@
#include <string.h>
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
+/* mbedtls_cipher_values_from_psa() below only checks if the proper build symbols
+ * are enabled, but it does not provide any compatibility check between them
+ * (i.e. if the specified key works with the specified algorithm). This helper
+ * function is meant to provide this support.
+ * mbedtls_cipher_info_from_psa() might be used for the same purpose, but it
+ * requires CIPHER_C to be enabled.
+ */
+static psa_status_t mbedtls_cipher_validate_values(
+ psa_algorithm_t alg,
+ psa_key_type_t key_type)
+{
+ /* Reduce code size - hinting to the compiler about what it can assume allows the compiler to
+ eliminate bits of the logic below. */
+#if !defined(PSA_WANT_KEY_TYPE_AES)
+ MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_AES);
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_ARIA)
+ MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_ARIA);
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_CAMELLIA)
+ MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_CAMELLIA);
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_CHACHA20)
+ MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_CHACHA20);
+#endif
+#if !defined(PSA_WANT_KEY_TYPE_DES)
+ MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_DES);
+#endif
+#if !defined(PSA_WANT_ALG_CCM)
+ MBEDTLS_ASSUME(alg != PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0));
+#endif
+#if !defined(PSA_WANT_ALG_GCM)
+ MBEDTLS_ASSUME(alg != PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0));
+#endif
+#if !defined(PSA_WANT_ALG_STREAM_CIPHER)
+ MBEDTLS_ASSUME(alg != PSA_ALG_STREAM_CIPHER);
+#endif
+#if !defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+ MBEDTLS_ASSUME(alg != PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0));
+#endif
+#if !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)
+ MBEDTLS_ASSUME(alg != PSA_ALG_CCM_STAR_NO_TAG);
+#endif
+#if !defined(PSA_WANT_ALG_CTR)
+ MBEDTLS_ASSUME(alg != PSA_ALG_CTR);
+#endif
+#if !defined(PSA_WANT_ALG_CFB)
+ MBEDTLS_ASSUME(alg != PSA_ALG_CFB);
+#endif
+#if !defined(PSA_WANT_ALG_OFB)
+ MBEDTLS_ASSUME(alg != PSA_ALG_OFB);
+#endif
+#if !defined(PSA_WANT_ALG_XTS)
+ MBEDTLS_ASSUME(alg != PSA_ALG_XTS);
+#endif
+#if !defined(PSA_WANT_ALG_ECB_NO_PADDING)
+ MBEDTLS_ASSUME(alg != PSA_ALG_ECB_NO_PADDING);
+#endif
+#if !defined(PSA_WANT_ALG_CBC_NO_PADDING)
+ MBEDTLS_ASSUME(alg != PSA_ALG_CBC_NO_PADDING);
+#endif
+#if !defined(PSA_WANT_ALG_CBC_PKCS7)
+ MBEDTLS_ASSUME(alg != PSA_ALG_CBC_PKCS7);
+#endif
+#if !defined(PSA_WANT_ALG_CMAC)
+ MBEDTLS_ASSUME(alg != PSA_ALG_CMAC);
+#endif
+
+ if (alg == PSA_ALG_STREAM_CIPHER ||
+ alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0)) {
+ if (key_type == PSA_KEY_TYPE_CHACHA20) {
+ return PSA_SUCCESS;
+ }
+ }
+
+ if (alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0) ||
+ alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0) ||
+ alg == PSA_ALG_CCM_STAR_NO_TAG) {
+ if (key_type == PSA_KEY_TYPE_AES ||
+ key_type == PSA_KEY_TYPE_ARIA ||
+ key_type == PSA_KEY_TYPE_CAMELLIA) {
+ return PSA_SUCCESS;
+ }
+ }
+
+ if (alg == PSA_ALG_CTR ||
+ alg == PSA_ALG_CFB ||
+ alg == PSA_ALG_OFB ||
+ alg == PSA_ALG_XTS ||
+ alg == PSA_ALG_ECB_NO_PADDING ||
+ alg == PSA_ALG_CBC_NO_PADDING ||
+ alg == PSA_ALG_CBC_PKCS7 ||
+ alg == PSA_ALG_CMAC) {
+ if (key_type == PSA_KEY_TYPE_AES ||
+ key_type == PSA_KEY_TYPE_ARIA ||
+ key_type == PSA_KEY_TYPE_DES ||
+ key_type == PSA_KEY_TYPE_CAMELLIA) {
+ return PSA_SUCCESS;
+ }
+ }
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t mbedtls_cipher_values_from_psa(
psa_algorithm_t alg,
psa_key_type_t key_type,
- size_t key_bits,
+ size_t *key_bits,
+ mbedtls_cipher_mode_t *mode,
mbedtls_cipher_id_t *cipher_id)
{
- mbedtls_cipher_mode_t mode;
mbedtls_cipher_id_t cipher_id_tmp;
+ /* Only DES modifies key_bits */
+#if !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
+ (void) key_bits;
+#endif
if (PSA_ALG_IS_AEAD(alg)) {
alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
@@ -48,66 +144,66 @@
switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
case PSA_ALG_STREAM_CIPHER:
- mode = MBEDTLS_MODE_STREAM;
+ *mode = MBEDTLS_MODE_STREAM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
case PSA_ALG_CTR:
- mode = MBEDTLS_MODE_CTR;
+ *mode = MBEDTLS_MODE_CTR;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
case PSA_ALG_CFB:
- mode = MBEDTLS_MODE_CFB;
+ *mode = MBEDTLS_MODE_CFB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
case PSA_ALG_OFB:
- mode = MBEDTLS_MODE_OFB;
+ *mode = MBEDTLS_MODE_OFB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
case PSA_ALG_ECB_NO_PADDING:
- mode = MBEDTLS_MODE_ECB;
+ *mode = MBEDTLS_MODE_ECB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
case PSA_ALG_CBC_NO_PADDING:
- mode = MBEDTLS_MODE_CBC;
+ *mode = MBEDTLS_MODE_CBC;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
case PSA_ALG_CBC_PKCS7:
- mode = MBEDTLS_MODE_CBC;
+ *mode = MBEDTLS_MODE_CBC;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)
case PSA_ALG_CCM_STAR_NO_TAG:
- mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
+ *mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
- mode = MBEDTLS_MODE_CCM;
+ *mode = MBEDTLS_MODE_CCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
- mode = MBEDTLS_MODE_GCM;
+ *mode = MBEDTLS_MODE_GCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
- mode = MBEDTLS_MODE_CHACHAPOLY;
+ *mode = MBEDTLS_MODE_CHACHAPOLY;
break;
#endif
default:
- return NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
}
} else if (alg == PSA_ALG_CMAC) {
- mode = MBEDTLS_MODE_ECB;
+ *mode = MBEDTLS_MODE_ECB;
} else {
- return NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
}
switch (key_type) {
@@ -125,7 +221,7 @@
case PSA_KEY_TYPE_DES:
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
* and 192 for three-key Triple-DES. */
- if (key_bits == 64) {
+ if (*key_bits == 64) {
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
} else {
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
@@ -133,8 +229,8 @@
/* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
* but two-key Triple-DES is functionally three-key Triple-DES
* with K1=K3, so that's how we present it to mbedtls. */
- if (key_bits == 128) {
- key_bits = 192;
+ if (*key_bits == 128) {
+ *key_bits = 192;
}
break;
#endif
@@ -149,16 +245,38 @@
break;
#endif
default:
- return NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
}
if (cipher_id != NULL) {
*cipher_id = cipher_id_tmp;
}
- return mbedtls_cipher_info_from_values(cipher_id_tmp,
- (int) key_bits, mode);
+ return mbedtls_cipher_validate_values(alg, key_type);
}
+#if defined(MBEDTLS_CIPHER_C)
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
+ psa_algorithm_t alg,
+ psa_key_type_t key_type,
+ size_t key_bits,
+ mbedtls_cipher_id_t *cipher_id)
+{
+ mbedtls_cipher_mode_t mode;
+ psa_status_t status;
+ mbedtls_cipher_id_t cipher_id_tmp;
+
+ status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp);
+ if (status != PSA_SUCCESS) {
+ return NULL;
+ }
+ if (cipher_id != NULL) {
+ *cipher_id = cipher_id_tmp;
+ }
+
+ return mbedtls_cipher_info_from_values(cipher_id_tmp, (int) key_bits, mode);
+}
+#endif /* MBEDTLS_CIPHER_C */
+
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
static psa_status_t psa_cipher_setup(
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index bf43ff0..cc56585 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_CIPHER_H
@@ -28,6 +16,28 @@
* as well as the PSA type and size of the key to be used with the cipher
* algorithm.
*
+ * \param[in] alg PSA cipher algorithm identifier
+ * \param[in] key_type PSA key type
+ * \param[in,out] key_bits Size of the key in bits. The value provided in input
+ * might be updated if necessary.
+ * \param[out] mode Mbed TLS cipher mode
+ * \param[out] cipher_id Mbed TLS cipher algorithm identifier
+ *
+ * \return On success \c PSA_SUCCESS is returned and key_bits, mode and cipher_id
+ * are properly updated.
+ * \c PSA_ERROR_NOT_SUPPORTED is returned if the cipher algorithm is not
+ * supported.
+ */
+
+psa_status_t mbedtls_cipher_values_from_psa(psa_algorithm_t alg, psa_key_type_t key_type,
+ size_t *key_bits, mbedtls_cipher_mode_t *mode,
+ mbedtls_cipher_id_t *cipher_id);
+
+#if defined(MBEDTLS_CIPHER_C)
+/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
+ * as well as the PSA type and size of the key to be used with the cipher
+ * algorithm.
+ *
* \param alg PSA cipher algorithm identifier
* \param key_type PSA key type
* \param key_bits Size of the key in bits
@@ -39,6 +49,7 @@
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
mbedtls_cipher_id_t *cipher_id);
+#endif /* MBEDTLS_CIPHER_C */
/**
* \brief Set the key for a multipart symmetric encryption operation.
diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c
index c323427..472d3d3 100644
--- a/library/psa_crypto_client.c
+++ b/library/psa_crypto_client.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -65,6 +53,11 @@
const psa_key_attributes_t *attributes,
uint8_t *data, size_t data_size, size_t *data_length)
{
+ if (attributes->domain_parameters == NULL &&
+ attributes->domain_parameters_size == SIZE_MAX) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
if (attributes->domain_parameters_size > data_size) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 8bc1b64..46c5775 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -3,25 +3,20 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_CORE_H
#define PSA_CRYPTO_CORE_H
-#include "mbedtls/build_info.h"
+/*
+ * Include the build-time configuration information header. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * TF-PSA-Crypto repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
@@ -38,26 +33,10 @@
*/
int psa_can_do_hash(psa_algorithm_t hash_alg);
-/** Constant-time buffer comparison
- *
- * \param[in] a Left-hand buffer for comparison.
- * \param[in] b Right-hand buffer for comparison.
- * \param n Amount of bytes to compare.
- *
- * \return 0 if the buffer contents are equal, non-zero otherwise
- */
-static inline int mbedtls_psa_safer_memcmp(
- const uint8_t *a, const uint8_t *b, size_t n)
-{
- size_t i;
- unsigned char diff = 0;
-
- for (i = 0; i < n; i++) {
- diff |= a[i] ^ b[i];
- }
-
- return diff;
-}
+typedef enum {
+ PSA_SLOT_EMPTY = 0,
+ PSA_SLOT_OCCUPIED,
+} psa_key_slot_status_t;
/** The data structure representing a key slot, containing key material
* and metadata for one key.
@@ -65,6 +44,8 @@
typedef struct {
psa_core_key_attributes_t attr;
+ psa_key_slot_status_t status;
+
/*
* Number of locks on the key slot held by the library.
*
@@ -114,7 +95,7 @@
*/
static inline int psa_is_key_slot_occupied(const psa_key_slot_t *slot)
{
- return slot->attr.type != 0;
+ return slot->status == PSA_SLOT_OCCUPIED;
}
/** Test whether a key slot is locked.
@@ -246,12 +227,12 @@
const uint8_t *data,
size_t data_length);
-/** Convert an mbed TLS error code to a PSA error code
+/** Convert an Mbed TLS error code to a PSA error code
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
- * \param ret An mbed TLS-thrown error code
+ * \param ret An Mbed TLS-thrown error code
*
* \return The corresponding PSA error code
*/
diff --git a/library/psa_crypto_core_common.h b/library/psa_crypto_core_common.h
index dd72ab1..98fce2c 100644
--- a/library/psa_crypto_core_common.h
+++ b/library/psa_crypto_core_common.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_CORE_COMMON_H
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
deleted file mode 100644
index cf8fe69..0000000
--- a/library/psa_crypto_driver_wrappers.h
+++ /dev/null
@@ -1,445 +0,0 @@
-/*
- * Function signatures for functionality that can be provided by
- * cryptographic accelerators.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_DRIVER_WRAPPERS_H
-#define PSA_CRYPTO_DRIVER_WRAPPERS_H
-
-#include "psa/crypto.h"
-#include "psa/crypto_driver_common.h"
-
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
-#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
-
-/*
- * Initialization and termination functions
- */
-psa_status_t psa_driver_wrapper_init(void);
-void psa_driver_wrapper_free(void);
-
-/*
- * Signature functions
- */
-psa_status_t psa_driver_wrapper_sign_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length);
-
-psa_status_t psa_driver_wrapper_verify_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *signature,
- size_t signature_length);
-
-psa_status_t psa_driver_wrapper_sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length);
-
-psa_status_t psa_driver_wrapper_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length);
-
-/*
- * Interruptible Signature functions
- */
-
-uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
- psa_sign_hash_interruptible_operation_t *operation);
-
-uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
- psa_verify_hash_interruptible_operation_t *operation);
-
-psa_status_t psa_driver_wrapper_sign_hash_start(
- psa_sign_hash_interruptible_operation_t *operation,
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length);
-
-psa_status_t psa_driver_wrapper_sign_hash_complete(
- psa_sign_hash_interruptible_operation_t *operation,
- uint8_t *signature, size_t signature_size,
- size_t *signature_length);
-
-psa_status_t psa_driver_wrapper_sign_hash_abort(
- psa_sign_hash_interruptible_operation_t *operation);
-
-psa_status_t psa_driver_wrapper_verify_hash_start(
- psa_verify_hash_interruptible_operation_t *operation,
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length);
-
-psa_status_t psa_driver_wrapper_verify_hash_complete(
- psa_verify_hash_interruptible_operation_t *operation);
-
-psa_status_t psa_driver_wrapper_verify_hash_abort(
- psa_verify_hash_interruptible_operation_t *operation);
-
-/*
- * Key handling functions
- */
-
-psa_status_t psa_driver_wrapper_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data, size_t data_length,
- uint8_t *key_buffer, size_t key_buffer_size,
- size_t *key_buffer_length, size_t *bits);
-
-psa_status_t psa_driver_wrapper_export_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length);
-
-psa_status_t psa_driver_wrapper_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length);
-
-psa_status_t psa_driver_wrapper_get_key_buffer_size(
- const psa_key_attributes_t *attributes,
- size_t *key_buffer_size);
-
-psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- size_t *key_buffer_size);
-
-psa_status_t psa_driver_wrapper_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
-
-psa_status_t psa_driver_wrapper_get_builtin_key(
- psa_drv_slot_number_t slot_number,
- psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
-
-psa_status_t psa_driver_wrapper_copy_key(
- psa_key_attributes_t *attributes,
- const uint8_t *source_key, size_t source_key_length,
- uint8_t *target_key_buffer, size_t target_key_buffer_size,
- size_t *target_key_buffer_length);
-/*
- * Cipher functions
- */
-psa_status_t psa_driver_wrapper_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *iv,
- size_t iv_length,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t psa_driver_wrapper_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
- psa_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
- psa_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t psa_driver_wrapper_cipher_set_iv(
- psa_cipher_operation_t *operation,
- const uint8_t *iv,
- size_t iv_length);
-
-psa_status_t psa_driver_wrapper_cipher_update(
- psa_cipher_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t psa_driver_wrapper_cipher_finish(
- psa_cipher_operation_t *operation,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t psa_driver_wrapper_cipher_abort(
- psa_cipher_operation_t *operation);
-
-/*
- * Hashing functions
- */
-psa_status_t psa_driver_wrapper_hash_compute(
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length);
-
-psa_status_t psa_driver_wrapper_hash_setup(
- psa_hash_operation_t *operation,
- psa_algorithm_t alg);
-
-psa_status_t psa_driver_wrapper_hash_clone(
- const psa_hash_operation_t *source_operation,
- psa_hash_operation_t *target_operation);
-
-psa_status_t psa_driver_wrapper_hash_update(
- psa_hash_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t psa_driver_wrapper_hash_finish(
- psa_hash_operation_t *operation,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length);
-
-psa_status_t psa_driver_wrapper_hash_abort(
- psa_hash_operation_t *operation);
-
-/*
- * AEAD functions
- */
-
-psa_status_t psa_driver_wrapper_aead_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
-
-psa_status_t psa_driver_wrapper_aead_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
-
-psa_status_t psa_driver_wrapper_aead_encrypt_setup(
- psa_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t psa_driver_wrapper_aead_decrypt_setup(
- psa_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t psa_driver_wrapper_aead_set_nonce(
- psa_aead_operation_t *operation,
- const uint8_t *nonce,
- size_t nonce_length);
-
-psa_status_t psa_driver_wrapper_aead_set_lengths(
- psa_aead_operation_t *operation,
- size_t ad_length,
- size_t plaintext_length);
-
-psa_status_t psa_driver_wrapper_aead_update_ad(
- psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t psa_driver_wrapper_aead_update(
- psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t psa_driver_wrapper_aead_finish(
- psa_aead_operation_t *operation,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length);
-
-psa_status_t psa_driver_wrapper_aead_verify(
- psa_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length);
-
-psa_status_t psa_driver_wrapper_aead_abort(
- psa_aead_operation_t *operation);
-
-/*
- * MAC functions
- */
-psa_status_t psa_driver_wrapper_mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t psa_driver_wrapper_mac_sign_setup(
- psa_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t psa_driver_wrapper_mac_verify_setup(
- psa_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t psa_driver_wrapper_mac_update(
- psa_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t psa_driver_wrapper_mac_sign_finish(
- psa_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t psa_driver_wrapper_mac_verify_finish(
- psa_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length);
-
-psa_status_t psa_driver_wrapper_mac_abort(
- psa_mac_operation_t *operation);
-
-/*
- * Asymmetric cryptography
- */
-psa_status_t psa_driver_wrapper_asymmetric_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *salt,
- size_t salt_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t psa_driver_wrapper_asymmetric_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *salt,
- size_t salt_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-/*
- * Raw Key Agreement
- */
-psa_status_t psa_driver_wrapper_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length);
-
-/*
- * PAKE functions.
- */
-psa_status_t psa_driver_wrapper_pake_setup(
- psa_pake_operation_t *operation,
- const psa_crypto_driver_pake_inputs_t *inputs);
-
-psa_status_t psa_driver_wrapper_pake_output(
- psa_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t psa_driver_wrapper_pake_input(
- psa_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t psa_driver_wrapper_pake_get_implicit_key(
- psa_pake_operation_t *operation,
- uint8_t *output, size_t output_size,
- size_t *output_length);
-
-psa_status_t psa_driver_wrapper_pake_abort(
- psa_pake_operation_t *operation);
-
-#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
-
-/* End of automatically generated file. */
diff --git a/library/psa_crypto_driver_wrappers_no_static.h b/library/psa_crypto_driver_wrappers_no_static.h
new file mode 100644
index 0000000..cd617f6
--- /dev/null
+++ b/library/psa_crypto_driver_wrappers_no_static.h
@@ -0,0 +1,31 @@
+/*
+ * Function signatures for functionality that can be provided by
+ * cryptographic accelerators.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H
+#define PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H
+
+#include "psa/crypto.h"
+#include "psa/crypto_driver_common.h"
+
+psa_status_t psa_driver_wrapper_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ uint8_t *data, size_t data_size, size_t *data_length);
+
+psa_status_t psa_driver_wrapper_get_key_buffer_size(
+ const psa_key_attributes_t *attributes,
+ size_t *key_buffer_size);
+
+psa_status_t psa_driver_wrapper_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
+
+#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H */
+
+/* End of automatically generated file. */
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 5c77865..e4a372d 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h
index f4ad3d2..a9f5d59 100644
--- a/library/psa_crypto_ecp.h
+++ b/library/psa_crypto_ecp.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_ECP_H
diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c
index 20dfd2d..a57f02e 100644
--- a/library/psa_crypto_ffdh.c
+++ b/library/psa_crypto_ffdh.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h
index 67e5444..baeb928 100644
--- a/library/psa_crypto_ffdh.h
+++ b/library/psa_crypto_ffdh.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_FFDH_H
diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c
index ddf7094..eeb7666 100644
--- a/library/psa_crypto_hash.c
+++ b/library/psa_crypto_hash.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -74,6 +62,25 @@
mbedtls_sha512_free(&operation->ctx.sha512);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ mbedtls_sha3_free(&operation->ctx.sha3);
+ break;
+#endif
default:
return PSA_ERROR_BAD_STATE;
}
@@ -135,6 +142,30 @@
ret = mbedtls_sha512_starts(&operation->ctx.sha512, 0);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+ mbedtls_sha3_init(&operation->ctx.sha3);
+ ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_224);
+ break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+ mbedtls_sha3_init(&operation->ctx.sha3);
+ ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_256);
+ break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+ mbedtls_sha3_init(&operation->ctx.sha3);
+ ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_384);
+ break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+ mbedtls_sha3_init(&operation->ctx.sha3);
+ ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_512);
+ break;
+#endif
default:
return PSA_ALG_IS_HASH(alg) ?
PSA_ERROR_NOT_SUPPORTED :
@@ -197,6 +228,26 @@
&source_operation->ctx.sha512);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ mbedtls_sha3_clone(&target_operation->ctx.sha3,
+ &source_operation->ctx.sha3);
+ break;
+#endif
default:
(void) source_operation;
(void) target_operation;
@@ -257,6 +308,26 @@
input, input_length);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ ret = mbedtls_sha3_update(&operation->ctx.sha3,
+ input, input_length);
+ break;
+#endif
default:
(void) input;
(void) input_length;
@@ -327,6 +398,25 @@
ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ ret = mbedtls_sha3_finish(&operation->ctx.sha3, hash, hash_size);
+ break;
+#endif
default:
(void) hash;
return PSA_ERROR_BAD_STATE;
diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h
index 2dfb011..0a7be80 100644
--- a/library/psa_crypto_hash.h
+++ b/library/psa_crypto_hash.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_HASH_H
diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h
index a900dd8..8b445a1 100644
--- a/library/psa_crypto_invasive.h
+++ b/library/psa_crypto_invasive.h
@@ -10,25 +10,20 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_INVASIVE_H
#define PSA_CRYPTO_INVASIVE_H
-#include "mbedtls/build_info.h"
+/*
+ * Include the build-time configuration information header. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * TF-PSA-Crypto repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
#include "psa/crypto.h"
#include "common.h"
diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h
index 3ceee49..877063b 100644
--- a/library/psa_crypto_its.h
+++ b/library/psa_crypto_its.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_ITS_H
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 07f123e..8fe6218 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -29,6 +17,7 @@
#include <mbedtls/md.h>
#include <mbedtls/error.h>
+#include "mbedtls/constant_time.h"
#include <string.h>
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
@@ -453,7 +442,7 @@
goto cleanup;
}
- if (mbedtls_psa_safer_memcmp(mac, actual_mac, mac_length) != 0) {
+ if (mbedtls_ct_memcmp(mac, actual_mac, mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h
index 4f8024a..2f614bc 100644
--- a/library/psa_crypto_mac.h
+++ b/library/psa_crypto_mac.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_MAC_H
diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
index caba5a1..9ac2e8c 100644
--- a/library/psa_crypto_pake.c
+++ b/library/psa_crypto_pake.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -28,7 +16,7 @@
#include "psa_crypto_slot_management.h"
#include <mbedtls/ecjpake.h>
-#include <psa_util_internal.h>
+#include "psa_util_internal.h"
#include <mbedtls/platform.h>
#include <mbedtls/error.h>
@@ -178,12 +166,12 @@
return status;
}
- psa_crypto_driver_pake_get_user_len(inputs, &user_len);
+ status = psa_crypto_driver_pake_get_user_len(inputs, &user_len);
if (status != PSA_SUCCESS) {
return status;
}
- psa_crypto_driver_pake_get_peer_len(inputs, &peer_len);
+ status = psa_crypto_driver_pake_get_peer_len(inputs, &peer_len);
if (status != PSA_SUCCESS) {
return status;
}
@@ -304,10 +292,10 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
/*
- * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different
+ * The PSA CRYPTO PAKE and Mbed TLS JPAKE API have a different
* handling of output sequencing.
*
- * The MbedTLS JPAKE API outputs the whole X1+X2 and X2S steps data
+ * The Mbed TLS JPAKE API outputs the whole X1+X2 and X2S steps data
* at once, on the other side the PSA CRYPTO PAKE api requires
* the KEY_SHARE/ZP_PUBLIC/ZK_PROOF parts of X1, X2 & X2S to be
* retrieved in sequence.
@@ -423,17 +411,17 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
/*
- * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different
+ * The PSA CRYPTO PAKE and Mbed TLS JPAKE API have a different
* handling of input sequencing.
*
- * The MbedTLS JPAKE API takes the whole X1+X2 or X4S steps data
+ * The Mbed TLS JPAKE API takes the whole X1+X2 or X4S steps data
* at once as input, on the other side the PSA CRYPTO PAKE api requires
* the KEY_SHARE/ZP_PUBLIC/ZK_PROOF parts of X1, X2 & X4S to be
* given in sequence.
*
* In order to achieve API compatibility, each X1+X2 or X4S step data
* is stored sequentially in an intermediate buffer and given to the
- * MbedTLS JPAKE API on the last step.
+ * Mbed TLS JPAKE API on the last step.
*
* This causes any input error to be only detected on the last step.
*/
diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h
index f21b0e6..3d3ee0c 100644
--- a/library/psa_crypto_pake.h
+++ b/library/psa_crypto_pake.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_PAKE_H
diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h
index 2a75a43..64b8949 100644
--- a/library/psa_crypto_random_impl.h
+++ b/library/psa_crypto_random_impl.h
@@ -12,25 +12,13 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_RANDOM_IMPL_H
#define PSA_CRYPTO_RANDOM_IMPL_H
-#include <psa_util_internal.h>
+#include "psa_util_internal.h"
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 508a68b..0679f41 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -328,9 +316,11 @@
/* The Mbed TLS RSA module uses an unsigned int for hash length
* parameters. Validate that it fits so that we don't risk an
* overflow later. */
+#if SIZE_MAX > UINT_MAX
if (hash_length > UINT_MAX) {
return PSA_ERROR_INVALID_ARGUMENT;
}
+#endif
/* For signatures using a hash, the hash length must be correct. */
if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h
index bc24ef5..e4c5caf 100644
--- a/library/psa_crypto_rsa.h
+++ b/library/psa_crypto_rsa.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_RSA_H
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index 9db3ded..7a36a4f 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index a1e5e09..e0bd5ac 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -3,25 +3,20 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_SE_H
#define PSA_CRYPTO_SE_H
-#include "mbedtls/build_info.h"
+/*
+ * Include the build-time configuration information header. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * TF-PSA-Crypto repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index a10cb2b..5ecc3a7 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -25,7 +13,7 @@
#include "psa/crypto.h"
#include "psa_crypto_core.h"
-#include "psa_crypto_driver_wrappers.h"
+#include "psa_crypto_driver_wrappers_no_static.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -38,7 +26,7 @@
typedef struct {
psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
- unsigned key_slots_initialized : 1;
+ uint8_t key_slots_initialized;
} psa_global_data_t;
static psa_global_data_t global_data;
@@ -249,11 +237,20 @@
data = (psa_se_key_data_storage_t *) key_data;
status = psa_copy_key_material_into_slot(
slot, data->slot_number, sizeof(data->slot_number));
+
+ if (status == PSA_SUCCESS) {
+ slot->status = PSA_SLOT_OCCUPIED;
+ }
goto exit;
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_copy_key_material_into_slot(slot, key_data, key_data_length);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
+ slot->status = PSA_SLOT_OCCUPIED;
exit:
psa_free_persistent_key_data(key_data, key_data_length);
@@ -327,6 +324,7 @@
/* Copy actual key length and core attributes into the slot on success */
slot->key.bytes = key_buffer_length;
slot->attr = attributes.core;
+ slot->status = PSA_SLOT_OCCUPIED;
exit:
if (status != PSA_SUCCESS) {
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index c8366ab..6041a35 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 574d4b0..13a3c8a 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index 04768f8..b6b5e15 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_STORAGE_H
@@ -39,7 +27,7 @@
/* Sanity check: a file size must fit in 32 bits. Allow a generous
* 64kB of metadata. */
#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
-#error PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
+#error "PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000"
#endif
/** The maximum permitted persistent slot number.
@@ -202,7 +190,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/** This symbol is defined if transaction support is required. */
-#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS
+#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS 1
#endif
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 9748616..9567137 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -110,14 +98,9 @@
return PSA_ERROR_DATA_CORRUPT;
}
- p_info->size = (header.size[0] |
- header.size[1] << 8 |
- header.size[2] << 16 |
- header.size[3] << 24);
- p_info->flags = (header.flags[0] |
- header.flags[1] << 8 |
- header.flags[2] << 16 |
- header.flags[3] << 24);
+ p_info->size = MBEDTLS_GET_UINT32_LE(header.size, 0);
+ p_info->flags = MBEDTLS_GET_UINT32_LE(header.flags, 0);
+
return PSA_SUCCESS;
}
diff --git a/library/psa_util.c b/library/psa_util.c
index 3d43b58..9b06de2 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -24,8 +12,7 @@
#include <psa/crypto.h>
-#include "psa_crypto_core.h"
-#include <psa_util_internal.h>
+#include "psa_util_internal.h"
/* The following includes are needed for MBEDTLS_ERR_XXX macros */
#include <mbedtls/error.h>
@@ -169,4 +156,178 @@
}
}
#endif /* MBEDTLS_PK_C */
+
+/****************************************************************/
+/* Key management */
+/****************************************************************/
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
+ size_t *bits)
+{
+ switch (grpid) {
+#if defined(MBEDTLS_ECP_HAVE_SECP192R1)
+ case MBEDTLS_ECP_DP_SECP192R1:
+ *bits = 192;
+ return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
+ case MBEDTLS_ECP_DP_SECP224R1:
+ *bits = 224;
+ return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
+ case MBEDTLS_ECP_DP_SECP256R1:
+ *bits = 256;
+ return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
+ case MBEDTLS_ECP_DP_SECP384R1:
+ *bits = 384;
+ return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_SECP521R1)
+ case MBEDTLS_ECP_DP_SECP521R1:
+ *bits = 521;
+ return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_BP256R1)
+ case MBEDTLS_ECP_DP_BP256R1:
+ *bits = 256;
+ return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_BP384R1)
+ case MBEDTLS_ECP_DP_BP384R1:
+ *bits = 384;
+ return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_BP512R1)
+ case MBEDTLS_ECP_DP_BP512R1:
+ *bits = 512;
+ return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
+ case MBEDTLS_ECP_DP_CURVE25519:
+ *bits = 255;
+ return PSA_ECC_FAMILY_MONTGOMERY;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_SECP192K1)
+ case MBEDTLS_ECP_DP_SECP192K1:
+ *bits = 192;
+ return PSA_ECC_FAMILY_SECP_K1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
+ case MBEDTLS_ECP_DP_SECP224K1:
+ *bits = 224;
+ return PSA_ECC_FAMILY_SECP_K1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_SECP256K1)
+ case MBEDTLS_ECP_DP_SECP256K1:
+ *bits = 256;
+ return PSA_ECC_FAMILY_SECP_K1;
+#endif
+#if defined(MBEDTLS_ECP_HAVE_CURVE448)
+ case MBEDTLS_ECP_DP_CURVE448:
+ *bits = 448;
+ return PSA_ECC_FAMILY_MONTGOMERY;
+#endif
+ default:
+ *bits = 0;
+ return 0;
+ }
+}
+
+mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
+ size_t bits,
+ int bits_is_sloppy)
+{
+ switch (curve) {
+ case PSA_ECC_FAMILY_SECP_R1:
+ switch (bits) {
+#if defined(PSA_WANT_ECC_SECP_R1_192)
+ case 192:
+ return MBEDTLS_ECP_DP_SECP192R1;
+#endif
+#if defined(PSA_WANT_ECC_SECP_R1_224)
+ case 224:
+ return MBEDTLS_ECP_DP_SECP224R1;
+#endif
+#if defined(PSA_WANT_ECC_SECP_R1_256)
+ case 256:
+ return MBEDTLS_ECP_DP_SECP256R1;
+#endif
+#if defined(PSA_WANT_ECC_SECP_R1_384)
+ case 384:
+ return MBEDTLS_ECP_DP_SECP384R1;
+#endif
+#if defined(PSA_WANT_ECC_SECP_R1_521)
+ case 521:
+ return MBEDTLS_ECP_DP_SECP521R1;
+ case 528:
+ if (bits_is_sloppy) {
+ return MBEDTLS_ECP_DP_SECP521R1;
+ }
+ break;
+#endif
+ }
+ break;
+
+ case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
+ switch (bits) {
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+ case 256:
+ return MBEDTLS_ECP_DP_BP256R1;
+#endif
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+ case 384:
+ return MBEDTLS_ECP_DP_BP384R1;
+#endif
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+ case 512:
+ return MBEDTLS_ECP_DP_BP512R1;
+#endif
+ }
+ break;
+
+ case PSA_ECC_FAMILY_MONTGOMERY:
+ switch (bits) {
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
+ case 255:
+ return MBEDTLS_ECP_DP_CURVE25519;
+ case 256:
+ if (bits_is_sloppy) {
+ return MBEDTLS_ECP_DP_CURVE25519;
+ }
+ break;
+#endif
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
+ case 448:
+ return MBEDTLS_ECP_DP_CURVE448;
+#endif
+ }
+ break;
+
+ case PSA_ECC_FAMILY_SECP_K1:
+ switch (bits) {
+#if defined(PSA_WANT_ECC_SECP_K1_192)
+ case 192:
+ return MBEDTLS_ECP_DP_SECP192K1;
+#endif
+#if defined(PSA_WANT_ECC_SECP_K1_224)
+ case 224:
+ return MBEDTLS_ECP_DP_SECP224K1;
+#endif
+#if defined(PSA_WANT_ECC_SECP_K1_256)
+ case 256:
+ return MBEDTLS_ECP_DP_SECP256K1;
+#endif
+ }
+ break;
+ }
+
+ (void) bits_is_sloppy;
+ return MBEDTLS_ECP_DP_NONE;
+}
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h
index 4a36dbf..fcc79ae 100644
--- a/library/psa_util_internal.h
+++ b/library/psa_util_internal.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PSA_UTIL_INTERNAL_H
diff --git a/library/ripemd160.c b/library/ripemd160.c
index ba97c1f..b4fc3cd 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -2,19 +2,7 @@
* RIPE MD-160 implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -356,12 +344,12 @@
ret = mbedtls_ripemd160_update(ctx, ripemd160_padding, padn);
if (ret != 0) {
- return ret;
+ goto exit;
}
ret = mbedtls_ripemd160_update(ctx, msglen, 8);
if (ret != 0) {
- return ret;
+ goto exit;
}
MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0);
@@ -370,7 +358,11 @@
MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16);
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_ripemd160_free(ctx);
+ return ret;
}
#endif /* ! MBEDTLS_RIPEMD160_ALT */
diff --git a/library/rsa.c b/library/rsa.c
index ad49796..2b9f85b 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -2,19 +2,7 @@
* The RSA public-key cryptosystem
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -41,6 +29,7 @@
#include "mbedtls/rsa.h"
#include "rsa_alt_helpers.h"
+#include "rsa_internal.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
@@ -56,6 +45,162 @@
#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
+
+/** This function performs the unpadding part of a PKCS#1 v1.5 decryption
+ * operation (EME-PKCS1-v1_5 decoding).
+ *
+ * \note The return value from this function is a sensitive value
+ * (this is unusual). #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE shouldn't happen
+ * in a well-written application, but 0 vs #MBEDTLS_ERR_RSA_INVALID_PADDING
+ * is often a situation that an attacker can provoke and leaking which
+ * one is the result is precisely the information the attacker wants.
+ *
+ * \param input The input buffer which is the payload inside PKCS#1v1.5
+ * encryption padding, called the "encoded message EM"
+ * by the terminology.
+ * \param ilen The length of the payload in the \p input buffer.
+ * \param output The buffer for the payload, called "message M" by the
+ * PKCS#1 terminology. This must be a writable buffer of
+ * length \p output_max_len bytes.
+ * \param olen The address at which to store the length of
+ * the payload. This must not be \c NULL.
+ * \param output_max_len The length in bytes of the output buffer \p output.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
+ * The output buffer is too small for the unpadded payload.
+ * \return #MBEDTLS_ERR_RSA_INVALID_PADDING
+ * The input doesn't contain properly formatted padding.
+ */
+static int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ size_t output_max_len,
+ size_t *olen)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t i, plaintext_max_size;
+
+ /* The following variables take sensitive values: their value must
+ * not leak into the observable behavior of the function other than
+ * the designated outputs (output, olen, return value). Otherwise
+ * this would open the execution of the function to
+ * side-channel-based variants of the Bleichenbacher padding oracle
+ * attack. Potential side channels include overall timing, memory
+ * access patterns (especially visible to an adversary who has access
+ * to a shared memory cache), and branches (especially visible to
+ * an adversary who has access to a shared code cache or to a shared
+ * branch predictor). */
+ size_t pad_count = 0;
+ mbedtls_ct_condition_t bad;
+ mbedtls_ct_condition_t pad_done;
+ size_t plaintext_size = 0;
+ mbedtls_ct_condition_t output_too_large;
+
+ plaintext_max_size = (output_max_len > ilen - 11) ? ilen - 11
+ : output_max_len;
+
+ /* Check and get padding length in constant time and constant
+ * memory trace. The first byte must be 0. */
+ bad = mbedtls_ct_bool(input[0]);
+
+
+ /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
+ * where PS must be at least 8 nonzero bytes. */
+ bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_ne(input[1], MBEDTLS_RSA_CRYPT));
+
+ /* Read the whole buffer. Set pad_done to nonzero if we find
+ * the 0x00 byte and remember the padding length in pad_count. */
+ pad_done = MBEDTLS_CT_FALSE;
+ for (i = 2; i < ilen; i++) {
+ mbedtls_ct_condition_t found = mbedtls_ct_uint_eq(input[i], 0);
+ pad_done = mbedtls_ct_bool_or(pad_done, found);
+ pad_count += mbedtls_ct_uint_if_else_0(mbedtls_ct_bool_not(pad_done), 1);
+ }
+
+ /* If pad_done is still zero, there's no data, only unfinished padding. */
+ bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_not(pad_done));
+
+ /* There must be at least 8 bytes of padding. */
+ bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_gt(8, pad_count));
+
+ /* If the padding is valid, set plaintext_size to the number of
+ * remaining bytes after stripping the padding. If the padding
+ * is invalid, avoid leaking this fact through the size of the
+ * output: use the maximum message size that fits in the output
+ * buffer. Do it without branches to avoid leaking the padding
+ * validity through timing. RSA keys are small enough that all the
+ * size_t values involved fit in unsigned int. */
+ plaintext_size = mbedtls_ct_uint_if(
+ bad, (unsigned) plaintext_max_size,
+ (unsigned) (ilen - pad_count - 3));
+
+ /* Set output_too_large to 0 if the plaintext fits in the output
+ * buffer and to 1 otherwise. */
+ output_too_large = mbedtls_ct_uint_gt(plaintext_size,
+ plaintext_max_size);
+
+ /* Set ret without branches to avoid timing attacks. Return:
+ * - INVALID_PADDING if the padding is bad (bad != 0).
+ * - OUTPUT_TOO_LARGE if the padding is good but the decrypted
+ * plaintext does not fit in the output buffer.
+ * - 0 if the padding is correct. */
+ ret = mbedtls_ct_error_if(
+ bad,
+ MBEDTLS_ERR_RSA_INVALID_PADDING,
+ mbedtls_ct_error_if_else_0(output_too_large, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE)
+ );
+
+ /* If the padding is bad or the plaintext is too large, zero the
+ * data that we're about to copy to the output buffer.
+ * We need to copy the same amount of data
+ * from the same buffer whether the padding is good or not to
+ * avoid leaking the padding validity through overall timing or
+ * through memory or cache access patterns. */
+ mbedtls_ct_zeroize_if(mbedtls_ct_bool_or(bad, output_too_large), input + 11, ilen - 11);
+
+ /* If the plaintext is too large, truncate it to the buffer size.
+ * Copy anyway to avoid revealing the length through timing, because
+ * revealing the length is as bad as revealing the padding validity
+ * for a Bleichenbacher attack. */
+ plaintext_size = mbedtls_ct_uint_if(output_too_large,
+ (unsigned) plaintext_max_size,
+ (unsigned) plaintext_size);
+
+ /* Move the plaintext to the leftmost position where it can start in
+ * the working buffer, i.e. make it start plaintext_max_size from
+ * the end of the buffer. Do this with a memory access trace that
+ * does not depend on the plaintext size. After this move, the
+ * starting location of the plaintext is no longer sensitive
+ * information. */
+ mbedtls_ct_memmove_left(input + ilen - plaintext_max_size,
+ plaintext_max_size,
+ plaintext_max_size - plaintext_size);
+
+ /* Finally copy the decrypted plaintext plus trailing zeros into the output
+ * buffer. If output_max_len is 0, then output may be an invalid pointer
+ * and the result of memcpy() would be undefined; prevent undefined
+ * behavior making sure to depend only on output_max_len (the size of the
+ * user-provided output buffer), which is independent from plaintext
+ * length, validity of padding, success of the decryption, and other
+ * secrets. */
+ if (output_max_len != 0) {
+ memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size);
+ }
+
+ /* Report the amount of data we copied to the output buffer. In case
+ * of errors (bad padding or output too large), the value of *olen
+ * when this function returns is not specified. Making it equivalent
+ * to the good case limits the risks of leaking the padding validity. */
+ *olen = plaintext_size;
+
+ return ret;
+}
+
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
+
#if !defined(MBEDTLS_RSA_ALT)
int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
@@ -1383,7 +1528,8 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t ilen, i, pad_len;
- unsigned char *p, bad, pad_done;
+ unsigned char *p;
+ mbedtls_ct_condition_t bad, in_padding;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
unsigned int hlen;
@@ -1443,28 +1589,26 @@
* Check contents, in "constant-time"
*/
p = buf;
- bad = 0;
- bad |= *p++; /* First byte must be 0 */
+ bad = mbedtls_ct_bool(*p++); /* First byte must be 0 */
p += hlen; /* Skip seed */
/* Check lHash */
- for (i = 0; i < hlen; i++) {
- bad |= lhash[i] ^ *p++;
- }
+ bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool(mbedtls_ct_memcmp(lhash, p, hlen)));
+ p += hlen;
/* Get zero-padding len, but always read till end of buffer
* (minus one, for the 01 byte) */
pad_len = 0;
- pad_done = 0;
+ in_padding = MBEDTLS_CT_TRUE;
for (i = 0; i < ilen - 2 * hlen - 2; i++) {
- pad_done |= p[i];
- pad_len += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1;
+ in_padding = mbedtls_ct_bool_and(in_padding, mbedtls_ct_uint_eq(p[i], 0));
+ pad_len += mbedtls_ct_uint_if_else_0(in_padding, 1);
}
p += pad_len;
- bad |= *p++ ^ 0x01;
+ bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_ne(*p++, 0x01));
/*
* The only information "leaked" is whether the padding was correct or not
@@ -1472,17 +1616,17 @@
* recommendations in PKCS#1 v2.2: an opponent cannot distinguish between
* the different error conditions.
*/
- if (bad != 0) {
+ if (bad != MBEDTLS_CT_FALSE) {
ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
goto cleanup;
}
- if (ilen - (p - buf) > output_max_len) {
+ if (ilen - ((size_t) (p - buf)) > output_max_len) {
ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
goto cleanup;
}
- *olen = ilen - (p - buf);
+ *olen = ilen - ((size_t) (p - buf));
if (*olen != 0) {
memcpy(output, p, *olen);
}
@@ -1569,14 +1713,14 @@
}
#if defined(MBEDTLS_PKCS1_V21)
-static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- mbedtls_md_type_t md_alg,
- unsigned int hashlen,
- const unsigned char *hash,
- int saltlen,
- unsigned char *sig)
+static int rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ int saltlen,
+ unsigned char *sig)
{
size_t olen;
unsigned char *p = sig;
@@ -1584,15 +1728,12 @@
size_t slen, min_slen, hlen, offset = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t msb;
+ mbedtls_md_type_t hash_id;
if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- if (ctx->padding != MBEDTLS_RSA_PKCS_V21) {
- return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
- }
-
if (f_rng == NULL) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1611,7 +1752,11 @@
}
}
- hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
+ hash_id = (mbedtls_md_type_t) ctx->hash_id;
+ if (hash_id == MBEDTLS_MD_NONE) {
+ hash_id = md_alg;
+ }
+ hlen = mbedtls_md_get_size_from_type(hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1654,7 +1799,7 @@
p += slen;
/* Generate H = Hash( M' ) */
- ret = hash_mprime(hash, hashlen, salt, slen, p, (mbedtls_md_type_t) ctx->hash_id);
+ ret = hash_mprime(hash, hashlen, salt, slen, p, hash_id);
if (ret != 0) {
return ret;
}
@@ -1665,8 +1810,7 @@
}
/* maskedDB: Apply dbMask to DB */
- ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen,
- (mbedtls_md_type_t) ctx->hash_id);
+ ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen, hash_id);
if (ret != 0) {
return ret;
}
@@ -1680,6 +1824,37 @@
return mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig);
}
+static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ int saltlen,
+ unsigned char *sig)
+{
+ if (ctx->padding != MBEDTLS_RSA_PKCS_V21) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
+ if (ctx->hash_id == MBEDTLS_MD_NONE) {
+ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ }
+ return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen,
+ sig);
+}
+
+int mbedtls_rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig)
+{
+ return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg,
+ hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig);
+}
+
/*
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with
* the option to pass in the salt length.
@@ -1697,7 +1872,6 @@
hashlen, hash, saltlen, sig);
}
-
/*
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
*/
@@ -2048,7 +2222,7 @@
return MBEDTLS_ERR_RSA_INVALID_PADDING;
}
- observed_salt_len = hash_start - p;
+ observed_salt_len = (size_t) (hash_start - p);
if (expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
observed_salt_len != (size_t) expected_salt_len) {
@@ -2276,7 +2450,6 @@
#if defined(MBEDTLS_SELF_TEST)
-#include "mbedtls/md.h"
/*
* Example RSA-1024 keypair, for test purposes
diff --git a/library/rsa_alt_helpers.c b/library/rsa_alt_helpers.c
index 3451469..5c265a9 100644
--- a/library/rsa_alt_helpers.c
+++ b/library/rsa_alt_helpers.c
@@ -2,19 +2,7 @@
* Helper functions for the RSA module
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
*/
@@ -126,7 +114,7 @@
}
for (; attempt < num_primes; ++attempt) {
- mbedtls_mpi_lset(&K, primes[attempt]);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&K, primes[attempt]));
/* Check if gcd(K,N) = 1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));
diff --git a/library/rsa_alt_helpers.h b/library/rsa_alt_helpers.h
index 3b22ba8..052b024 100644
--- a/library/rsa_alt_helpers.h
+++ b/library/rsa_alt_helpers.h
@@ -36,24 +36,10 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-
-#ifndef MBEDTLS_RSA_INTERNAL_H
-#define MBEDTLS_RSA_INTERNAL_H
+#ifndef MBEDTLS_RSA_ALT_HELPERS_H
+#define MBEDTLS_RSA_ALT_HELPERS_H
#include "mbedtls/build_info.h"
diff --git a/library/rsa_internal.h b/library/rsa_internal.h
new file mode 100644
index 0000000..4081ac6
--- /dev/null
+++ b/library/rsa_internal.h
@@ -0,0 +1,42 @@
+/**
+ * \file rsa_internal.h
+ *
+ * \brief Internal-only RSA public-key cryptosystem API.
+ *
+ * This file declares RSA-related functions that are to be used
+ * only from within the Mbed TLS library itself.
+ *
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_RSA_INTERNAL_H
+#define MBEDTLS_RSA_INTERNAL_H
+
+#include "mbedtls/rsa.h"
+
+#if defined(MBEDTLS_PKCS1_V21)
+/**
+ * \brief This function is analogue to \c mbedtls_rsa_rsassa_pss_sign().
+ * The only difference between them is that this function is more flexible
+ * on the parameters of \p ctx that are set with \c mbedtls_rsa_set_padding().
+ *
+ * \note Compared to its counterpart, this function:
+ * - does not check the padding setting of \p ctx.
+ * - allows the hash_id of \p ctx to be MBEDTLS_MD_NONE,
+ * in which case it uses \p md_alg as the hash_id.
+ *
+ * \note Refer to \c mbedtls_rsa_rsassa_pss_sign() for a description
+ * of the functioning and parameters of this function.
+ */
+int mbedtls_rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_md_type_t md_alg,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig);
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#endif /* rsa_internal.h */
diff --git a/library/sha1.c b/library/sha1.c
index 4c9cbf5..dfbe481 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -2,19 +2,7 @@
* FIPS-180-1 compliant SHA-1 implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The SHA-1 standard was published by NIST in 1993.
@@ -322,7 +310,7 @@
memset(ctx->buffer + used, 0, 64 - used);
if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
memset(ctx->buffer, 0, 56);
@@ -339,7 +327,7 @@
MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60);
if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
/*
@@ -351,7 +339,11 @@
MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_sha1_free(ctx);
+ return ret;
}
#endif /* !MBEDTLS_SHA1_ALT */
@@ -382,7 +374,6 @@
exit:
mbedtls_sha1_free(&ctx);
-
return ret;
}
diff --git a/library/sha256.c b/library/sha256.c
index 5df61ac..8788981 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -2,19 +2,7 @@
* FIPS-180-2 compliant SHA-256 implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The SHA-256 Secure Hash Standard was published by NIST in 2002.
@@ -22,8 +10,17 @@
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
*/
-#if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \
- defined(__clang__) && __clang_major__ >= 4
+#if defined(__clang__) && (__clang_major__ >= 4)
+
+/* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8_A in the following #if,
+ * but that is defined by build_info.h, and we need this block to happen first. */
+#if defined(__ARM_ARCH) && (__ARM_ARCH_PROFILE == 'A')
+#if __ARM_ARCH >= 8
+#define MBEDTLS_SHA256_ARCH_IS_ARMV8_A
+#endif
+#endif
+
+#if defined(MBEDTLS_SHA256_ARCH_IS_ARMV8_A) && !defined(__ARM_FEATURE_CRYPTO)
/* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
*
* The intrinsic declaration are guarded by predefined ACLE macros in clang:
@@ -31,7 +28,7 @@
* By defining the macros ourselves we gain access to those declarations without
* requiring -march on the command line.
*
- * `arm_neon.h` could be included by any header file, so we put these defines
+ * `arm_neon.h` is included by common.h, so we put these defines
* at the top of this file, before any includes.
*/
#define __ARM_FEATURE_CRYPTO 1
@@ -44,6 +41,11 @@
#define MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG
#endif
+#endif /* defined(__clang__) && (__clang_major__ >= 4) */
+
+/* Ensure that SIG_SETMASK is defined when -std=c99 is used. */
+#define _GNU_SOURCE
+
#include "common.h"
#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA224_C)
@@ -56,29 +58,34 @@
#include "mbedtls/platform.h"
-#if defined(__aarch64__)
+#if defined(MBEDTLS_ARCH_IS_ARMV8_A)
-# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
- defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
-
-/* *INDENT-OFF* */
-
-# ifdef __ARM_NEON
-# include <arm_neon.h>
-# else
-# error "Target does not support NEON instructions"
+# if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+# if !defined(MBEDTLS_HAVE_NEON_INTRINSICS)
+# if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
+# warning "Target does not support NEON instructions"
+# undef MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+# else
+# error "Target does not support NEON instructions"
+# endif
+# endif
# endif
-# if !defined(__ARM_FEATURE_CRYPTO) || defined(MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG)
+# if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+/* *INDENT-OFF* */
+
+# if !defined(__ARM_FEATURE_CRYPTO) || defined(MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG)
# if defined(__ARMCOMPILER_VERSION)
# if __ARMCOMPILER_VERSION <= 6090000
-# error "Must use minimum -march=armv8-a+crypto for MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+# error "Must use minimum -march=armv8-a+crypto for MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
# endif
# pragma clang attribute push (__attribute__((target("sha2"))), apply_to=function)
# define MBEDTLS_POP_TARGET_PRAGMA
# elif defined(__clang__)
# if __clang_major__ < 4
-# error "A more recent Clang is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+# error "A more recent Clang is required for MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
# endif
# pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function)
# define MBEDTLS_POP_TARGET_PRAGMA
@@ -87,55 +94,62 @@
* intrinsics are missing. Missing intrinsics could be worked around.
*/
# if __GNUC__ < 6
-# error "A more recent GCC is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+# error "A more recent GCC is required for MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
# else
# pragma GCC push_options
# pragma GCC target ("arch=armv8-a+crypto")
# define MBEDTLS_POP_TARGET_PRAGMA
# endif
# else
-# error "Only GCC and Clang supported for MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+# error "Only GCC and Clang supported for MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
# endif
# endif
/* *INDENT-ON* */
# endif
-# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+# if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
# if defined(__unix__)
# if defined(__linux__)
/* Our preferred method of detection is getauxval() */
# include <sys/auxv.h>
+/* These are not always defined via sys/auxv.h */
+# if !defined(HWCAP_SHA2)
+# define HWCAP_SHA2 (1 << 6)
+# endif
+# if !defined(HWCAP2_SHA2)
+# define HWCAP2_SHA2 (1 << 3)
+# endif
# endif
/* Use SIGILL on Unix, and fall back to it on Linux */
# include <signal.h>
# endif
# endif
-#elif defined(_M_ARM64)
-# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
- defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
-# include <arm64_neon.h>
-# endif
-#else
-# undef MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
-# undef MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+#elif !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64)
+# undef MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+# undef MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
#endif
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
/*
* Capability detection code comes early, so we can disable
- * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT if no detection mechanism found
+ * MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT if no detection mechanism found
*/
-#if defined(HWCAP_SHA2)
+#if defined(MBEDTLS_ARCH_IS_ARM64) && defined(HWCAP_SHA2)
static int mbedtls_a64_crypto_sha256_determine_support(void)
{
return (getauxval(AT_HWCAP) & HWCAP_SHA2) ? 1 : 0;
}
+#elif defined(MBEDTLS_ARCH_IS_ARM32) && defined(HWCAP2_SHA2)
+static int mbedtls_a64_crypto_sha256_determine_support(void)
+{
+ return (getauxval(AT_HWCAP2) & HWCAP2_SHA2) ? 1 : 0;
+}
#elif defined(__APPLE__)
static int mbedtls_a64_crypto_sha256_determine_support(void)
{
return 1;
}
-#elif defined(_M_ARM64)
+#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64)
#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
#include <processthreadsapi.h>
@@ -153,7 +167,7 @@
static jmp_buf return_from_sigill;
/*
- * A64 SHA256 support detection via SIGILL
+ * Armv8-A SHA256 support detection via SIGILL
*/
static void sigill_handler(int signal)
{
@@ -180,7 +194,11 @@
if (setjmp(return_from_sigill) == 0) { /* First return only */
/* If this traps, we will return a second time from setjmp() with 1 */
- asm ("sha256h q0, q0, v0.4s" : : : "v0");
+#if defined(MBEDTLS_ARCH_IS_ARM64)
+ asm volatile ("sha256h q0, q0, v0.4s" : : : "v0");
+#else
+ asm volatile ("sha256h.32 q0, q0, q0" : : : "q0");
+#endif
ret = 1;
}
@@ -190,11 +208,11 @@
return ret;
}
#else
-#warning "No mechanism to detect A64_CRYPTO found, using C code only"
-#undef MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+#warning "No mechanism to detect ARMV8_CRYPTO found, using C code only"
+#undef MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
#endif /* HWCAP_SHA2, __APPLE__, __unix__ && SIG_SETMASK */
-#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
+#endif /* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT */
#if !defined(MBEDTLS_SHA256_ALT)
@@ -296,10 +314,10 @@
#endif
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
- defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
# define mbedtls_internal_sha256_process_many_a64_crypto mbedtls_internal_sha256_process_many
# define mbedtls_internal_sha256_process_a64_crypto mbedtls_internal_sha256_process
#endif
@@ -322,10 +340,10 @@
uint32x4_t abcd_orig = abcd;
uint32x4_t efgh_orig = efgh;
- uint32x4_t sched0 = (uint32x4_t) vld1q_u8(msg + 16 * 0);
- uint32x4_t sched1 = (uint32x4_t) vld1q_u8(msg + 16 * 1);
- uint32x4_t sched2 = (uint32x4_t) vld1q_u8(msg + 16 * 2);
- uint32x4_t sched3 = (uint32x4_t) vld1q_u8(msg + 16 * 3);
+ uint32x4_t sched0 = vreinterpretq_u32_u8(vld1q_u8(msg + 16 * 0));
+ uint32x4_t sched1 = vreinterpretq_u32_u8(vld1q_u8(msg + 16 * 1));
+ uint32x4_t sched2 = vreinterpretq_u32_u8(vld1q_u8(msg + 16 * 2));
+ uint32x4_t sched3 = vreinterpretq_u32_u8(vld1q_u8(msg + 16 * 3));
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ /* Will be true if not defined */
/* Untested on BE */
@@ -399,9 +417,9 @@
return processed;
}
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
/*
- * This function is for internal use only if we are building both C and A64
+ * This function is for internal use only if we are building both C and Armv8-A
* versions, otherwise it is renamed to be the public mbedtls_internal_sha256_process()
*/
static
@@ -414,7 +432,7 @@
SHA256_BLOCK_SIZE) ? 0 : -1;
}
-#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
+#endif /* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY */
#if defined(MBEDTLS_POP_TARGET_PRAGMA)
#if defined(__clang__)
@@ -425,14 +443,14 @@
#undef MBEDTLS_POP_TARGET_PRAGMA
#endif
-#if !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+#if !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
#define mbedtls_internal_sha256_process_many_c mbedtls_internal_sha256_process_many
#define mbedtls_internal_sha256_process_c mbedtls_internal_sha256_process
#endif
#if !defined(MBEDTLS_SHA256_PROCESS_ALT) && \
- !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+ !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n))
#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n))))
@@ -460,9 +478,9 @@
(d) += local.temp1; (h) = local.temp1 + local.temp2; \
} while (0)
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
/*
- * This function is for internal use only if we are building both C and A64
+ * This function is for internal use only if we are building both C and Armv8
* versions, otherwise it is renamed to be the public mbedtls_internal_sha256_process()
*/
static
@@ -552,10 +570,10 @@
return 0;
}
-#endif /* !MBEDTLS_SHA256_PROCESS_ALT && !MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
+#endif /* !MBEDTLS_SHA256_PROCESS_ALT && !MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY */
-#if !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+#if !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
static size_t mbedtls_internal_sha256_process_many_c(
mbedtls_sha256_context *ctx, const uint8_t *data, size_t len)
@@ -576,10 +594,10 @@
return processed;
}
-#endif /* !MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
+#endif /* !MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY */
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
static int mbedtls_a64_crypto_sha256_has_support(void)
{
@@ -614,7 +632,7 @@
}
}
-#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
+#endif /* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT */
/*
@@ -681,6 +699,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t used;
uint32_t high, low;
+ int truncated = 0;
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
@@ -697,7 +716,7 @@
memset(ctx->buffer + used, 0, SHA256_BLOCK_SIZE - used);
if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
memset(ctx->buffer, 0, 56);
@@ -714,7 +733,7 @@
MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60);
if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
/*
@@ -728,7 +747,6 @@
MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20);
MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24);
- int truncated = 0;
#if defined(MBEDTLS_SHA224_C)
truncated = ctx->is224;
#endif
@@ -736,7 +754,11 @@
MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28);
}
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_sha256_free(ctx);
+ return ret;
}
#endif /* !MBEDTLS_SHA256_ALT */
diff --git a/library/sha3.c b/library/sha3.c
index 4b97a85..d90fefa 100644
--- a/library/sha3.c
+++ b/library/sha3.c
@@ -2,19 +2,7 @@
* FIPS-202 compliant SHA3 implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The SHA-3 Secure Hash Standard was published by NIST in 2015.
@@ -200,7 +188,7 @@
}
}
- if (p == NULL || p->id == MBEDTLS_SHA3_NONE) {
+ if (p->id == MBEDTLS_SHA3_NONE) {
return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
}
@@ -259,10 +247,13 @@
int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
uint8_t *output, size_t olen)
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
/* Catch SHA-3 families, with fixed output length */
if (ctx->olen > 0) {
if (ctx->olen > olen) {
- return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
+ ret = MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
+ goto exit;
}
olen = ctx->olen;
}
@@ -280,7 +271,11 @@
}
}
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_sha3_free(ctx);
+ return ret;
}
/*
diff --git a/library/sha512.c b/library/sha512.c
index 5ed920b..6011254 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -2,19 +2,7 @@
* FIPS-180-2 compliant SHA-384/512 implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The SHA-512 Secure Hash Standard was published by NIST in 2002.
@@ -31,7 +19,7 @@
* By defining the macros ourselves we gain access to those declarations without
* requiring -march on the command line.
*
- * `arm_neon.h` could be included by any header file, so we put these defines
+ * `arm_neon.h` is included by common.h, so we put these defines
* at the top of this file, before any includes.
*/
#define __ARM_FEATURE_SHA512 1
@@ -60,9 +48,7 @@
# if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
/* *INDENT-OFF* */
-# ifdef __ARM_NEON
-# include <arm_neon.h>
-# else
+# if !defined(MBEDTLS_HAVE_NEON_INTRINSICS)
# error "Target does not support NEON instructions"
# endif
/*
@@ -121,12 +107,7 @@
# include <signal.h>
# endif
# endif
-#elif defined(_M_ARM64)
-# if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
- defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
-# include <arm64_neon.h>
-# endif
-#else
+#elif !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64)
# undef MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
# undef MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
#endif
@@ -154,7 +135,7 @@
NULL, 0);
return ret == 0 && value != 0;
}
-#elif defined(_M_ARM64)
+#elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64)
/*
* As of March 2022, there don't appear to be any PF_ARM_V8_* flags
* available to pass to IsProcessorFeaturePresent() to check for
@@ -828,6 +809,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned used;
uint64_t high, low;
+ int truncated = 0;
/*
* Add padding: 0x80 then 0x00 until 16 bytes remain for the length
@@ -844,7 +826,7 @@
memset(ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used);
if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
memset(ctx->buffer, 0, 112);
@@ -861,7 +843,7 @@
sha512_put_uint64_be(low, ctx->buffer, 120);
if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
/*
@@ -874,7 +856,6 @@
sha512_put_uint64_be(ctx->state[4], output, 32);
sha512_put_uint64_be(ctx->state[5], output, 40);
- int truncated = 0;
#if defined(MBEDTLS_SHA384_C)
truncated = ctx->is384;
#endif
@@ -883,7 +864,11 @@
sha512_put_uint64_be(ctx->state[7], output, 56);
}
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_sha512_free(ctx);
+ return ret;
}
#endif /* !MBEDTLS_SHA512_ALT */
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 1c285ec..772cb8f 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -2,19 +2,7 @@
* SSL session cache implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* These session callbacks use a simple chained list
@@ -264,7 +252,7 @@
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur;
- size_t session_serialized_len;
+ size_t session_serialized_len = 0;
unsigned char *session_serialized = NULL;
#if defined(MBEDTLS_THREADING_C)
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index a0cf530..6224ef2 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1,22 +1,10 @@
/**
* \file ssl_ciphersuites.c
*
- * \brief SSL ciphersuites for mbed TLS
+ * \brief SSL ciphersuites for Mbed TLS
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -292,8 +280,8 @@
static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA384)
{ MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
@@ -308,8 +296,8 @@
0,
MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#endif /* MBEDTLS_GCM_C */
-#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256)
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
@@ -320,19 +308,19 @@
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
MBEDTLS_CIPHERSUITE_SHORT_TAG,
MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
-#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256)
+#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */
+#endif /* MBEDTLS_SSL_HAVE_AES */
+#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
"TLS1-3-CHACHA20-POLY1305-SHA256",
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
0,
MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
-#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_MD_CAN_SHA256 */
+#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#if defined(MBEDTLS_CHACHAPOLY_C) && \
+#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \
defined(MBEDTLS_MD_CAN_SHA256) && \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
@@ -391,13 +379,13 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#endif /* MBEDTLS_CHACHAPOLY_C &&
+#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY &&
MBEDTLS_MD_CAN_SHA256 &&
MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_MD_CAN_SHA1)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
@@ -406,37 +394,37 @@
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
#endif /* MBEDTLS_MD_CAN_SHA1 */
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#if defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_SSL_HAVE_CCM)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
@@ -453,11 +441,11 @@
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_CIPHERSUITE_SHORT_TAG,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_CCM */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
@@ -472,9 +460,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
@@ -489,8 +477,8 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#if defined(MBEDTLS_MD_CAN_SHA1)
@@ -503,9 +491,9 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_MD_CAN_SHA1)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
@@ -514,40 +502,40 @@
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
#endif /* MBEDTLS_MD_CAN_SHA1 */
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
@@ -562,9 +550,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
@@ -579,8 +567,8 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#if defined(MBEDTLS_MD_CAN_SHA1)
@@ -593,24 +581,24 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_MD_CAN_SHA384) && \
- defined(MBEDTLS_GCM_C)
+ defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */
+#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
@@ -620,10 +608,10 @@
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA1)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -635,8 +623,8 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_CCM)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
@@ -653,11 +641,11 @@
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_CIPHERSUITE_SHORT_TAG,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_CCM */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -681,8 +669,8 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -696,30 +684,30 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_MD_CAN_SHA384) && \
- defined(MBEDTLS_GCM_C)
+ defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */
+#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
0,
@@ -729,11 +717,11 @@
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA1)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
0,
@@ -743,9 +731,9 @@
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#if defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_SSL_HAVE_CCM)
{ MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
0,
@@ -762,11 +750,11 @@
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_CIPHERSUITE_SHORT_TAG,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_CCM */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
@@ -790,9 +778,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
@@ -806,15 +794,15 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_MD_CAN_SHA1)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
@@ -823,40 +811,40 @@
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
#endif /* MBEDTLS_MD_CAN_SHA1 */
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
@@ -871,9 +859,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
@@ -888,8 +876,8 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#if defined(MBEDTLS_MD_CAN_SHA1)
@@ -902,9 +890,9 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_MD_CAN_SHA1)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
@@ -913,40 +901,40 @@
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
#endif /* MBEDTLS_MD_CAN_SHA1 */
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
@@ -961,9 +949,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
@@ -978,8 +966,8 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#if defined(MBEDTLS_MD_CAN_SHA1)
@@ -992,8 +980,8 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
@@ -1007,9 +995,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
@@ -1035,8 +1023,8 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_CCM)
{ MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
0,
@@ -1053,11 +1041,11 @@
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_CIPHERSUITE_SHORT_TAG,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_CCM */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
@@ -1071,9 +1059,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
@@ -1087,14 +1075,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
@@ -1108,9 +1096,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
@@ -1136,8 +1124,8 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CCM_C)
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#if defined(MBEDTLS_SSL_HAVE_CCM)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
@@ -1154,11 +1142,11 @@
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_CIPHERSUITE_SHORT_TAG,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_CCM */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
@@ -1172,9 +1160,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
@@ -1188,15 +1176,15 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
@@ -1222,11 +1210,11 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
"TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
@@ -1242,14 +1230,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@@ -1263,9 +1251,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@@ -1291,11 +1279,11 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_AES */
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@@ -1309,9 +1297,9 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SSL_HAVE_CBC */
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@@ -1325,20 +1313,20 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
+#if defined(MBEDTLS_SSL_HAVE_CCM)
{ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
MBEDTLS_CIPHERSUITE_SHORT_TAG,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_HAVE_CCM */
+#endif /* MBEDTLS_SSL_HAVE_AES */
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
@@ -1458,18 +1446,18 @@
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#if defined(MBEDTLS_ARIA_C)
+#if defined(MBEDTLS_SSL_HAVE_ARIA)
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
@@ -1477,14 +1465,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
@@ -1497,14 +1485,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
@@ -1512,14 +1500,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
@@ -1532,14 +1520,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-PSK-WITH-ARIA-256-CBC-SHA384",
@@ -1547,14 +1535,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-PSK-WITH-ARIA-128-CBC-SHA256",
@@ -1567,14 +1555,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
@@ -1582,14 +1570,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
@@ -1602,14 +1590,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
@@ -1617,14 +1605,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
@@ -1637,7 +1625,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
@@ -1645,7 +1633,7 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
@@ -1658,14 +1646,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
@@ -1673,14 +1661,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
@@ -1693,14 +1681,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
@@ -1708,14 +1696,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
"TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
"TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
@@ -1728,14 +1716,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
@@ -1743,14 +1731,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
@@ -1763,14 +1751,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
@@ -1778,14 +1766,14 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA256))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
@@ -1796,7 +1784,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#endif /* MBEDTLS_ARIA_C */
+#endif /* MBEDTLS_SSL_HAVE_ARIA */
{ 0, "",
@@ -1920,7 +1908,7 @@
psa_algorithm_t alg;
size_t key_bits;
- status = mbedtls_ssl_cipher_to_psa(info->cipher,
+ status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
&alg, &key_type, &key_bits);
@@ -1969,10 +1957,10 @@
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
return PSA_ALG_RSA_PKCS1V15_SIGN(
- mbedtls_md_psa_alg_from_type(info->mac));
+ mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac));
+ return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -2022,7 +2010,7 @@
#endif /* MBEDTLS_PK_C */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
{
@@ -2040,7 +2028,8 @@
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
- * MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
+ * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
diff --git a/library/ssl_client.c b/library/ssl_client.c
index dc2b650..270db41 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -2,21 +2,7 @@
* TLS 1.2 and 1.3 client-side functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS ( https://tls.mbed.org )
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -169,7 +155,7 @@
p += protocol_name_len;
}
- *out_len = p - buf;
+ *out_len = (size_t) (p - buf);
/* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
MBEDTLS_PUT_UINT16_BE(*out_len - 6, buf, 4);
@@ -260,7 +246,7 @@
for (; *group_list != 0; group_list++) {
int propose_group = 0;
- MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("got supported group(%04x)", *group_list));
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
if (flags & SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG) {
@@ -299,7 +285,7 @@
}
/* Length of named_group_list */
- named_group_list_len = p - named_group_list;
+ named_group_list_len = (size_t) (p - named_group_list);
if (named_group_list_len == 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("No group available."));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -315,7 +301,7 @@
MBEDTLS_SSL_DEBUG_BUF(3, "Supported groups extension",
buf + 4, named_group_list_len + 2);
- *out_len = p - buf;
+ *out_len = (size_t) (p - buf);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_tls13_set_hs_sent_ext_mask(
@@ -375,7 +361,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
(defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
*tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info);
#endif
@@ -405,14 +391,14 @@
}
/* Write the cipher_suites length in number of bytes */
- cipher_suites_len = p - cipher_suites;
+ cipher_suites_len = (size_t) (p - cipher_suites);
MBEDTLS_PUT_UINT16_BE(cipher_suites_len, buf, 0);
MBEDTLS_SSL_DEBUG_MSG(3,
("client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites",
cipher_suites_len/2));
/* Output the total length of cipher_suites field. */
- *out_len = p - buf;
+ *out_len = (size_t) (p - buf);
return 0;
}
@@ -648,14 +634,16 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
- if (
+ int write_sig_alg_ext = 0;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)) ||
+ write_sig_alg_ext = write_sig_alg_ext ||
+ (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl));
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- propose_tls12 ||
+ write_sig_alg_ext = write_sig_alg_ext || propose_tls12;
#endif
- 0) {
+
+ if (write_sig_alg_ext) {
ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len);
if (ret != 0) {
return ret;
@@ -691,7 +679,7 @@
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
/* Write the length of the list of extensions. */
- extensions_len = p - p_extensions_len - 2;
+ extensions_len = (size_t) (p - p_extensions_len) - 2;
if (extensions_len == 0) {
p = p_extensions_len;
@@ -703,12 +691,7 @@
p_extensions_len, extensions_len);
}
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- MBEDTLS_SSL_PRINT_EXTS(
- 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions);
-#endif
-
- *out_len = p - buf;
+ *out_len = (size_t) (p - buf);
return 0;
}
@@ -768,10 +751,10 @@
if (ssl->handshake->resume != 0 &&
session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
session_negotiate->ticket != NULL) {
- mbedtls_time_t now = mbedtls_time(NULL);
- uint64_t age = (uint64_t) (now - session_negotiate->ticket_received);
- if (session_negotiate->ticket_received > now ||
- age > session_negotiate->ticket_lifetime) {
+ mbedtls_ms_time_t now = mbedtls_ms_time();
+ mbedtls_ms_time_t age = now - session_negotiate->ticket_reception_time;
+ if (age < 0 ||
+ age > (mbedtls_ms_time_t) session_negotiate->ticket_lifetime * 1000) {
/* Without valid ticket, disable session resumption.*/
MBEDTLS_SSL_DEBUG_MSG(
3, ("Ticket expired, disable session resumption"));
@@ -1019,6 +1002,11 @@
#endif
}
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ MBEDTLS_SSL_PRINT_EXTS(
+ 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions);
+#endif
+
cleanup:
MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client hello"));
diff --git a/library/ssl_client.h b/library/ssl_client.h
index f57bea3..05ee7e4 100644
--- a/library/ssl_client.h
+++ b/library/ssl_client.h
@@ -2,19 +2,7 @@
* TLS 1.2 and 1.3 client-side functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SSL_CLIENT_H
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 098aced..ee81eb4 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -2,19 +2,7 @@
* DTLS cookie callbacks implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* These session callbacks use a simple chained list
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 5c22ed2..2b0e737 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SSL_DEBUG_HELPERS_H
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index f4264fb..b9801a0 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SSL_MISC_H
#define MBEDTLS_SSL_MISC_H
@@ -264,11 +252,10 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* This macro determines whether CBC is supported. */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
- (defined(MBEDTLS_AES_C) || \
- defined(MBEDTLS_CAMELLIA_C) || \
- defined(MBEDTLS_ARIA_C) || \
- defined(MBEDTLS_DES_C))
+#if defined(MBEDTLS_SSL_HAVE_CBC) && \
+ (defined(MBEDTLS_SSL_HAVE_AES) || \
+ defined(MBEDTLS_SSL_HAVE_CAMELLIA) || \
+ defined(MBEDTLS_SSL_HAVE_ARIA))
#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
#endif
@@ -311,7 +298,7 @@
#define MBEDTLS_SSL_MAC_ADD 16
#endif
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SSL_HAVE_CBC)
#define MBEDTLS_SSL_PADDING_ADD 256
#else
#define MBEDTLS_SSL_PADDING_ADD 0
@@ -783,7 +770,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */
#endif
@@ -1422,7 +1409,7 @@
* Write handshake message header
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned hs_type,
+int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type,
unsigned char **buf, size_t *buf_len);
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -2126,9 +2113,16 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
+ int in_new_session_ticket,
unsigned char *buf,
const unsigned char *end,
size_t *out_len);
+
+#if defined(MBEDTLS_SSL_SRV_C)
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \
+ MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT
+#endif /* MBEDTLS_SSL_SRV_C */
+
#endif /* MBEDTLS_SSL_EARLY_DATA */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -2314,15 +2308,15 @@
{
switch (sig_alg) {
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
-#if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
break;
#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(PSA_WANT_ALG_SHA_384) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
break;
#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(PSA_WANT_ALG_SHA_512) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
break;
#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
@@ -2482,7 +2476,7 @@
break;
#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
case MBEDTLS_SSL_SIG_ECDSA:
break;
#endif
@@ -2772,6 +2766,9 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+
+#define MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME (604800)
+
static inline unsigned int mbedtls_ssl_session_get_ticket_flags(
mbedtls_ssl_session *session, unsigned int flags)
{
@@ -2779,6 +2776,33 @@
(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
}
+static inline unsigned int mbedtls_ssl_session_check_ticket_flags(
+ mbedtls_ssl_session *session, unsigned int flags)
+{
+ return mbedtls_ssl_session_get_ticket_flags(session, flags) == 0;
+}
+
+static inline unsigned int mbedtls_ssl_session_ticket_allow_psk(
+ mbedtls_ssl_session *session)
+{
+ return !mbedtls_ssl_session_check_ticket_flags(session,
+ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION);
+}
+
+static inline unsigned int mbedtls_ssl_session_ticket_allow_psk_ephemeral(
+ mbedtls_ssl_session *session)
+{
+ return !mbedtls_ssl_session_check_ticket_flags(session,
+ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION);
+}
+
+static inline unsigned int mbedtls_ssl_session_ticket_allow_early_data(
+ mbedtls_ssl_session *session)
+{
+ return !mbedtls_ssl_session_check_ticket_flags(session,
+ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA);
+}
+
static inline void mbedtls_ssl_session_set_ticket_flags(
mbedtls_ssl_session *session, unsigned int flags)
{
@@ -2796,4 +2820,64 @@
int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl);
#endif
+#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+
+/** Compute the HMAC of variable-length data with constant flow.
+ *
+ * This function computes the HMAC of the concatenation of \p add_data and \p
+ * data, and does with a code flow and memory access pattern that does not
+ * depend on \p data_len_secret, but only on \p min_data_len and \p
+ * max_data_len. In particular, this function always reads exactly \p
+ * max_data_len bytes from \p data.
+ *
+ * \param ctx The HMAC context. It must have keys configured
+ * with mbedtls_md_hmac_starts() and use one of the
+ * following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
+ * It is reset using mbedtls_md_hmac_reset() after
+ * the computation is complete to prepare for the
+ * next computation.
+ * \param add_data The first part of the message whose HMAC is being
+ * calculated. This must point to a readable buffer
+ * of \p add_data_len bytes.
+ * \param add_data_len The length of \p add_data in bytes.
+ * \param data The buffer containing the second part of the
+ * message. This must point to a readable buffer
+ * of \p max_data_len bytes.
+ * \param data_len_secret The length of the data to process in \p data.
+ * This must be no less than \p min_data_len and no
+ * greater than \p max_data_len.
+ * \param min_data_len The minimal length of the second part of the
+ * message, read from \p data.
+ * \param max_data_len The maximal length of the second part of the
+ * message, read from \p data.
+ * \param output The HMAC will be written here. This must point to
+ * a writable buffer of sufficient size to hold the
+ * HMAC value.
+ *
+ * \retval 0 on success.
+ * \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
+ * The hardware accelerator failed.
+ */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ct_hmac(mbedtls_svc_key_id_t key,
+ psa_algorithm_t mac_alg,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output);
+#else
+int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output);
+#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
+#endif /* MBEDTLS_TEST_HOOKS && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) */
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index e36a653..6579c96 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -3,19 +3,7 @@
* (record layer + retransmission state machine)
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* http://www.ietf.org/rfc/rfc2246.txt
@@ -60,6 +48,234 @@
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#if defined(PSA_WANT_ALG_SHA_384)
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_384)
+#elif defined(PSA_WANT_ALG_SHA_256)
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_256)
+#else /* See check_config.h */
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_1)
+#endif
+
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ct_hmac(mbedtls_svc_key_id_t key,
+ psa_algorithm_t mac_alg,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output)
+{
+ /*
+ * This function breaks the HMAC abstraction and uses psa_hash_clone()
+ * extension in order to get constant-flow behaviour.
+ *
+ * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
+ * concatenation, and okey/ikey are the XOR of the key with some fixed bit
+ * patterns (see RFC 2104, sec. 2).
+ *
+ * We'll first compute ikey/okey, then inner_hash = HASH(ikey + msg) by
+ * hashing up to minlen, then cloning the context, and for each byte up
+ * to maxlen finishing up the hash computation, keeping only the
+ * correct result.
+ *
+ * Then we only need to compute HASH(okey + inner_hash) and we're done.
+ */
+ psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH(mac_alg);
+ const size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg);
+ unsigned char key_buf[MAX_HASH_BLOCK_LENGTH];
+ const size_t hash_size = PSA_HASH_LENGTH(hash_alg);
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t hash_length;
+
+ unsigned char aux_out[PSA_HASH_MAX_SIZE];
+ psa_hash_operation_t aux_operation = PSA_HASH_OPERATION_INIT;
+ size_t offset;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t mac_key_length;
+ size_t i;
+
+#define PSA_CHK(func_call) \
+ do { \
+ status = (func_call); \
+ if (status != PSA_SUCCESS) \
+ goto cleanup; \
+ } while (0)
+
+ /* Export MAC key
+ * We assume key length is always exactly the output size
+ * which is never more than the block size, thus we use block_size
+ * as the key buffer size.
+ */
+ PSA_CHK(psa_export_key(key, key_buf, block_size, &mac_key_length));
+
+ /* Calculate ikey */
+ for (i = 0; i < mac_key_length; i++) {
+ key_buf[i] = (unsigned char) (key_buf[i] ^ 0x36);
+ }
+ for (; i < block_size; ++i) {
+ key_buf[i] = 0x36;
+ }
+
+ PSA_CHK(psa_hash_setup(&operation, hash_alg));
+
+ /* Now compute inner_hash = HASH(ikey + msg) */
+ PSA_CHK(psa_hash_update(&operation, key_buf, block_size));
+ PSA_CHK(psa_hash_update(&operation, add_data, add_data_len));
+ PSA_CHK(psa_hash_update(&operation, data, min_data_len));
+
+ /* Fill the hash buffer in advance with something that is
+ * not a valid hash (barring an attack on the hash and
+ * deliberately-crafted input), in case the caller doesn't
+ * check the return status properly. */
+ memset(output, '!', hash_size);
+
+ /* For each possible length, compute the hash up to that point */
+ for (offset = min_data_len; offset <= max_data_len; offset++) {
+ PSA_CHK(psa_hash_clone(&operation, &aux_operation));
+ PSA_CHK(psa_hash_finish(&aux_operation, aux_out,
+ PSA_HASH_MAX_SIZE, &hash_length));
+ /* Keep only the correct inner_hash in the output buffer */
+ mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret),
+ output, aux_out, NULL, hash_size);
+
+ if (offset < max_data_len) {
+ PSA_CHK(psa_hash_update(&operation, data + offset, 1));
+ }
+ }
+
+ /* Abort current operation to prepare for final operation */
+ PSA_CHK(psa_hash_abort(&operation));
+
+ /* Calculate okey */
+ for (i = 0; i < mac_key_length; i++) {
+ key_buf[i] = (unsigned char) ((key_buf[i] ^ 0x36) ^ 0x5C);
+ }
+ for (; i < block_size; ++i) {
+ key_buf[i] = 0x5C;
+ }
+
+ /* Now compute HASH(okey + inner_hash) */
+ PSA_CHK(psa_hash_setup(&operation, hash_alg));
+ PSA_CHK(psa_hash_update(&operation, key_buf, block_size));
+ PSA_CHK(psa_hash_update(&operation, output, hash_size));
+ PSA_CHK(psa_hash_finish(&operation, output, hash_size, &hash_length));
+
+#undef PSA_CHK
+
+cleanup:
+ mbedtls_platform_zeroize(key_buf, MAX_HASH_BLOCK_LENGTH);
+ mbedtls_platform_zeroize(aux_out, PSA_HASH_MAX_SIZE);
+
+ psa_hash_abort(&operation);
+ psa_hash_abort(&aux_operation);
+ return PSA_TO_MBEDTLS_ERR(status);
+}
+
+#undef MAX_HASH_BLOCK_LENGTH
+
+#else
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output)
+{
+ /*
+ * This function breaks the HMAC abstraction and uses the md_clone()
+ * extension to the MD API in order to get constant-flow behaviour.
+ *
+ * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
+ * concatenation, and okey/ikey are the XOR of the key with some fixed bit
+ * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx.
+ *
+ * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to
+ * minlen, then cloning the context, and for each byte up to maxlen
+ * finishing up the hash computation, keeping only the correct result.
+ *
+ * Then we only need to compute HASH(okey + inner_hash) and we're done.
+ */
+ const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info);
+ /* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5,
+ * all of which have the same block size except SHA-384. */
+ const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
+ const unsigned char * const ikey = ctx->hmac_ctx;
+ const unsigned char * const okey = ikey + block_size;
+ const size_t hash_size = mbedtls_md_get_size(ctx->md_info);
+
+ unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
+ mbedtls_md_context_t aux;
+ size_t offset;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ mbedtls_md_init(&aux);
+
+#define MD_CHK(func_call) \
+ do { \
+ ret = (func_call); \
+ if (ret != 0) \
+ goto cleanup; \
+ } while (0)
+
+ MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0));
+
+ /* After hmac_start() of hmac_reset(), ikey has already been hashed,
+ * so we can start directly with the message */
+ MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len));
+ MD_CHK(mbedtls_md_update(ctx, data, min_data_len));
+
+ /* Fill the hash buffer in advance with something that is
+ * not a valid hash (barring an attack on the hash and
+ * deliberately-crafted input), in case the caller doesn't
+ * check the return status properly. */
+ memset(output, '!', hash_size);
+
+ /* For each possible length, compute the hash up to that point */
+ for (offset = min_data_len; offset <= max_data_len; offset++) {
+ MD_CHK(mbedtls_md_clone(&aux, ctx));
+ MD_CHK(mbedtls_md_finish(&aux, aux_out));
+ /* Keep only the correct inner_hash in the output buffer */
+ mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret),
+ output, aux_out, NULL, hash_size);
+
+ if (offset < max_data_len) {
+ MD_CHK(mbedtls_md_update(ctx, data + offset, 1));
+ }
+ }
+
+ /* The context needs to finish() before it starts() again */
+ MD_CHK(mbedtls_md_finish(ctx, aux_out));
+
+ /* Now compute HASH(okey + inner_hash) */
+ MD_CHK(mbedtls_md_starts(ctx));
+ MD_CHK(mbedtls_md_update(ctx, okey, block_size));
+ MD_CHK(mbedtls_md_update(ctx, output, hash_size));
+ MD_CHK(mbedtls_md_finish(ctx, output));
+
+ /* Done, get ready for next time */
+ MD_CHK(mbedtls_md_hmac_reset(ctx));
+
+#undef MD_CHK
+
+cleanup:
+ mbedtls_md_free(&aux);
+ return ret;
+}
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl);
/*
@@ -632,12 +848,10 @@
cur += 2;
}
- *add_data_len = cur - add_data;
+ *add_data_len = (size_t) (cur - add_data);
}
-#if defined(MBEDTLS_GCM_C) || \
- defined(MBEDTLS_CCM_C) || \
- defined(MBEDTLS_CHACHAPOLY_C)
+#if defined(MBEDTLS_SSL_HAVE_AEAD)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_transform_aead_dynamic_iv_is_explicit(
mbedtls_ssl_transform const *transform)
@@ -682,7 +896,7 @@
dst_iv += dst_iv_len - dynamic_iv_len;
mbedtls_xor(dst_iv, dst_iv, dynamic_iv, dynamic_iv_len);
}
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
+#endif /* MBEDTLS_SSL_HAVE_AEAD */
int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform,
@@ -918,9 +1132,7 @@
} else
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
-#if defined(MBEDTLS_GCM_C) || \
- defined(MBEDTLS_CCM_C) || \
- defined(MBEDTLS_CHACHAPOLY_C)
+#if defined(MBEDTLS_SSL_HAVE_AEAD)
if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
unsigned char iv[12];
unsigned char *dynamic_iv;
@@ -1000,7 +1212,7 @@
iv, transform->ivlen,
add_data, add_data_len,
data, rec->data_len, /* src */
- data, rec->buf_len - (data - rec->buf), /* dst */
+ data, rec->buf_len - (size_t) (data - rec->buf), /* dst */
&rec->data_len,
transform->taglen)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt_ext", ret);
@@ -1030,7 +1242,7 @@
auth_done++;
} else
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
+#endif /* MBEDTLS_SSL_HAVE_AEAD */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
if (ssl_mode == MBEDTLS_SSL_MODE_CBC ||
ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
@@ -1268,15 +1480,16 @@
mbedtls_ssl_transform *transform,
mbedtls_record *rec)
{
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_CIPHER_MODE_AEAD)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_SSL_HAVE_AEAD)
size_t olen;
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_CIPHER_MODE_AEAD */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_SSL_HAVE_AEAD */
mbedtls_ssl_mode_t ssl_mode;
int ret;
int auth_done = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- size_t padlen = 0, correct = 1;
+ size_t padlen = 0;
+ mbedtls_ct_condition_t correct = MBEDTLS_CT_TRUE;
#endif
unsigned char *data;
/* For an explanation of the additional data length see
@@ -1318,13 +1531,19 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) {
+ if (rec->data_len < transform->maclen) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("Record too short for MAC:"
+ " %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET,
+ rec->data_len, transform->maclen));
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
+ }
+
/* The only supported stream cipher is "NULL",
- * so there's nothing to do here.*/
+ * so there's no encryption to do here.*/
} else
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
-#if defined(MBEDTLS_GCM_C) || \
- defined(MBEDTLS_CCM_C) || \
- defined(MBEDTLS_CHACHAPOLY_C)
+#if defined(MBEDTLS_SSL_HAVE_AEAD)
if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
unsigned char iv[12];
unsigned char *dynamic_iv;
@@ -1416,12 +1635,13 @@
return ret;
}
#else
- if ((ret = mbedtls_cipher_auth_decrypt_ext(&transform->cipher_ctx_dec,
- iv, transform->ivlen,
- add_data, add_data_len,
- data, rec->data_len + transform->taglen, /* src */
- data, rec->buf_len - (data - rec->buf), &olen, /* dst */
- transform->taglen)) != 0) {
+ if ((ret = mbedtls_cipher_auth_decrypt_ext
+ (&transform->cipher_ctx_dec,
+ iv, transform->ivlen,
+ add_data, add_data_len,
+ data, rec->data_len + transform->taglen, /* src */
+ data, rec->buf_len - (size_t) (data - rec->buf), &olen, /* dst */
+ transform->taglen)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt_ext", ret);
if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
@@ -1440,7 +1660,7 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
} else
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
+#endif /* MBEDTLS_SSL_HAVE_AEAD */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
if (ssl_mode == MBEDTLS_SSL_MODE_CBC ||
ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
@@ -1690,11 +1910,11 @@
padlen = data[rec->data_len - 1];
if (auth_done == 1) {
- const size_t mask = mbedtls_ct_size_mask_ge(
+ const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
rec->data_len,
padlen + 1);
- correct &= mask;
- padlen &= mask;
+ correct = mbedtls_ct_bool_and(ge, correct);
+ padlen = mbedtls_ct_size_if_else_0(ge, padlen);
} else {
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if (rec->data_len < transform->maclen + padlen + 1) {
@@ -1706,12 +1926,11 @@
padlen + 1));
}
#endif
-
- const size_t mask = mbedtls_ct_size_mask_ge(
+ const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
rec->data_len,
transform->maclen + padlen + 1);
- correct &= mask;
- padlen &= mask;
+ correct = mbedtls_ct_bool_and(ge, correct);
+ padlen = mbedtls_ct_size_if_else_0(ge, padlen);
}
padlen++;
@@ -1740,19 +1959,20 @@
/* pad_count += (idx >= padding_idx) &&
* (check[idx] == padlen - 1);
*/
- const size_t mask = mbedtls_ct_size_mask_ge(idx, padding_idx);
- const size_t equal = mbedtls_ct_size_bool_eq(check[idx],
- padlen - 1);
- pad_count += mask & equal;
+ const mbedtls_ct_condition_t a = mbedtls_ct_uint_ge(idx, padding_idx);
+ size_t increment = mbedtls_ct_size_if_else_0(a, 1);
+ const mbedtls_ct_condition_t b = mbedtls_ct_uint_eq(check[idx], padlen - 1);
+ increment = mbedtls_ct_size_if_else_0(b, increment);
+ pad_count += increment;
}
- correct &= mbedtls_ct_size_bool_eq(pad_count, padlen);
+ correct = mbedtls_ct_bool_and(mbedtls_ct_uint_eq(pad_count, padlen), correct);
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- if (padlen > 0 && correct == 0) {
+ if (padlen > 0 && correct == MBEDTLS_CT_FALSE) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected"));
}
#endif
- padlen &= mbedtls_ct_size_mask(correct);
+ padlen = mbedtls_ct_size_if_else_0(correct, padlen);
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -1782,7 +2002,7 @@
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 };
unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 };
- /* If the initial value of padlen was such that
+ /* For CBC+MAC, If the initial value of padlen was such that
* data_len < maclen + padlen + 1, then padlen
* got reset to 1, and the initial check
* data_len >= minlen + maclen + 1
@@ -1794,6 +2014,9 @@
* subtracted either padlen + 1 (if the padding was correct)
* or 0 (if the padding was incorrect) since then,
* hence data_len >= maclen in any case.
+ *
+ * For stream ciphers, we checked above that
+ * data_len >= maclen.
*/
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
@@ -1847,7 +2070,7 @@
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match"));
#endif
- correct = 0;
+ correct = MBEDTLS_CT_FALSE;
}
auth_done++;
@@ -1862,7 +2085,7 @@
/*
* Finally check the correct flag
*/
- if (correct == 0) {
+ if (correct == MBEDTLS_CT_FALSE) {
return MBEDTLS_ERR_SSL_INVALID_MAC;
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -2006,7 +2229,7 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("timer has expired"));
ret = MBEDTLS_ERR_SSL_TIMEOUT;
} else {
- len = in_buf_len - (ssl->in_hdr - ssl->in_buf);
+ len = in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf);
if (mbedtls_ssl_is_handshake_over(ssl) == 0) {
timeout = ssl->handshake->retransmit_timeout;
@@ -2370,7 +2593,7 @@
} else {
const unsigned char * const p = ssl->handshake->cur_msg_p;
const size_t hs_len = cur->len - 12;
- const size_t frag_off = p - (cur->p + 12);
+ const size_t frag_off = (size_t) (p - (cur->p + 12));
const size_t rem_len = hs_len - frag_off;
size_t cur_hs_frag_len, max_hs_frag_len;
@@ -2508,7 +2731,7 @@
/*
* Handshake layer functions
*/
-int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned hs_type,
+int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type,
unsigned char **buf, size_t *buf_len)
{
/*
@@ -2747,9 +2970,9 @@
mbedtls_record rec;
rec.buf = ssl->out_iv;
- rec.buf_len = out_buf_len - (ssl->out_iv - ssl->out_buf);
+ rec.buf_len = out_buf_len - (size_t) (ssl->out_iv - ssl->out_buf);
rec.data_len = ssl->out_msglen;
- rec.data_offset = ssl->out_msg - rec.buf;
+ rec.data_offset = (size_t) (ssl->out_msg - rec.buf);
memcpy(&rec.ctr[0], ssl->out_ctr, sizeof(rec.ctr));
mbedtls_ssl_write_version(rec.ver, ssl->conf->transport, tls_ver);
@@ -2874,16 +3097,12 @@
static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl)
{
- return (ssl->in_msg[9] << 16) |
- (ssl->in_msg[10] << 8) |
- ssl->in_msg[11];
+ return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9);
}
static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl)
{
- return (ssl->in_msg[6] << 16) |
- (ssl->in_msg[7] << 8) |
- ssl->in_msg[8];
+ return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6);
}
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -2996,9 +3215,7 @@
static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
{
- return (ssl->in_msg[1] << 16) |
- (ssl->in_msg[2] << 8) |
- ssl->in_msg[3];
+ return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1);
}
int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
@@ -3019,7 +3236,7 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned int recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
+ unsigned int recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
if (ssl_check_hs_header(ssl) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header"));
@@ -3372,7 +3589,7 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- *olen = p - obuf;
+ *olen = (size_t) (p - obuf);
/* Go back and fill length fields */
obuf[27] = (unsigned char) (*olen - 28);
@@ -3410,7 +3627,7 @@
static int ssl_handle_possible_reconnect(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len;
+ size_t len = 0;
if (ssl->conf->f_cookie_write == NULL ||
ssl->conf->f_cookie_check == NULL) {
@@ -3634,8 +3851,7 @@
*/
rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len;
- rec->data_len = ((size_t) buf[rec_hdr_len_offset + 0] << 8) |
- ((size_t) buf[rec_hdr_len_offset + 1] << 0);
+ rec->data_len = MBEDTLS_GET_UINT16_BE(buf, rec_hdr_len_offset);
MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset);
MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, "
@@ -3663,7 +3879,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
- rec_epoch = (rec->ctr[0] << 8) | rec->ctr[1];
+ rec_epoch = MBEDTLS_GET_UINT16_BE(rec->ctr, 0);
/* Check that the datagram is large enough to contain a record
* of the advertised length. */
@@ -3713,7 +3929,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl)
{
- unsigned int rec_epoch = (ssl->in_ctr[0] << 8) | ssl->in_ctr[1];
+ unsigned int rec_epoch = MBEDTLS_GET_UINT16_BE(ssl->in_ctr, 0);
/*
* Check for an epoch 0 ClientHello. We can't use in_msg here to
@@ -4035,9 +4251,7 @@
hs_buf = &hs->buffering.hs[0];
if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) {
/* Synthesize a record containing the buffered HS message. */
- size_t msg_len = (hs_buf->data[1] << 16) |
- (hs_buf->data[2] << 8) |
- hs_buf->data[3];
+ size_t msg_len = MBEDTLS_GET_UINT24_BE(hs_buf->data, 1);
/* Double-check that we haven't accidentally buffered
* a message that doesn't fit into the input buffer. */
@@ -4134,7 +4348,7 @@
case MBEDTLS_SSL_MSG_HANDSHAKE:
{
unsigned recv_msg_seq_offset;
- unsigned recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
+ unsigned recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
mbedtls_ssl_hs_buffer *hs_buf;
size_t msg_len = ssl->in_hslen - 12;
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 1adaa07..cd730fb 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -2,19 +2,7 @@
* TLS server tickets callbacks implementation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -353,7 +341,7 @@
/* Dump session state */
if ((ret = mbedtls_ssl_session_save(session,
- state, end - state,
+ state, (size_t) (end - state),
&clear_len)) != 0 ||
(unsigned long) clear_len > 65535) {
goto cleanup;
@@ -376,7 +364,7 @@
/* Additional data: key name, IV and length */
key_name, TICKET_ADD_DATA_LEN,
state, clear_len,
- state, end - state, &ciph_len,
+ state, (size_t) (end - state), &ciph_len,
TICKET_AUTH_TAG_BYTES)) != 0) {
goto cleanup;
}
@@ -456,7 +444,7 @@
goto cleanup;
}
- enc_len = (enc_len_p[0] << 8) | enc_len_p[1];
+ enc_len = MBEDTLS_GET_UINT16_BE(enc_len_p, 0);
if (len != TICKET_MIN_LEN + enc_len) {
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -507,7 +495,32 @@
}
#if defined(MBEDTLS_HAVE_TIME)
- {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+ /* Check for expiration */
+ mbedtls_ms_time_t ticket_age = -1;
+#if defined(MBEDTLS_SSL_SRV_C)
+ if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
+ ticket_age = mbedtls_ms_time() - session->ticket_creation_time;
+ }
+#endif
+#if defined(MBEDTLS_SSL_CLI_C)
+ if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+ ticket_age = mbedtls_ms_time() - session->ticket_reception_time;
+ }
+#endif
+
+ mbedtls_ms_time_t ticket_lifetime =
+ (mbedtls_ms_time_t) ctx->ticket_lifetime * 1000;
+
+ if (ticket_age < 0 || ticket_age > ticket_lifetime) {
+ ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+ goto cleanup;
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
/* Check for expiration */
mbedtls_time_t current_time = mbedtls_time(NULL);
@@ -517,7 +530,8 @@
goto cleanup;
}
}
-#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_HAVE_TIME */
cleanup:
#if defined(MBEDTLS_THREADING_C)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6ed8a86..e1fb128 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2,19 +2,7 @@
* TLS shared functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* http://www.ietf.org/rfc/rfc2246.txt
@@ -318,7 +306,7 @@
{
unsigned char *resized_buffer = mbedtls_calloc(1, len_new);
if (resized_buffer == NULL) {
- return -1;
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
/* We want to copy len_new bytes when downsizing the buffer, and
@@ -1150,7 +1138,7 @@
* mbedtls_ssl_conf_curves returns void and so can't return
* any error codes.
*/
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/* Heap allocate and translate curve_list from internal to IANA group ids */
if (ssl->conf->curve_list != NULL) {
@@ -1185,7 +1173,7 @@
ssl->handshake->group_list_heap_allocated = 0;
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -1207,7 +1195,7 @@
if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) {
continue;
}
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
sig_algs_len += sizeof(uint16_t);
#endif
@@ -1235,7 +1223,7 @@
if (hash == MBEDTLS_SSL_HASH_NONE) {
continue;
}
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
*p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA);
p++;
#endif
@@ -1782,14 +1770,14 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
-void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf,
- int early_data_enabled)
+void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf,
+ int early_data_enabled)
{
conf->early_data_enabled = early_data_enabled;
}
#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_tls13_conf_max_early_data_size(
+void mbedtls_ssl_conf_max_early_data_size(
mbedtls_ssl_config *conf, uint32_t max_early_data_size)
{
conf->max_early_data_size = max_early_data_size;
@@ -2427,7 +2415,8 @@
psa_algorithm_t alg;
psa_key_type_t type;
size_t size;
- status = mbedtls_ssl_cipher_to_psa(suite->cipher, 0, &alg, &type, &size);
+ status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) suite->cipher,
+ 0, &alg, &type, &size);
if (status == PSA_SUCCESS) {
base_mode = mbedtls_ssl_get_base_mode(alg);
}
@@ -2454,7 +2443,7 @@
*
* struct {
* opaque hostname<0..2^16-1>;
- * uint64 ticket_received;
+ * uint64 ticket_reception_time;
* uint32 ticket_lifetime;
* opaque ticket<1..2^16-1>;
* } ClientOnlyData;
@@ -2465,9 +2454,10 @@
* uint32 ticket_age_add;
* uint8 ticket_flags;
* opaque resumption_key<0..255>;
+ * uint32 max_early_data_size;
* select ( endpoint ) {
* case client: ClientOnlyData;
- * case server: uint64 start_time;
+ * case server: uint64 ticket_creation_time;
* };
* } serialized_session_tls13;
*
@@ -2497,8 +2487,12 @@
}
needed += session->resumption_key_len; /* resumption_key */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ needed += 4; /* max_early_data_size */
+#endif
+
#if defined(MBEDTLS_HAVE_TIME)
- needed += 8; /* start_time or ticket_received */
+ needed += 8; /* ticket_creation_time or ticket_reception_time */
#endif
#if defined(MBEDTLS_SSL_CLI_C)
@@ -2536,9 +2530,14 @@
memcpy(p, session->resumption_key, session->resumption_key_len);
p += session->resumption_key_len;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0);
+ p += 4;
+#endif
+
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
- MBEDTLS_PUT_UINT64_BE((uint64_t) session->start, p, 0);
+ MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0);
p += 8;
}
#endif /* MBEDTLS_HAVE_TIME */
@@ -2556,7 +2555,7 @@
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_HAVE_TIME)
- MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_received, p, 0);
+ MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_reception_time, p, 0);
p += 8;
#endif
MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0);
@@ -2604,20 +2603,27 @@
memcpy(session->resumption_key, p, session->resumption_key_len);
p += session->resumption_key_len;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (end - p < 4) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+ session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0);
+ p += 4;
+#endif
+
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
if (end - p < 8) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- session->start = MBEDTLS_GET_UINT64_BE(p, 0);
+ session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0);
p += 8;
}
#endif /* MBEDTLS_HAVE_TIME */
#if defined(MBEDTLS_SSL_CLI_C)
if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
- defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
size_t hostname_len;
/* load host name */
if (end - p < 2) {
@@ -2637,14 +2643,13 @@
memcpy(session->hostname, p, hostname_len);
p += hostname_len;
}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION &&
- MBEDTLS_SSL_SESSION_TICKETS */
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_HAVE_TIME)
if (end - p < 8) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- session->ticket_received = MBEDTLS_GET_UINT64_BE(p, 0);
+ session->ticket_reception_time = MBEDTLS_GET_UINT64_BE(p, 0);
p += 8;
#endif
if (end - p < 4) {
@@ -2708,132 +2713,185 @@
psa_key_type_t *key_type,
size_t *key_size)
{
+#if !defined(MBEDTLS_SSL_HAVE_CCM)
+ (void) taglen;
+#endif
switch (mbedtls_cipher_type) {
+#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CBC)
case MBEDTLS_CIPHER_AES_128_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 128;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CCM)
case MBEDTLS_CIPHER_AES_128_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 128;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM)
case MBEDTLS_CIPHER_AES_128_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 128;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CCM)
case MBEDTLS_CIPHER_AES_192_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 192;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM)
case MBEDTLS_CIPHER_AES_192_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 192;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CBC)
case MBEDTLS_CIPHER_AES_256_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 256;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CCM)
case MBEDTLS_CIPHER_AES_256_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 256;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM)
case MBEDTLS_CIPHER_AES_256_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_AES;
*key_size = 256;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CBC)
case MBEDTLS_CIPHER_ARIA_128_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 128;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CCM)
case MBEDTLS_CIPHER_ARIA_128_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 128;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_GCM)
case MBEDTLS_CIPHER_ARIA_128_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 128;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CCM)
case MBEDTLS_CIPHER_ARIA_192_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 192;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_GCM)
case MBEDTLS_CIPHER_ARIA_192_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 192;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CBC)
case MBEDTLS_CIPHER_ARIA_256_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 256;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CCM)
case MBEDTLS_CIPHER_ARIA_256_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 256;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_GCM)
case MBEDTLS_CIPHER_ARIA_256_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_ARIA;
*key_size = 256;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CBC)
case MBEDTLS_CIPHER_CAMELLIA_128_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 128;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CCM)
case MBEDTLS_CIPHER_CAMELLIA_128_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 128;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_GCM)
case MBEDTLS_CIPHER_CAMELLIA_128_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 128;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CCM)
case MBEDTLS_CIPHER_CAMELLIA_192_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 192;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_GCM)
case MBEDTLS_CIPHER_CAMELLIA_192_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 192;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CBC)
case MBEDTLS_CIPHER_CAMELLIA_256_CBC:
*alg = PSA_ALG_CBC_NO_PADDING;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 256;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CCM)
case MBEDTLS_CIPHER_CAMELLIA_256_CCM:
*alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 256;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_GCM)
case MBEDTLS_CIPHER_CAMELLIA_256_GCM:
*alg = PSA_ALG_GCM;
*key_type = PSA_KEY_TYPE_CAMELLIA;
*key_size = 256;
break;
+#endif
+#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
case MBEDTLS_CIPHER_CHACHA20_POLY1305:
*alg = PSA_ALG_CHACHA20_POLY1305;
*key_type = PSA_KEY_TYPE_CHACHA20;
*key_size = 256;
break;
+#endif
case MBEDTLS_CIPHER_NULL:
*alg = MBEDTLS_SSL_NULL_CIPHER;
*key_type = 0;
@@ -2921,7 +2979,7 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Set the allowed elliptic curves
@@ -2938,7 +2996,7 @@
conf->group_list = NULL;
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+#endif /* MBEDTLS_ECP_C */
/*
* Set the allowed groups
@@ -2946,7 +3004,7 @@
void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf,
const uint16_t *group_list)
{
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->curve_list = NULL;
#endif
conf->group_list = group_list;
@@ -3748,7 +3806,7 @@
session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++);
/* Dispatch according to TLS version. */
- remaining_len = (end - p);
+ remaining_len = (size_t) (end - p);
switch (session->tls_version) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_VERSION_TLS1_2:
@@ -4156,7 +4214,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
+ defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* explicit void pointer cast for buggy MS compiler */
mbedtls_free((void *) handshake->curves_tls_id);
@@ -4459,7 +4517,7 @@
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- used += 2 + ssl->transform->in_cid_len + ssl->transform->out_cid_len;
+ used += 2U + ssl->transform->in_cid_len + ssl->transform->out_cid_len;
if (used <= buf_len) {
*p++ = ssl->transform->in_cid_len;
memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len);
@@ -4578,13 +4636,14 @@
* We can't check that the config matches the initial one, but we can at
* least check it matches the requirements for serializing.
*/
- if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
- ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
- ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 ||
+ if (
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
#endif
- 0) {
+ ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
+ ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2
+ ) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
@@ -4739,7 +4798,7 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- ssl->mtu = (p[0] << 8) | p[1];
+ ssl->mtu = MBEDTLS_GET_UINT16_BE(p, 0);
p += 2;
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -4920,28 +4979,28 @@
* about this list.
*/
static uint16_t ssl_preset_default_groups[] = {
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_CURVE448)
MBEDTLS_SSL_IANA_TLS_GROUP_X448,
#endif
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_SECP521R1)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
#endif
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_BP256R1)
MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1,
#endif
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_BP384R1)
MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1,
#endif
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_BP512R1)
MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1,
#endif
#if defined(PSA_WANT_ALG_FFDH)
@@ -4972,26 +5031,26 @@
*/
static uint16_t ssl_preset_default_sig_algs[] = {
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA256) && \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ defined(PSA_WANT_ECC_SECP_R1_256)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA256 &&
- MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256)
+#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA384) && \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ defined(PSA_WANT_ECC_SECP_R1_384)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA384&&
- MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
+#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA512) && \
- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ defined(PSA_WANT_ECC_SECP_R1_521)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA384&&
- MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512)
+#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
defined(MBEDTLS_MD_CAN_SHA512)
@@ -5030,7 +5089,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static uint16_t ssl_tls12_preset_default_sig_algs[] = {
#if defined(MBEDTLS_MD_CAN_SHA512)
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512),
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -5041,7 +5100,7 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA512*/
#if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -5052,7 +5111,7 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA384*/
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -5068,17 +5127,19 @@
/* NOTICE: see above */
static uint16_t ssl_preset_suiteb_sig_algs[] = {
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
+ defined(MBEDTLS_MD_CAN_SHA256) && \
+ defined(MBEDTLS_ECP_HAVE_SECP256R1)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_MD_CAN_SHA256&&
- MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256)
+#endif
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_MD_CAN_SHA384) && \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
+ defined(MBEDTLS_MD_CAN_SHA384) && \
+ defined(MBEDTLS_ECP_HAVE_SECP384R1)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_MD_CAN_SHA384&&
- MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+ // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
+#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
defined(MBEDTLS_MD_CAN_SHA256)
@@ -5097,7 +5158,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
#if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
#endif
#if defined(MBEDTLS_RSA_C)
@@ -5105,7 +5166,7 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA256*/
#if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
#if defined(MBEDTLS_RSA_C)
@@ -5119,10 +5180,10 @@
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
static uint16_t ssl_preset_suiteb_groups[] = {
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
#endif
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
@@ -5255,10 +5316,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_EARLY_DATA)
- mbedtls_ssl_tls13_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED);
+ mbedtls_ssl_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED);
#if defined(MBEDTLS_SSL_SRV_C)
- mbedtls_ssl_tls13_conf_max_early_data_size(
- conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE);
+ mbedtls_ssl_conf_max_early_data_size(conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE);
#endif
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -5318,7 +5378,7 @@
conf->sig_algs = ssl_preset_suiteb_sig_algs;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->curve_list = NULL;
#endif
conf->group_list = ssl_preset_suiteb_groups;
@@ -5344,7 +5404,7 @@
conf->sig_algs = ssl_preset_default_sig_algs;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->curve_list = NULL;
#endif
conf->group_list = ssl_preset_default_groups;
@@ -5394,7 +5454,7 @@
}
#if defined(MBEDTLS_PK_C) && \
- (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_CAN_ECDSA_SOME))
+ (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED))
/*
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
*/
@@ -5405,7 +5465,7 @@
return MBEDTLS_SSL_SIG_RSA;
}
#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) {
return MBEDTLS_SSL_SIG_ECDSA;
}
@@ -5433,7 +5493,7 @@
case MBEDTLS_SSL_SIG_RSA:
return MBEDTLS_PK_RSA;
#endif
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
case MBEDTLS_SSL_SIG_ECDSA:
return MBEDTLS_PK_ECDSA;
#endif
@@ -5441,7 +5501,8 @@
return MBEDTLS_PK_NONE;
}
}
-#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_PK_CAN_ECDSA_SOME ) */
+#endif /* MBEDTLS_PK_C &&
+ ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */
/*
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
@@ -5557,43 +5618,43 @@
uint16_t bits;
} tls_id_match_table[] =
{
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
+#if defined(MBEDTLS_ECP_HAVE_SECP521R1)
{ 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521 },
#endif
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#if defined(MBEDTLS_ECP_HAVE_BP512R1)
{ 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512 },
#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
+#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
{ 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384 },
#endif
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#if defined(MBEDTLS_ECP_HAVE_BP384R1)
{ 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384 },
#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
+#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
{ 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256 },
#endif
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
+#if defined(MBEDTLS_ECP_HAVE_SECP256K1)
{ 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256 },
#endif
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#if defined(MBEDTLS_ECP_HAVE_BP256R1)
{ 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 },
#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
+#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
{ 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 },
#endif
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
+#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
{ 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224 },
#endif
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
+#if defined(MBEDTLS_ECP_HAVE_SECP192R1)
{ 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 },
#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
+#if defined(MBEDTLS_ECP_HAVE_SECP192K1)
{ 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 },
#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
+#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
{ 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 },
#endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
+#if defined(MBEDTLS_ECP_HAVE_CURVE448)
{ 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448 },
#endif
{ 0, MBEDTLS_ECP_DP_NONE, 0, 0 },
@@ -5682,7 +5743,7 @@
uint32_t *flags)
{
int ret = 0;
- int usage = 0;
+ unsigned int usage = 0;
const char *ext_oid;
size_t ext_len;
@@ -6402,7 +6463,7 @@
mbedtls_svc_key_id_t psk;
psa_key_derivation_operation_t derivation =
PSA_KEY_DERIVATION_OPERATION_INIT;
- mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac;
+ mbedtls_md_type_t hash_alg = (mbedtls_md_type_t) handshake->ciphersuite_info->mac;
MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion"));
@@ -6785,7 +6846,7 @@
/* Write length only when we know the actual value */
if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
- p + 2, end - (p + 2), &len,
+ p + 2, (size_t) (end - (p + 2)), &len,
ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
return ret;
@@ -6802,7 +6863,7 @@
size_t zlen;
if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen,
- p + 2, end - (p + 2),
+ p + 2, (size_t) (end - (p + 2)),
ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
return ret;
@@ -6835,7 +6896,7 @@
memcpy(p, psk, psk_len);
p += psk_len;
- ssl->handshake->pmslen = p - ssl->handshake->premaster;
+ ssl->handshake->pmslen = (size_t) (p - ssl->handshake->premaster);
return 0;
}
@@ -7093,7 +7154,7 @@
/*
* Same message structure as in mbedtls_ssl_write_certificate()
*/
- n = (ssl->in_msg[i+1] << 8) | ssl->in_msg[i+2];
+ n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1);
if (ssl->in_msg[i] != 0 ||
ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) {
@@ -7127,8 +7188,7 @@
}
/* Read length of the next CRT in the chain. */
- n = ((unsigned int) ssl->in_msg[i + 1] << 8)
- | (unsigned int) ssl->in_msg[i + 2];
+ n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1);
i += 3;
if (n < 128 || i + n > ssl->in_hslen) {
@@ -7359,7 +7419,7 @@
/* and in the unlikely case the above assumption no longer holds
* we are making sure that pk_ec() here does not return a NULL
*/
- mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk);
+ mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -7656,7 +7716,7 @@
unsigned char *padbuf, size_t hlen,
unsigned char *buf, int from)
{
- int len = 12;
+ unsigned int len = 12;
const char *sender;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
@@ -7722,7 +7782,7 @@
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
- mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
+ mbedtls_platform_zeroize(padbuf, hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
@@ -7856,7 +7916,8 @@
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
{
- int ret, hash_len;
+ int ret;
+ unsigned int hash_len;
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished"));
@@ -8154,14 +8215,6 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#endif
-#if !defined(MBEDTLS_DEBUG_C) && \
- !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if (ssl->f_export_keys == NULL) {
- ssl = NULL; /* make sure we don't use it except for these cases */
- (void) ssl;
- }
-#endif
-
/*
* Some data just needs copying into the structure
*/
@@ -8204,7 +8257,7 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher,
+ if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher,
transform->taglen,
&alg,
&key_type,
@@ -8223,7 +8276,7 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- mac_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
+ mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
if (mac_alg == 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found",
(unsigned) ciphersuite_info->mac));
@@ -8282,9 +8335,7 @@
keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
#endif
-#if defined(MBEDTLS_GCM_C) || \
- defined(MBEDTLS_CCM_C) || \
- defined(MBEDTLS_CHACHAPOLY_C)
+#if defined(MBEDTLS_SSL_HAVE_AEAD)
if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
size_t explicit_ivlen;
@@ -8319,7 +8370,7 @@
explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
transform->minlen = explicit_ivlen + transform->taglen;
} else
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
+#endif /* MBEDTLS_SSL_HAVE_AEAD */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if (ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
ssl_mode == MBEDTLS_SSL_MODE_CBC ||
@@ -8435,7 +8486,7 @@
goto end;
}
- if (ssl != NULL && ssl->f_export_keys != NULL) {
+ if (ssl->f_export_keys != NULL) {
ssl->f_export_keys(ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
master, 48,
@@ -9030,7 +9081,7 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- session->ciphersuite = (p[0] << 8) | p[1];
+ session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0);
p += 2;
session->id_len = *p++;
@@ -9066,7 +9117,7 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- cert_len = (p[0] << 16) | (p[1] << 8) | p[2];
+ cert_len = MBEDTLS_GET_UINT24_BE(p, 0);
p += 3;
if (cert_len != 0) {
@@ -9138,7 +9189,7 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- session->ticket_len = (p[0] << 16) | (p[1] << 8) | p[2];
+ session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0);
p += 3;
if (session->ticket_len != 0) {
@@ -9320,7 +9371,7 @@
}
/* Length of supported_signature_algorithms */
- supported_sig_alg_len = p - supported_sig_alg;
+ supported_sig_alg_len = (size_t) (p - supported_sig_alg);
if (supported_sig_alg_len == 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("No signature algorithms defined."));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -9330,7 +9381,7 @@
MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len + 2, buf, 2);
MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len, buf, 4);
- *out_len = p - buf;
+ *out_len = (size_t) (p - buf);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SIG_ALG);
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 37db413..0c5af87 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2,19 +2,7 @@
* TLS client-side functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -100,7 +88,7 @@
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -132,7 +120,8 @@
return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
- MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -549,7 +538,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (uses_ec) {
if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end,
@@ -618,7 +607,7 @@
p += ext_len;
#endif
- *out_len = p - buf;
+ *out_len = (size_t) (p - buf);
return 0;
}
@@ -818,7 +807,7 @@
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl,
@@ -863,7 +852,8 @@
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
- MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -951,7 +941,7 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- list_len = (buf[0] << 8) | buf[1];
+ list_len = MBEDTLS_GET_UINT16_BE(buf, 0);
if (list_len != len - 2) {
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
@@ -1314,8 +1304,7 @@
}
if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) {
- ext_len = ((buf[38 + n] << 8)
- | (buf[39 + n]));
+ ext_len = MBEDTLS_GET_UINT16_BE(buf, 38 + n);
if ((ext_len > 0 && ext_len < 4) ||
ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) {
@@ -1336,7 +1325,7 @@
}
/* ciphersuite (used later) */
- i = (buf[35 + n] << 8) | buf[36 + n];
+ i = (int) MBEDTLS_GET_UINT16_BE(buf, n + 35);
/*
* Read and check compression
@@ -1457,10 +1446,8 @@
ext_len));
while (ext_len) {
- unsigned int ext_id = ((ext[0] << 8)
- | (ext[1]));
- unsigned int ext_size = ((ext[2] << 8)
- | (ext[3]));
+ unsigned int ext_id = MBEDTLS_GET_UINT16_BE(ext, 0);
+ unsigned int ext_size = MBEDTLS_GET_UINT16_BE(ext, 2);
if (ext_size + 4 > ext_len) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
@@ -1548,7 +1535,8 @@
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
MBEDTLS_SSL_DEBUG_MSG(3,
("found supported_point_formats extension"));
@@ -1559,7 +1547,8 @@
}
break;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -1723,7 +1712,7 @@
unsigned char *end)
{
uint16_t tls_id;
- uint8_t ecpoint_len;
+ size_t ecpoint_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
size_t ec_bits = 0;
@@ -1749,9 +1738,8 @@
}
/* Next two bytes are the namedcurve value */
- tls_id = *(*p)++;
- tls_id <<= 8;
- tls_id |= *(*p)++;
+ tls_id = MBEDTLS_GET_UINT16_BE(*p, 0);
+ *p += 2;
/* Check it's a curve we offered */
if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) {
@@ -1775,7 +1763,7 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- if (ecpoint_len > PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) {
+ if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
@@ -1891,7 +1879,7 @@
("bad server key exchange message (psk_identity_hint length)"));
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- len = (*p)[0] << 8 | (*p)[1];
+ len = MBEDTLS_GET_UINT16_BE(*p, 0);
*p += 2;
if (end - (*p) < len) {
@@ -2024,7 +2012,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
uint16_t tls_id = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
- mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk);
+ mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk);
if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
@@ -2055,7 +2043,7 @@
ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
ssl->handshake->xxdh_psa_peerkey,
- MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH);
+ sizeof(ssl->handshake->xxdh_psa_peerkey));
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret);
@@ -2182,7 +2170,7 @@
#endif
p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
end = ssl->in_msg + ssl->in_hslen;
- MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, end - p);
+ MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, (size_t) (end - p));
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
@@ -2307,7 +2295,7 @@
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
- size_t params_len = p - params;
+ size_t params_len = (size_t) (p - params);
void *rs_ctx = NULL;
uint16_t sig_alg;
@@ -2365,7 +2353,7 @@
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- sig_len = (p[0] << 8) | p[1];
+ sig_len = MBEDTLS_GET_UINT16_BE(p, 0);
p += 2;
if (p != end - sig_len) {
@@ -2593,8 +2581,7 @@
}
/* supported_signature_algorithms */
- sig_alg_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
- | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
+ sig_alg_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n);
/*
* The furthest access in buf is in the loop few lines below:
@@ -2629,8 +2616,7 @@
n += 2 + sig_alg_len;
/* certificate_authorities */
- dn_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8)
- | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
+ dn_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n);
n += dn_len;
if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) {
@@ -3260,9 +3246,9 @@
size_t hashlen;
void *rs_ctx = NULL;
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t out_buf_len = ssl->out_buf_len - (ssl->out_msg - ssl->out_buf);
+ size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf);
#else
- size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (ssl->out_msg - ssl->out_buf);
+ size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf);
#endif
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
@@ -3429,10 +3415,9 @@
msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
- lifetime = (((uint32_t) msg[0]) << 24) | (msg[1] << 16) |
- (msg[2] << 8) | (msg[3]);
+ lifetime = MBEDTLS_GET_UINT32_BE(msg, 0);
- ticket_len = (msg[4] << 8) | (msg[5]);
+ ticket_len = MBEDTLS_GET_UINT16_BE(msg, 4);
if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 9b992d6..5a9f6ca 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2,19 +2,7 @@
* TLS server-side functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -149,7 +137,7 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/*
* Function for parsing a supported groups (TLS 1.3) or supported elliptic
@@ -204,7 +192,7 @@
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- list_size = ((buf[0] << 8) | (buf[1]));
+ list_size = MBEDTLS_GET_UINT16_BE(buf, 0);
if (list_size + 2 != len ||
list_size % 2 != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
@@ -294,7 +282,8 @@
return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
- MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -669,13 +658,13 @@
/*
* Return 0 if the given key uses one of the acceptable curves, -1 otherwise
*/
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_key_curve(mbedtls_pk_context *pk,
uint16_t *curves_tls_id)
{
uint16_t *curr_tls_id = curves_tls_id;
- mbedtls_ecp_group_id grp_id = mbedtls_pk_ec_ro(*pk)->grp.id;
+ mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk);
mbedtls_ecp_group_id curr_grp_id;
while (*curr_tls_id != 0) {
@@ -688,7 +677,7 @@
return -1;
}
-#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED */
/*
* Try picking a certificate for this ciphersuite,
@@ -773,7 +762,7 @@
continue;
}
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
if (pk_alg == MBEDTLS_PK_ECDSA &&
ssl_check_key_curve(&cur->cert->pk,
ssl->handshake->curves_tls_id) != 0) {
@@ -838,7 +827,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) &&
(ssl->handshake->curves_tls_id == NULL ||
ssl->handshake->curves_tls_id[0] == 0)) {
@@ -968,7 +957,7 @@
}
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message len.: %d",
- (ssl->in_len[0] << 8) | ssl->in_len[1]));
+ MBEDTLS_GET_UINT16_BE(ssl->in_len, 0)));
MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]",
buf[1], buf[2]));
@@ -1004,7 +993,7 @@
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- msg_len = (ssl->in_len[0] << 8) | ssl->in_len[1];
+ msg_len = MBEDTLS_GET_UINT16_BE(ssl->in_len, 0);
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
@@ -1139,11 +1128,11 @@
msg_len -= mbedtls_ssl_hs_hdr_len(ssl);
/*
- * ClientHello layer:
+ * ClientHello layout:
* 0 . 1 protocol version
* 2 . 33 random bytes (starting with 4 bytes of Unix time)
- * 34 . 35 session id length (1 byte)
- * 35 . 34+x session id
+ * 34 . 34 session id length (1 byte)
+ * 35 . 34+x session id, where x = session id length from byte 34
* 35+x . 35+x DTLS only: cookie length (1 byte)
* 36+x . .. DTLS only: cookie
* .. . .. ciphersuite list length (2 bytes)
@@ -1262,8 +1251,7 @@
#endif /* MBEDTLS_SSL_PROTO_DTLS */
ciph_offset = 35 + sess_len;
- ciph_len = (buf[ciph_offset + 0] << 8)
- | (buf[ciph_offset + 1]);
+ ciph_len = MBEDTLS_GET_UINT16_BE(buf, ciph_offset);
if (ciph_len < 2 ||
ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */
@@ -1311,8 +1299,7 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- ext_len = (buf[ext_offset + 0] << 8)
- | (buf[ext_offset + 1]);
+ ext_len = MBEDTLS_GET_UINT16_BE(buf, ext_offset);
if (msg_len != ext_offset + 2 + ext_len) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
@@ -1336,8 +1323,8 @@
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- ext_id = ((ext[0] << 8) | (ext[1]));
- ext_size = ((ext[2] << 8) | (ext[3]));
+ ext_id = MBEDTLS_GET_UINT16_BE(ext, 0);
+ ext_size = MBEDTLS_GET_UINT16_BE(ext, 2);
if (ext_size + 4 > ext_len) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
@@ -1383,7 +1370,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension"));
@@ -1404,7 +1391,8 @@
}
break;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \
- MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
@@ -1513,7 +1501,7 @@
if (!sig_hash_alg_ext_present) {
uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
const uint16_t default_sig_algs[] = {
-#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA,
MBEDTLS_SSL_HASH_SHA1),
#endif
@@ -1868,7 +1856,7 @@
*p++ = 0x00;
}
- *olen = p - buf;
+ *olen = (size_t) (p - buf);
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -1898,7 +1886,8 @@
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
unsigned char *buf,
size_t *olen)
@@ -1925,7 +1914,8 @@
*olen = 6;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -1958,7 +1948,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
- p + 2, end - p - 2, &kkpp_len,
+ p + 2, (size_t) (end - p - 2), &kkpp_len,
MBEDTLS_ECJPAKE_ROUND_ONE);
if (ret != 0) {
psa_destroy_key(ssl->handshake->psa_pake_password);
@@ -1968,7 +1958,7 @@
}
#else
ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
- p + 2, end - p - 2, &kkpp_len,
+ p + 2, (size_t) (end - p - 2), &kkpp_len,
ssl->conf->f_rng, ssl->conf->p_rng);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret);
@@ -2089,7 +2079,7 @@
MBEDTLS_SSL_DEBUG_BUF(3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte);
- ssl->out_msglen = p - ssl->out_msg;
+ ssl->out_msglen = (size_t) (p - ssl->out_msg);
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
@@ -2356,7 +2346,8 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
- defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
const mbedtls_ssl_ciphersuite_t *suite =
mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite);
if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) {
@@ -2393,7 +2384,7 @@
p += 2 + ext_len;
}
- ssl->out_msglen = p - buf;
+ ssl->out_msglen = (size_t) (p - buf);
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
@@ -2479,7 +2470,7 @@
#if defined(MBEDTLS_RSA_C)
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
#endif
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
#endif
@@ -2577,12 +2568,12 @@
MBEDTLS_SSL_DEBUG_BUF(3, "requested DN", p - dn_size, dn_size);
- total_dn_size += 2 + dn_size;
+ total_dn_size += (unsigned short) (2 + dn_size);
crt = crt->next;
}
}
- ssl->out_msglen = p - buf;
+ ssl->out_msglen = (size_t) (p - buf);
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len);
@@ -2595,9 +2586,9 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+#if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED))
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
{
@@ -2606,12 +2597,12 @@
mbedtls_pk_context *pk;
mbedtls_pk_type_t pk_type;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+ size_t key_len;
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
uint16_t tls_id = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
- size_t key_len;
mbedtls_ecp_group_id grp_id;
- unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
mbedtls_ecp_keypair *key;
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
@@ -2634,22 +2625,51 @@
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
- ssl->handshake->xxdh_psa_privkey = pk->priv_id;
-
- /* Key should not be destroyed in the TLS library */
- ssl->handshake->xxdh_psa_privkey_is_external = 1;
-
- status = psa_get_key_attributes(ssl->handshake->xxdh_psa_privkey,
- &key_attributes);
+ /* Get the attributes of the key previously parsed by PK module in
+ * order to extract its type and length (in bits). */
+ status = psa_get_key_attributes(pk->priv_id, &key_attributes);
if (status != PSA_SUCCESS) {
- ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
- return PSA_TO_MBEDTLS_ERR(status);
+ ret = PSA_TO_MBEDTLS_ERR(status);
+ goto exit;
}
-
ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes);
ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes);
- psa_reset_key_attributes(&key_attributes);
+ if (pk_type == MBEDTLS_PK_OPAQUE) {
+ /* Opaque key is created by the user (externally from Mbed TLS)
+ * so we assume it already has the right algorithm and flags
+ * set. Just copy its ID as reference. */
+ ssl->handshake->xxdh_psa_privkey = pk->priv_id;
+ ssl->handshake->xxdh_psa_privkey_is_external = 1;
+ } else {
+ /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK
+ * module and only have ECDSA capabilities. Since we need
+ * them for ECDH later, we export and then re-import them with
+ * proper flags and algorithm. Of course We also set key's type
+ * and bits that we just got above. */
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
+ psa_set_key_type(&key_attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
+ psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits);
+
+ status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len);
+ if (status != PSA_SUCCESS) {
+ ret = PSA_TO_MBEDTLS_ERR(status);
+ goto exit;
+ }
+ status = psa_import_key(&key_attributes, buf, key_len,
+ &ssl->handshake->xxdh_psa_privkey);
+ if (status != PSA_SUCCESS) {
+ ret = PSA_TO_MBEDTLS_ERR(status);
+ goto exit;
+ }
+
+ /* Set this key as owned by the TLS library: it will be its duty
+ * to clear it exit. */
+ ssl->handshake->xxdh_psa_privkey_is_external = 0;
+ }
ret = 0;
break;
@@ -2658,7 +2678,7 @@
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
key = mbedtls_pk_ec_rw(*pk);
- grp_id = mbedtls_pk_get_group_id(pk);
+ grp_id = mbedtls_pk_get_ec_group_id(pk);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@@ -2705,10 +2725,13 @@
ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
+exit:
+ psa_reset_key_attributes(&key_attributes);
+ mbedtls_platform_zeroize(buf, sizeof(buf));
+
return ret;
}
-#elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#else /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
{
@@ -2734,6 +2757,7 @@
return 0;
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
@@ -2786,9 +2810,9 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t out_buf_len = ssl->out_buf_len - (ssl->out_msg - ssl->out_buf);
+ size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf);
#else
- size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (ssl->out_msg - ssl->out_buf);
+ size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf);
#endif
#endif
@@ -3093,7 +3117,7 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
+ size_t dig_signed_len = (size_t) (ssl->out_msg + ssl->out_msglen - dig_signed);
size_t hashlen = 0;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
@@ -3108,8 +3132,8 @@
mbedtls_pk_type_t sig_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info);
- unsigned int sig_hash =
- mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
+ unsigned char sig_hash =
+ (unsigned char) mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg));
mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash(sig_hash);
@@ -3367,7 +3391,7 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- n = ((*p)[0] << 8) | (*p)[1];
+ n = MBEDTLS_GET_UINT16_BE(*p, 0);
*p += 2;
if (*p + n > end) {
@@ -3506,9 +3530,8 @@
unsigned char *pms = ssl->handshake->premaster + pms_offset;
unsigned char ver[2];
unsigned char fake_pms[48], peer_pms[48];
- unsigned char mask;
- size_t i, peer_pmslen;
- unsigned int diff;
+ size_t peer_pmslen;
+ mbedtls_ct_condition_t diff;
/* In case of a failure in decryption, the decryption may write less than
* 2 bytes of output, but we always read the first two bytes. It doesn't
@@ -3537,13 +3560,10 @@
/* Avoid data-dependent branches while checking for invalid
* padding, to protect against timing-based Bleichenbacher-type
* attacks. */
- diff = (unsigned int) ret;
- diff |= peer_pmslen ^ 48;
- diff |= peer_pms[0] ^ ver[0];
- diff |= peer_pms[1] ^ ver[1];
-
- /* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */
- mask = mbedtls_ct_uint_mask(diff);
+ diff = mbedtls_ct_bool(ret);
+ diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48));
+ diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0]));
+ diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1]));
/*
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
@@ -3562,7 +3582,7 @@
}
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- if (diff != 0) {
+ if (diff != MBEDTLS_CT_FALSE) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
}
#endif
@@ -3576,9 +3596,7 @@
/* Set pms to either the true or the fake PMS, without
* data-dependent branches. */
- for (i = 0; i < ssl->handshake->pmslen; i++) {
- pms[i] = (mask & fake_pms[i]) | ((~mask) & peer_pms[i]);
- }
+ mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen);
return 0;
}
@@ -3606,7 +3624,7 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- n = ((*p)[0] << 8) | (*p)[1];
+ n = MBEDTLS_GET_UINT16_BE(*p, 0);
*p += 2;
if (n == 0 || n > end - *p) {
@@ -3719,22 +3737,32 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- MBEDTLS_SSL_DEBUG_MSG(1, ("Read the peer's public key."));
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Read the peer's public key."));
/*
* We must have at least two bytes (1 for length, at least 1 for data)
*/
if (buf_len < 2) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid buffer length"));
- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid buffer length: %" MBEDTLS_PRINTF_SIZET,
+ buf_len));
+ return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
if (data_len < 1 || data_len > buf_len) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length"));
- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length: %" MBEDTLS_PRINTF_SIZET
+ " > %" MBEDTLS_PRINTF_SIZET,
+ data_len, buf_len));
+ return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
/* Store peer's ECDH public key. */
+ if (data_len > sizeof(handshake->xxdh_psa_peerkey)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid public key length: %" MBEDTLS_PRINTF_SIZET
+ " > %" MBEDTLS_PRINTF_SIZET,
+ data_len,
+ sizeof(handshake->xxdh_psa_peerkey)));
+ return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+ }
memcpy(handshake->xxdh_psa_peerkey, p, data_len);
handshake->xxdh_psa_peerkey_len = data_len;
@@ -3766,7 +3794,7 @@
handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
#else
if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
- p, end - p)) != 0) {
+ p, (size_t) (end - p))) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
@@ -3979,7 +4007,7 @@
}
if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
- p, end - p)) != 0) {
+ p, (size_t) (end - p))) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
@@ -4008,7 +4036,7 @@
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((ret = mbedtls_psa_ecjpake_read_round(
- &ssl->handshake->psa_pake_ctx, p, end - p,
+ &ssl->handshake->psa_pake_ctx, p, (size_t) (end - p),
MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) {
psa_destroy_key(ssl->handshake->psa_pake_password);
psa_pake_abort(&ssl->handshake->psa_pake_ctx);
@@ -4018,7 +4046,7 @@
}
#else
ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
- p, end - p);
+ p, (size_t) (end - p));
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret);
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -4192,7 +4220,7 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- sig_len = (ssl->in_msg[i] << 8) | ssl->in_msg[i+1];
+ sig_len = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i);
i += 2;
if (i + sig_len != ssl->in_hslen) {
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 77325c3..ae11364 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2,21 +2,7 @@
* TLS 1.3 client-side functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS ( https://tls.mbed.org )
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -686,7 +672,7 @@
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite);
if (ciphersuite_info != NULL) {
- return mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
+ return mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
}
return PSA_ALG_NONE;
@@ -709,10 +695,8 @@
mbedtls_ssl_session *session = ssl->session_negotiate;
return ssl->handshake->resume &&
session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
- (session->ticket_flags &
- MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) &&
- mbedtls_ssl_tls13_cipher_suite_is_offered(
- ssl, session->ciphersuite);
+ mbedtls_ssl_session_ticket_allow_early_data(session) &&
+ mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, session->ciphersuite);
}
#endif
@@ -945,28 +929,14 @@
if (ssl_tls13_ticket_get_identity(
ssl, &hash_alg, &identity, &identity_len) == 0) {
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t now = mbedtls_time(NULL);
+ mbedtls_ms_time_t now = mbedtls_ms_time();
mbedtls_ssl_session *session = ssl->session_negotiate;
+ /* The ticket age has been checked to be smaller than the
+ * `ticket_lifetime` in ssl_prepare_client_hello() which is smaller than
+ * 7 days (enforced in ssl_tls13_parse_new_session_ticket()) . Thus the
+ * cast to `uint32_t` of the ticket age is safe. */
uint32_t obfuscated_ticket_age =
- (uint32_t) (now - session->ticket_received);
-
- /*
- * The ticket timestamp is in seconds but the ticket age is in
- * milliseconds. If the ticket was received at the end of a second and
- * re-used here just at the beginning of the next second, the computed
- * age `now - session->ticket_received` is equal to 1s thus 1000 ms
- * while the actual age could be just a few milliseconds or tens of
- * milliseconds. If the server has more accurate ticket timestamps
- * (typically timestamps in milliseconds), as part of the processing of
- * the ClientHello, it may compute a ticket lifetime smaller than the
- * one computed here and potentially reject the ticket. To avoid that,
- * remove one second to the ticket age if possible.
- */
- if (obfuscated_ticket_age > 0) {
- obfuscated_ticket_age -= 1;
- }
-
- obfuscated_ticket_age *= 1000;
+ (uint32_t) (now - session->ticket_reception_time);
obfuscated_ticket_age += session->ticket_age_add;
ret = ssl_tls13_write_identity(ssl, p, end,
@@ -1140,7 +1110,7 @@
return ret;
}
- if (mbedtls_md_psa_alg_from_type(ssl->handshake->ciphersuite_info->mac)
+ if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac)
!= hash_alg) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("Invalid ciphersuite for external psk."));
@@ -1204,7 +1174,9 @@
if (mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
ssl_tls13_early_data_has_valid_ticket(ssl) &&
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
- ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &ext_len);
+
+ ret = mbedtls_ssl_tls13_write_early_data_ext(
+ ssl, 0, p, end, &ext_len);
if (ret != 0) {
return ret;
}
@@ -1906,36 +1878,6 @@
ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
goto cleanup;
}
-#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
- (handshake->selected_identity != 0 ||
- handshake->ciphersuite_info->id !=
- ssl->session_negotiate->ciphersuite)) {
- /* RFC8446 4.2.11
- * If the server supplies an "early_data" extension, the
- * client MUST verify that the server's selected_identity
- * is 0. If any other value is returned, the client MUST
- * abort the handshake with an "illegal_parameter" alert.
- *
- * RFC 8446 4.2.10
- * In order to accept early data, the server MUST have accepted a PSK
- * cipher suite and selected the first key offered in the client's
- * "pre_shared_key" extension. In addition, it MUST verify that the
- * following values are the same as those associated with the
- * selected PSK:
- * - The TLS version number
- * - The selected cipher suite
- * - The selected ALPN [RFC7301] protocol, if any
- *
- * We check here that when early data is involved the server
- * selected the cipher suite associated to the pre-shared key
- * as it must have.
- */
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
- }
-#endif
if (!mbedtls_ssl_conf_tls13_check_kex_modes(
ssl, handshake->key_exchange_mode)) {
@@ -1983,7 +1925,6 @@
mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake);
MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic"));
- ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
ssl->session_in = ssl->session_negotiate;
cleanup:
@@ -2211,6 +2152,7 @@
int ret;
unsigned char *buf;
size_t buf_len;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions"));
@@ -2223,12 +2165,61 @@
ssl_tls13_parse_encrypted_extensions(ssl, buf, buf + buf_len));
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->handshake->received_extensions &
- MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) {
+ if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) {
+ /* RFC8446 4.2.11
+ * If the server supplies an "early_data" extension, the
+ * client MUST verify that the server's selected_identity
+ * is 0. If any other value is returned, the client MUST
+ * abort the handshake with an "illegal_parameter" alert.
+ *
+ * RFC 8446 4.2.10
+ * In order to accept early data, the server MUST have accepted a PSK
+ * cipher suite and selected the first key offered in the client's
+ * "pre_shared_key" extension. In addition, it MUST verify that the
+ * following values are the same as those associated with the
+ * selected PSK:
+ * - The TLS version number
+ * - The selected cipher suite
+ * - The selected ALPN [RFC7301] protocol, if any
+ *
+ * The server has sent an early data extension in its Encrypted
+ * Extension message thus accepted to receive early data. We
+ * check here that the additional constraints on the handshake
+ * parameters, when early data are exchanged, are met,
+ * namely:
+ * - a PSK has been selected for the handshake
+ * - the selected PSK for the handshake was the first one proposed
+ * by the client.
+ * - the selected ciphersuite for the handshake is the ciphersuite
+ * associated with the selected PSK.
+ */
+ if ((!mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) ||
+ handshake->selected_identity != 0 ||
+ handshake->ciphersuite_info->id !=
+ ssl->session_negotiate->ciphersuite) {
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+ }
+
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
}
#endif
+ /*
+ * In case the client has proposed a PSK associated with a ticket,
+ * `ssl->session_negotiate->ciphersuite` still contains at this point the
+ * identifier of the ciphersuite associated with the ticket. This is that
+ * way because, if an exchange of early data is agreed upon, we need
+ * it to check that the ciphersuite selected for the handshake is the
+ * ticket ciphersuite (see above). This information is not needed
+ * anymore thus we can now set it to the identifier of the ciphersuite
+ * used in this session under negotiation.
+ */
+ ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
+
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
buf, buf_len));
@@ -2673,6 +2664,37 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+/* From RFC 8446 section 4.2.10
+ *
+ * struct {
+ * select (Handshake.msg_type) {
+ * case new_session_ticket: uint32 max_early_data_size;
+ * ...
+ * };
+ * } EarlyDataIndication;
+ */
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_parse_new_session_ticket_early_data_ext(
+ mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end)
+{
+ mbedtls_ssl_session *session = ssl->session;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4);
+
+ session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0);
+ mbedtls_ssl_session_set_ticket_flags(
+ session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA);
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ("received max_early_data_size: %u",
+ (unsigned int) session->max_early_data_size));
+
+ return 0;
+}
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -2706,15 +2728,12 @@
switch (extension_type) {
#if defined(MBEDTLS_SSL_EARLY_DATA)
case MBEDTLS_TLS_EXT_EARLY_DATA:
- if (extension_data_len != 4) {
- MBEDTLS_SSL_PEND_FATAL_ALERT(
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
- MBEDTLS_ERR_SSL_DECODE_ERROR);
- return MBEDTLS_ERR_SSL_DECODE_ERROR;
- }
- if (ssl->session != NULL) {
- ssl->session->ticket_flags |=
- MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA;
+ ret = ssl_tls13_parse_new_session_ticket_early_data_ext(
+ ssl, p, p + extension_data_len);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "ssl_tls13_parse_new_session_ticket_early_data_ext",
+ ret);
}
break;
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -2774,6 +2793,11 @@
MBEDTLS_SSL_DEBUG_MSG(3,
("ticket_lifetime: %u",
(unsigned int) session->ticket_lifetime));
+ if (session->ticket_lifetime >
+ MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime exceeds 7 days."));
+ return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+ }
session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 4);
MBEDTLS_SSL_DEBUG_MSG(3,
@@ -2849,7 +2873,7 @@
#if defined(MBEDTLS_HAVE_TIME)
/* Store ticket creation time */
- session->ticket_received = mbedtls_time(NULL);
+ session->ticket_reception_time = mbedtls_ms_time();
#endif
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(session->ciphersuite);
@@ -2858,7 +2882,7 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
+ psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
if (hash_length == -1 ||
(size_t) hash_length > sizeof(session->resumption_key)) {
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index a063084..fe2a2eb 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -2,19 +2,7 @@
* TLS 1.3 functionality shared between client and server
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -369,7 +357,7 @@
*/
ret = mbedtls_ssl_get_handshake_transcript(
ssl,
- ssl->handshake->ciphersuite_info->mac,
+ (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac,
transcript, sizeof(transcript),
&transcript_len);
if (ret != 0) {
@@ -837,6 +825,8 @@
ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len));
cleanup:
+#else /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
+ (void) ssl;
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate"));
@@ -965,7 +955,7 @@
int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg,
mbedtls_pk_context *key)
{
- mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk(key);
+ mbedtls_pk_type_t pk_type = (mbedtls_pk_type_t) mbedtls_ssl_sig_from_pk(key);
size_t key_size = mbedtls_pk_get_bitlen(key);
switch (pk_type) {
@@ -1033,7 +1023,7 @@
}
ret = mbedtls_ssl_get_handshake_transcript(
- ssl, ssl->handshake->ciphersuite_info->mac,
+ ssl, (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac,
handshake_hash, sizeof(handshake_hash), &handshake_hash_len);
if (ret != 0) {
return ret;
@@ -1412,7 +1402,7 @@
*
* struct {
* select ( Handshake.msg_type ) {
- * ...
+ * case new_session_ticket: uint32 max_early_data_size;
* case client_hello: Empty;
* case encrypted_extensions: Empty;
* };
@@ -1420,20 +1410,37 @@
*/
#if defined(MBEDTLS_SSL_EARLY_DATA)
int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
+ int in_new_session_ticket,
unsigned char *buf,
const unsigned char *end,
size_t *out_len)
{
unsigned char *p = buf;
- *out_len = 0;
- ((void) ssl);
- MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
+#if defined(MBEDTLS_SSL_SRV_C)
+ const size_t needed = in_new_session_ticket ? 8 : 4;
+#else
+ const size_t needed = 4;
+ ((void) in_new_session_ticket);
+#endif
+
+ *out_len = 0;
+
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, needed);
MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0);
- MBEDTLS_PUT_UINT16_BE(0, p, 2);
+ MBEDTLS_PUT_UINT16_BE(needed - 4, p, 2);
- *out_len = 4;
+#if defined(MBEDTLS_SSL_SRV_C)
+ if (in_new_session_ticket) {
+ MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4);
+ MBEDTLS_SSL_DEBUG_MSG(
+ 4, ("Sent max_early_data_size=%u",
+ (unsigned int) ssl->conf->max_early_data_size));
+ }
+#endif
+
+ *out_len = needed;
mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA);
@@ -1462,7 +1469,7 @@
MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR"));
- ret = mbedtls_ssl_get_handshake_transcript(ssl, ciphersuite_info->mac,
+ ret = mbedtls_ssl_get_handshake_transcript(ssl, (mbedtls_md_type_t) ciphersuite_info->mac,
hash_transcript + 4,
PSA_HASH_MAX_SIZE,
&hash_len);
@@ -1514,13 +1521,20 @@
/* Check if key size is consistent with given buffer length. */
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len);
- /* Store peer's ECDH public key. */
+ /* Store peer's ECDH/FFDH public key. */
+ if (peerkey_len > sizeof(handshake->xxdh_psa_peerkey)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid public key length: %u > %" MBEDTLS_PRINTF_SIZET,
+ (unsigned) peerkey_len,
+ sizeof(handshake->xxdh_psa_peerkey)));
+ return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+ }
memcpy(handshake->xxdh_psa_peerkey, p, peerkey_len);
handshake->xxdh_psa_peerkey_len = peerkey_len;
return 0;
}
+#if defined(PSA_WANT_ALG_FFDH)
static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id(
uint16_t tls_id, size_t *bits, psa_key_type_t *key_type)
{
@@ -1549,6 +1563,7 @@
return PSA_ERROR_NOT_SUPPORTED;
}
}
+#endif /* PSA_WANT_ALG_FFDH */
int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
mbedtls_ssl_context *ssl,
diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h
index 3fb79a9..b4506f7 100644
--- a/library/ssl_tls13_invasive.h
+++ b/library/ssl_tls13_invasive.h
@@ -1,18 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_SSL_TLS13_INVASIVE_H
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index afd84a9..9b775ec 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -2,19 +2,7 @@
* TLS 1.3 key schedule
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 ( the "License" ); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -685,7 +673,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
- handshake->ciphersuite_info->mac);
+ (mbedtls_md_type_t) handshake->ciphersuite_info->mac);
/*
* Compute MasterSecret
@@ -797,10 +785,10 @@
mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets =
&ssl->handshake->tls13_hs_secrets;
- mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
+ mbedtls_md_type_t const md_type = (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac;
psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(
- ssl->handshake->ciphersuite_info->mac);
+ (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac);
size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_calculate_verify_data"));
@@ -1019,14 +1007,14 @@
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc,
- key_enc, mbedtls_cipher_info_get_key_bitlen(cipher_info),
+ key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_ENCRYPT)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
return ret;
}
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec,
- key_dec, mbedtls_cipher_info_get_key_bitlen(cipher_info),
+ key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_DECRYPT)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
return ret;
@@ -1059,7 +1047,7 @@
/*
* Setup psa keys and alg
*/
- if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher,
+ if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher,
transform->taglen,
&alg,
&key_type,
@@ -1118,7 +1106,7 @@
taglen = 16;
}
- status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen,
+ status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, taglen,
&alg, &key_type, &key_bits);
if (status != PSA_SUCCESS) {
return PSA_TO_MBEDTLS_ERR(status);
@@ -1152,8 +1140,8 @@
size_t hash_len;
unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t transcript_len;
- size_t key_len;
- size_t iv_len;
+ size_t key_len = 0;
+ size_t iv_len = 0;
mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -1168,9 +1156,9 @@
goto cleanup;
}
- md_type = ciphersuite_info->mac;
+ md_type = (mbedtls_md_type_t) ciphersuite_info->mac;
- hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
hash_len = PSA_HASH_LENGTH(hash_alg);
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
@@ -1298,7 +1286,7 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac);
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len);
@@ -1353,8 +1341,8 @@
size_t hash_len;
unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t transcript_len;
- size_t key_len;
- size_t iv_len;
+ size_t key_len = 0;
+ size_t iv_len = 0;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -1370,9 +1358,9 @@
return ret;
}
- md_type = ciphersuite_info->mac;
+ md_type = (mbedtls_md_type_t) ciphersuite_info->mac;
- hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
hash_len = PSA_HASH_LENGTH(hash_alg);
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
@@ -1480,7 +1468,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
- handshake->ciphersuite_info->mac);
+ (mbedtls_md_type_t) handshake->ciphersuite_info->mac);
unsigned char *shared_secret = NULL;
size_t shared_secret_len = 0;
@@ -1604,7 +1592,7 @@
size_t hash_len;
/* Variables relating to the cipher for the chosen ciphersuite. */
- size_t key_len, iv_len;
+ size_t key_len = 0, iv_len = 0;
MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive application traffic keys"));
@@ -1617,9 +1605,9 @@
goto cleanup;
}
- md_type = handshake->ciphersuite_info->mac;
+ md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac;
- hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac);
hash_len = PSA_HASH_LENGTH(hash_alg);
/* Compute current handshake transcript. It's the caller's responsibility
@@ -1767,7 +1755,7 @@
MBEDTLS_SSL_DEBUG_MSG(
2, ("=> mbedtls_ssl_tls13_compute_resumption_master_secret"));
- md_type = handshake->ciphersuite_info->mac;
+ md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac;
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
transcript, sizeof(transcript),
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 21e9b4d..d3a4c6c 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -2,19 +2,7 @@
* TLS 1.3 key schedule
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 ( the "License" ); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H)
#define MBEDTLS_SSL_TLS1_3_KEYS_H
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 89bba04..fe7a674 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -2,19 +2,7 @@
* TLS 1.3 server-side functions
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -106,6 +94,10 @@
#define SSL_TLS1_3_OFFERED_PSK_MATCH 0
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl);
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_identity_match_ticket(
@@ -117,10 +109,12 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *ticket_buffer;
+ unsigned int key_exchanges;
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t now;
- uint64_t age_in_s;
- int64_t age_diff_in_ms;
+ mbedtls_ms_time_t now;
+ mbedtls_ms_time_t server_age;
+ uint32_t client_age;
+ mbedtls_ms_time_t age_diff;
#endif
((void) obfuscated_ticket_age);
@@ -159,6 +153,12 @@
/* We delete the temporary buffer */
mbedtls_free(ticket_buffer);
+ if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3."));
+ /* TODO: Define new return value for this case. */
+ ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
+ }
+
if (ret != 0) {
goto exit;
}
@@ -172,30 +172,36 @@
* We regard the ticket with incompatible key exchange modes as not match.
*/
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
- MBEDTLS_SSL_PRINT_TICKET_FLAGS(4,
- session->ticket_flags);
- if (mbedtls_ssl_tls13_check_kex_modes(
- ssl,
- mbedtls_ssl_session_get_ticket_flags(
- session,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) {
+ MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
+
+ key_exchanges = 0;
+ if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) &&
+ ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
+ key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ }
+ if (mbedtls_ssl_session_ticket_allow_psk(session) &&
+ ssl_tls13_check_psk_key_exchange(ssl)) {
+ key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ }
+
+ if (key_exchanges == 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
goto exit;
}
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
#if defined(MBEDTLS_HAVE_TIME)
- now = mbedtls_time(NULL);
+ now = mbedtls_ms_time();
- if (now < session->start) {
+ if (now < session->ticket_creation_time) {
MBEDTLS_SSL_DEBUG_MSG(
- 3, ("Invalid ticket start time ( now=%" MBEDTLS_PRINTF_LONGLONG
- ", start=%" MBEDTLS_PRINTF_LONGLONG " )",
- (long long) now, (long long) session->start));
+ 3, ("Invalid ticket creation time ( now = %" MBEDTLS_PRINTF_MS_TIME
+ ", creation_time = %" MBEDTLS_PRINTF_MS_TIME " )",
+ now, session->ticket_creation_time));
goto exit;
}
- age_in_s = (uint64_t) (now - session->start);
+ server_age = now - session->ticket_creation_time;
/* RFC 8446 section 4.6.1
*
@@ -206,12 +212,11 @@
* Clients MUST NOT attempt to use tickets which have ages greater than
* the "ticket_lifetime" value which was provided with the ticket.
*
- * For time being, the age MUST be less than 604800 seconds (7 days).
*/
- if (age_in_s > 604800) {
+ if (server_age > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME * 1000) {
MBEDTLS_SSL_DEBUG_MSG(
- 3, ("Ticket age exceeds limitation ticket_age=%lu",
- (long unsigned int) age_in_s));
+ 3, ("Ticket age exceeds limitation ticket_age = %" MBEDTLS_PRINTF_MS_TIME,
+ server_age));
goto exit;
}
@@ -222,18 +227,19 @@
* ticket_age_add from PskIdentity.obfuscated_ticket_age modulo 2^32) is
* within a small tolerance of the time since the ticket was issued.
*
- * NOTE: When `now == session->start`, `age_diff_in_ms` may be negative
- * as the age units are different on the server (s) and in the
- * client (ms) side. Add a -1000 ms tolerance window to take this
- * into account.
+ * NOTE: The typical accuracy of an RTC crystal is ±100 to ±20 parts per
+ * million (360 to 72 milliseconds per hour). Default tolerance
+ * window is 6s, thus in the worst case clients and servers must
+ * sync up their system time every 6000/360/2~=8 hours.
*/
- age_diff_in_ms = age_in_s * 1000;
- age_diff_in_ms -= (obfuscated_ticket_age - session->ticket_age_add);
- if (age_diff_in_ms <= -1000 ||
- age_diff_in_ms > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) {
+ client_age = obfuscated_ticket_age - session->ticket_age_add;
+ age_diff = server_age - (mbedtls_ms_time_t) client_age;
+ if (age_diff < -MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE ||
+ age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) {
MBEDTLS_SSL_DEBUG_MSG(
- 3, ("Ticket age outside tolerance window ( diff=%d )",
- (int) age_diff_in_ms));
+ 3, ("Ticket age outside tolerance window ( diff = %"
+ MBEDTLS_PRINTF_MS_TIME ")",
+ age_diff));
goto exit;
}
@@ -408,7 +414,8 @@
/* MAC of selected ciphersuite MUST be same with PSK binder if exist.
* Otherwise, client should reject.
*/
- if (psk_hash_alg == mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)) {
+ if (psk_hash_alg ==
+ mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)) {
*selected_ciphersuite = cipher_suite;
*selected_ciphersuite_info = ciphersuite_info;
return 0;
@@ -466,6 +473,10 @@
}
memcpy(dst->resumption_key, src->resumption_key, src->resumption_key_len);
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ dst->max_early_data_size = src->max_early_data_size;
+#endif
+
return 0;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
@@ -614,7 +625,7 @@
ret = ssl_tls13_offered_psks_check_binder_match(
ssl, binder, binder_len, psk_type,
- mbedtls_md_psa_alg_from_type(ciphersuite_info->mac));
+ mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac));
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
/* For security reasons, the handshake should be aborted when we
* fail to validate a binder value. See RFC 8446 section 4.2.11.2
@@ -990,6 +1001,26 @@
}
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_ticket_permission_check(mbedtls_ssl_context *ssl,
+ unsigned int kex_mode)
+{
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if (ssl->handshake->resume) {
+ if (mbedtls_ssl_session_check_ticket_flags(
+ ssl->session_negotiate, kex_mode)) {
+ return 0;
+ }
+ }
+#else
+ ((void) ssl);
+ ((void) kex_mode);
+#endif
+ return 1;
+}
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
+
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
{
@@ -1006,7 +1037,9 @@
static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
- return mbedtls_ssl_conf_tls13_psk_enabled(ssl) &&
+ return ssl_tls13_ticket_permission_check(
+ ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) &&
+ mbedtls_ssl_conf_tls13_psk_enabled(ssl) &&
mbedtls_ssl_tls13_psk_enabled(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
#else
@@ -1019,7 +1052,9 @@
static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
- return mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) &&
+ return ssl_tls13_ticket_permission_check(
+ ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) &&
+ mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) &&
mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
#else
@@ -1702,9 +1737,8 @@
* - The content up to but excluding the PSK extension, if present.
*/
/* If we've settled on a PSK-based exchange, parse PSK identity ext */
- if (mbedtls_ssl_tls13_some_psk_enabled(ssl) &&
- mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
- (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) {
+ if (ssl_tls13_check_psk_key_exchange(ssl) ||
+ ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
ret = handshake->update_checksum(ssl, buf,
pre_shared_key_ext - buf);
if (0 != ret) {
@@ -1748,6 +1782,82 @@
return hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK;
}
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
+{
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ if ((handshake->received_extensions &
+ MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("EarlyData: no early data extension received."));
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED;
+ return;
+ }
+
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
+
+ if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1,
+ ("EarlyData: rejected, feature disabled in server configuration."));
+ return;
+ }
+
+ if (!handshake->resume) {
+ /* We currently support early data only in the case of PSKs established
+ via a NewSessionTicket message thus in the case of a session
+ resumption. */
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("EarlyData: rejected, not a session resumption."));
+ return;
+ }
+
+ /* RFC 8446 4.2.10
+ *
+ * In order to accept early data, the server MUST have accepted a PSK cipher
+ * suite and selected the first key offered in the client's "pre_shared_key"
+ * extension. In addition, it MUST verify that the following values are the
+ * same as those associated with the selected PSK:
+ * - The TLS version number
+ * - The selected cipher suite
+ * - The selected ALPN [RFC7301] protocol, if any
+ *
+ * NOTE:
+ * - The TLS version number is checked in
+ * ssl_tls13_offered_psks_check_identity_match_ticket().
+ * - ALPN is not checked for the time being (TODO).
+ */
+
+ if (handshake->selected_identity != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("EarlyData: rejected, the selected key in "
+ "`pre_shared_key` is not the first one."));
+ return;
+ }
+
+ if (handshake->ciphersuite_info->id !=
+ ssl->session_negotiate->ciphersuite) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("EarlyData: rejected, the selected ciphersuite is not the one "
+ "of the selected pre-shared key."));
+ return;
+
+ }
+
+ if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session_negotiate)) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1,
+ ("EarlyData: rejected, early_data not allowed in ticket "
+ "permission bits."));
+ return;
+ }
+
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
+
+}
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
/* Update the handshake state machine */
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -1774,8 +1884,21 @@
return ret;
}
- return 0;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ /* There is enough information, update early data state. */
+ ssl_tls13_update_early_data_status(ssl);
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
+ ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "mbedtls_ssl_tls13_compute_early_transform", ret);
+ return ret;
+ }
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+ return 0;
}
/*
@@ -2399,6 +2522,17 @@
p += output_len;
#endif /* MBEDTLS_SSL_ALPN */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
+ ret = mbedtls_ssl_tls13_write_early_data_ext(
+ ssl, 0, p, end, &output_len);
+ if (ret != 0) {
+ return ret;
+ }
+ p += output_len;
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
extensions_len = (p - p_extensions_len) - 2;
MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0);
@@ -2631,6 +2765,59 @@
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
/*
+ * RFC 8446 section A.2
+ *
+ * | Send ServerHello
+ * | K_send = handshake
+ * | Send EncryptedExtensions
+ * | [Send CertificateRequest]
+ * Can send | [Send Certificate + CertificateVerify]
+ * app data | Send Finished
+ * after --> | K_send = application
+ * here +--------+--------+
+ * No 0-RTT | | 0-RTT
+ * | |
+ * K_recv = handshake | | K_recv = early data
+ * [Skip decrypt errors] | +------> WAIT_EOED -+
+ * | | Recv | | Recv EndOfEarlyData
+ * | | early data | | K_recv = handshake
+ * | +------------+ |
+ * | |
+ * +> WAIT_FLIGHT2 <--------+
+ * |
+ * +--------+--------+
+ * No auth | | Client auth
+ * | |
+ * | v
+ * | WAIT_CERT
+ * | Recv | | Recv Certificate
+ * | empty | v
+ * | Certificate | WAIT_CV
+ * | | | Recv
+ * | v | CertificateVerify
+ * +-> WAIT_FINISHED <---+
+ * | Recv Finished
+ *
+ *
+ * The following function handles the state changes after WAIT_FLIGHT2 in the
+ * above diagram. We are not going to receive early data related messages
+ * anymore, prepare to receive the first handshake message of the client
+ * second flight.
+ */
+static void ssl_tls13_prepare_for_handshake_second_flight(
+ mbedtls_ssl_context *ssl)
+{
+ if (ssl->handshake->certificate_request_sent) {
+ mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate"));
+ MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify"));
+
+ mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED);
+ }
+}
+
+/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
*/
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -2651,20 +2838,200 @@
return ret;
}
- MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic"));
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
+ /* See RFC 8446 section A.2 for more information */
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("Switch to early keys for inbound traffic. "
+ "( K_recv = early data )"));
+ mbedtls_ssl_set_inbound_transform(
+ ssl, ssl->handshake->transform_earlydata);
+ mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA);
+ return 0;
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("Switch to handshake keys for inbound traffic "
+ "( K_recv = handshake )"));
mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake);
- if (ssl->handshake->certificate_request_sent) {
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
- } else {
- MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate"));
- MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify"));
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED);
- }
+ ssl_tls13_prepare_for_handshake_second_flight(ssl);
return 0;
}
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+/*
+ * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA
+ */
+#define SSL_GOT_END_OF_EARLY_DATA 0
+#define SSL_GOT_EARLY_DATA 1
+/* Coordination:
+ * Deals with the ambiguity of not knowing if the next message is an
+ * EndOfEarlyData message or an application message containing early data.
+ * Returns a negative code on failure, or
+ * - SSL_GOT_END_OF_EARLY_DATA
+ * - SSL_GOT_EARLY_DATA
+ * indicating which message is received.
+ */
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
+ }
+ ssl->keep_current_message = 1;
+
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Received an end_of_early_data message."));
+ return SSL_GOT_END_OF_EARLY_DATA;
+ }
+
+ if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data"));
+ return SSL_GOT_EARLY_DATA;
+ }
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+ MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE);
+ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
+}
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end)
+{
+ /* RFC 8446 section 4.5
+ *
+ * struct {} EndOfEarlyData;
+ */
+ if (buf != end) {
+ MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+ MBEDTLS_ERR_SSL_DECODE_ERROR);
+ return MBEDTLS_ERR_SSL_DECODE_ERROR;
+ }
+ return 0;
+}
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_process_early_application_data(mbedtls_ssl_context *ssl)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+ return ret;
+ }
+
+ /*
+ * Output early data
+ *
+ * For the time being, we print received data via debug message.
+ *
+ * TODO: Remove it when `mbedtls_ssl_read_early_data` is ready.
+ */
+ ssl->in_msg[ssl->in_msglen] = 0;
+ MBEDTLS_SSL_DEBUG_MSG(3, ("\n%s", ssl->in_msg));
+
+ /* RFC 8446 section 4.6.1
+ *
+ * A server receiving more than max_early_data_size bytes of 0-RTT data
+ * SHOULD terminate the connection with an "unexpected_message" alert.
+ *
+ * TODO: Add received data size check here.
+ */
+
+ return 0;
+}
+
+/*
+ * RFC 8446 section A.2
+ *
+ * | Send ServerHello
+ * | K_send = handshake
+ * | Send EncryptedExtensions
+ * | [Send CertificateRequest]
+ * Can send | [Send Certificate + CertificateVerify]
+ * app data | Send Finished
+ * after --> | K_send = application
+ * here +--------+--------+
+ * No 0-RTT | | 0-RTT
+ * | |
+ * K_recv = handshake | | K_recv = early data
+ * [Skip decrypt errors] | +------> WAIT_EOED -+
+ * | | Recv | | Recv EndOfEarlyData
+ * | | early data | | K_recv = handshake
+ * | +------------+ |
+ * | |
+ * +> WAIT_FLIGHT2 <--------+
+ * |
+ * +--------+--------+
+ * No auth | | Client auth
+ * | |
+ * | v
+ * | WAIT_CERT
+ * | Recv | | Recv Certificate
+ * | empty | v
+ * | Certificate | WAIT_CV
+ * | | | Recv
+ * | v | CertificateVerify
+ * +-> WAIT_FINISHED <---+
+ * | Recv Finished
+ *
+ * The function handles actions and state changes from 0-RTT to WAIT_FLIGHT2 in
+ * the above diagram.
+ */
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_end_of_early_data"));
+
+ MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl));
+
+ if (ret == SSL_GOT_END_OF_EARLY_DATA) {
+ unsigned char *buf;
+ size_t buf_len;
+
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA,
+ &buf, &buf_len));
+
+ MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data(
+ ssl, buf, buf + buf_len));
+
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("Switch to handshake keys for inbound traffic"
+ "( K_recv = handshake )"));
+ mbedtls_ssl_set_inbound_transform(
+ ssl, ssl->handshake->transform_handshake);
+
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA,
+ buf, buf_len));
+
+ ssl_tls13_prepare_for_handshake_second_flight(ssl);
+
+ } else if (ret == SSL_GOT_EARLY_DATA) {
+ MBEDTLS_SSL_PROC_CHK(ssl_tls13_process_early_application_data(ssl));
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+cleanup:
+ MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_end_of_early_data"));
+ return ret;
+}
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
/*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
*/
@@ -2760,7 +3127,7 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg"));
#if defined(MBEDTLS_HAVE_TIME)
- session->start = mbedtls_time(NULL);
+ session->ticket_creation_time = mbedtls_ms_time();
#endif
/* Set ticket_flags depends on the advertised psk key exchange mode */
@@ -2770,6 +3137,15 @@
mbedtls_ssl_session_set_ticket_flags(
session, ssl->handshake->tls13_kex_modes);
#endif
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED &&
+ ssl->conf->max_early_data_size > 0) {
+ mbedtls_ssl_session_set_ticket_flags(
+ session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA);
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
/* Generate ticket_age_add */
@@ -2793,7 +3169,7 @@
ciphersuite_info =
(mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
- psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
+ psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
if (hash_length == -1 ||
(size_t) hash_length > sizeof(session->resumption_key)) {
@@ -2853,12 +3229,13 @@
* The following fields are placed inside the ticket by the
* f_ticket_write() function:
*
- * - creation time (start)
- * - flags (flags)
+ * - creation time (ticket_creation_time)
+ * - flags (ticket_flags)
* - age add (ticket_age_add)
- * - key (key)
- * - key length (key_len)
+ * - key (resumption_key)
+ * - key length (resumption_key_len)
* - ciphersuite (ciphersuite)
+ * - max_early_data_size (max_early_data_size)
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl,
@@ -2873,6 +3250,7 @@
mbedtls_ssl_session *session = ssl->session;
size_t ticket_len;
uint32_t ticket_lifetime;
+ unsigned char *p_extensions_len;
*out_len = 0;
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg"));
@@ -2907,8 +3285,8 @@
* MAY treat a ticket as valid for a shorter period of time than what
* is stated in the ticket_lifetime.
*/
- if (ticket_lifetime > 604800) {
- ticket_lifetime = 604800;
+ if (ticket_lifetime > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) {
+ ticket_lifetime = MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME;
}
MBEDTLS_PUT_UINT32_BE(ticket_lifetime, p, 0);
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u",
@@ -2934,15 +3312,35 @@
/* Ticket Extensions
*
- * Note: We currently don't have any extensions.
- * Set length to zero.
+ * Extension extensions<0..2^16-2>;
*/
ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
- MBEDTLS_PUT_UINT16_BE(0, p, 0);
+ p_extensions_len = p;
p += 2;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (mbedtls_ssl_session_ticket_allow_early_data(session)) {
+ size_t output_len;
+
+ if ((ret = mbedtls_ssl_tls13_write_early_data_ext(
+ ssl, 1, p, end, &output_len)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "mbedtls_ssl_tls13_write_early_data_ext", ret);
+ return ret;
+ }
+ p += output_len;
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 4, ("early_data not allowed, "
+ "skip early_data extension in NewSessionTicket"));
+ }
+
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+ MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0);
+
*out_len = p - buf;
MBEDTLS_SSL_DEBUG_BUF(4, "ticket", buf, *out_len);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket"));
@@ -3015,7 +3413,7 @@
}
MBEDTLS_SSL_DEBUG_MSG(2, ("tls13 server state: %s(%d)",
- mbedtls_ssl_states_str(ssl->state),
+ mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state),
ssl->state));
switch (ssl->state) {
@@ -3089,6 +3487,12 @@
ret = ssl_tls13_write_server_finished(ssl);
break;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ case MBEDTLS_SSL_END_OF_EARLY_DATA:
+ ret = ssl_tls13_process_end_of_early_data(ssl);
+ break;
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
case MBEDTLS_SSL_CLIENT_FINISHED:
ret = ssl_tls13_process_client_finished(ssl);
break;
diff --git a/library/threading.c b/library/threading.c
index 130c696..873b507 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -2,19 +2,7 @@
* Threading abstraction layer
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
@@ -68,28 +56,27 @@
return;
}
- /* A nonzero value of is_valid indicates a successfully initialized
- * mutex. This is a workaround for not being able to return an error
- * code for this function. The lock/unlock functions return an error
- * if is_valid is nonzero. The Mbed TLS unit test code uses this field
- * to distinguish more states of the mutex; see
- * tests/src/threading_helpers for details. */
- mutex->is_valid = pthread_mutex_init(&mutex->mutex, NULL) == 0;
+ /* One problem here is that calling lock on a pthread mutex without first
+ * having initialised it is undefined behaviour. Obviously we cannot check
+ * this here in a thread safe manner without a significant performance
+ * hit, so state transitions are checked in tests only via the state
+ * variable. Please make sure any new mutex that gets added is exercised in
+ * tests; see tests/src/threading_helpers.c for more details. */
+ (void) pthread_mutex_init(&mutex->mutex, NULL);
}
static void threading_mutex_free_pthread(mbedtls_threading_mutex_t *mutex)
{
- if (mutex == NULL || !mutex->is_valid) {
+ if (mutex == NULL) {
return;
}
(void) pthread_mutex_destroy(&mutex->mutex);
- mutex->is_valid = 0;
}
static int threading_mutex_lock_pthread(mbedtls_threading_mutex_t *mutex)
{
- if (mutex == NULL || !mutex->is_valid) {
+ if (mutex == NULL) {
return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
}
@@ -102,7 +89,7 @@
static int threading_mutex_unlock_pthread(mbedtls_threading_mutex_t *mutex)
{
- if (mutex == NULL || !mutex->is_valid) {
+ if (mutex == NULL) {
return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
}
diff --git a/library/timing.c b/library/timing.c
index 6852033..58f1c1e 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -2,19 +2,7 @@
* Portable interface to the CPU cycle counter
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/version.c b/library/version.c
index 4f78c9c..0439733 100644
--- a/library/version.c
+++ b/library/version.c
@@ -2,19 +2,7 @@
* Version information
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/library/x509.c b/library/x509.c
index ba8d719..b7b71f3 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -2,19 +2,7 @@
* X.509 common functions for parsing and verification
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
@@ -43,6 +31,8 @@
#include "mbedtls/pem.h"
#endif
+#include "mbedtls/asn1write.h"
+
#include "mbedtls/platform.h"
#if defined(MBEDTLS_HAVE_TIME)
@@ -810,6 +800,11 @@
return 0;
}
+static char nibble_to_hex_digit(int i)
+{
+ return (i < 10) ? (i + '0') : (i - 10 + 'A');
+}
+
/*
* Store the name in printable form into buf; no more
* than size characters will be written
@@ -817,11 +812,16 @@
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i, j, n;
+ size_t i, j, n, asn1_len_size, asn1_tag_size, asn1_tag_len_buf_start;
+ /* 6 is enough as our asn1 write functions only write one byte for the tag and at most five bytes for the length*/
+ unsigned char asn1_tag_len_buf[6];
+ unsigned char *asn1_len_p;
unsigned char c, merge = 0;
const mbedtls_x509_name *name;
const char *short_name = NULL;
+ char lowbits, highbits;
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
+ int print_hexstring;
memset(s, 0, sizeof(s));
@@ -840,32 +840,91 @@
MBEDTLS_X509_SAFE_SNPRINTF;
}
- ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name);
+ print_hexstring = (name->val.tag != MBEDTLS_ASN1_UTF8_STRING) &&
+ (name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) &&
+ (name->val.tag != MBEDTLS_ASN1_IA5_STRING);
- if (ret == 0) {
+ if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) {
ret = mbedtls_snprintf(p, n, "%s=", short_name);
} else {
- ret = mbedtls_snprintf(p, n, "\?\?=");
+ if ((ret = mbedtls_oid_get_numeric_string(p, n, &name->oid)) > 0) {
+ n -= ret;
+ p += ret;
+ ret = mbedtls_snprintf(p, n, "=");
+ print_hexstring = 1;
+ } else if (ret == MBEDTLS_ERR_OID_BUF_TOO_SMALL) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ } else {
+ ret = mbedtls_snprintf(p, n, "\?\?=");
+ }
}
MBEDTLS_X509_SAFE_SNPRINTF;
- for (i = 0, j = 0; i < name->val.len; i++, j++) {
- if (j >= sizeof(s) - 1) {
- return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
- }
+ if (print_hexstring) {
+ s[0] = '#';
- c = name->val.p[i];
- // Special characters requiring escaping, RFC 1779
- if (c && strchr(",=+<>#;\"\\", c)) {
+ asn1_len_p = asn1_tag_len_buf + sizeof(asn1_tag_len_buf);
+ if ((ret = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len)) < 0) {
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ }
+ asn1_len_size = ret;
+ if ((ret = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag)) < 0) {
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ }
+ asn1_tag_size = ret;
+ asn1_tag_len_buf_start = sizeof(asn1_tag_len_buf) - asn1_len_size - asn1_tag_size;
+ for (i = 0, j = 1; i < asn1_len_size + asn1_tag_size; i++) {
if (j + 1 >= sizeof(s) - 1) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
- s[j++] = '\\';
+ c = asn1_tag_len_buf[asn1_tag_len_buf_start+i];
+ lowbits = (c & 0x0F);
+ highbits = c >> 4;
+ s[j++] = nibble_to_hex_digit(highbits);
+ s[j++] = nibble_to_hex_digit(lowbits);
}
- if (c < 32 || c >= 127) {
- s[j] = '?';
- } else {
- s[j] = c;
+ for (i = 0; i < name->val.len; i++) {
+ if (j + 1 >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+ c = name->val.p[i];
+ lowbits = (c & 0x0F);
+ highbits = c >> 4;
+ s[j++] = nibble_to_hex_digit(highbits);
+ s[j++] = nibble_to_hex_digit(lowbits);
+ }
+ } else {
+ for (i = 0, j = 0; i < name->val.len; i++, j++) {
+ if (j >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+
+ c = name->val.p[i];
+ // Special characters requiring escaping, RFC 4514 Section 2.4
+ if (c == '\0') {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ } else {
+ if (strchr(",=+<>;\"\\", c) ||
+ ((i == 0) && strchr("# ", c)) ||
+ ((i == name->val.len-1) && (c == ' '))) {
+ if (j + 1 >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+ s[j++] = '\\';
+ }
+ }
+ if (c < 32 || c >= 127) {
+ if (j + 3 >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+ s[j++] = '\\';
+ lowbits = (c & 0x0F);
+ highbits = c >> 4;
+ s[j++] = nibble_to_hex_digit(highbits);
+ s[j] = nibble_to_hex_digit(lowbits);
+ } else {
+ s[j] = c;
+ }
}
}
s[j] = '\0';
@@ -1097,6 +1156,7 @@
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) {
return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
}
+ other_name->type_id = cur_oid;
p += len;
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
@@ -1488,7 +1548,7 @@
MBEDTLS_X509_SAFE_SNPRINTF;
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
- &other_name->value.hardware_module_name.oid) != 0) {
+ &other_name->type_id) == 0) {
ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
ret =
diff --git a/library/x509_create.c b/library/x509_create.c
index bd772d3..8f31c3b 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -2,19 +2,7 @@
* X.509 base functions for creating certificates / CSRs
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
@@ -28,6 +16,10 @@
#include <string.h>
+#include "mbedtls/platform.h"
+
+#include "mbedtls/asn1.h"
+
/* Structure linking OIDs for X.509 DN AttributeTypes to their
* string representations and default string encodings used by Mbed TLS. */
typedef struct {
@@ -35,7 +27,8 @@
* "CN" or "emailAddress". */
size_t name_len; /* Length of 'name', without trailing 0 byte. */
const char *oid; /* String representation of OID of AttributeType,
- * as per RFC 5280, Appendix A.1. */
+ * as per RFC 5280, Appendix A.1. encoded as per
+ * X.690 */
int default_tag; /* The default character encoding used for the
* given attribute type, e.g.
* MBEDTLS_ASN1_UTF8_STRING for UTF-8. */
@@ -123,79 +116,261 @@
return cur;
}
+static int hex_to_int(char c)
+{
+ return ('0' <= c && c <= '9') ? (c - '0') :
+ ('a' <= c && c <= 'f') ? (c - 'a' + 10) :
+ ('A' <= c && c <= 'F') ? (c - 'A' + 10) : -1;
+}
+
+static int hexpair_to_int(const char *hexpair)
+{
+ int n1 = hex_to_int(*hexpair);
+ int n2 = hex_to_int(*(hexpair + 1));
+
+ if (n1 != -1 && n2 != -1) {
+ return (n1 << 4) | n2;
+ } else {
+ return -1;
+ }
+}
+
+static int parse_attribute_value_string(const char *s,
+ int len,
+ unsigned char *data,
+ size_t *data_len)
+{
+ const char *c;
+ const char *end = s + len;
+ unsigned char *d = data;
+ int n;
+
+ for (c = s; c < end; c++) {
+ if (*c == '\\') {
+ c++;
+
+ /* Check for valid escaped characters as per RFC 4514 Section 3 */
+ if (c + 1 < end && (n = hexpair_to_int(c)) != -1) {
+ if (n == 0) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ *(d++) = n;
+ c++;
+ } else if (c < end && strchr(" ,=+<>#;\"\\", *c)) {
+ *(d++) = *c;
+ } else {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ } else {
+ *(d++) = *c;
+ }
+
+ if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ }
+ *data_len = (size_t) (d - data);
+ return 0;
+}
+
+/** Parse a hexstring containing a DER-encoded string.
+ *
+ * \param s A string of \p len bytes hexadecimal digits.
+ * \param len Number of bytes to read from \p s.
+ * \param data Output buffer of size \p data_size.
+ * On success, it contains the payload that's DER-encoded
+ * in the input (content without the tag and length).
+ * If the DER tag is a string tag, the payload is guaranteed
+ * not to contain null bytes.
+ * \param data_size Length of the \p data buffer.
+ * \param data_len On success, the length of the parsed string.
+ * It is guaranteed to be less than
+ * #MBEDTLS_X509_MAX_DN_NAME_SIZE.
+ * \param tag The ASN.1 tag that the payload in \p data is encoded in.
+ *
+ * \retval 0 on success.
+ * \retval #MBEDTLS_ERR_X509_INVALID_NAME if \p s does not contain
+ * a valid hexstring,
+ * or if the decoded hexstring is not valid DER,
+ * or if the payload does not fit in \p data,
+ * or if the payload is more than
+ * #MBEDTLS_X509_MAX_DN_NAME_SIZE bytes,
+ * of if \p *tag is an ASN.1 string tag and the payload
+ * contains a null byte.
+ * \retval #MBEDTLS_ERR_X509_ALLOC_FAILED on low memory.
+ */
+static int parse_attribute_value_hex_der_encoded(const char *s,
+ size_t len,
+ unsigned char *data,
+ size_t data_size,
+ size_t *data_len,
+ int *tag)
+{
+ /* Step 1: preliminary length checks. */
+ /* Each byte is encoded by exactly two hexadecimal digits. */
+ if (len % 2 != 0) {
+ /* Odd number of hex digits */
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ size_t const der_length = len / 2;
+ if (der_length > MBEDTLS_X509_MAX_DN_NAME_SIZE + 4) {
+ /* The payload would be more than MBEDTLS_X509_MAX_DN_NAME_SIZE
+ * (after subtracting the ASN.1 tag and length). Reject this early
+ * to avoid allocating a large intermediate buffer. */
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ if (der_length < 1) {
+ /* Avoid empty-buffer shenanigans. A valid DER encoding is never
+ * empty. */
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+
+ /* Step 2: Decode the hex string into an intermediate buffer. */
+ unsigned char *der = mbedtls_calloc(1, der_length);
+ if (der == NULL) {
+ return MBEDTLS_ERR_X509_ALLOC_FAILED;
+ }
+ /* Beyond this point, der needs to be freed on exit. */
+ for (size_t i = 0; i < der_length; i++) {
+ int c = hexpair_to_int(s + 2 * i);
+ if (c < 0) {
+ goto error;
+ }
+ der[i] = c;
+ }
+
+ /* Step 3: decode the DER. */
+ /* We've checked that der_length >= 1 above. */
+ *tag = der[0];
+ {
+ unsigned char *p = der + 1;
+ if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) {
+ goto error;
+ }
+ /* Now p points to the first byte of the payload inside der,
+ * and *data_len is the length of the payload. */
+
+ /* Step 4: payload validation */
+ if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) {
+ goto error;
+ }
+ /* Strings must not contain null bytes. */
+ if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) {
+ for (size_t i = 0; i < *data_len; i++) {
+ if (p[i] == 0) {
+ goto error;
+ }
+ }
+ }
+
+ /* Step 5: output the payload. */
+ if (*data_len > data_size) {
+ goto error;
+ }
+ memcpy(data, p, *data_len);
+ }
+ mbedtls_free(der);
+
+ return 0;
+
+error:
+ mbedtls_free(der);
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+}
+
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
{
int ret = MBEDTLS_ERR_X509_INVALID_NAME;
+ int parse_ret = 0;
const char *s = name, *c = s;
const char *end = s + strlen(s);
- const char *oid = NULL;
+ mbedtls_asn1_buf oid = { .p = NULL, .len = 0, .tag = MBEDTLS_ASN1_NULL };
const x509_attr_descriptor_t *attr_descr = NULL;
- int in_tag = 1;
- char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
- char *d = data;
+ int in_attr_type = 1;
+ int tag;
+ int numericoid = 0;
+ unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
+ size_t data_len = 0;
/* Clear existing chain if present */
mbedtls_asn1_free_named_data_list(head);
while (c <= end) {
- if (in_tag && *c == '=') {
- if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) {
- ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
- goto exit;
+ if (in_attr_type && *c == '=') {
+ if ((attr_descr = x509_attr_descr_from_name(s, (size_t) (c - s))) == NULL) {
+ if ((mbedtls_oid_from_numeric_string(&oid, s, (size_t) (c - s))) != 0) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ } else {
+ numericoid = 1;
+ }
+ } else {
+ oid.len = strlen(attr_descr->oid);
+ oid.p = mbedtls_calloc(1, oid.len);
+ memcpy(oid.p, attr_descr->oid, oid.len);
+ numericoid = 0;
}
- oid = attr_descr->oid;
s = c + 1;
- in_tag = 0;
- d = data;
+ in_attr_type = 0;
}
- if (!in_tag && *c == '\\' && c != end) {
- c++;
-
- /* Check for valid escaped characters */
- if (c == end || *c != ',') {
- ret = MBEDTLS_ERR_X509_INVALID_NAME;
- goto exit;
+ if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) {
+ if (s == c) {
+ mbedtls_free(oid.p);
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ } else if (*s == '#') {
+ /* We know that c >= s (loop invariant) and c != s (in this
+ * else branch), hence c - s - 1 >= 0. */
+ parse_ret = parse_attribute_value_hex_der_encoded(
+ s + 1, (size_t) (c - s) - 1,
+ data, sizeof(data), &data_len, &tag);
+ if (parse_ret != 0) {
+ mbedtls_free(oid.p);
+ return parse_ret;
+ }
+ } else {
+ if (numericoid) {
+ mbedtls_free(oid.p);
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ } else {
+ if ((parse_ret =
+ parse_attribute_value_string(s, (int) (c - s), data,
+ &data_len)) != 0) {
+ mbedtls_free(oid.p);
+ return parse_ret;
+ }
+ tag = attr_descr->default_tag;
+ }
}
- } else if (!in_tag && (*c == ',' || c == end)) {
- mbedtls_asn1_named_data *cur =
- mbedtls_asn1_store_named_data(head, oid, strlen(oid),
- (unsigned char *) data,
- d - data);
+ mbedtls_asn1_named_data *cur =
+ mbedtls_asn1_store_named_data(head, (char *) oid.p, oid.len,
+ (unsigned char *) data,
+ data_len);
+ mbedtls_free(oid.p);
+ oid.p = NULL;
if (cur == NULL) {
return MBEDTLS_ERR_X509_ALLOC_FAILED;
}
// set tagType
- cur->val.tag = attr_descr->default_tag;
+ cur->val.tag = tag;
while (c < end && *(c + 1) == ' ') {
c++;
}
s = c + 1;
- in_tag = 1;
+ in_attr_type = 1;
/* Successfully parsed one name, update ret to success */
ret = 0;
}
-
- if (!in_tag && s != c + 1) {
- *(d++) = *c;
-
- if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) {
- ret = MBEDTLS_ERR_X509_INVALID_NAME;
- goto exit;
- }
- }
-
c++;
}
-
-exit:
-
+ if (oid.p != NULL) {
+ mbedtls_free(oid.p);
+ }
return ret;
}
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 79ace8f..fdbad23 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -2,19 +2,7 @@
* X.509 Certificate Revocation List (CRL) parsing
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
@@ -379,7 +367,7 @@
}
end = p + len;
- crl->tbs.len = end - crl->tbs.p;
+ crl->tbs.len = (size_t) (end - crl->tbs.p);
/*
* Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
@@ -423,7 +411,7 @@
return ret;
}
- crl->issuer_raw.len = p - crl->issuer_raw.p;
+ crl->issuer_raw.len = (size_t) (p - crl->issuer_raw.p);
/*
* thisUpdate Time
diff --git a/library/x509_crt.c b/library/x509_crt.c
index b40bad2..4e7672e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2,19 +2,7 @@
* X.509 certificate parsing and verification
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
@@ -234,7 +222,7 @@
if (pk_alg == MBEDTLS_PK_ECDSA ||
pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH) {
- const mbedtls_ecp_group_id gid = mbedtls_pk_get_group_id(pk);
+ const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk);
if (gid == MBEDTLS_ECP_DP_NONE) {
return -1;
@@ -1120,7 +1108,7 @@
}
end = crt_end = p + len;
- crt->raw.len = crt_end - buf;
+ crt->raw.len = (size_t) (crt_end - buf);
if (make_copy != 0) {
/* Create and populate a new buffer for the raw field. */
crt->raw.p = p = mbedtls_calloc(1, crt->raw.len);
@@ -1150,7 +1138,7 @@
}
end = p + len;
- crt->tbs.len = end - crt->tbs.p;
+ crt->tbs.len = (size_t) (end - crt->tbs.p);
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
@@ -1197,7 +1185,7 @@
return ret;
}
- crt->issuer_raw.len = p - crt->issuer_raw.p;
+ crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p);
/*
* Validity ::= SEQUENCE {
@@ -1227,7 +1215,7 @@
return ret;
}
- crt->subject_raw.len = p - crt->subject_raw.p;
+ crt->subject_raw.len = (size_t) (p - crt->subject_raw.p);
/*
* SubjectPublicKeyInfo
@@ -1237,7 +1225,7 @@
mbedtls_x509_crt_free(crt);
return ret;
}
- crt->pk_raw.len = p - crt->pk_raw.p;
+ crt->pk_raw.len = (size_t) (p - crt->pk_raw.p);
/*
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
@@ -1535,7 +1523,6 @@
{
int ret = 0;
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-#if _WIN32_WINNT >= 0x0501 /* _WIN32_WINNT_XP */
int w_ret;
WCHAR szDir[MAX_PATH];
char filename[MAX_PATH];
@@ -1556,6 +1543,11 @@
p = filename + len;
filename[len++] = '*';
+ /*
+ * Note this function uses the code page CP_ACP which is the system default
+ * ANSI codepage. The input string is always described in BYTES and the
+ * output length is described in WCHARs.
+ */
w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir,
MAX_PATH - 3);
if (w_ret == 0) {
@@ -1574,11 +1566,8 @@
if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
continue;
}
-
w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName,
- -1,
- p, (int) len,
- NULL, NULL);
+ -1, p, (int) len, NULL, NULL);
if (w_ret == 0) {
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
goto cleanup;
@@ -1598,9 +1587,6 @@
cleanup:
FindClose(hFind);
-#else /* !_WIN32_WINNT_XP */
-#error mbedtls_x509_crt_parse_path not available before Windows XP
-#endif /* !_WIN32_WINNT_XP */
#else /* _WIN32 */
int t_ret;
int snp_ret;
@@ -2754,8 +2740,8 @@
p++;
}
if (num_digits != 0) {
- addr[nonzero_groups++] = MBEDTLS_IS_BIG_ENDIAN ? group :
- (group << 8) | (group >> 8);
+ MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups);
+ nonzero_groups++;
if (*p == '\0') {
break;
} else if (*p == '.') {
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 0b2bb6f..79b1589 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -2,19 +2,7 @@
* X.509 Certificate Signing Request (CSR) parsing
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* The ITU-T X.509 standard defines a certificate format for PKI.
@@ -73,13 +61,17 @@
* Parse CSR extension requests in DER format
*/
static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
- unsigned char **p, const unsigned char *end)
+ unsigned char **p, const unsigned char *end,
+ mbedtls_x509_csr_ext_cb_t cb,
+ void *p_ctx)
{
- int ret;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
- unsigned char *end_ext_data;
+ unsigned char *end_ext_data, *end_ext_octet;
+
while (*p < end) {
mbedtls_x509_buf extn_oid = { 0, 0, NULL };
+ int is_critical = 0; /* DEFAULT FALSE */
int ext_type = 0;
/* Read sequence tag */
@@ -100,13 +92,21 @@
extn_oid.p = *p;
*p += extn_oid.len;
+ /* Get optional critical */
+ if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 &&
+ (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
+
/* Data should be octet string type */
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
MBEDTLS_ASN1_OCTET_STRING)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
- if (*p + len != end_ext_data) {
+ end_ext_octet = *p + len;
+
+ if (end_ext_octet != end_ext_data) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
@@ -116,44 +116,72 @@
*/
ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
- if (ret == 0) {
- /* Forbid repeated extensions */
- if ((csr->ext_types & ext_type) != 0) {
+ if (ret != 0) {
+ /* Give the callback (if any) a chance to handle the extension */
+ if (cb != NULL) {
+ ret = cb(p_ctx, csr, &extn_oid, is_critical, *p, end_ext_octet);
+ if (ret != 0 && is_critical) {
+ return ret;
+ }
+ *p = end_ext_octet;
+ continue;
+ }
+
+ /* No parser found, skip extension */
+ *p = end_ext_octet;
+
+ if (is_critical) {
+ /* Data is marked as critical: fail */
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_INVALID_DATA);
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
}
-
- csr->ext_types |= ext_type;
-
- switch (ext_type) {
- case MBEDTLS_X509_EXT_KEY_USAGE:
- /* Parse key usage */
- if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data,
- &csr->key_usage)) != 0) {
- return ret;
- }
- break;
-
- case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
- /* Parse subject alt name */
- if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data,
- &csr->subject_alt_names)) != 0) {
- return ret;
- }
- break;
-
- case MBEDTLS_X509_EXT_NS_CERT_TYPE:
- /* Parse netscape certificate type */
- if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data,
- &csr->ns_cert_type)) != 0) {
- return ret;
- }
- break;
- default:
- break;
- }
+ continue;
}
- *p = end_ext_data;
+
+ /* Forbid repeated extensions */
+ if ((csr->ext_types & ext_type) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_INVALID_DATA);
+ }
+
+ csr->ext_types |= ext_type;
+
+ switch (ext_type) {
+ case MBEDTLS_X509_EXT_KEY_USAGE:
+ /* Parse key usage */
+ if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data,
+ &csr->key_usage)) != 0) {
+ return ret;
+ }
+ break;
+
+ case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
+ /* Parse subject alt name */
+ if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data,
+ &csr->subject_alt_names)) != 0) {
+ return ret;
+ }
+ break;
+
+ case MBEDTLS_X509_EXT_NS_CERT_TYPE:
+ /* Parse netscape certificate type */
+ if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data,
+ &csr->ns_cert_type)) != 0) {
+ return ret;
+ }
+ break;
+ default:
+ /*
+ * If this is a non-critical extension, which the oid layer
+ * supports, but there isn't an x509 parser for it,
+ * skip the extension.
+ */
+ if (is_critical) {
+ return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+ } else {
+ *p = end_ext_octet;
+ }
+ }
}
if (*p != end) {
@@ -168,7 +196,9 @@
* Parse CSR attributes in DER format
*/
static int x509_csr_parse_attributes(mbedtls_x509_csr *csr,
- const unsigned char *start, const unsigned char *end)
+ const unsigned char *start, const unsigned char *end,
+ mbedtls_x509_csr_ext_cb_t cb,
+ void *p_ctx)
{
int ret;
size_t len;
@@ -207,7 +237,7 @@
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
- if ((ret = x509_csr_parse_extensions(csr, p, *p + len)) != 0) {
+ if ((ret = x509_csr_parse_extensions(csr, p, *p + len, cb, p_ctx)) != 0) {
return ret;
}
@@ -231,8 +261,10 @@
/*
* Parse a CSR in DER format
*/
-int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
- const unsigned char *buf, size_t buflen)
+static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr,
+ const unsigned char *buf, size_t buflen,
+ mbedtls_x509_csr_ext_cb_t cb,
+ void *p_ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
@@ -296,7 +328,7 @@
}
end = p + len;
- csr->cri.len = end - csr->cri.p;
+ csr->cri.len = (size_t) (end - csr->cri.p);
/*
* Version ::= INTEGER { v1(0) }
@@ -329,7 +361,7 @@
return ret;
}
- csr->subject_raw.len = p - csr->subject_raw.p;
+ csr->subject_raw.len = (size_t) (p - csr->subject_raw.p);
/*
* subjectPKInfo SubjectPublicKeyInfo
@@ -356,7 +388,7 @@
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
}
- if ((ret = x509_csr_parse_attributes(csr, p, p + len)) != 0) {
+ if ((ret = x509_csr_parse_attributes(csr, p, p + len, cb, p_ctx)) != 0) {
mbedtls_x509_csr_free(csr);
return ret;
}
@@ -396,6 +428,26 @@
}
/*
+ * Parse a CSR in DER format
+ */
+int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
+ const unsigned char *buf, size_t buflen)
+{
+ return mbedtls_x509_csr_parse_der_internal(csr, buf, buflen, NULL, NULL);
+}
+
+/*
+ * Parse a CSR in DER format with callback for unknown extensions
+ */
+int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr,
+ const unsigned char *buf, size_t buflen,
+ mbedtls_x509_csr_ext_cb_t cb,
+ void *p_ctx)
+{
+ return mbedtls_x509_csr_parse_der_internal(csr, buf, buflen, cb, p_ctx);
+}
+
+/*
* Parse a CSR, allowing for PEM or raw DER encoding
*/
int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen)
diff --git a/library/x509write.c b/library/x509write.c
new file mode 100644
index 0000000..d434df5
--- /dev/null
+++ b/library/x509write.c
@@ -0,0 +1,173 @@
+/*
+ * X.509 internal, common functions for writing
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#include "common.h"
+#if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C)
+
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/error.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/platform.h"
+#include "mbedtls/platform_util.h"
+
+#include <string.h>
+#include <stdint.h>
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+#include "mbedtls/pem.h"
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#include "md_psa.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#define CHECK_OVERFLOW_ADD(a, b) \
+ do \
+ { \
+ if (a > SIZE_MAX - (b)) \
+ { \
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \
+ } \
+ a += b; \
+ } while (0)
+
+int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions,
+ const mbedtls_x509_san_list *san_list)
+{
+ int ret = 0;
+ const mbedtls_x509_san_list *cur;
+ unsigned char *buf;
+ unsigned char *p;
+ size_t len;
+ size_t buflen = 0;
+
+ /* Determine the maximum size of the SubjectAltName list */
+ for (cur = san_list; cur != NULL; cur = cur->next) {
+ /* Calculate size of the required buffer */
+ switch (cur->node.type) {
+ case MBEDTLS_X509_SAN_DNS_NAME:
+ case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
+ case MBEDTLS_X509_SAN_IP_ADDRESS:
+ case MBEDTLS_X509_SAN_RFC822_NAME:
+ /* length of value for each name entry,
+ * maximum 4 bytes for the length field,
+ * 1 byte for the tag/type.
+ */
+ CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len);
+ CHECK_OVERFLOW_ADD(buflen, 4 + 1);
+ break;
+ case MBEDTLS_X509_SAN_DIRECTORY_NAME:
+ {
+ const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name;
+ while (chunk != NULL) {
+ // Max 4 bytes for length, +1 for tag,
+ // additional 4 max for length, +1 for tag.
+ // See x509_write_name for more information.
+ CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1);
+ CHECK_OVERFLOW_ADD(buflen, chunk->oid.len);
+ CHECK_OVERFLOW_ADD(buflen, chunk->val.len);
+ chunk = chunk->next;
+ }
+ CHECK_OVERFLOW_ADD(buflen, 4 + 1);
+ break;
+ }
+ default:
+ /* Not supported - return. */
+ return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+ }
+ }
+
+ /* Add the extra length field and tag */
+ CHECK_OVERFLOW_ADD(buflen, 4 + 1);
+
+ /* Allocate buffer */
+ buf = mbedtls_calloc(1, buflen);
+ if (buf == NULL) {
+ return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+ }
+ p = buf + buflen;
+
+ /* Write ASN.1-based structure */
+ cur = san_list;
+ len = 0;
+ while (cur != NULL) {
+ size_t single_san_len = 0;
+ switch (cur->node.type) {
+ case MBEDTLS_X509_SAN_DNS_NAME:
+ case MBEDTLS_X509_SAN_RFC822_NAME:
+ case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
+ case MBEDTLS_X509_SAN_IP_ADDRESS:
+ {
+ const unsigned char *unstructured_name =
+ (const unsigned char *) cur->node.san.unstructured_name.p;
+ size_t unstructured_name_len = cur->node.san.unstructured_name.len;
+
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_asn1_write_raw_buffer(
+ &p, buf,
+ unstructured_name, unstructured_name_len));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len(
+ &p, buf, unstructured_name_len));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_asn1_write_tag(
+ &p, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type));
+ }
+ break;
+ case MBEDTLS_X509_SAN_DIRECTORY_NAME:
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_x509_write_names(&p, buf,
+ (mbedtls_asn1_named_data *) &
+ cur->node
+ .san.directory_name));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_asn1_write_len(&p, buf, single_san_len));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_asn1_write_tag(&p, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_X509_SAN_DIRECTORY_NAME));
+ break;
+ default:
+ /* Error out on an unsupported SAN */
+ ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+ goto cleanup;
+ }
+ cur = cur->next;
+ /* check for overflow */
+ if (len > SIZE_MAX - single_san_len) {
+ ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+ len += single_san_len;
+ }
+
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
+ mbedtls_asn1_write_tag(&p, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+
+ ret = mbedtls_x509_set_extension(extensions,
+ MBEDTLS_OID_SUBJECT_ALT_NAME,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME),
+ 0,
+ buf + buflen - len, len);
+
+ /* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list
+ * was incorrectly calculated and memory is corrupted. */
+ if (p < buf) {
+ ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+ }
+cleanup:
+ mbedtls_free(buf);
+ return ret;
+}
+
+#endif /* MBEDTLS_X509_CSR_WRITE_C || MBEDTLS_X509_CRT_WRITE_C */
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 3586a3c..44b6b17 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -2,19 +2,7 @@
* X.509 certificate writing
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* References:
@@ -48,16 +36,6 @@
#include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#define CHECK_OVERFLOW_ADD(a, b) \
- do \
- { \
- if (a > SIZE_MAX - (b)) \
- { \
- return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \
- } \
- a += b; \
- } while (0)
-
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
{
memset(ctx, 0, sizeof(mbedtls_x509write_cert));
@@ -166,131 +144,7 @@
int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
const mbedtls_x509_san_list *san_list)
{
- int ret = 0;
- const mbedtls_x509_san_list *cur;
- unsigned char *buf;
- unsigned char *p;
- size_t len;
- size_t buflen = 0;
-
- /* Determine the maximum size of the SubjectAltName list */
- for (cur = san_list; cur != NULL; cur = cur->next) {
- /* Calculate size of the required buffer */
- switch (cur->node.type) {
- case MBEDTLS_X509_SAN_DNS_NAME:
- case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
- case MBEDTLS_X509_SAN_IP_ADDRESS:
- case MBEDTLS_X509_SAN_RFC822_NAME:
- /* length of value for each name entry,
- * maximum 4 bytes for the length field,
- * 1 byte for the tag/type.
- */
- CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len);
- CHECK_OVERFLOW_ADD(buflen, 4 + 1);
- break;
- case MBEDTLS_X509_SAN_DIRECTORY_NAME:
- {
- const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name;
- while (chunk != NULL) {
- // Max 4 bytes for length, +1 for tag,
- // additional 4 max for length, +1 for tag.
- // See x509_write_name for more information.
- CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1);
- CHECK_OVERFLOW_ADD(buflen, chunk->oid.len);
- CHECK_OVERFLOW_ADD(buflen, chunk->val.len);
- chunk = chunk->next;
- }
- CHECK_OVERFLOW_ADD(buflen, 4 + 1);
- break;
- }
- default:
- /* Not supported - return. */
- return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
- }
- }
-
- /* Add the extra length field and tag */
- CHECK_OVERFLOW_ADD(buflen, 4 + 1);
-
- /* Allocate buffer */
- buf = mbedtls_calloc(1, buflen);
- if (buf == NULL) {
- return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
- }
- p = buf + buflen;
-
- /* Write ASN.1-based structure */
- cur = san_list;
- len = 0;
- while (cur != NULL) {
- size_t single_san_len = 0;
- switch (cur->node.type) {
- case MBEDTLS_X509_SAN_DNS_NAME:
- case MBEDTLS_X509_SAN_RFC822_NAME:
- case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
- case MBEDTLS_X509_SAN_IP_ADDRESS:
- {
- const unsigned char *unstructured_name =
- (const unsigned char *) cur->node.san.unstructured_name.p;
- size_t unstructured_name_len = cur->node.san.unstructured_name.len;
-
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
- mbedtls_asn1_write_raw_buffer(
- &p, buf,
- unstructured_name, unstructured_name_len));
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len(
- &p, buf, unstructured_name_len));
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
- mbedtls_asn1_write_tag(
- &p, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type));
- }
- break;
- case MBEDTLS_X509_SAN_DIRECTORY_NAME:
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
- mbedtls_x509_write_names(&p, buf,
- (mbedtls_asn1_named_data *) &
- cur->node
- .san.directory_name));
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
- mbedtls_asn1_write_len(&p, buf, single_san_len));
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
- mbedtls_asn1_write_tag(&p, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_X509_SAN_DIRECTORY_NAME));
- break;
- default:
- /* Error out on an unsupported SAN */
- ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
- goto cleanup;
- }
- cur = cur->next;
- /* check for overflow */
- if (len > SIZE_MAX - single_san_len) {
- ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
- goto cleanup;
- }
- len += single_san_len;
- }
-
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
- mbedtls_asn1_write_tag(&p, buf,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE));
-
- ret = mbedtls_x509write_crt_set_extension(
- ctx,
- MBEDTLS_OID_SUBJECT_ALT_NAME,
- MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME),
- 0,
- buf + buflen - len,
- len);
-
-cleanup:
- mbedtls_free(buf);
- return ret;
+ return mbedtls_x509_write_set_san_common(&ctx->extensions, san_list);
}
@@ -627,7 +481,7 @@
*/
MBEDTLS_ASN1_CHK_ADD(pub_len,
mbedtls_pk_write_pubkey_der(ctx->subject_key,
- buf, c - buf));
+ buf, (size_t) (c - buf)));
c -= pub_len;
len += pub_len;
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 5d3d176..254da69 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -2,19 +2,7 @@
* X.509 Certificate Signing Request writing
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* References:
@@ -89,100 +77,7 @@
int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ctx,
const mbedtls_x509_san_list *san_list)
{
- int ret = 0;
- const mbedtls_x509_san_list *cur;
- unsigned char *buf;
- unsigned char *p;
- size_t len;
- size_t buflen = 0;
-
- /* Determine the maximum size of the SubjectAltName list */
- for (cur = san_list; cur != NULL; cur = cur->next) {
- /* Calculate size of the required buffer */
- switch (cur->node.type) {
- case MBEDTLS_X509_SAN_DNS_NAME:
- case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
- case MBEDTLS_X509_SAN_IP_ADDRESS:
- /* length of value for each name entry,
- * maximum 4 bytes for the length field,
- * 1 byte for the tag/type.
- */
- buflen += cur->node.san.unstructured_name.len + 4 + 1;
- break;
-
- default:
- /* Not supported - skip. */
- break;
- }
- }
-
- /* Add the extra length field and tag */
- buflen += 4 + 1;
-
- /* Allocate buffer */
- buf = mbedtls_calloc(1, buflen);
- if (buf == NULL) {
- return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
- }
-
- mbedtls_platform_zeroize(buf, buflen);
- p = buf + buflen;
-
- /* Write ASN.1-based structure */
- cur = san_list;
- len = 0;
- while (cur != NULL) {
- switch (cur->node.type) {
- case MBEDTLS_X509_SAN_DNS_NAME:
- case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
- case MBEDTLS_X509_SAN_IP_ADDRESS:
- {
- const unsigned char *unstructured_name =
- (const unsigned char *) cur->node.san.unstructured_name.p;
- size_t unstructured_name_len = cur->node.san.unstructured_name.len;
-
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
- mbedtls_asn1_write_raw_buffer(
- &p, buf,
- unstructured_name, unstructured_name_len));
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(
- &p, buf, unstructured_name_len));
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
- mbedtls_asn1_write_tag(
- &p, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type));
- }
- break;
- default:
- /* Skip unsupported names. */
- break;
- }
- cur = cur->next;
- }
-
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
- MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
- mbedtls_asn1_write_tag(&p, buf,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE));
-
- ret = mbedtls_x509write_csr_set_extension(
- ctx,
- MBEDTLS_OID_SUBJECT_ALT_NAME,
- MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME),
- 0,
- buf + buflen - len,
- len);
-
- /* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list
- * was incorrectly calculated and memory is corrupted. */
- if (p < buf) {
- ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
- }
-
-cleanup:
- mbedtls_free(buf);
- return ret;
+ return mbedtls_x509_write_set_san_common(&ctx->extensions, san_list);
}
int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage)
@@ -290,7 +185,7 @@
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC));
MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key,
- buf, c - buf));
+ buf, (size_t) (c - buf)));
c -= pub_len;
len += pub_len;
@@ -381,7 +276,7 @@
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
/* Zero the unused bytes at the start of buf */
- memset(buf, 0, c2 - buf);
+ memset(buf, 0, (size_t) (c2 - buf));
return (int) len;
}
diff --git a/programs/.gitignore b/programs/.gitignore
index a641c31..e0c4987 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -38,6 +38,7 @@
psa/hmac_demo
psa/key_ladder_demo
psa/psa_constant_names
+psa/psa_hash
random/gen_entropy
random/gen_random_ctr_drbg
ssl/dtls_client
@@ -56,6 +57,7 @@
test/cpp_dummy_build.cpp
test/dlopen
test/ecp-bench
+test/metatest
test/query_compile_time_config
test/query_included_headers
test/selftest
diff --git a/programs/Makefile b/programs/Makefile
index 3509fc3..ebdadc0 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -45,7 +45,7 @@
ifdef WINDOWS_BUILD
DLEXT=dll
EXEXT=.exe
-LOCAL_LDFLAGS += -lws2_32
+LOCAL_LDFLAGS += -lws2_32 -lbcrypt
ifdef SHARED
SHARED_SUFFIX=.$(DLEXT)
endif
@@ -109,6 +109,7 @@
psa/hmac_demo \
psa/key_ladder_demo \
psa/psa_constant_names \
+ psa/psa_hash \
random/gen_entropy \
random/gen_random_ctr_drbg \
ssl/dtls_client \
@@ -122,6 +123,7 @@
ssl/ssl_server \
ssl/ssl_server2 \
test/benchmark \
+ test/metatest \
test/query_compile_time_config \
test/query_included_headers \
test/selftest \
@@ -137,7 +139,7 @@
x509/req_app \
# End of APPS
-ifdef PTHREAD
+ifeq ($(THREADING),pthread)
APPS += ssl/ssl_pthread_server
endif
@@ -176,22 +178,30 @@
GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c
generated_files: $(GENERATED_FILES)
-psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py
-psa/psa_constant_names_generated.c: ../include/psa/crypto_values.h
-psa/psa_constant_names_generated.c: ../include/psa/crypto_extra.h
-psa/psa_constant_names_generated.c: ../tests/suites/test_suite_psa_crypto_metadata.data
+# See root Makefile
+GEN_FILES ?= yes
+ifdef GEN_FILES
+gen_file_dep =
+else
+gen_file_dep = |
+endif
+
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_values.h
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_extra.h
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../tests/suites/test_suite_psa_crypto_metadata.data
psa/psa_constant_names_generated.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_psa_constants.py
-test/query_config.c: ../scripts/generate_query_config.pl
+test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or
## removed an option in mbedtls_config.h.
-#test/query_config.c: ../include/mbedtls/mbedtls_config.h
-test/query_config.c: ../scripts/data_files/query_config.fmt
+#test/query_config.c: $(gen_file_dep) ../include/mbedtls/mbedtls_config.h
+test/query_config.c: $(gen_file_dep) ../scripts/data_files/query_config.fmt
test/query_config.c:
echo " Gen $@"
$(PERL) ../scripts/generate_query_config.pl
@@ -316,6 +326,10 @@
echo " CC psa/psa_constant_names.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+psa/psa_hash$(EXEXT): psa/psa_hash.c $(DEP)
+ echo " CC psa/psa_hash.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
echo " CC random/gen_entropy.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -400,6 +414,10 @@
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@
endif
+test/metatest$(EXEXT): test/metatest.c $(DEP)
+ echo " CC test/metatest.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I ../library test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
test/query_config.o: test/query_config.c test/query_config.h $(DEP)
echo " CC test/query_config.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 1d9b522..b2cd704 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -3,19 +3,7 @@
* security.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* Enable definition of fileno() even when compiling with -std=c99. Must be
@@ -115,7 +103,11 @@
list = mbedtls_cipher_list();
while (*list) {
cipher_info = mbedtls_cipher_info_from_type(*list);
- mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info));
+ const char *name = mbedtls_cipher_info_get_name(cipher_info);
+
+ if (name) {
+ mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info));
+ }
list++;
}
diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c
index ce39256..853ec20 100644
--- a/programs/cipher/cipher_aead_demo.c
+++ b/programs/cipher/cipher_aead_demo.c
@@ -25,19 +25,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* First include Mbed TLS headers to get the Mbed TLS configuration and
diff --git a/programs/demo_common.sh b/programs/demo_common.sh
new file mode 100644
index 0000000..d8fcda5
--- /dev/null
+++ b/programs/demo_common.sh
@@ -0,0 +1,137 @@
+## Common shell functions used by demo scripts programs/*/*.sh.
+
+## How to write a demo script
+## ==========================
+##
+## Include this file near the top of each demo script:
+## . "${0%/*}/../demo_common.sh"
+##
+## Start with a "msg" call that explains the purpose of the script.
+## Then call the "depends_on" function to ensure that all config
+## dependencies are met.
+##
+## As the last thing in the script, call the cleanup function.
+##
+## You can use the functions and variables described below.
+
+set -e -u
+
+## $root_dir is the root directory of the Mbed TLS source tree.
+root_dir="${0%/*}"
+# Find a nice path to the root directory, avoiding unnecessary "../".
+# The code supports demo scripts nested up to 4 levels deep.
+# The code works no matter where the demo script is relative to the current
+# directory, even if it is called with a relative path.
+n=4 # limit the search depth
+while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do
+ if [ $n -eq 0 ]; then
+ echo >&2 "This doesn't seem to be an Mbed TLS source tree."
+ exit 125
+ fi
+ n=$((n - 1))
+ case $root_dir in
+ .) root_dir="..";;
+ ..|?*/..) root_dir="$root_dir/..";;
+ ?*/*) root_dir="${root_dir%/*}";;
+ /*) root_dir="/";;
+ *) root_dir=".";;
+ esac
+done
+
+## $programs_dir is the directory containing the sample programs.
+# Assume an in-tree build.
+programs_dir="$root_dir/programs"
+
+## msg LINE...
+## msg <TEXT_ORIGIN
+## Display an informational message.
+msg () {
+ if [ $# -eq 0 ]; then
+ sed 's/^/# /'
+ else
+ for x in "$@"; do
+ echo "# $x"
+ done
+ fi
+}
+
+## run "Message" COMMAND ARGUMENT...
+## Display the message, then run COMMAND with the specified arguments.
+run () {
+ echo
+ echo "# $1"
+ shift
+ echo "+ $*"
+ "$@"
+}
+
+## Like '!', but stop on failure with 'set -e'
+not () {
+ if "$@"; then false; fi
+}
+
+## run_bad "Message" COMMAND ARGUMENT...
+## Like run, but the command is expected to fail.
+run_bad () {
+ echo
+ echo "$1 This must fail."
+ shift
+ echo "+ ! $*"
+ not "$@"
+}
+
+## config_has SYMBOL...
+## Succeeds if the library configuration has all SYMBOLs set.
+config_has () {
+ for x in "$@"; do
+ "$programs_dir/test/query_compile_time_config" "$x"
+ done
+}
+
+## depends_on SYMBOL...
+## Exit if the library configuration does not have all SYMBOLs set.
+depends_on () {
+ m=
+ for x in "$@"; do
+ if ! config_has "$x"; then
+ m="$m $x"
+ fi
+ done
+ if [ -n "$m" ]; then
+ cat >&2 <<EOF
+$0: this demo requires the following
+configuration options to be enabled at compile time:
+ $m
+EOF
+ # Exit with a success status so that this counts as a pass for run_demos.py.
+ exit
+ fi
+}
+
+## Add the names of files to clean up to this whitespace-separated variable.
+## The file names must not contain whitespace characters.
+files_to_clean=
+
+## Call this function at the end of each script.
+## It is called automatically if the script is killed by a signal.
+cleanup () {
+ rm -f -- $files_to_clean
+}
+
+
+
+################################################################
+## End of the public interfaces. Code beyond this point is not
+## meant to be called directly from a demo script.
+
+trap 'cleanup; trap - HUP; kill -HUP $$' HUP
+trap 'cleanup; trap - INT; kill -INT $$' INT
+trap 'cleanup; trap - TERM; kill -TERM $$' TERM
+
+if config_has MBEDTLS_ENTROPY_NV_SEED; then
+ # Create a seedfile that's sufficiently long in all library configurations.
+ # This is necessary for programs that use randomness.
+ # Assume that the name of the seedfile is the default name.
+ files_to_clean="$files_to_clean seedfile"
+ dd if=/dev/urandom of=seedfile ibs=64 obs=64 count=1
+fi
diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile
index 8477aa8..b4fc76a 100644
--- a/programs/fuzz/Makefile
+++ b/programs/fuzz/Makefile
@@ -27,6 +27,10 @@
LOCAL_LDFLAGS += -lFuzzingEngine
endif
+ifdef WINDOWS_BUILD
+LOCAL_LDFLAGS += -lbcrypt
+endif
+
# A test application is built for each suites/test_suite_*.data file.
# Application name is same as .data file's base name and can be
# constructed by stripping path 'suites/' and extension .data.
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index 995694a..3fd2b00 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -2,19 +2,7 @@
* generic message digest layer demonstration program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 7bb27ad..8caae88 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -2,19 +2,7 @@
* Classic "Hello, world" demonstration program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c
index 4c812fb..581816a 100644
--- a/programs/hash/md_hmac_demo.c
+++ b/programs/hash/md_hmac_demo.c
@@ -20,19 +20,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* First include Mbed TLS headers to get the Mbed TLS configuration and
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 5a2c30f..0cb1562 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -2,19 +2,7 @@
* Diffie-Hellman-Merkle key exchange (client side)
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -56,6 +44,13 @@
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
mbedtls_exit(0);
}
+
+#elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n");
+ mbedtls_exit(0);
+}
#else
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 1f4cd59..6872e61 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -2,19 +2,7 @@
* Diffie-Hellman-Merkle key exchange (prime generation)
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index c940be0..adddbf2 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -2,19 +2,7 @@
* Diffie-Hellman-Merkle key exchange (server side)
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 9804417..fedfcc9 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -2,19 +2,7 @@
* Example ECDHE with Curve25519 program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 953c144..afd6fb3 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -2,19 +2,7 @@
* Example ECDSA program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 9bee275..f6bb237 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -2,19 +2,7 @@
* Key generation application
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -180,7 +168,9 @@
char buf[1024];
int i;
char *p, *q;
+#if defined(MBEDTLS_RSA_C)
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+#endif /* MBEDTLS_RSA_C */
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "gen_key";
@@ -191,10 +181,11 @@
/*
* Set to sane values
*/
-
+#if defined(MBEDTLS_RSA_C)
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+#endif /* MBEDTLS_RSA_C */
mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg);
@@ -409,9 +400,11 @@
#endif
}
+#if defined(MBEDTLS_RSA_C)
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+#endif /* MBEDTLS_RSA_C */
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index cd16e33..194c410 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -2,19 +2,7 @@
* Key reading application
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index e8f3e85..c07c564 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -2,19 +2,7 @@
* Key writing application
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -203,7 +191,9 @@
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_pk_context key;
+#if defined(MBEDTLS_RSA_C)
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+#endif /* MBEDTLS_RSA_C */
/*
* Set to sane values
@@ -225,9 +215,11 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_RSA_C)
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+#endif /* MBEDTLS_RSA_C */
if (argc < 2) {
usage:
@@ -423,9 +415,11 @@
#endif
}
+#if defined(MBEDTLS_RSA_C)
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+#endif /* MBEDTLS_RSA_C */
mbedtls_pk_free(&key);
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 88d745e..e83aa32 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -2,19 +2,7 @@
* Simple MPI demonstration program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index f60c946..b8f7943 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -2,19 +2,7 @@
* Public key-based simple decryption program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 04e5cc7..a916bc6 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -2,19 +2,7 @@
* RSA simple data encryption program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 57bd796..59347ad 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -2,19 +2,7 @@
* Public key-based signature creation program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index bca985b..3127df5 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -2,19 +2,7 @@
* Public key-based signature verification program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 0462ba6..76bfddf 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -2,19 +2,7 @@
* RSA simple decryption program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 2126a9b..4bbb54e 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -2,19 +2,7 @@
* RSA simple data encryption program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 17f6d65..dc58215 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -2,19 +2,7 @@
* Example RSA key generation program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 64375e9..9d8ebe3 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -2,19 +2,7 @@
* RSA/SHA-256 signature creation program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 999669e..3a1f747 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -2,19 +2,7 @@
* RSASSA-PSS/SHA-256 signature creation program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index d525010..e7d72fd 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -2,19 +2,7 @@
* RSA/SHA-256 signature verification program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 8a1fb59..afbbfa9 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -2,19 +2,7 @@
* RSASSA-PSS/SHA-256 signature verification program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index 7ba4af6..c8ee626 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -4,6 +4,7 @@
hmac_demo
key_ladder_demo
psa_constant_names
+ psa_hash
)
if(GEN_FILES)
diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c
index 0c2413e..619166d 100644
--- a/programs/psa/aead_demo.c
+++ b/programs/psa/aead_demo.c
@@ -26,19 +26,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* First include Mbed TLS headers to get the Mbed TLS configuration and
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
index 3f109d8..b755f09 100644
--- a/programs/psa/crypto_examples.c
+++ b/programs/psa/crypto_examples.c
@@ -1,18 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/crypto.h"
diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c
index f25cdeb..2055054 100644
--- a/programs/psa/hmac_demo.c
+++ b/programs/psa/hmac_demo.c
@@ -20,19 +20,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* First include Mbed TLS headers to get the Mbed TLS configuration and
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index a79fac6..2734ceb 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -32,19 +32,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* First include Mbed TLS headers to get the Mbed TLS configuration and
diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh
index e21d1ab..e55da7e 100755
--- a/programs/psa/key_ladder_demo.sh
+++ b/programs/psa/key_ladder_demo.sh
@@ -1,50 +1,19 @@
#!/bin/sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-set -e -u
+. "${0%/*}/../demo_common.sh"
-program_name="key_ladder_demo"
-program="${0%/*}/$program_name"
-files_to_clean=
+msg <<'EOF'
+This script demonstrates the use of the PSA cryptography interface to
+create a master key, derive a key from it and use that derived key to
+wrap some data using an AEAD algorithm.
+EOF
-if [ ! -e "$program" ]; then
- # Look for programs in the current directory and the directories above it
- for dir in "." ".." "../.."; do
- program="$dir/programs/psa/$program_name"
- if [ -e "$program" ]; then
- break
- fi
- done
- if [ ! -e "$program" ]; then
- echo "Could not find $program_name executable"
+depends_on MBEDTLS_SHA256_C MBEDTLS_MD_C MBEDTLS_AES_C MBEDTLS_CCM_C MBEDTLS_PSA_CRYPTO_C MBEDTLS_FS_IO
- echo "If building out-of-tree, this script must be run" \
- "from the project build directory."
- exit 1
- fi
-fi
-
-run () {
- echo
- echo "# $1"
- shift
- echo "+ $*"
- "$@"
-}
+program="${0%/*}"/key_ladder_demo
if [ -e master.key ]; then
echo "# Reusing the existing master.key file."
@@ -68,7 +37,7 @@
cmp input.txt hello_world.txt
files_to_clean="$files_to_clean hellow_orld.txt"
-! run "Derive a different key and attempt to unwrap the data. This must fail." \
+run_bad "Derive a different key and attempt to unwrap the data." \
"$program" unwrap master=master.key input=hello_world.wrap output=hellow_orld.txt label=hellow label=orld
files_to_clean="$files_to_clean hello.key"
@@ -79,5 +48,4 @@
"$program" unwrap master=hello.key label=world \
input=hello_world.wrap output=hello_world.txt
-# Cleanup
-rm -f $files_to_clean
+cleanup
diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c
index 8842685..0baf4a0 100644
--- a/programs/psa/psa_constant_names.c
+++ b/programs/psa/psa_constant_names.c
@@ -1,18 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <errno.h>
diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c
new file mode 100644
index 0000000..c5244d6
--- /dev/null
+++ b/programs/psa/psa_hash.c
@@ -0,0 +1,159 @@
+/*
+ * Example computing a SHA-256 hash using the PSA Crypto API
+ *
+ * The example computes the SHA-256 hash of a test string using the
+ * one-shot API call psa_hash_compute() and the using multi-part
+ * operation, which requires psa_hash_setup(), psa_hash_update() and
+ * psa_hash_finish(). The multi-part operation is popular on embedded
+ * devices where a rolling hash needs to be computed.
+ *
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "mbedtls/build_info.h"
+#include "mbedtls/platform.h"
+
+/* Information about hashing with the PSA API can be
+ * found here:
+ * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html
+ *
+ * The algorithm used by this demo is SHA 256.
+ * Please see include/psa/crypto_values.h to see the other
+ * algorithms that are supported by Mbed TLS.
+ * If you switch to a different algorithm you will need to update
+ * the hash data in the EXAMPLE_HASH_VALUE macro below. */
+
+#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
+ "not defined.\r\n");
+ return EXIT_SUCCESS;
+}
+#else
+
+#define HASH_ALG PSA_ALG_SHA_256
+
+const uint8_t sample_message[] = "Hello World!";
+/* sample_message is terminated with a null byte which is not part of
+ * the message itself so we make sure to subtract it in order to get
+ * the message length. */
+const size_t sample_message_length = sizeof(sample_message) - 1;
+
+#define EXPECTED_HASH_VALUE { \
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \
+}
+
+const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
+const size_t expected_hash_len = sizeof(expected_hash);
+
+int main(void)
+{
+ psa_status_t status;
+ uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)];
+ size_t hash_length;
+ psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT;
+
+ mbedtls_printf("PSA Crypto API: SHA-256 example\n\n");
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ /* Compute hash using multi-part operation */
+ status = psa_hash_setup(&hash_operation, HASH_ALG);
+ if (status == PSA_ERROR_NOT_SUPPORTED) {
+ mbedtls_printf("unknown hash algorithm supplied\n");
+ return EXIT_FAILURE;
+ } else if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_setup failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_hash_update(&hash_operation, sample_message, sample_message_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_update failed\n");
+ goto cleanup;
+ }
+
+ status = psa_hash_clone(&hash_operation, &cloned_hash_operation);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("PSA hash clone failed\n");
+ goto cleanup;
+ }
+
+ status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_finish failed\n");
+ goto cleanup;
+ }
+
+ /* Check the result of the operation against the sample */
+ if (hash_length != expected_hash_len ||
+ (memcmp(hash, expected_hash, expected_hash_len) != 0)) {
+ mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n");
+ goto cleanup;
+ }
+
+ status =
+ psa_hash_verify(&cloned_hash_operation, expected_hash,
+ expected_hash_len);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_verify failed\n");
+ goto cleanup;
+ } else {
+ mbedtls_printf("Multi-part hash operation successful!\n");
+ }
+
+ /* Clear local variables prior to one-shot hash demo */
+ memset(hash, 0, sizeof(hash));
+ hash_length = 0;
+
+ /* Compute hash using one-shot function call */
+ status = psa_hash_compute(HASH_ALG,
+ sample_message, sample_message_length,
+ hash, sizeof(hash),
+ &hash_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_compute failed\n");
+ goto cleanup;
+ }
+
+ if (hash_length != expected_hash_len ||
+ (memcmp(hash, expected_hash, expected_hash_len) != 0)) {
+ mbedtls_printf("One-shot hash operation gave the wrong result!\n\n");
+ goto cleanup;
+ }
+
+ mbedtls_printf("One-shot hash operation successful!\n\n");
+
+ /* Print out result */
+ mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message);
+
+ for (size_t j = 0; j < expected_hash_len; j++) {
+ mbedtls_printf("%02x", hash[j]);
+ }
+
+ mbedtls_printf("\n");
+
+ mbedtls_psa_crypto_free();
+ return EXIT_SUCCESS;
+
+cleanup:
+ psa_hash_abort(&hash_operation);
+ psa_hash_abort(&cloned_hash_operation);
+ return EXIT_FAILURE;
+}
+#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */
diff --git a/programs/psa/psa_hash_demo.sh b/programs/psa/psa_hash_demo.sh
new file mode 100755
index 0000000..a26697c
--- /dev/null
+++ b/programs/psa/psa_hash_demo.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+. "${0%/*}/../demo_common.sh"
+
+msg <<'EOF'
+This program demonstrates the use of the PSA cryptography interface to
+compute a SHA-256 hash of a test string using the one-shot API call
+and also using the multi-part operation API.
+EOF
+
+depends_on MBEDTLS_PSA_CRYPTO_C PSA_WANT_ALG_SHA_256
+
+program="${0%/*}"/psa_hash
+
+"$program"
+
+cleanup
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index cc32171..887b2c9 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -2,19 +2,7 @@
* \brief Use and generate multiple entropies calls into a file
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index e1db16e..0eecf0a 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -2,19 +2,7 @@
* \brief Use and generate random data into a file via the CTR_DBRG based on AES
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index e47715c..ddb3c34 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -2,19 +2,7 @@
* Simple DTLS client demonstration program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -294,7 +282,6 @@
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf(" connection was closed gracefully\n");
- ret = 0;
goto close_notify;
default:
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 1697ff8..732625e 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -2,19 +2,7 @@
* Simple DTLS server demonstration program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -331,7 +319,6 @@
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
printf(" connection was closed gracefully\n");
- ret = 0;
goto close_notify;
default:
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index e8f4797..6bef208 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -3,19 +3,7 @@
* (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h)
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 259b8f9..ee734b1 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -2,19 +2,7 @@
* SSL client demonstration program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 7c2c818..1b3dedb 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2,19 +2,7 @@
* SSL client with certificate authentication
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
@@ -64,7 +52,7 @@
#define DFL_KEY_OPAQUE 0
#define DFL_KEY_PWD ""
#define DFL_PSK ""
-#define DFL_EARLY_DATA MBEDTLS_SSL_EARLY_DATA_DISABLED
+#define DFL_EARLY_DATA ""
#define DFL_PSK_OPAQUE 0
#define DFL_PSK_IDENTITY "Client_identity"
#define DFL_ECJPAKE_PW NULL
@@ -359,8 +347,9 @@
#if defined(MBEDTLS_SSL_EARLY_DATA)
#define USAGE_EARLY_DATA \
- " early_data=%%d default: 0 (disabled)\n" \
- " options: 0 (disabled), 1 (enabled)\n"
+ " early_data=%%s The file path to read early data from\n" \
+ " default: \"\" (do nothing)\n" \
+ " option: a file path\n"
#else
#define USAGE_EARLY_DATA ""
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -469,7 +458,7 @@
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
- " acceptable ciphersuite names:\n"
+ "\n"
/*
* global options
@@ -555,7 +544,7 @@
int reproducible; /* make communication reproducible */
int skip_close_notify; /* skip sending the close_notify alert */
#if defined(MBEDTLS_SSL_EARLY_DATA)
- int early_data; /* support for early data */
+ const char *early_data; /* the path of the file to read early data from */
#endif
int query_config_mode; /* whether to read config */
int use_srtp; /* Support SRTP */
@@ -705,7 +694,7 @@
}
/* get size of the buffer needed */
- mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len);
+ (void) mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len);
*session_data = mbedtls_calloc(1, *session_data_len);
if (*session_data == NULL) {
mbedtls_printf(" failed\n ! alloc %u bytes for session data\n",
@@ -753,6 +742,10 @@
size_t cid_renego_len = 0;
#endif
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ FILE *early_data_fp = NULL;
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE];
#endif
@@ -864,31 +857,6 @@
mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
- if (argc < 2) {
-usage:
- if (ret == 0) {
- ret = 1;
- }
-
- mbedtls_printf(USAGE1);
- mbedtls_printf(USAGE2);
- mbedtls_printf(USAGE3);
- mbedtls_printf(USAGE4);
-
- list = mbedtls_ssl_list_ciphersuites();
- while (*list) {
- mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
- list++;
- if (!*list) {
- break;
- }
- mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
- list++;
- }
- mbedtls_printf("\n");
- goto exit;
- }
-
opt.server_name = DFL_SERVER_NAME;
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
@@ -973,9 +941,54 @@
opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
+ p = q = NULL;
+ if (argc < 1) {
+usage:
+ if (p != NULL && q != NULL) {
+ printf("unrecognized value for '%s': '%s'\n", p, q);
+ } else if (p != NULL && q == NULL) {
+ printf("unrecognized param: '%s'\n", p);
+ }
+
+ mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
+ mbedtls_printf(" ssl_client2 help[_theme]\n");
+ mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
+ mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
+ mbedtls_printf("\n");
+
+ if (ret == 0) {
+ ret = 1;
+ }
+ goto exit;
+ }
+
for (i = 1; i < argc; i++) {
p = argv[i];
+
+ if (strcmp(p, "help") == 0) {
+ mbedtls_printf(USAGE1);
+ mbedtls_printf(USAGE2);
+ mbedtls_printf(USAGE3);
+ mbedtls_printf(USAGE4);
+
+ ret = 0;
+ goto exit;
+ }
+ if (strcmp(p, "help_ciphersuites") == 0) {
+ mbedtls_printf(" acceptable ciphersuite names:\n");
+ for (list = mbedtls_ssl_list_ciphersuites();
+ *list != 0;
+ list++) {
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
+ }
+
+ ret = 0;
+ goto exit;
+ }
+
if ((q = strchr(p, '=')) == NULL) {
+ mbedtls_printf("param requires a value: '%s'\n", p);
+ p = NULL; // avoid "unrecnognized param" message
goto usage;
}
*q++ = '\0';
@@ -1188,15 +1201,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_EARLY_DATA)
else if (strcmp(p, "early_data") == 0) {
- switch (atoi(q)) {
- case 0:
- opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
- break;
- case 1:
- opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
- break;
- default: goto usage;
- }
+ opt.early_data = q;
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -1372,9 +1377,13 @@
goto usage;
}
} else {
+ /* This signals that the problem is with p not q */
+ q = NULL;
goto usage;
}
}
+ /* This signals that any further errors are not with a single option */
+ p = q = NULL;
if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
@@ -1959,7 +1968,16 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
- mbedtls_ssl_tls13_conf_early_data(&conf, opt.early_data);
+ int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED;
+ if (strlen(opt.early_data) > 0) {
+ if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) {
+ mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n",
+ opt.early_data);
+ goto exit;
+ }
+ early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED;
+ }
+ mbedtls_ssl_conf_early_data(&conf, early_data_enabled);
#endif /* MBEDTLS_SSL_EARLY_DATA */
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
@@ -3017,6 +3035,12 @@
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_session_free(&saved_session);
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (early_data_fp != NULL) {
+ fclose(early_data_fp);
+ }
+#endif
+
if (session_data != NULL) {
mbedtls_platform_zeroize(session_data, session_data_len);
}
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index 855b091..c3ae942 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -1,20 +1,8 @@
/*
- * MbedTLS SSL context deserializer from base64 code
+ * Mbed TLS SSL context deserializer from base64 code
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
@@ -559,7 +547,6 @@
if (ciphersuite_info == NULL) {
printf_err("Cannot find ciphersuite info\n");
} else {
- const mbedtls_cipher_info_t *cipher_info;
#if defined(MBEDTLS_MD_C)
const mbedtls_md_info_t *md_info;
#endif
@@ -567,12 +554,18 @@
printf("\tciphersuite : %s\n", ciphersuite_info->name);
printf("\tcipher flags : 0x%02X\n", ciphersuite_info->flags);
+#if defined(MBEDTLS_CIPHER_C)
+ const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
if (cipher_info == NULL) {
printf_err("Cannot find cipher info\n");
} else {
printf("\tcipher : %s\n", cipher_info->name);
}
+#else /* MBEDTLS_CIPHER_C */
+ printf("\tcipher type : %d\n", ciphersuite_info->cipher);
+#endif /* MBEDTLS_CIPHER_C */
+
#if defined(MBEDTLS_MD_C)
md_info = mbedtls_md_info_from_type(ciphersuite_info->mac);
if (md_info == NULL) {
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 4777ee0..f4822b7 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -2,19 +2,7 @@
* SSL server demonstration program using fork() for handling multiple clients
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -65,7 +53,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index fb6f371..febb881 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -2,19 +2,7 @@
* SSL client for SMTP servers
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* Enable definition of gethostname() even when compiling with -std=c99. Must
@@ -775,9 +763,9 @@
mbedtls_printf(" > Write content to server:");
fflush(stdout);
- len = sprintf((char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
+ len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
- "mbed TLS mail client example.\r\n"
+ "Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
ret = write_ssl_data(&ssl, buf, len);
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 9416c3c..fcb8f2f 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -3,19 +3,7 @@
* clients.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -66,7 +54,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index bb49155..6becf8d 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -2,19 +2,7 @@
* SSL server demonstration program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -59,7 +47,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 58c2f1e..e6ebd8e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2,19 +2,7 @@
* SSL client with options
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
@@ -173,7 +161,7 @@
* packets (for fragmentation purposes) */
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
/*
@@ -283,6 +271,7 @@
#else
#define USAGE_PSK ""
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
#define USAGE_CA_CALLBACK \
" ca_callback=%%d default: 0 (disabled)\n" \
@@ -290,13 +279,14 @@
#else
#define USAGE_CA_CALLBACK ""
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n" \
" ticket_rotate=%%d default: 0 (disabled)\n" \
" ticket_timeout=%%d default: 86400 (one day)\n" \
" ticket_aead=%%s default: \"AES-256-GCM\"\n"
-#else
+#else /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
#define USAGE_TICKETS ""
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
@@ -566,6 +556,7 @@
USAGE_GROUPS \
USAGE_SIG_ALGS \
USAGE_KEY_OPAQUE_ALGS \
+ USAGE_EARLY_DATA \
"\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -590,7 +581,7 @@
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
- " acceptable ciphersuite names:\n"
+ "\n"
#define PUT_UINT64_BE(out_be, in_le, i) \
{ \
@@ -1429,22 +1420,29 @@
return MBEDTLS_ERR_SSL_INVALID_MAC;
case 2:
return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case 3:
- session->start = mbedtls_time(NULL) + 10;
+ /* Creation time in the future. */
+ session->ticket_creation_time = mbedtls_ms_time() + 1000;
break;
case 4:
- session->start = mbedtls_time(NULL) - 10 - 7 * 24 * 3600;
+ /* Ticket has reached the end of lifetime. */
+ session->ticket_creation_time = mbedtls_ms_time() -
+ (7 * 24 * 3600 * 1000 + 1000);
break;
case 5:
- session->start = mbedtls_time(NULL) - 10;
+ /* Ticket is valid, but client age is below the lower bound of the tolerance window. */
+ session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000;
+ /* Make sure the execution time does not affect the result */
+ session->ticket_creation_time = mbedtls_ms_time();
break;
+
case 6:
- session->start = mbedtls_time(NULL);
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- session->ticket_age_add -= 1000;
-#endif
+ /* Ticket is valid, but client age is beyond the upper bound of the tolerance window. */
+ session->ticket_age_add -= MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000;
+ /* Make sure the execution time does not affect the result */
+ session->ticket_creation_time = mbedtls_ms_time();
break;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case 7:
session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
break;
@@ -1466,6 +1464,42 @@
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */
+int parse_cipher(char *buf)
+{
+ if (strcmp(buf, "AES-128-CCM")) {
+ return MBEDTLS_CIPHER_AES_128_CCM;
+ } else if (strcmp(buf, "AES-128-GCM")) {
+ return MBEDTLS_CIPHER_AES_128_GCM;
+ } else if (strcmp(buf, "AES-192-CCM")) {
+ return MBEDTLS_CIPHER_AES_192_CCM;
+ } else if (strcmp(buf, "AES-192-GCM")) {
+ return MBEDTLS_CIPHER_AES_192_GCM;
+ } else if (strcmp(buf, "AES-256-CCM")) {
+ return MBEDTLS_CIPHER_AES_256_CCM;
+ } else if (strcmp(buf, "ARIA-128-CCM")) {
+ return MBEDTLS_CIPHER_ARIA_128_CCM;
+ } else if (strcmp(buf, "ARIA-128-GCM")) {
+ return MBEDTLS_CIPHER_ARIA_128_GCM;
+ } else if (strcmp(buf, "ARIA-192-CCM")) {
+ return MBEDTLS_CIPHER_ARIA_192_CCM;
+ } else if (strcmp(buf, "ARIA-192-GCM")) {
+ return MBEDTLS_CIPHER_ARIA_192_GCM;
+ } else if (strcmp(buf, "ARIA-256-CCM")) {
+ return MBEDTLS_CIPHER_ARIA_256_CCM;
+ } else if (strcmp(buf, "ARIA-256-GCM")) {
+ return MBEDTLS_CIPHER_ARIA_256_GCM;
+ } else if (strcmp(buf, "CAMELLIA-128-CCM")) {
+ return MBEDTLS_CIPHER_CAMELLIA_128_CCM;
+ } else if (strcmp(buf, "CAMELLIA-192-CCM")) {
+ return MBEDTLS_CIPHER_CAMELLIA_192_CCM;
+ } else if (strcmp(buf, "CAMELLIA-256-CCM")) {
+ return MBEDTLS_CIPHER_CAMELLIA_256_CCM;
+ } else if (strcmp(buf, "CHACHA20-POLY1305")) {
+ return MBEDTLS_CIPHER_CHACHA20_POLY1305;
+ }
+ return MBEDTLS_CIPHER_NONE;
+}
+
int main(int argc, char *argv[])
{
int ret = 0, len, written, frags, exchanges_left;
@@ -1642,31 +1676,6 @@
signal(SIGINT, term_handler);
#endif
- if (argc < 2) {
-usage:
- if (ret == 0) {
- ret = 1;
- }
-
- mbedtls_printf(USAGE1);
- mbedtls_printf(USAGE2);
- mbedtls_printf(USAGE3);
- mbedtls_printf(USAGE4);
-
- list = mbedtls_ssl_list_ciphersuites();
- while (*list) {
- mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
- list++;
- if (!*list) {
- break;
- }
- mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
- list++;
- }
- mbedtls_printf("\n");
- goto exit;
- }
-
opt.buffer_size = DFL_IO_BUF_LEN;
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
@@ -1765,9 +1774,54 @@
opt.key2_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
opt.key2_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
+ p = q = NULL;
+ if (argc < 1) {
+usage:
+ if (p != NULL && q != NULL) {
+ printf("unrecognized value for '%s': '%s'\n", p, q);
+ } else if (p != NULL && q == NULL) {
+ printf("unrecognized param: '%s'\n", p);
+ }
+
+ mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
+ mbedtls_printf(" ssl_client2 help[_theme]\n");
+ mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
+ mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
+ mbedtls_printf("\n");
+
+ if (ret == 0) {
+ ret = 1;
+ }
+ goto exit;
+ }
+
for (i = 1; i < argc; i++) {
p = argv[i];
+
+ if (strcmp(p, "help") == 0) {
+ mbedtls_printf(USAGE1);
+ mbedtls_printf(USAGE2);
+ mbedtls_printf(USAGE3);
+ mbedtls_printf(USAGE4);
+
+ ret = 0;
+ goto exit;
+ }
+ if (strcmp(p, "help_ciphersuites") == 0) {
+ mbedtls_printf(" acceptable ciphersuite names:\n");
+ for (list = mbedtls_ssl_list_ciphersuites();
+ *list != 0;
+ list++) {
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
+ }
+
+ ret = 0;
+ goto exit;
+ }
+
if ((q = strchr(p, '=')) == NULL) {
+ mbedtls_printf("param requires a value: '%s'\n", p);
+ p = NULL; // avoid "unrecnognized param" message
goto usage;
}
*q++ = '\0';
@@ -2127,12 +2181,11 @@
goto usage;
}
} else if (strcmp(p, "ticket_aead") == 0) {
- const mbedtls_cipher_info_t *ci = mbedtls_cipher_info_from_string(q);
+ opt.ticket_aead = parse_cipher(q);
- if (ci == NULL) {
+ if (opt.ticket_aead == MBEDTLS_CIPHER_NONE) {
goto usage;
}
- opt.ticket_aead = mbedtls_cipher_info_get_type(ci);
} else if (strcmp(p, "cache_max") == 0) {
opt.cache_max = atoi(q);
if (opt.cache_max < 0) {
@@ -2232,9 +2285,13 @@
goto usage;
}
} else {
+ /* This signals that the problem is with p not q */
+ q = NULL;
goto usage;
}
}
+ /* This signals that any further erorrs are not with a single option */
+ p = q = NULL;
if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
@@ -2751,9 +2808,9 @@
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
- mbedtls_ssl_tls13_conf_early_data(&conf, tls13_early_data_enabled);
+ mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled);
if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
- mbedtls_ssl_tls13_conf_max_early_data_size(
+ mbedtls_ssl_conf_max_early_data_size(
&conf, opt.max_early_data_size);
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -3781,7 +3838,6 @@
switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf(" connection was closed gracefully\n");
- ret = 0;
goto close_notify;
default:
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 67fc061..1ff2077 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -9,19 +9,7 @@
* This file is meant to be #include'd and cannot be compiled separately.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
void eap_tls_key_derivation(void *p_expkey,
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index aea056b..b49dd67 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -5,19 +5,7 @@
* that cannot be compiled separately in "ssl_test_common_source.c".
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
@@ -447,6 +435,9 @@
void test_hooks_free(void)
{
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_end();
+#endif
}
#endif /* MBEDTLS_TEST_HOOKS */
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index ef0dba7..d06e099 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -2,19 +2,7 @@
* Common code for SSL test programs
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 735684e..0778731 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -3,6 +3,7 @@
)
set(executables_libs
+ metatest
query_included_headers
selftest
udp_proxy
@@ -45,11 +46,13 @@
${PERL}
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
${CMAKE_CURRENT_BINARY_DIR}/query_config.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
)
# this file will also be used in another directory, so create a target, see
@@ -70,6 +73,7 @@
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
${extra_sources})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library)
if(exe STREQUAL "query_compile_time_config")
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR})
endif()
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index ecc4e94..85b7fc6 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -2,19 +2,7 @@
* Benchmark demonstration program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
@@ -113,13 +101,13 @@
#define HEADER_FORMAT " %-24s : "
#define TITLE_LEN 25
-#define OPTIONS \
- "md5, ripemd160, sha1, sha256, sha512,\n" \
- "sha3_224, sha3_256, sha3_384, sha3_512,\n" \
- "des3, des, camellia, chacha20,\n" \
- "aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \
- "aes_cmac, des3_cmac, poly1305\n" \
- "ctr_drbg, hmac_drbg\n" \
+#define OPTIONS \
+ "md5, ripemd160, sha1, sha256, sha512,\n" \
+ "sha3_224, sha3_256, sha3_384, sha3_512,\n" \
+ "des3, des, camellia, chacha20,\n" \
+ "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \
+ "aes_cmac, des3_cmac, poly1305\n" \
+ "ctr_drbg, hmac_drbg\n" \
"rsa, dhm, ecdsa, ecdh.\n"
#if defined(MBEDTLS_ERROR_C)
@@ -510,7 +498,7 @@
char md5, ripemd160, sha1, sha256, sha512,
sha3_224, sha3_256, sha3_384, sha3_512,
des3, des,
- aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,
+ aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly,
aes_cmac, des3_cmac,
aria, camellia, chacha20,
poly1305,
@@ -570,6 +558,10 @@
todo.des = 1;
} else if (strcmp(argv[i], "aes_cbc") == 0) {
todo.aes_cbc = 1;
+ } else if (strcmp(argv[i], "aes_cfb128") == 0) {
+ todo.aes_cfb128 = 1;
+ } else if (strcmp(argv[i], "aes_cfb8") == 0) {
+ todo.aes_cfb8 = 1;
} else if (strcmp(argv[i], "aes_xts") == 0) {
todo.aes_xts = 1;
} else if (strcmp(argv[i], "aes_gcm") == 0) {
@@ -675,6 +667,7 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if (todo.des3) {
mbedtls_des3_context des3;
+
mbedtls_des3_init(&des3);
if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) {
mbedtls_exit(1);
@@ -686,6 +679,7 @@
if (todo.des) {
mbedtls_des_context des;
+
mbedtls_des_init(&des);
if (mbedtls_des_setkey_enc(&des, tmp) != 0) {
mbedtls_exit(1);
@@ -718,6 +712,7 @@
if (todo.aes_cbc) {
int keysize;
mbedtls_aes_context aes;
+
mbedtls_aes_init(&aes);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize);
@@ -732,6 +727,44 @@
mbedtls_aes_free(&aes);
}
#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ if (todo.aes_cfb128) {
+ int keysize;
+ size_t iv_off = 0;
+ mbedtls_aes_context aes;
+
+ mbedtls_aes_init(&aes);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
+
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE,
+ &iv_off, tmp, buf, buf));
+ }
+ mbedtls_aes_free(&aes);
+ }
+ if (todo.aes_cfb8) {
+ int keysize;
+ mbedtls_aes_context aes;
+
+ mbedtls_aes_init(&aes);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
+
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf));
+ }
+ mbedtls_aes_free(&aes);
+ }
+#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
if (todo.aes_xts) {
int keysize;
@@ -849,6 +882,7 @@
if (todo.aria) {
int keysize;
mbedtls_aria_context aria;
+
mbedtls_aria_init(&aria);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize);
@@ -869,6 +903,7 @@
if (todo.camellia) {
int keysize;
mbedtls_camellia_context camellia;
+
mbedtls_camellia_init(&camellia);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize);
@@ -975,6 +1010,7 @@
if (todo.rsa) {
int keysize;
mbedtls_rsa_context rsa;
+
for (keysize = 2048; keysize <= 4096; keysize *= 2) {
mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize);
@@ -1017,19 +1053,20 @@
mbedtls_dhm_context dhm;
size_t olen;
size_t n;
+
for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) {
mbedtls_dhm_init(&dhm);
- if (mbedtls_mpi_read_binary(&dhm.P, dhm_P[i],
+ if (mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(P), dhm_P[i],
dhm_P_size[i]) != 0 ||
- mbedtls_mpi_read_binary(&dhm.G, dhm_G[i],
+ mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(G), dhm_G[i],
dhm_G_size[i]) != 0) {
mbedtls_exit(1);
}
- n = mbedtls_mpi_size(&dhm.P);
+ n = mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P));
mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL);
- if (mbedtls_mpi_copy(&dhm.GY, &dhm.GX) != 0) {
+ if (mbedtls_mpi_copy(&dhm.MBEDTLS_PRIVATE(GY), &dhm.MBEDTLS_PRIVATE(GX)) != 0) {
mbedtls_exit(1);
}
@@ -1130,6 +1167,7 @@
if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) {
mbedtls_ecp_group grp;
+
mbedtls_ecp_group_init(&grp);
if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) {
mbedtls_exit(1);
diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt
index 518d2e9..f498cf9 100644
--- a/programs/test/cmake_package/CMakeLists.txt
+++ b/programs/test/cmake_package/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.8.12)
+cmake_minimum_required(VERSION 3.5.1)
#
# Simulate configuring and building Mbed TLS as the user might do it. We'll
@@ -13,7 +13,9 @@
"-H${MbedTLS_SOURCE_DIR}"
"-B${MbedTLS_BINARY_DIR}"
"-DENABLE_PROGRAMS=NO"
- "-DENABLE_TESTING=NO")
+ "-DENABLE_TESTING=NO"
+ # Turn on generated files explicitly in case this is a release
+ "-DGEN_FILES=ON")
execute_process(
COMMAND "${CMAKE_COMMAND}"
diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c
index 86e1077..729800a 100644
--- a/programs/test/cmake_package/cmake_package.c
+++ b/programs/test/cmake_package/cmake_package.c
@@ -2,19 +2,7 @@
* Simple program to test that Mbed TLS builds correctly as a CMake package.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt
index fb5ad51..6937af4 100644
--- a/programs/test/cmake_package_install/CMakeLists.txt
+++ b/programs/test/cmake_package_install/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.8.12)
+cmake_minimum_required(VERSION 3.5.1)
#
# Simulate configuring and building Mbed TLS as the user might do it. We'll
@@ -15,6 +15,8 @@
"-B${MbedTLS_BINARY_DIR}"
"-DENABLE_PROGRAMS=NO"
"-DENABLE_TESTING=NO"
+ # Turn on generated files explicitly in case this is a release
+ "-DGEN_FILES=ON"
"-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}")
execute_process(
diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c
index 9aa4c3b..44a2ada 100644
--- a/programs/test/cmake_package_install/cmake_package_install.c
+++ b/programs/test/cmake_package_install/cmake_package_install.c
@@ -3,19 +3,7 @@
* package.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
index a9fcfde..3c3cba3 100644
--- a/programs/test/cmake_subproject/CMakeLists.txt
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.6)
+cmake_minimum_required(VERSION 3.5.1)
# Test the target renaming support by adding a prefix to the targets built
set(MBEDTLS_TARGET_PREFIX subproject_test_)
diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c
index d56b9a9..8b4f18e 100644
--- a/programs/test/cmake_subproject/cmake_subproject.c
+++ b/programs/test/cmake_subproject/cmake_subproject.c
@@ -3,19 +3,7 @@
* work correctly.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c
index 2dcda3b..f241254 100644
--- a/programs/test/dlopen.c
+++ b/programs/test/dlopen.c
@@ -2,19 +2,7 @@
* Test dynamic loading of libmbed*
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh
index a6a9022..7280f1d 100755
--- a/programs/test/dlopen_demo.sh
+++ b/programs/test/dlopen_demo.sh
@@ -4,48 +4,23 @@
# This is only expected to work when Mbed TLS is built as a shared library.
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-set -e -u
+. "${0%/*}/../demo_common.sh"
-program_name="dlopen"
-program_dir="${0%/*}"
-program="$program_dir/$program_name"
+msg "Test the dynamic loading of libmbed*"
+program="$programs_dir/test/dlopen"
+library_dir="$root_dir/library"
+
+# Skip this test if we don't have a shared library build. Detect this
+# through the absence of the demo program.
if [ ! -e "$program" ]; then
- # Look for programs in the current directory and the directories above it
- for dir in "." ".." "../.."; do
- program_dir="$dir/programs/test"
- program="$program_dir/$program_name"
- if [ -e "$program" ]; then
- break
- fi
- done
- if [ ! -e "$program" ]; then
- echo "Could not find $program_name program"
-
- echo "Make sure that Mbed TLS is built as a shared library." \
- "If building out-of-tree, this script must be run" \
- "from the project build directory."
- exit 1
- fi
+ msg "$0: this demo requires a shared library build."
+ # Exit with a success status so that this counts as a pass for run_demos.py.
+ exit
fi
-top_dir="$program_dir/../.."
-library_dir="$top_dir/library"
-
# ELF-based Unix-like (Linux, *BSD, Solaris, ...)
if [ -n "${LD_LIBRARY_PATH-}" ]; then
LD_LIBRARY_PATH="$library_dir:$LD_LIBRARY_PATH"
@@ -62,6 +37,6 @@
fi
export DYLD_LIBRARY_PATH
-echo "Running dynamic loading test program: $program"
-echo "Loading libraries from: $library_dir"
+msg "Running dynamic loading test program: $program"
+msg "Loading libraries from: $library_dir"
"$program"
diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh
index 94e9115..0b4bd0b 100755
--- a/programs/test/generate_cpp_dummy_build.sh
+++ b/programs/test/generate_cpp_dummy_build.sh
@@ -14,19 +14,7 @@
fi
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -e
@@ -41,19 +29,8 @@
* can be included and built with a C++ compiler.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
*/
#include "mbedtls/build_info.h"
@@ -63,7 +40,9 @@
for header in include/mbedtls/*.h include/psa/*.h; do
case ${header#include/} in
mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion
+ mbedtls/config_*.h) :;; # not meant for direct inclusion
psa/crypto_config.h) :;; # not meant for direct inclusion
+ psa/crypto_ajdust_config*.h) :;; # not meant for direct inclusion
# Some of the psa/crypto_*.h headers are not meant to be included
# directly. They do have include guards that make them no-ops if
# psa/crypto.h has been included before. Since psa/crypto.h comes
diff --git a/programs/test/metatest.c b/programs/test/metatest.c
new file mode 100644
index 0000000..b8dffa9
--- /dev/null
+++ b/programs/test/metatest.c
@@ -0,0 +1,357 @@
+/** \file metatest.c
+ *
+ * \brief Test features of the test framework.
+ *
+ * When you run this program, it runs a single "meta-test". A meta-test
+ * performs an operation which should be caught as a failure by our
+ * test framework. The meta-test passes if this program calls `exit` with
+ * a nonzero status, or aborts, or is terminated by a signal, or if the
+ * framework running the program considers the run an error (this happens
+ * with Valgrind for a memory leak). The non-success of the meta-test
+ * program means that the test failure has been caught correctly.
+ *
+ * Some failures are purely functional: the logic of the code causes the
+ * test result to be set to FAIL. Other failures come from extra
+ * instrumentation which is not present in a normal build; for example,
+ * Asan or Valgrind to detect memory leaks. This is reflected by the
+ * "platform" associated with each meta-test.
+ *
+ * Use the companion script `tests/scripts/run-metatests.sh` to run all
+ * the meta-tests for a given platform and validate that they trigger a
+ * detected failure as expected.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+#include <mbedtls/platform.h>
+#include <mbedtls/platform_util.h>
+#include "test/helpers.h"
+#include "test/macros.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(MBEDTLS_THREADING_C)
+#include <mbedtls/threading.h>
+#endif
+
+
+/* This is an external variable, so the compiler doesn't know that we're never
+ * changing its value.
+ */
+volatile int false_but_the_compiler_does_not_know = 0;
+
+/* Hide calls to calloc/free from static checkers such as
+ * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about
+ * code where we do mean to cause a runtime error. */
+void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc;
+void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free;
+
+/* Set n bytes at the address p to all-bits-zero, in such a way that
+ * the compiler should not know that p is all-bits-zero. */
+static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n)
+{
+ memset((void *) p, false_but_the_compiler_does_not_know, n);
+}
+
+
+/****************************************************************/
+/* Test framework features */
+/****************************************************************/
+
+void meta_test_fail(const char *name)
+{
+ (void) name;
+ mbedtls_test_fail("Forced test failure", __LINE__, __FILE__);
+}
+
+
+/****************************************************************/
+/* Platform features */
+/****************************************************************/
+
+void null_pointer_dereference(const char *name)
+{
+ (void) name;
+ volatile char *volatile p;
+ set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p));
+ /* Undefined behavior (read from null data pointer) */
+ mbedtls_printf("%p -> %u\n", p, (unsigned) *p);
+}
+
+void null_pointer_call(const char *name)
+{
+ (void) name;
+ unsigned(*volatile p)(void);
+ set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p));
+ /* Undefined behavior (execute null function pointer) */
+ /* The pointer representation may be truncated, but we don't care:
+ * the only point of printing it is to have some use of the pointer
+ * to dissuade the compiler from optimizing it away. */
+ mbedtls_printf("%lx() -> %u\n", (unsigned long) (uintptr_t) p, p());
+}
+
+
+/****************************************************************/
+/* Memory */
+/****************************************************************/
+
+void read_after_free(const char *name)
+{
+ (void) name;
+ volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
+ *p = 'a';
+ free_but_the_compiler_does_not_know((void *) p);
+ /* Undefined behavior (read after free) */
+ mbedtls_printf("%u\n", (unsigned) *p);
+}
+
+void double_free(const char *name)
+{
+ (void) name;
+ volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
+ *p = 'a';
+ free_but_the_compiler_does_not_know((void *) p);
+ /* Undefined behavior (double free) */
+ free_but_the_compiler_does_not_know((void *) p);
+}
+
+void read_uninitialized_stack(const char *name)
+{
+ (void) name;
+ char buf[1];
+ if (false_but_the_compiler_does_not_know) {
+ buf[0] = '!';
+ }
+ char *volatile p = buf;
+ if (*p != 0) {
+ /* Unspecified result (read from uninitialized memory) */
+ mbedtls_printf("%u\n", (unsigned) *p);
+ }
+}
+
+void memory_leak(const char *name)
+{
+ (void) name;
+ volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
+ mbedtls_printf("%u\n", (unsigned) *p);
+ /* Leak of a heap object */
+}
+
+
+/****************************************************************/
+/* Threading */
+/****************************************************************/
+
+void mutex_lock_not_initialized(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ memset(&mutex, 0, sizeof(mutex));
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0);
+exit:
+ ;
+#endif
+}
+
+void mutex_unlock_not_initialized(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ memset(&mutex, 0, sizeof(mutex));
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0);
+exit:
+ ;
+#endif
+}
+
+void mutex_free_not_initialized(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ memset(&mutex, 0, sizeof(mutex));
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ mbedtls_mutex_free(&mutex);
+#endif
+}
+
+void mutex_double_init(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ mbedtls_mutex_init(&mutex);
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ mbedtls_mutex_init(&mutex);
+ mbedtls_mutex_free(&mutex);
+#endif
+}
+
+void mutex_double_free(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ mbedtls_mutex_init(&mutex);
+ mbedtls_mutex_free(&mutex);
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ mbedtls_mutex_free(&mutex);
+#endif
+}
+
+void mutex_leak(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ mbedtls_mutex_init(&mutex);
+#endif
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+}
+
+
+/****************************************************************/
+/* Command line entry point */
+/****************************************************************/
+
+typedef struct {
+ /** Command line argument that will trigger that metatest.
+ *
+ * Conventionally matches "[a-z0-9_]+". */
+ const char *name;
+
+ /** Platform under which that metatest is valid.
+ *
+ * - "any": should work anywhere.
+ * - "asan": triggers ASan (Address Sanitizer).
+ * - "msan": triggers MSan (Memory Sanitizer).
+ * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS,
+ * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test
+ * framework (see tests/src/threading_helpers.c).
+ */
+ const char *platform;
+
+ /** Function that performs the metatest.
+ *
+ * The function receives the name as an argument. This allows using the
+ * same function to perform multiple variants of a test based on the name.
+ *
+ * When executed on a conforming platform, the function is expected to
+ * either cause a test failure (mbedtls_test_fail()), or cause the
+ * program to abort in some way (e.g. by causing a segfault or by
+ * triggering a sanitizer).
+ *
+ * When executed on a non-conforming platform, the function may return
+ * normally or may have unpredictable behavior.
+ */
+ void (*entry_point)(const char *name);
+} metatest_t;
+
+/* The list of availble meta-tests. Remember to register new functions here!
+ *
+ * Note that we always compile all the functions, so that `metatest --list`
+ * will always list all the available meta-tests.
+ *
+ * See the documentation of metatest_t::platform for the meaning of
+ * platform values.
+ */
+metatest_t metatests[] = {
+ { "test_fail", "any", meta_test_fail },
+ { "null_dereference", "any", null_pointer_dereference },
+ { "null_call", "any", null_pointer_call },
+ { "read_after_free", "asan", read_after_free },
+ { "double_free", "asan", double_free },
+ { "read_uninitialized_stack", "msan", read_uninitialized_stack },
+ { "memory_leak", "asan", memory_leak },
+ { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized },
+ { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized },
+ { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized },
+ { "mutex_double_init", "pthread", mutex_double_init },
+ { "mutex_double_free", "pthread", mutex_double_free },
+ { "mutex_leak", "pthread", mutex_leak },
+ { NULL, NULL, NULL }
+};
+
+static void help(FILE *out, const char *argv0)
+{
+ mbedtls_fprintf(out, "Usage: %s list|TEST\n", argv0);
+ mbedtls_fprintf(out, "Run a meta-test that should cause a test failure.\n");
+ mbedtls_fprintf(out, "With 'list', list the available tests and their platform requirement.\n");
+}
+
+int main(int argc, char *argv[])
+{
+ const char *argv0 = argc > 0 ? argv[0] : "metatest";
+ if (argc != 2) {
+ help(stderr, argv0);
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ /* Support "-help", "--help", "--list", etc. */
+ const char *command = argv[1];
+ while (*command == '-') {
+ ++command;
+ }
+
+ if (strcmp(argv[1], "help") == 0) {
+ help(stdout, argv0);
+ mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
+ }
+ if (strcmp(argv[1], "list") == 0) {
+ for (const metatest_t *p = metatests; p->name != NULL; p++) {
+ mbedtls_printf("%s %s\n", p->name, p->platform);
+ }
+ mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
+ }
+
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_init();
+#endif
+
+ for (const metatest_t *p = metatests; p->name != NULL; p++) {
+ if (strcmp(argv[1], p->name) == 0) {
+ mbedtls_printf("Running metatest %s...\n", argv[1]);
+ p->entry_point(argv[1]);
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_check();
+#endif
+ mbedtls_printf("Running metatest %s... done, result=%d\n",
+ argv[1], (int) mbedtls_test_info.result);
+ mbedtls_exit(mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS ?
+ MBEDTLS_EXIT_SUCCESS :
+ MBEDTLS_EXIT_FAILURE);
+ }
+ }
+
+ mbedtls_fprintf(stderr, "%s: FATAL: No such metatest: %s\n",
+ argv0, command);
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+}
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index df0fe4a..a70e6da 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -2,19 +2,7 @@
* Query the Mbed TLS compile time configuration
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/test/query_config.h b/programs/test/query_config.h
index ade73d0..43f120b 100644
--- a/programs/test/query_config.h
+++ b/programs/test/query_config.h
@@ -2,19 +2,7 @@
* Query Mbed TLS compile time configurations from mbedtls_config.h
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H
diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c
index 383a2ff..cdafa16 100644
--- a/programs/test/query_included_headers.c
+++ b/programs/test/query_included_headers.c
@@ -1,19 +1,7 @@
/* Ad hoc report on included headers. */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <psa/crypto.h>
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index f896d4f..e132e4c 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -2,19 +2,7 @@
* Self-test demonstration program
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
@@ -73,23 +61,53 @@
void *empty2 = mbedtls_calloc(0, 1);
void *buffer1 = mbedtls_calloc(1, 1);
void *buffer2 = mbedtls_calloc(1, 1);
+ unsigned int buffer_3_size = 256;
+ unsigned int buffer_4_size = 4097; /* Allocate more than the usual page size */
+ unsigned char *buffer3 = mbedtls_calloc(buffer_3_size, 1);
+ unsigned char *buffer4 = mbedtls_calloc(buffer_4_size, 1);
if (empty1 == NULL && empty2 == NULL) {
if (verbose) {
- mbedtls_printf(" CALLOC(0): passed (NULL)\n");
+ mbedtls_printf(" CALLOC(0,1): passed (NULL)\n");
}
} else if (empty1 == NULL || empty2 == NULL) {
if (verbose) {
- mbedtls_printf(" CALLOC(0): failed (mix of NULL and non-NULL)\n");
+ mbedtls_printf(" CALLOC(0,1): failed (mix of NULL and non-NULL)\n");
}
++failures;
} else if (empty1 == empty2) {
if (verbose) {
- mbedtls_printf(" CALLOC(0): passed (same non-null)\n");
+ mbedtls_printf(" CALLOC(0,1): passed (same non-null)\n");
}
+ empty2 = NULL;
} else {
if (verbose) {
- mbedtls_printf(" CALLOC(0): passed (distinct non-null)\n");
+ mbedtls_printf(" CALLOC(0,1): passed (distinct non-null)\n");
+ }
+ }
+
+ mbedtls_free(empty1);
+ mbedtls_free(empty2);
+
+ empty1 = mbedtls_calloc(1, 0);
+ empty2 = mbedtls_calloc(1, 0);
+ if (empty1 == NULL && empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): passed (NULL)\n");
+ }
+ } else if (empty1 == NULL || empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): failed (mix of NULL and non-NULL)\n");
+ }
+ ++failures;
+ } else if (empty1 == empty2) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): passed (same non-null)\n");
+ }
+ empty2 = NULL;
+ } else {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): passed (distinct non-null)\n");
}
}
@@ -103,6 +121,7 @@
mbedtls_printf(" CALLOC(1): failed (same buffer twice)\n");
}
++failures;
+ buffer2 = NULL;
} else {
if (verbose) {
mbedtls_printf(" CALLOC(1): passed\n");
@@ -122,6 +141,28 @@
}
}
+ for (unsigned int i = 0; i < buffer_3_size; i++) {
+ if (buffer3[i] != 0) {
+ ++failures;
+ if (verbose) {
+ mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n",
+ buffer_3_size);
+ }
+ break;
+ }
+ }
+
+ for (unsigned int i = 0; i < buffer_4_size; i++) {
+ if (buffer4[i] != 0) {
+ ++failures;
+ if (verbose) {
+ mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n",
+ buffer_4_size);
+ }
+ break;
+ }
+ }
+
if (verbose) {
mbedtls_printf("\n");
}
@@ -129,6 +170,8 @@
mbedtls_free(empty2);
mbedtls_free(buffer1);
mbedtls_free(buffer2);
+ mbedtls_free(buffer3);
+ mbedtls_free(buffer4);
return failures;
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 685e336..c6b56ec 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -2,19 +2,7 @@
* UDP proxy: emulate an unreliable UDP connection for DTLS testing
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh
index 27de013..aa6a6d1 100755
--- a/programs/test/udp_proxy_wrapper.sh
+++ b/programs/test/udp_proxy_wrapper.sh
@@ -3,19 +3,7 @@
# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...]
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -u
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
index b7842c4..1e9b98d 100644
--- a/programs/test/zeroize.c
+++ b/programs/test/zeroize.c
@@ -10,19 +10,7 @@
* call to mbedtls_platform_zeroize() was not eliminated.
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index 5dd367a..d682c2b 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -2,19 +2,7 @@
* Convert PEM to DER
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/util/strerror.c b/programs/util/strerror.c
index 4bfd8a1..316f286 100644
--- a/programs/util/strerror.c
+++ b/programs/util/strerror.c
@@ -2,19 +2,7 @@
* Translate error code to error string
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/wince_main.c b/programs/wince_main.c
index be98eae..e817b9f 100644
--- a/programs/wince_main.c
+++ b/programs/wince_main.c
@@ -2,19 +2,7 @@
* Windows CE console application entry point
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#if defined(_WIN32_WCE)
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 51a79ec..cb1e5bc 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -2,19 +2,7 @@
* Certificate reading application
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 23e816b..6ae43a9 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -2,19 +2,7 @@
* Certificate request generation
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -23,10 +11,10 @@
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
#include "mbedtls/md.h"
-#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
+#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_PEM_WRITE_C)
+ !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
@@ -66,10 +54,12 @@
" output_file=%%s default: cert.req\n" \
" subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
" san=%%s default: (none)\n" \
- " Semicolon-separated-list of values:\n" \
- " DNS:value\n" \
- " URI:value\n" \
- " IP:value (Only IPv4 is supported)\n" \
+ " Semicolon-separated-list of values:\n" \
+ " DNS:value\n" \
+ " URI:value\n" \
+ " RFC822:value\n" \
+ " IP:value (Only IPv4 is supported)\n" \
+ " DN:list of comma separated key=value pairs\n" \
" key_usage=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \
" digital_signature\n" \
@@ -153,12 +143,13 @@
mbedtls_pk_context key;
char buf[1024];
int i;
- char *p, *q, *r, *subtype_value;
+ char *p, *q, *r;
mbedtls_x509write_csr req;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev;
+ mbedtls_asn1_named_data *ext_san_dirname = NULL;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
uint8_t ip[4] = { 0 };
#endif
@@ -218,11 +209,34 @@
} else if (strcmp(p, "subject_name") == 0) {
opt.subject_name = q;
} else if (strcmp(p, "san") == 0) {
+ char *subtype_value;
prev = NULL;
while (q != NULL) {
- if ((r = strchr(q, ';')) != NULL) {
+ char *semicolon;
+ r = q;
+
+ /* Find the first non-escaped ; occurrence and remove escaped ones */
+ do {
+ if ((semicolon = strchr(r, ';')) != NULL) {
+ if (*(semicolon-1) != '\\') {
+ r = semicolon;
+ break;
+ }
+ /* Remove the escape character */
+ size_t size_left = strlen(semicolon);
+ memmove(semicolon-1, semicolon, size_left);
+ *(semicolon + size_left - 1) = '\0';
+ /* r will now point at the character after the semicolon */
+ r = semicolon;
+ }
+
+ } while (semicolon != NULL);
+
+ if (semicolon != NULL) {
*r++ = '\0';
+ } else {
+ r = NULL;
}
cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list));
@@ -235,37 +249,48 @@
if ((subtype_value = strchr(q, ':')) != NULL) {
*subtype_value++ = '\0';
+ } else {
+ mbedtls_printf(
+ "Invalid argument for option SAN: Entry must be of the form TYPE:value\n");
+ goto usage;
}
-
- if (strcmp(q, "URI") == 0) {
+ if (strcmp(q, "RFC822") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;
+ } else if (strcmp(q, "URI") == 0) {
cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
} else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "IP") == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- size_t ip_len = 0;
+ size_t ip_addr_len = 0;
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
- ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
- if (ip_len == 0) {
+ ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
+ if (ip_addr_len == 0) {
mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
subtype_value);
goto exit;
}
-#else
- mbedtls_printf("IP SAN parsing requires MBEDTLS_X509_CRT_PARSE_C to be defined");
- goto exit;
-#endif
+ cur->node.san.unstructured_name.p = (unsigned char *) ip;
+ cur->node.san.unstructured_name.len = sizeof(ip);
+ } else if (strcmp(q, "DN") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
+ if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
+ subtype_value)) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509_string_to_names "
+ "returned -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
+ goto exit;
+ }
+ cur->node.san.directory_name = *ext_san_dirname;
} else {
mbedtls_free(cur);
goto usage;
}
- if (strcmp(q, "IP") == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- cur->node.san.unstructured_name.p = (unsigned char *) ip;
- cur->node.san.unstructured_name.len = sizeof(ip);
-#endif
- } else {
+ if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME ||
+ cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER ||
+ cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) {
q = subtype_value;
cur->node.san.unstructured_name.p = (unsigned char *) q;
cur->node.san.unstructured_name.len = strlen(q);
@@ -280,7 +305,6 @@
prev = cur;
q = r;
}
-
} else if (strcmp(p, "md") == 0) {
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_string(q);
@@ -467,6 +491,7 @@
}
mbedtls_x509write_csr_free(&req);
+ mbedtls_asn1_free_named_data_list(&ext_san_dirname);
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index e58f528..bf25c4c 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -2,19 +2,7 @@
* Certificate generation and signing
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
@@ -530,6 +518,8 @@
SET_OID(ext_key_usage->buf, MBEDTLS_OID_TIME_STAMPING);
} else if (strcmp(q, "OCSPSigning") == 0) {
SET_OID(ext_key_usage->buf, MBEDTLS_OID_OCSP_SIGNING);
+ } else if (strcmp(q, "any") == 0) {
+ SET_OID(ext_key_usage->buf, MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE);
} else {
mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
@@ -581,6 +571,10 @@
if ((subtype_value = strchr(q, ':')) != NULL) {
*subtype_value++ = '\0';
+ } else {
+ mbedtls_printf(
+ "Invalid argument for option SAN: Entry must be of the form TYPE:value\n");
+ goto usage;
}
if (strcmp(q, "RFC822") == 0) {
cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;
@@ -589,10 +583,10 @@
} else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "IP") == 0) {
- size_t ip_len = 0;
+ size_t ip_addr_len = 0;
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
- ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
- if (ip_len == 0) {
+ ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
+ if (ip_addr_len == 0) {
mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
subtype_value);
goto exit;
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 6c671ff..5e3fd5a 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -2,19 +2,7 @@
* CRL reading application
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index d024e98..f0e6acf 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -3,45 +3,6 @@
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- *
- * This file is provided under the Apache License 2.0, or the
- * GNU General Public License v2.0 or later.
- *
- * **********
- * Apache License 2.0:
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * **********
- *
- * **********
- * GNU General Public License v2.0 or later:
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * **********
*/
#include "mbedtls/build_info.h"
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 64b9f0b..fff0983 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -2,19 +2,7 @@
* Certificate request reading application
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/scripts/abi_check.py b/scripts/abi_check.py
index ac1d60f..8a604c4 100755
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@@ -84,19 +84,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import glob
import os
diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh
index cf01e1f..34daf37 100755
--- a/scripts/apidoc_full.sh
+++ b/scripts/apidoc_full.sh
@@ -8,19 +8,7 @@
# when multiple targets are invoked in the same parallel build.
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -eu
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
index f3aca70..07e6fc5 100755
--- a/scripts/assemble_changelog.py
+++ b/scripts/assemble_changelog.py
@@ -19,19 +19,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import argparse
from collections import OrderedDict, namedtuple
@@ -60,6 +48,11 @@
message = ('Lost content from {}: "{}"'.format(filename, line))
super().__init__(message)
+class FilePathError(Exception):
+ def __init__(self, filenames):
+ message = ('Changelog filenames do not end with .txt: {}'.format(", ".join(filenames)))
+ super().__init__(message)
+
# The category names we use in the changelog.
# If you edit this, update ChangeLog.d/README.md.
STANDARD_CATEGORIES = (
@@ -122,7 +115,7 @@
class TextChangelogFormat(ChangelogFormat):
"""The traditional Mbed TLS changelog format."""
- _unreleased_version_text = '= Mbed TLS x.x.x branch released xxxx-xx-xx'
+ _unreleased_version_text = '= {} x.x.x branch released xxxx-xx-xx'
@classmethod
def is_released_version(cls, title):
# Look for an incomplete release date
@@ -130,6 +123,7 @@
_top_version_re = re.compile(r'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)',
re.DOTALL)
+ _name_re = re.compile(r'=\s(.*)\s[0-9x]+\.', re.DOTALL)
@classmethod
def extract_top_version(cls, changelog_file_content):
"""A version section starts with a line starting with '='."""
@@ -138,9 +132,10 @@
top_version_end = m.end(2)
top_version_title = m.group(1)
top_version_body = m.group(2)
+ name = re.match(cls._name_re, top_version_title).group(1)
if cls.is_released_version(top_version_title):
top_version_end = top_version_start
- top_version_title = cls._unreleased_version_text + '\n\n'
+ top_version_title = cls._unreleased_version_text.format(name) + '\n\n'
top_version_body = ''
return (changelog_file_content[:top_version_start],
top_version_title, top_version_body,
@@ -252,6 +247,7 @@
for category in STANDARD_CATEGORIES:
self.categories[category] = ''
offset = (self.header + self.top_version_title).count('\n') + 1
+
self.add_categories_from_text(input_stream.name, offset,
top_version_body, True)
@@ -443,8 +439,21 @@
"""List the entry files to merge, oldest first.
"Oldest" is defined by `EntryFileSortKey`.
+
+ Also check for required .txt extension
"""
- files_to_merge = glob.glob(os.path.join(options.dir, '*.txt'))
+ files_to_merge = glob.glob(os.path.join(options.dir, '*'))
+
+ # Ignore 00README.md
+ readme = os.path.join(options.dir, "00README.md")
+ if readme in files_to_merge:
+ files_to_merge.remove(readme)
+
+ # Identify files without the required .txt extension
+ bad_files = [x for x in files_to_merge if not x.endswith(".txt")]
+ if bad_files:
+ raise FilePathError(bad_files)
+
files_to_merge.sort(key=EntryFileSortKey)
return files_to_merge
@@ -452,6 +461,7 @@
"""Merge changelog entries into the changelog file.
Read the changelog file from options.input.
+ Check that all entries have a .txt extension
Read entries to merge from the directory options.dir.
Write the new changelog to options.output.
Remove the merged entries if options.keep_entries is false.
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 7fc8c6c..86ed74e 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -1,19 +1,7 @@
#!/bin/bash
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
@@ -131,7 +119,7 @@
sed -e "s/\(# *define *[A-Z]*_VERSION\)_PATCH .\{1,\}/\1_PATCH $PATCH/" | \
sed -e "s/\(# *define *[A-Z]*_VERSION\)_NUMBER .\{1,\}/\1_NUMBER $VERSION_NR/" | \
sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING .\{1,\}/\1_STRING \"$VERSION\"/" | \
- sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"mbed TLS $VERSION\"/" \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"Mbed TLS $VERSION\"/" \
> tmp
mv tmp include/mbedtls/build_info.h
@@ -142,7 +130,7 @@
[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h"
for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h;
do
- sed -e "s/mbed TLS v[0-9\.]\{1,\}/mbed TLS v$VERSION/g" < $i > tmp
+ sed -e "s/\\([Mm]bed TLS v\\)[0-9][0-9.]*/\\1$VERSION/g" < $i > tmp
mv tmp $i
done
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index 3ddc417..69c2db0 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt
@@ -11,8 +11,14 @@
# See https://github.com/Mbed-TLS/mbedtls/pull/3953 .
mypy >= 0.780
-# Install cryptography to avoid import-error reported by pylint.
-# What we really need is cryptography >= 35.0.0, which is only
-# available for Python >= 3.6.
-cryptography >= 35.0.0; sys_platform == 'linux' and python_version >= '3.6'
-cryptography; sys_platform == 'linux' and python_version < '3.6'
+# At the time of writing, only needed for tests/scripts/audit-validity-dates.py.
+# It needs >=35.0.0 for correct operation, and that requires Python >=3.6,
+# but our CI has Python 3.5. So let pip install the newest version that's
+# compatible with the running Python: this way we get something good enough
+# for mypy and pylint under Python 3.5, and we also get something good enough
+# to run audit-validity-dates.py on Python >=3.6.
+cryptography # >= 35.0.0
+
+# For building `tests/data_files/server9-bad-saltlen.crt` and check python
+# files.
+asn1crypto
diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
index 0ed2899..abd13df 100755
--- a/scripts/code_size_compare.py
+++ b/scripts/code_size_compare.py
@@ -9,30 +9,21 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import argparse
+import logging
import os
import re
+import shutil
import subprocess
import sys
import typing
from enum import Enum
-from mbedtls_dev import typing_util
from mbedtls_dev import build_tree
+from mbedtls_dev import logging_util
+from mbedtls_dev import typing_util
class SupportedArch(Enum):
"""Supported architecture for code size measurement."""
@@ -42,13 +33,13 @@
X86_64 = 'x86_64'
X86 = 'x86'
-CONFIG_TFM_MEDIUM_MBEDCRYPTO_H = "../configs/tfm_mbedcrypto_config_profile_medium.h"
-CONFIG_TFM_MEDIUM_PSA_CRYPTO_H = "../configs/crypto_config_profile_medium.h"
+
class SupportedConfig(Enum):
"""Supported configuration for code size measurement."""
DEFAULT = 'default'
TFM_MEDIUM = 'tfm-medium'
+
# Static library
MBEDTLS_STATIC_LIB = {
'CRYPTO': 'library/libmbedcrypto.a',
@@ -56,23 +47,111 @@
'TLS': 'library/libmbedtls.a',
}
+class CodeSizeDistinctInfo: # pylint: disable=too-few-public-methods
+ """Data structure to store possibly distinct information for code size
+ comparison."""
+ def __init__( #pylint: disable=too-many-arguments
+ self,
+ version: str,
+ git_rev: str,
+ arch: str,
+ config: str,
+ compiler: str,
+ opt_level: str,
+ ) -> None:
+ """
+ :param: version: which version to compare with for code size.
+ :param: git_rev: Git revision to calculate code size.
+ :param: arch: architecture to measure code size on.
+ :param: config: Configuration type to calculate code size.
+ (See SupportedConfig)
+ :param: compiler: compiler used to build library/*.o.
+ :param: opt_level: Options that control optimization. (E.g. -Os)
+ """
+ self.version = version
+ self.git_rev = git_rev
+ self.arch = arch
+ self.config = config
+ self.compiler = compiler
+ self.opt_level = opt_level
+ # Note: Variables below are not initialized by class instantiation.
+ self.pre_make_cmd = [] #type: typing.List[str]
+ self.make_cmd = ''
+
+ def get_info_indication(self):
+ """Return a unique string to indicate Code Size Distinct Information."""
+ return '{git_rev}-{arch}-{config}-{compiler}'.format(**self.__dict__)
+
+
+class CodeSizeCommonInfo: # pylint: disable=too-few-public-methods
+ """Data structure to store common information for code size comparison."""
+ def __init__(
+ self,
+ host_arch: str,
+ measure_cmd: str,
+ ) -> None:
+ """
+ :param host_arch: host architecture.
+ :param measure_cmd: command to measure code size for library/*.o.
+ """
+ self.host_arch = host_arch
+ self.measure_cmd = measure_cmd
+
+ def get_info_indication(self):
+ """Return a unique string to indicate Code Size Common Information."""
+ return '{measure_tool}'\
+ .format(measure_tool=self.measure_cmd.strip().split(' ')[0])
+
+class CodeSizeResultInfo: # pylint: disable=too-few-public-methods
+ """Data structure to store result options for code size comparison."""
+ def __init__( #pylint: disable=too-many-arguments
+ self,
+ record_dir: str,
+ comp_dir: str,
+ with_markdown=False,
+ stdout=False,
+ show_all=False,
+ ) -> None:
+ """
+ :param record_dir: directory to store code size record.
+ :param comp_dir: directory to store results of code size comparision.
+ :param with_markdown: write comparision result into a markdown table.
+ (Default: False)
+ :param stdout: direct comparison result into sys.stdout.
+ (Default False)
+ :param show_all: show all objects in comparison result. (Default False)
+ """
+ self.record_dir = record_dir
+ self.comp_dir = comp_dir
+ self.with_markdown = with_markdown
+ self.stdout = stdout
+ self.show_all = show_all
+
+
DETECT_ARCH_CMD = "cc -dM -E - < /dev/null"
def detect_arch() -> str:
"""Auto-detect host architecture."""
cc_output = subprocess.check_output(DETECT_ARCH_CMD, shell=True).decode()
- if "__aarch64__" in cc_output:
+ if '__aarch64__' in cc_output:
return SupportedArch.AARCH64.value
- if "__arm__" in cc_output:
+ if '__arm__' in cc_output:
return SupportedArch.AARCH32.value
- if "__x86_64__" in cc_output:
+ if '__x86_64__' in cc_output:
return SupportedArch.X86_64.value
- if "__x86__" in cc_output:
+ if '__i386__' in cc_output:
return SupportedArch.X86.value
else:
print("Unknown host architecture, cannot auto-detect arch.")
sys.exit(1)
-class CodeSizeInfo: # pylint: disable=too-few-public-methods
+TFM_MEDIUM_CONFIG_H = 'configs/ext/tfm_mbedcrypto_config_profile_medium.h'
+TFM_MEDIUM_CRYPTO_CONFIG_H = 'configs/ext/crypto_config_profile_medium.h'
+
+CONFIG_H = 'include/mbedtls/mbedtls_config.h'
+CRYPTO_CONFIG_H = 'include/psa/crypto_config.h'
+BACKUP_SUFFIX = '.code_size.bak'
+
+class CodeSizeBuildInfo: # pylint: disable=too-few-public-methods
"""Gather information used to measure code size.
It collects information about architecture, configuration in order to
@@ -80,90 +159,367 @@
"""
SupportedArchConfig = [
- "-a " + SupportedArch.AARCH64.value + " -c " + SupportedConfig.DEFAULT.value,
- "-a " + SupportedArch.AARCH32.value + " -c " + SupportedConfig.DEFAULT.value,
- "-a " + SupportedArch.X86_64.value + " -c " + SupportedConfig.DEFAULT.value,
- "-a " + SupportedArch.X86.value + " -c " + SupportedConfig.DEFAULT.value,
- "-a " + SupportedArch.ARMV8_M.value + " -c " + SupportedConfig.TFM_MEDIUM.value,
+ '-a ' + SupportedArch.AARCH64.value + ' -c ' + SupportedConfig.DEFAULT.value,
+ '-a ' + SupportedArch.AARCH32.value + ' -c ' + SupportedConfig.DEFAULT.value,
+ '-a ' + SupportedArch.X86_64.value + ' -c ' + SupportedConfig.DEFAULT.value,
+ '-a ' + SupportedArch.X86.value + ' -c ' + SupportedConfig.DEFAULT.value,
+ '-a ' + SupportedArch.ARMV8_M.value + ' -c ' + SupportedConfig.TFM_MEDIUM.value,
]
- def __init__(self, arch: str, config: str, sys_arch: str) -> None:
+ def __init__(
+ self,
+ size_dist_info: CodeSizeDistinctInfo,
+ host_arch: str,
+ logger: logging.Logger,
+ ) -> None:
"""
- arch: architecture to measure code size on.
- config: configuration type to measure code size with.
- sys_arch: host architecture.
- make_command: command to build library (Inferred from arch and config).
+ :param size_dist_info:
+ CodeSizeDistinctInfo containing info for code size measurement.
+ - size_dist_info.arch: architecture to measure code size on.
+ - size_dist_info.config: configuration type to measure
+ code size with.
+ - size_dist_info.compiler: compiler used to build library/*.o.
+ - size_dist_info.opt_level: Options that control optimization.
+ (E.g. -Os)
+ :param host_arch: host architecture.
+ :param logger: logging module
"""
- self.arch = arch
- self.config = config
- self.sys_arch = sys_arch
- self.make_command = self.set_make_command()
+ self.arch = size_dist_info.arch
+ self.config = size_dist_info.config
+ self.compiler = size_dist_info.compiler
+ self.opt_level = size_dist_info.opt_level
- def set_make_command(self) -> str:
- """Infer build command based on architecture and configuration."""
+ self.make_cmd = ['make', '-j', 'lib']
+ self.host_arch = host_arch
+ self.logger = logger
+
+ def check_correctness(self) -> bool:
+ """Check whether we are using proper / supported combination
+ of information to build library/*.o."""
+
+ # default config
if self.config == SupportedConfig.DEFAULT.value and \
- self.arch == self.sys_arch:
- return 'make -j lib CFLAGS=\'-Os \' '
+ self.arch == self.host_arch:
+ return True
+ # TF-M
elif self.arch == SupportedArch.ARMV8_M.value and \
self.config == SupportedConfig.TFM_MEDIUM.value:
- return \
- 'make -j lib CC=armclang \
- CFLAGS=\'--target=arm-arm-none-eabi -mcpu=cortex-m33 -Os \
- -DMBEDTLS_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_MBEDCRYPTO_H + '\\\" \
- -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_PSA_CRYPTO_H + '\\\" \''
+ return True
+
+ return False
+
+ def infer_pre_make_command(self) -> typing.List[str]:
+ """Infer command to set up proper configuration before running make."""
+ pre_make_cmd = [] #type: typing.List[str]
+ if self.config == SupportedConfig.TFM_MEDIUM.value:
+ pre_make_cmd.append('cp {src} {dest}'
+ .format(src=TFM_MEDIUM_CONFIG_H, dest=CONFIG_H))
+ pre_make_cmd.append('cp {src} {dest}'
+ .format(src=TFM_MEDIUM_CRYPTO_CONFIG_H,
+ dest=CRYPTO_CONFIG_H))
+
+ return pre_make_cmd
+
+ def infer_make_cflags(self) -> str:
+ """Infer CFLAGS by instance attributes in CodeSizeDistinctInfo."""
+ cflags = [] #type: typing.List[str]
+
+ # set optimization level
+ cflags.append(self.opt_level)
+ # set compiler by config
+ if self.config == SupportedConfig.TFM_MEDIUM.value:
+ self.compiler = 'armclang'
+ cflags.append('-mcpu=cortex-m33')
+ # set target
+ if self.compiler == 'armclang':
+ cflags.append('--target=arm-arm-none-eabi')
+
+ return ' '.join(cflags)
+
+ def infer_make_command(self) -> str:
+ """Infer make command by CFLAGS and CC."""
+
+ if self.check_correctness():
+ # set CFLAGS=
+ self.make_cmd.append('CFLAGS=\'{}\''.format(self.infer_make_cflags()))
+ # set CC=
+ self.make_cmd.append('CC={}'.format(self.compiler))
+ return ' '.join(self.make_cmd)
else:
- print("Unsupported combination of architecture: {} and configuration: {}"
- .format(self.arch, self.config))
- print("\nPlease use supported combination of architecture and configuration:")
- for comb in CodeSizeInfo.SupportedArchConfig:
- print(comb)
- print("\nFor your system, please use:")
- for comb in CodeSizeInfo.SupportedArchConfig:
- if "default" in comb and self.sys_arch not in comb:
+ self.logger.error("Unsupported combination of architecture: {} " \
+ "and configuration: {}.\n"
+ .format(self.arch,
+ self.config))
+ self.logger.error("Please use supported combination of " \
+ "architecture and configuration:")
+ for comb in CodeSizeBuildInfo.SupportedArchConfig:
+ self.logger.error(comb)
+ self.logger.error("")
+ self.logger.error("For your system, please use:")
+ for comb in CodeSizeBuildInfo.SupportedArchConfig:
+ if "default" in comb and self.host_arch not in comb:
continue
- print(comb)
+ self.logger.error(comb)
sys.exit(1)
-class SizeEntry: # pylint: disable=too-few-public-methods
- """Data Structure to only store information of code size."""
- def __init__(self, text, data, bss, dec):
- self.text = text
- self.data = data
- self.bss = bss
- self.total = dec # total <=> dec
-class CodeSizeBase:
+class CodeSizeCalculator:
+ """ A calculator to calculate code size of library/*.o based on
+ Git revision and code size measurement tool.
+ """
+
+ def __init__( #pylint: disable=too-many-arguments
+ self,
+ git_rev: str,
+ pre_make_cmd: typing.List[str],
+ make_cmd: str,
+ measure_cmd: str,
+ logger: logging.Logger,
+ ) -> None:
+ """
+ :param git_rev: Git revision. (E.g: commit)
+ :param pre_make_cmd: command to set up proper config before running make.
+ :param make_cmd: command to build library/*.o.
+ :param measure_cmd: command to measure code size for library/*.o.
+ :param logger: logging module
+ """
+ self.repo_path = "."
+ self.git_command = "git"
+ self.make_clean = 'make clean'
+
+ self.git_rev = git_rev
+ self.pre_make_cmd = pre_make_cmd
+ self.make_cmd = make_cmd
+ self.measure_cmd = measure_cmd
+ self.logger = logger
+
+ @staticmethod
+ def validate_git_revision(git_rev: str) -> str:
+ result = subprocess.check_output(["git", "rev-parse", "--verify",
+ git_rev + "^{commit}"],
+ shell=False, universal_newlines=True)
+ return result[:7]
+
+ def _create_git_worktree(self) -> str:
+ """Create a separate worktree for Git revision.
+ If Git revision is current, use current worktree instead."""
+
+ if self.git_rev == 'current':
+ self.logger.debug("Using current work directory.")
+ git_worktree_path = self.repo_path
+ else:
+ self.logger.debug("Creating git worktree for {}."
+ .format(self.git_rev))
+ git_worktree_path = os.path.join(self.repo_path,
+ "temp-" + self.git_rev)
+ subprocess.check_output(
+ [self.git_command, "worktree", "add", "--detach",
+ git_worktree_path, self.git_rev], cwd=self.repo_path,
+ stderr=subprocess.STDOUT
+ )
+
+ return git_worktree_path
+
+ @staticmethod
+ def backup_config_files(restore: bool) -> None:
+ """Backup / Restore config files."""
+ if restore:
+ shutil.move(CONFIG_H + BACKUP_SUFFIX, CONFIG_H)
+ shutil.move(CRYPTO_CONFIG_H + BACKUP_SUFFIX, CRYPTO_CONFIG_H)
+ else:
+ shutil.copy(CONFIG_H, CONFIG_H + BACKUP_SUFFIX)
+ shutil.copy(CRYPTO_CONFIG_H, CRYPTO_CONFIG_H + BACKUP_SUFFIX)
+
+ def _build_libraries(self, git_worktree_path: str) -> None:
+ """Build library/*.o in the specified worktree."""
+
+ self.logger.debug("Building library/*.o for {}."
+ .format(self.git_rev))
+ my_environment = os.environ.copy()
+ try:
+ if self.git_rev == 'current':
+ self.backup_config_files(restore=False)
+ for pre_cmd in self.pre_make_cmd:
+ subprocess.check_output(
+ pre_cmd, env=my_environment, shell=True,
+ cwd=git_worktree_path, stderr=subprocess.STDOUT,
+ universal_newlines=True
+ )
+ subprocess.check_output(
+ self.make_clean, env=my_environment, shell=True,
+ cwd=git_worktree_path, stderr=subprocess.STDOUT,
+ universal_newlines=True
+ )
+ subprocess.check_output(
+ self.make_cmd, env=my_environment, shell=True,
+ cwd=git_worktree_path, stderr=subprocess.STDOUT,
+ universal_newlines=True
+ )
+ if self.git_rev == 'current':
+ self.backup_config_files(restore=True)
+ except subprocess.CalledProcessError as e:
+ self._handle_called_process_error(e, git_worktree_path)
+
+ def _gen_raw_code_size(self, git_worktree_path: str) -> typing.Dict[str, str]:
+ """Measure code size by a tool and return in UTF-8 encoding."""
+
+ self.logger.debug("Measuring code size for {} by `{}`."
+ .format(self.git_rev,
+ self.measure_cmd.strip().split(' ')[0]))
+
+ res = {}
+ for mod, st_lib in MBEDTLS_STATIC_LIB.items():
+ try:
+ result = subprocess.check_output(
+ [self.measure_cmd + ' ' + st_lib], cwd=git_worktree_path,
+ shell=True, universal_newlines=True
+ )
+ res[mod] = result
+ except subprocess.CalledProcessError as e:
+ self._handle_called_process_error(e, git_worktree_path)
+
+ return res
+
+ def _remove_worktree(self, git_worktree_path: str) -> None:
+ """Remove temporary worktree."""
+ if git_worktree_path != self.repo_path:
+ self.logger.debug("Removing temporary worktree {}."
+ .format(git_worktree_path))
+ subprocess.check_output(
+ [self.git_command, "worktree", "remove", "--force",
+ git_worktree_path], cwd=self.repo_path,
+ stderr=subprocess.STDOUT
+ )
+
+ def _handle_called_process_error(self, e: subprocess.CalledProcessError,
+ git_worktree_path: str) -> None:
+ """Handle a CalledProcessError and quit the program gracefully.
+ Remove any extra worktrees so that the script may be called again."""
+
+ # Tell the user what went wrong
+ self.logger.error(e, exc_info=True)
+ self.logger.error("Process output:\n {}".format(e.output))
+
+ # Quit gracefully by removing the existing worktree
+ self._remove_worktree(git_worktree_path)
+ sys.exit(-1)
+
+ def cal_libraries_code_size(self) -> typing.Dict[str, str]:
+ """Do a complete round to calculate code size of library/*.o
+ by measurement tool.
+
+ :return A dictionary of measured code size
+ - typing.Dict[mod: str]
+ """
+
+ git_worktree_path = self._create_git_worktree()
+ try:
+ self._build_libraries(git_worktree_path)
+ res = self._gen_raw_code_size(git_worktree_path)
+ finally:
+ self._remove_worktree(git_worktree_path)
+
+ return res
+
+
+class CodeSizeGenerator:
+ """ A generator based on size measurement tool for library/*.o.
+
+ This is an abstract class. To use it, derive a class that implements
+ write_record and write_comparison methods, then call both of them with
+ proper arguments.
+ """
+ def __init__(self, logger: logging.Logger) -> None:
+ """
+ :param logger: logging module
+ """
+ self.logger = logger
+
+ def write_record(
+ self,
+ git_rev: str,
+ code_size_text: typing.Dict[str, str],
+ output: typing_util.Writable
+ ) -> None:
+ """Write size record into a file.
+
+ :param git_rev: Git revision. (E.g: commit)
+ :param code_size_text:
+ string output (utf-8) from measurement tool of code size.
+ - typing.Dict[mod: str]
+ :param output: output stream which the code size record is written to.
+ (Note: Normally write code size record into File)
+ """
+ raise NotImplementedError
+
+ def write_comparison( #pylint: disable=too-many-arguments
+ self,
+ old_rev: str,
+ new_rev: str,
+ output: typing_util.Writable,
+ with_markdown=False,
+ show_all=False
+ ) -> None:
+ """Write a comparision result into a stream between two Git revisions.
+
+ :param old_rev: old Git revision to compared with.
+ :param new_rev: new Git revision to compared with.
+ :param output: output stream which the code size record is written to.
+ (File / sys.stdout)
+ :param with_markdown: write comparision result in a markdown table.
+ (Default: False)
+ :param show_all: show all objects in comparison result. (Default False)
+ """
+ raise NotImplementedError
+
+
+class CodeSizeGeneratorWithSize(CodeSizeGenerator):
"""Code Size Base Class for size record saving and writing."""
- def __init__(self) -> None:
- """ Variable code_size is used to store size info for any revisions.
- code_size: (data format)
- {revision: {module: {file_name: SizeEntry,
- etc ...
- },
- etc ...
- },
- etc ...
- }
- """
- self.code_size = {} #type: typing.Dict[str, typing.Dict]
+ class SizeEntry: # pylint: disable=too-few-public-methods
+ """Data Structure to only store information of code size."""
+ def __init__(self, text: int, data: int, bss: int, dec: int):
+ self.text = text
+ self.data = data
+ self.bss = bss
+ self.total = dec # total <=> dec
- def set_size_record(self, revision: str, mod: str, size_text: str) -> None:
- """Store size information for target revision and high-level module.
+ def __init__(self, logger: logging.Logger) -> None:
+ """ Variable code_size is used to store size info for any Git revisions.
+ :param code_size:
+ Data Format as following:
+ code_size = {
+ git_rev: {
+ module: {
+ file_name: SizeEntry,
+ ...
+ },
+ ...
+ },
+ ...
+ }
+ """
+ super().__init__(logger)
+ self.code_size = {} #type: typing.Dict[str, typing.Dict]
+ self.mod_total_suffix = '-' + 'TOTALS'
+
+ def _set_size_record(self, git_rev: str, mod: str, size_text: str) -> None:
+ """Store size information for target Git revision and high-level module.
size_text Format: text data bss dec hex filename
"""
size_record = {}
for line in size_text.splitlines()[1:]:
data = line.split()
- size_record[data[5]] = SizeEntry(data[0], data[1], data[2], data[3])
- if revision in self.code_size:
- self.code_size[revision].update({mod: size_record})
- else:
- self.code_size[revision] = {mod: size_record}
+ if re.match(r'\s*\(TOTALS\)', data[5]):
+ data[5] = mod + self.mod_total_suffix
+ # file_name: SizeEntry(text, data, bss, dec)
+ size_record[data[5]] = CodeSizeGeneratorWithSize.SizeEntry(
+ int(data[0]), int(data[1]), int(data[2]), int(data[3]))
+ self.code_size.setdefault(git_rev, {}).update({mod: size_record})
- def read_size_record(self, revision: str, fname: str) -> None:
+ def read_size_record(self, git_rev: str, fname: str) -> None:
"""Read size information from csv file and write it into code_size.
fname Format: filename text data bss dec
@@ -179,232 +535,325 @@
continue
if mod:
- size_record[data[0]] = \
- SizeEntry(data[1], data[2], data[3], data[4])
+ # file_name: SizeEntry(text, data, bss, dec)
+ size_record[data[0]] = CodeSizeGeneratorWithSize.SizeEntry(
+ int(data[1]), int(data[2]), int(data[3]), int(data[4]))
# check if we hit record for the end of a module
- m = re.match(r'.?TOTALS', line)
+ m = re.match(r'\w+' + self.mod_total_suffix, line)
if m:
- if revision in self.code_size:
- self.code_size[revision].update({mod: size_record})
+ if git_rev in self.code_size:
+ self.code_size[git_rev].update({mod: size_record})
else:
- self.code_size[revision] = {mod: size_record}
+ self.code_size[git_rev] = {mod: size_record}
mod = ""
size_record = {}
- def _size_reader_helper(
+ def write_record(
self,
- revision: str,
- output: typing_util.Writable
- ) -> typing.Iterator[tuple]:
- """A helper function to peel code_size based on revision."""
- for mod, file_size in self.code_size[revision].items():
- output.write("\n" + mod + "\n")
- for fname, size_entry in file_size.items():
- yield mod, fname, size_entry
-
- def write_size_record(
- self,
- revision: str,
+ git_rev: str,
+ code_size_text: typing.Dict[str, str],
output: typing_util.Writable
) -> None:
"""Write size information to a file.
- Writing Format: file_name text data bss total(dec)
+ Writing Format: filename text data bss total(dec)
"""
- output.write("{:<30} {:>7} {:>7} {:>7} {:>7}\n"
- .format("filename", "text", "data", "bss", "total"))
- for _, fname, size_entry in self._size_reader_helper(revision, output):
- output.write("{:<30} {:>7} {:>7} {:>7} {:>7}\n"
- .format(fname, size_entry.text, size_entry.data,\
- size_entry.bss, size_entry.total))
+ for mod, size_text in code_size_text.items():
+ self._set_size_record(git_rev, mod, size_text)
- def write_comparison(
+ format_string = "{:<30} {:>7} {:>7} {:>7} {:>7}\n"
+ output.write(format_string.format("filename",
+ "text", "data", "bss", "total"))
+
+ for mod, f_size in self.code_size[git_rev].items():
+ output.write("\n" + mod + "\n")
+ for fname, size_entry in f_size.items():
+ output.write(format_string
+ .format(fname,
+ size_entry.text, size_entry.data,
+ size_entry.bss, size_entry.total))
+
+ def write_comparison( #pylint: disable=too-many-arguments
self,
old_rev: str,
new_rev: str,
- output: typing_util.Writable
+ output: typing_util.Writable,
+ with_markdown=False,
+ show_all=False
) -> None:
+ # pylint: disable=too-many-locals
"""Write comparison result into a file.
- Writing Format: file_name current(total) old(total) change(Byte) change_pct(%)
+ Writing Format:
+ Markdown Output:
+ filename new(text) new(data) change(text) change(data)
+ CSV Output:
+ filename new(text) new(data) old(text) old(data) change(text) change(data)
"""
- output.write("{:<30} {:>7} {:>7} {:>7} {:>7}\n"
- .format("filename", "current", "old", "change", "change%"))
- for mod, fname, size_entry in self._size_reader_helper(new_rev, output):
- new_size = int(size_entry.total)
- # check if we have the file in old revision
- if fname in self.code_size[old_rev][mod]:
- old_size = int(self.code_size[old_rev][mod][fname].total)
- change = new_size - old_size
- if old_size != 0:
- change_pct = change / old_size
- else:
- change_pct = 0
- output.write("{:<30} {:>7} {:>7} {:>7} {:>7.2%}\n"
- .format(fname, new_size, old_size, change, change_pct))
+ header_line = ["filename", "new(text)", "old(text)", "change(text)",
+ "new(data)", "old(data)", "change(data)"]
+ if with_markdown:
+ dash_line = [":----", "----:", "----:", "----:",
+ "----:", "----:", "----:"]
+ # | filename | new(text) | new(data) | change(text) | change(data) |
+ line_format = "| {0:<30} | {1:>9} | {4:>9} | {3:>12} | {6:>12} |\n"
+ bold_text = lambda x: '**' + str(x) + '**'
+ else:
+ # filename new(text) new(data) old(text) old(data) change(text) change(data)
+ line_format = "{0:<30} {1:>9} {4:>9} {2:>10} {5:>10} {3:>12} {6:>12}\n"
+
+ def cal_sect_change(
+ old_size: typing.Optional[CodeSizeGeneratorWithSize.SizeEntry],
+ new_size: typing.Optional[CodeSizeGeneratorWithSize.SizeEntry],
+ sect: str
+ ) -> typing.List:
+ """Inner helper function to calculate size change for a section.
+
+ Convention for special cases:
+ - If the object has been removed in new Git revision,
+ the size is minus code size of old Git revision;
+ the size change is marked as `Removed`,
+ - If the object only exists in new Git revision,
+ the size is code size of new Git revision;
+ the size change is marked as `None`,
+
+ :param: old_size: code size for objects in old Git revision.
+ :param: new_size: code size for objects in new Git revision.
+ :param: sect: section to calculate from `size` tool. This could be
+ any instance variable in SizeEntry.
+ :return: List of [section size of objects for new Git revision,
+ section size of objects for old Git revision,
+ section size change of objects between two Git revisions]
+ """
+ if old_size and new_size:
+ new_attr = new_size.__dict__[sect]
+ old_attr = old_size.__dict__[sect]
+ delta = new_attr - old_attr
+ change_attr = '{0:{1}}'.format(delta, '+' if delta else '')
+ elif old_size:
+ new_attr = 'Removed'
+ old_attr = old_size.__dict__[sect]
+ delta = - old_attr
+ change_attr = '{0:{1}}'.format(delta, '+' if delta else '')
+ elif new_size:
+ new_attr = new_size.__dict__[sect]
+ old_attr = 'NotCreated'
+ delta = new_attr
+ change_attr = '{0:{1}}'.format(delta, '+' if delta else '')
else:
- output.write("{} {}\n".format(fname, new_size))
+ # Should never happen
+ new_attr = 'Error'
+ old_attr = 'Error'
+ change_attr = 'Error'
+ return [new_attr, old_attr, change_attr]
+
+ # sort dictionary by key
+ sort_by_k = lambda item: item[0].lower()
+ def get_results(
+ f_rev_size:
+ typing.Dict[str,
+ typing.Dict[str,
+ CodeSizeGeneratorWithSize.SizeEntry]]
+ ) -> typing.List:
+ """Return List of results in the format of:
+ [filename, new(text), old(text), change(text),
+ new(data), old(data), change(data)]
+ """
+ res = []
+ for fname, revs_size in sorted(f_rev_size.items(), key=sort_by_k):
+ old_size = revs_size.get(old_rev)
+ new_size = revs_size.get(new_rev)
+
+ text_sect = cal_sect_change(old_size, new_size, 'text')
+ data_sect = cal_sect_change(old_size, new_size, 'data')
+ # skip the files that haven't changed in code size
+ if not show_all and text_sect[-1] == '0' and data_sect[-1] == '0':
+ continue
+
+ res.append([fname, *text_sect, *data_sect])
+ return res
+
+ # write header
+ output.write(line_format.format(*header_line))
+ if with_markdown:
+ output.write(line_format.format(*dash_line))
+ for mod in MBEDTLS_STATIC_LIB:
+ # convert self.code_size to:
+ # {
+ # file_name: {
+ # old_rev: SizeEntry,
+ # new_rev: SizeEntry
+ # },
+ # ...
+ # }
+ f_rev_size = {} #type: typing.Dict[str, typing.Dict]
+ for fname, size_entry in self.code_size[old_rev][mod].items():
+ f_rev_size.setdefault(fname, {}).update({old_rev: size_entry})
+ for fname, size_entry in self.code_size[new_rev][mod].items():
+ f_rev_size.setdefault(fname, {}).update({new_rev: size_entry})
+
+ mod_total_sz = f_rev_size.pop(mod + self.mod_total_suffix)
+ res = get_results(f_rev_size)
+ total_clm = get_results({mod + self.mod_total_suffix: mod_total_sz})
+ if with_markdown:
+ # bold row of mod-TOTALS in markdown table
+ total_clm = [[bold_text(j) for j in i] for i in total_clm]
+ res += total_clm
+
+ # write comparison result
+ for line in res:
+ output.write(line_format.format(*line))
-class CodeSizeComparison(CodeSizeBase):
+class CodeSizeComparison:
"""Compare code size between two Git revisions."""
- def __init__(
+ def __init__( #pylint: disable=too-many-arguments
self,
- old_revision: str,
- new_revision: str,
- result_dir: str,
- code_size_info: CodeSizeInfo
+ old_size_dist_info: CodeSizeDistinctInfo,
+ new_size_dist_info: CodeSizeDistinctInfo,
+ size_common_info: CodeSizeCommonInfo,
+ result_options: CodeSizeResultInfo,
+ logger: logging.Logger,
) -> None:
"""
- old_revision: revision to compare against.
- new_revision:
- result_dir: directory for comparison result.
- code_size_info: an object containing information to build library.
+ :param old_size_dist_info: CodeSizeDistinctInfo containing old distinct
+ info to compare code size with.
+ :param new_size_dist_info: CodeSizeDistinctInfo containing new distinct
+ info to take as comparision base.
+ :param size_common_info: CodeSizeCommonInfo containing common info for
+ both old and new size distinct info and
+ measurement tool.
+ :param result_options: CodeSizeResultInfo containing results options for
+ code size record and comparision.
+ :param logger: logging module
"""
- super().__init__()
- self.repo_path = "."
- self.result_dir = os.path.abspath(result_dir)
- os.makedirs(self.result_dir, exist_ok=True)
- self.csv_dir = os.path.abspath("code_size_records/")
+ self.logger = logger
+
+ self.old_size_dist_info = old_size_dist_info
+ self.new_size_dist_info = new_size_dist_info
+ self.size_common_info = size_common_info
+ # infer pre make command
+ self.old_size_dist_info.pre_make_cmd = CodeSizeBuildInfo(
+ self.old_size_dist_info, self.size_common_info.host_arch,
+ self.logger).infer_pre_make_command()
+ self.new_size_dist_info.pre_make_cmd = CodeSizeBuildInfo(
+ self.new_size_dist_info, self.size_common_info.host_arch,
+ self.logger).infer_pre_make_command()
+ # infer make command
+ self.old_size_dist_info.make_cmd = CodeSizeBuildInfo(
+ self.old_size_dist_info, self.size_common_info.host_arch,
+ self.logger).infer_make_command()
+ self.new_size_dist_info.make_cmd = CodeSizeBuildInfo(
+ self.new_size_dist_info, self.size_common_info.host_arch,
+ self.logger).infer_make_command()
+ # initialize size parser with corresponding measurement tool
+ self.code_size_generator = self.__generate_size_parser()
+
+ self.result_options = result_options
+ self.csv_dir = os.path.abspath(self.result_options.record_dir)
os.makedirs(self.csv_dir, exist_ok=True)
+ self.comp_dir = os.path.abspath(self.result_options.comp_dir)
+ os.makedirs(self.comp_dir, exist_ok=True)
- self.old_rev = old_revision
- self.new_rev = new_revision
- self.git_command = "git"
- self.make_clean = 'make clean'
- self.make_command = code_size_info.make_command
- self.fname_suffix = "-" + code_size_info.arch + "-" +\
- code_size_info.config
-
- @staticmethod
- def validate_revision(revision: str) -> bytes:
- result = subprocess.check_output(["git", "rev-parse", "--verify",
- revision + "^{commit}"], shell=False)
- return result
-
- def _create_git_worktree(self, revision: str) -> str:
- """Make a separate worktree for revision.
- Do not modify the current worktree."""
-
- if revision == "current":
- print("Using current work directory")
- git_worktree_path = self.repo_path
+ def __generate_size_parser(self):
+ """Generate a parser for the corresponding measurement tool."""
+ if re.match(r'size', self.size_common_info.measure_cmd.strip()):
+ return CodeSizeGeneratorWithSize(self.logger)
else:
- print("Creating git worktree for", revision)
- git_worktree_path = os.path.join(self.repo_path, "temp-" + revision)
- subprocess.check_output(
- [self.git_command, "worktree", "add", "--detach",
- git_worktree_path, revision], cwd=self.repo_path,
- stderr=subprocess.STDOUT
- )
+ self.logger.error("Unsupported measurement tool: `{}`."
+ .format(self.size_common_info.measure_cmd
+ .strip().split(' ')[0]))
+ sys.exit(1)
- return git_worktree_path
+ def cal_code_size(
+ self,
+ size_dist_info: CodeSizeDistinctInfo
+ ) -> typing.Dict[str, str]:
+ """Calculate code size of library/*.o in a UTF-8 encoding"""
- def _build_libraries(self, git_worktree_path: str) -> None:
- """Build libraries in the specified worktree."""
+ return CodeSizeCalculator(size_dist_info.git_rev,
+ size_dist_info.pre_make_cmd,
+ size_dist_info.make_cmd,
+ self.size_common_info.measure_cmd,
+ self.logger).cal_libraries_code_size()
- my_environment = os.environ.copy()
- try:
- subprocess.check_output(
- self.make_clean, env=my_environment, shell=True,
- cwd=git_worktree_path, stderr=subprocess.STDOUT,
- )
- subprocess.check_output(
- self.make_command, env=my_environment, shell=True,
- cwd=git_worktree_path, stderr=subprocess.STDOUT,
- )
- except subprocess.CalledProcessError as e:
- self._handle_called_process_error(e, git_worktree_path)
+ def gen_code_size_report(self, size_dist_info: CodeSizeDistinctInfo) -> None:
+ """Generate code size record and write it into a file."""
- def _gen_code_size_csv(self, revision: str, git_worktree_path: str) -> None:
- """Generate code size csv file."""
-
- if revision == "current":
- print("Measuring code size in current work directory")
- else:
- print("Measuring code size for", revision)
-
- for mod, st_lib in MBEDTLS_STATIC_LIB.items():
- try:
- result = subprocess.check_output(
- ["size", st_lib, "-t"], cwd=git_worktree_path
- )
- except subprocess.CalledProcessError as e:
- self._handle_called_process_error(e, git_worktree_path)
- size_text = result.decode("utf-8")
-
- self.set_size_record(revision, mod, size_text)
-
- print("Generating code size csv for", revision)
- csv_file = open(os.path.join(self.csv_dir, revision +
- self.fname_suffix + ".csv"), "w")
- self.write_size_record(revision, csv_file)
-
- def _remove_worktree(self, git_worktree_path: str) -> None:
- """Remove temporary worktree."""
- if git_worktree_path != self.repo_path:
- print("Removing temporary worktree", git_worktree_path)
- subprocess.check_output(
- [self.git_command, "worktree", "remove", "--force",
- git_worktree_path], cwd=self.repo_path,
- stderr=subprocess.STDOUT
- )
-
- def _get_code_size_for_rev(self, revision: str) -> None:
- """Generate code size csv file for the specified git revision."""
-
+ self.logger.info("Start to generate code size record for {}."
+ .format(size_dist_info.git_rev))
+ output_file = os.path.join(
+ self.csv_dir,
+ '{}-{}.csv'
+ .format(size_dist_info.get_info_indication(),
+ self.size_common_info.get_info_indication()))
# Check if the corresponding record exists
- csv_fname = revision + self.fname_suffix + ".csv"
- if (revision != "current") and \
- os.path.exists(os.path.join(self.csv_dir, csv_fname)):
- print("Code size csv file for", revision, "already exists.")
- self.read_size_record(revision, os.path.join(self.csv_dir, csv_fname))
+ if size_dist_info.git_rev != "current" and \
+ os.path.exists(output_file):
+ self.logger.debug("Code size csv file for {} already exists."
+ .format(size_dist_info.git_rev))
+ self.code_size_generator.read_size_record(
+ size_dist_info.git_rev, output_file)
else:
- git_worktree_path = self._create_git_worktree(revision)
- self._build_libraries(git_worktree_path)
- self._gen_code_size_csv(revision, git_worktree_path)
- self._remove_worktree(git_worktree_path)
+ # measure code size
+ code_size_text = self.cal_code_size(size_dist_info)
- def _gen_code_size_comparison(self) -> int:
- """Generate results of the size changes between two revisions,
- old and new. Measured code size results of these two revisions
- must be available."""
+ self.logger.debug("Generating code size csv for {}."
+ .format(size_dist_info.git_rev))
+ output = open(output_file, "w")
+ self.code_size_generator.write_record(
+ size_dist_info.git_rev, code_size_text, output)
- res_file = open(os.path.join(self.result_dir, "compare-" +
- self.old_rev + "-" + self.new_rev +
- self.fname_suffix +
- ".csv"), "w")
+ def gen_code_size_comparison(self) -> None:
+ """Generate results of code size changes between two Git revisions,
+ old and new.
- print("\nGenerating comparison results between",\
- self.old_rev, "and", self.new_rev)
- self.write_comparison(self.old_rev, self.new_rev, res_file)
+ - Measured code size result of these two Git revisions must be available.
+ - The result is directed into either file / stdout depending on
+ the option, size_common_info.result_options.stdout. (Default: file)
+ """
- return 0
+ self.logger.info("Start to generate comparision result between "\
+ "{} and {}."
+ .format(self.old_size_dist_info.git_rev,
+ self.new_size_dist_info.git_rev))
+ if self.result_options.stdout:
+ output = sys.stdout
+ else:
+ output_file = os.path.join(
+ self.comp_dir,
+ '{}-{}-{}.{}'
+ .format(self.old_size_dist_info.get_info_indication(),
+ self.new_size_dist_info.get_info_indication(),
+ self.size_common_info.get_info_indication(),
+ 'md' if self.result_options.with_markdown else 'csv'))
+ output = open(output_file, "w")
- def get_comparision_results(self) -> int:
- """Compare size of library/*.o between self.old_rev and self.new_rev,
- and generate the result file."""
+ self.logger.debug("Generating comparison results between {} and {}."
+ .format(self.old_size_dist_info.git_rev,
+ self.new_size_dist_info.git_rev))
+ if self.result_options.with_markdown or self.result_options.stdout:
+ print("Measure code size between {} and {} by `{}`."
+ .format(self.old_size_dist_info.get_info_indication(),
+ self.new_size_dist_info.get_info_indication(),
+ self.size_common_info.get_info_indication()),
+ file=output)
+ self.code_size_generator.write_comparison(
+ self.old_size_dist_info.git_rev,
+ self.new_size_dist_info.git_rev,
+ output, self.result_options.with_markdown,
+ self.result_options.show_all)
+
+ def get_comparision_results(self) -> None:
+ """Compare size of library/*.o between self.old_size_dist_info and
+ self.old_size_dist_info and generate the result file."""
build_tree.check_repo_path()
- self._get_code_size_for_rev(self.old_rev)
- self._get_code_size_for_rev(self.new_rev)
- return self._gen_code_size_comparison()
-
- def _handle_called_process_error(self, e: subprocess.CalledProcessError,
- git_worktree_path: str) -> None:
- """Handle a CalledProcessError and quit the program gracefully.
- Remove any extra worktrees so that the script may be called again."""
-
- # Tell the user what went wrong
- print("The following command: {} failed and exited with code {}"
- .format(e.cmd, e.returncode))
- print("Process output:\n {}".format(str(e.output, "utf-8")))
-
- # Quit gracefully by removing the existing worktree
- self._remove_worktree(git_worktree_path)
- sys.exit(-1)
+ self.gen_code_size_report(self.old_size_dist_info)
+ self.gen_code_size_report(self.new_size_dist_info)
+ self.gen_code_size_comparison()
def main():
parser = argparse.ArgumentParser(description=(__doc__))
@@ -412,55 +861,92 @@
'required arguments',
'required arguments to parse for running ' + os.path.basename(__file__))
group_required.add_argument(
- "-o", "--old-rev", type=str, required=True,
- help="old revision for comparison.")
+ '-o', '--old-rev', type=str, required=True,
+ help='old Git revision for comparison.')
group_optional = parser.add_argument_group(
'optional arguments',
'optional arguments to parse for running ' + os.path.basename(__file__))
group_optional.add_argument(
- "-r", "--result-dir", type=str, default="comparison",
- help="directory where comparison result is stored, \
- default is comparison")
+ '--record-dir', type=str, default='code_size_records',
+ help='directory where code size record is stored. '
+ '(Default: code_size_records)')
group_optional.add_argument(
- "-n", "--new-rev", type=str, default=None,
- help="new revision for comparison, default is the current work \
- directory, including uncommitted changes.")
+ '--comp-dir', type=str, default='comparison',
+ help='directory where comparison result is stored. '
+ '(Default: comparison)')
group_optional.add_argument(
- "-a", "--arch", type=str, default=detect_arch(),
+ '-n', '--new-rev', type=str, default='current',
+ help='new Git revision as comparison base. '
+ '(Default is the current work directory, including uncommitted '
+ 'changes.)')
+ group_optional.add_argument(
+ '-a', '--arch', type=str, default=detect_arch(),
choices=list(map(lambda s: s.value, SupportedArch)),
- help="specify architecture for code size comparison, default is the\
- host architecture.")
+ help='Specify architecture for code size comparison. '
+ '(Default is the host architecture.)')
group_optional.add_argument(
- "-c", "--config", type=str, default=SupportedConfig.DEFAULT.value,
+ '-c', '--config', type=str, default=SupportedConfig.DEFAULT.value,
choices=list(map(lambda s: s.value, SupportedConfig)),
- help="specify configuration type for code size comparison,\
- default is the current MbedTLS configuration.")
+ help='Specify configuration type for code size comparison. '
+ '(Default is the current Mbed TLS configuration.)')
+ group_optional.add_argument(
+ '--markdown', action='store_true', dest='markdown',
+ help='Show comparision of code size in a markdown table. '
+ '(Only show the files that have changed).')
+ group_optional.add_argument(
+ '--stdout', action='store_true', dest='stdout',
+ help='Set this option to direct comparison result into sys.stdout. '
+ '(Default: file)')
+ group_optional.add_argument(
+ '--show-all', action='store_true', dest='show_all',
+ help='Show all the objects in comparison result, including the ones '
+ 'that haven\'t changed in code size. (Default: False)')
+ group_optional.add_argument(
+ '--verbose', action='store_true', dest='verbose',
+ help='Show logs in detail for code size measurement. '
+ '(Default: False)')
comp_args = parser.parse_args()
- if os.path.isfile(comp_args.result_dir):
- print("Error: {} is not a directory".format(comp_args.result_dir))
- parser.exit()
+ logger = logging.getLogger()
+ logging_util.configure_logger(logger, split_level=logging.NOTSET)
+ logger.setLevel(logging.DEBUG if comp_args.verbose else logging.INFO)
- validate_res = CodeSizeComparison.validate_revision(comp_args.old_rev)
- old_revision = validate_res.decode().replace("\n", "")
+ if os.path.isfile(comp_args.record_dir):
+ logger.error("record directory: {} is not a directory"
+ .format(comp_args.record_dir))
+ sys.exit(1)
+ if os.path.isfile(comp_args.comp_dir):
+ logger.error("comparison directory: {} is not a directory"
+ .format(comp_args.comp_dir))
+ sys.exit(1)
- if comp_args.new_rev is not None:
- validate_res = CodeSizeComparison.validate_revision(comp_args.new_rev)
- new_revision = validate_res.decode().replace("\n", "")
- else:
- new_revision = "current"
+ comp_args.old_rev = CodeSizeCalculator.validate_git_revision(
+ comp_args.old_rev)
+ if comp_args.new_rev != 'current':
+ comp_args.new_rev = CodeSizeCalculator.validate_git_revision(
+ comp_args.new_rev)
- code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config,
- detect_arch())
- print("Measure code size for architecture: {}, configuration: {}\n"
- .format(code_size_info.arch, code_size_info.config))
- result_dir = comp_args.result_dir
- size_compare = CodeSizeComparison(old_revision, new_revision, result_dir,
- code_size_info)
- return_code = size_compare.get_comparision_results()
- sys.exit(return_code)
+ # version, git_rev, arch, config, compiler, opt_level
+ old_size_dist_info = CodeSizeDistinctInfo(
+ 'old', comp_args.old_rev, comp_args.arch, comp_args.config, 'cc', '-Os')
+ new_size_dist_info = CodeSizeDistinctInfo(
+ 'new', comp_args.new_rev, comp_args.arch, comp_args.config, 'cc', '-Os')
+ # host_arch, measure_cmd
+ size_common_info = CodeSizeCommonInfo(
+ detect_arch(), 'size -t')
+ # record_dir, comp_dir, with_markdown, stdout, show_all
+ result_options = CodeSizeResultInfo(
+ comp_args.record_dir, comp_args.comp_dir,
+ comp_args.markdown, comp_args.stdout, comp_args.show_all)
+ logger.info("Measure code size between {} and {} by `{}`."
+ .format(old_size_dist_info.get_info_indication(),
+ new_size_dist_info.get_info_indication(),
+ size_common_info.get_info_indication()))
+ CodeSizeComparison(old_size_dist_info, new_size_dist_info,
+ size_common_info, result_options,
+ logger).get_comparision_results()
if __name__ == "__main__":
main()
diff --git a/scripts/code_style.py b/scripts/code_style.py
index ddd0a98..08ec4af 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -4,19 +4,7 @@
This script must be run from the root of a Git work tree containing Mbed TLS.
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import argparse
import os
import re
diff --git a/scripts/config.pl b/scripts/config.pl
index 5dd89d2..ca02b90 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -2,19 +2,8 @@
# Backward compatibility redirection
## Copyright The Mbed TLS Contributors
-## SPDX-License-Identifier: Apache-2.0
+## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
##
-## Licensed under the Apache License, Version 2.0 (the "License"); you may
-## not use this file except in compliance with the License.
-## You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
my $py = $0;
$py =~ s/\.pl$/.py/ or die "Unable to determine the name of the Python script";
diff --git a/scripts/config.py b/scripts/config.py
index 4ff5166..d5fb85e 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -13,19 +13,8 @@
# in parts that are not backported to 2.28.
## Copyright The Mbed TLS Contributors
-## SPDX-License-Identifier: Apache-2.0
+## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
##
-## Licensed under the Apache License, Version 2.0 (the "License"); you may
-## not use this file except in compliance with the License.
-## You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
import os
import re
@@ -190,6 +179,8 @@
EXCLUDE_FROM_FULL = frozenset([
#pylint: disable=line-too-long
'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY
+ 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency
+ 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES
'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
@@ -205,16 +196,17 @@
'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature
'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
- 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA
+ 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
- 'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config
'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT
'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
+ 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient
'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
@@ -233,7 +225,12 @@
Exclude alternative implementations of library functions since they require
an implementation of the relevant functions and an xxx_alt.h header.
"""
- if name in ('MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', 'MBEDTLS_PLATFORM_MS_TIME_ALT'):
+ if name in (
+ 'MBEDTLS_PLATFORM_GMTIME_R_ALT',
+ 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT',
+ 'MBEDTLS_PLATFORM_MS_TIME_ALT',
+ 'MBEDTLS_PLATFORM_ZEROIZE_ALT',
+ ):
# Similar to non-platform xxx_ALT, requires platform_alt.h
return False
return name.startswith('MBEDTLS_PLATFORM_')
@@ -273,6 +270,9 @@
'MBEDTLS_THREADING_C', # requires a threading interface
'MBEDTLS_THREADING_PTHREAD', # requires pthread
'MBEDTLS_TIMING_C', # requires a clock
+ 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection
+ 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection
])
def keep_in_baremetal(name):
@@ -353,6 +353,22 @@
return adapter(name, active, section)
return continuation
+def no_platform_adapter(adapter):
+ """Modify an adapter to disable platform symbols.
+
+ ``no_platform_adapter(adapter)(name, active, section)`` is like
+ ``adapter(name, active, section)``, but unsets all platform symbols other
+ ``than MBEDTLS_PLATFORM_C.
+ """
+ def continuation(name, active, section):
+ # Allow MBEDTLS_PLATFORM_C but remove all other platform symbols.
+ if name.startswith('MBEDTLS_PLATFORM_') and name != 'MBEDTLS_PLATFORM_C':
+ return False
+ if adapter is None:
+ return active
+ return adapter(name, active, section)
+ return continuation
+
class ConfigFile(Config):
"""Representation of the Mbed TLS configuration read for a file.
@@ -535,6 +551,10 @@
"""Uncomment most non-deprecated features.
Like "full", but without deprecated features.
""")
+ add_adapter('full_no_platform', no_platform_adapter(full_adapter),
+ """Uncomment most non-platform features.
+ Like "full", but without platform features.
+ """)
add_adapter('realfull', realfull_adapter,
"""Uncomment all boolean #defines.
Suitable for generating documentation, but not for building.""")
diff --git a/scripts/data_files/driver_jsons/driverlist.json b/scripts/data_files/driver_jsons/driverlist.json
index 50ad816..42c186a 100644
--- a/scripts/data_files/driver_jsons/driverlist.json
+++ b/scripts/data_files/driver_jsons/driverlist.json
@@ -1 +1 @@
-["mbedtls_test_opaque_driver.json","mbedtls_test_transparent_driver.json"]
+["mbedtls_test_opaque_driver.json","mbedtls_test_transparent_driver.json","p256_transparent_driver.json"]
diff --git a/scripts/data_files/driver_jsons/p256_transparent_driver.json b/scripts/data_files/driver_jsons/p256_transparent_driver.json
new file mode 100644
index 0000000..7d2aabf
--- /dev/null
+++ b/scripts/data_files/driver_jsons/p256_transparent_driver.json
@@ -0,0 +1,20 @@
+{
+ "prefix": "p256",
+ "type": "transparent",
+ "mbedtls/h_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",
+ "headers": ["../3rdparty/p256-m/p256-m_driver_entrypoints.h"],
+ "capabilities": [
+ {
+ "mbedtls/c_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",
+ "_comment_entry_points": "This is not the complete list of entry points supported by this driver, only those that are currently supported in JSON. See docs/psa-driver-example-and-guide.md",
+ "entry_points": ["import_key", "export_public_key"],
+ "algorithms": ["PSA_ALG_ECDH", "PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)"],
+ "key_types": [
+ "PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)",
+ "PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)"
+ ],
+ "key_sizes": [256],
+ "fallback": false
+ }
+ ]
+}
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
similarity index 90%
rename from scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
rename to scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
index 3ecd74d..924b08c 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
@@ -4,19 +4,7 @@
* Warning: This file is now auto-generated.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
@@ -25,13 +13,14 @@
#include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
-#include "psa_crypto_driver_wrappers.h"
+#include "psa_crypto_driver_wrappers_no_static.h"
#include "psa_crypto_hash.h"
#include "psa_crypto_mac.h"
#include "psa_crypto_pake.h"
#include "psa_crypto_rsa.h"
#include "mbedtls/platform.h"
+#include "mbedtls/constant_time.h"
/* END-common headers */
#if defined(MBEDTLS_PSA_CRYPTO_C)
@@ -81,7 +70,7 @@
#include "psa_crypto_se.h"
#endif
-psa_status_t psa_driver_wrapper_init( void )
+static inline psa_status_t psa_driver_wrapper_init( void )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -105,7 +94,7 @@
return( PSA_SUCCESS );
}
-void psa_driver_wrapper_free( void )
+static inline void psa_driver_wrapper_free( void )
{
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Unregister all secure element drivers, so that we restart from
@@ -120,7 +109,7 @@
}
/* Start delegation functions */
-psa_status_t psa_driver_wrapper_sign_message(
+static inline psa_status_t psa_driver_wrapper_sign_message(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@@ -195,7 +184,7 @@
signature_length ) );
}
-psa_status_t psa_driver_wrapper_verify_message(
+static inline psa_status_t psa_driver_wrapper_verify_message(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@@ -266,7 +255,7 @@
signature_length ) );
}
-psa_status_t psa_driver_wrapper_sign_hash(
+static inline psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@@ -316,7 +305,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
PSA_ALG_IS_ECDSA(alg) &&
!PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
@@ -335,7 +324,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_hash_builtin( attributes,
@@ -370,7 +359,7 @@
}
}
-psa_status_t psa_driver_wrapper_verify_hash(
+static inline psa_status_t psa_driver_wrapper_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@@ -420,7 +409,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
PSA_ALG_IS_ECDSA(alg) &&
!PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
@@ -438,7 +427,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
return( psa_verify_hash_builtin( attributes,
@@ -471,7 +460,7 @@
}
}
-uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
+static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
psa_sign_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@@ -491,10 +480,11 @@
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
- return( PSA_ERROR_INVALID_ARGUMENT );
+ /* Can't happen (see discussion in #8271) */
+ return 0;
}
-uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
+static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
psa_verify_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@@ -515,18 +505,18 @@
}
- return( PSA_ERROR_INVALID_ARGUMENT );
+ /* Can't happen (see discussion in #8271) */
+ return 0;
}
-psa_status_t psa_driver_wrapper_sign_hash_start(
+static inline psa_status_t psa_driver_wrapper_sign_hash_start(
psa_sign_hash_interruptible_operation_t *operation,
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_location_t location =
- PSA_KEY_LIFETIME_GET_LOCATION(
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
attributes->core.lifetime );
switch( location )
@@ -547,31 +537,24 @@
/* Fell through, meaning no accelerator supports this operation */
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
- return( mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length ) );
+ status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length );
break;
/* Add cases for opaque driver here */
default:
/* Key is declared with a lifetime not known to us */
- ( void ) status;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ break;
}
- ( void ) operation;
- ( void ) key_buffer;
- ( void ) key_buffer_size;
- ( void ) alg;
- ( void ) hash;
- ( void ) hash_length;
-
- return( status );
+ return( status );
}
-psa_status_t psa_driver_wrapper_sign_hash_complete(
+static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
psa_sign_hash_interruptible_operation_t *operation,
uint8_t *signature, size_t signature_size,
size_t *signature_length )
@@ -598,7 +581,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_sign_hash_abort(
+static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
psa_sign_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@@ -617,14 +600,13 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_verify_hash_start(
+static inline psa_status_t psa_driver_wrapper_verify_hash_start(
psa_verify_hash_interruptible_operation_t *operation,
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
-
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
attributes->core.lifetime );
@@ -647,35 +629,25 @@
/* Fell through, meaning no accelerator supports this operation */
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
- return( mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length
- ) );
+ status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length );
break;
/* Add cases for opaque driver here */
default:
/* Key is declared with a lifetime not known to us */
- ( void ) status;
- return( PSA_ERROR_INVALID_ARGUMENT );
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ break;
}
- ( void ) operation;
- ( void ) key_buffer;
- ( void ) key_buffer_size;
- ( void ) alg;
- ( void ) hash;
- ( void ) hash_length;
- ( void ) signature;
- ( void ) signature_length;
-
return( status );
}
-psa_status_t psa_driver_wrapper_verify_hash_complete(
+static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
psa_verify_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@@ -696,7 +668,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_verify_hash_abort(
+static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
psa_verify_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@@ -728,7 +700,7 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
*/
-psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
+static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
@@ -757,58 +729,7 @@
}
}
-/** Get the key buffer size required to store the key material of a key
- * associated with an opaque driver.
- *
- * \param[in] attributes The key attributes.
- * \param[out] key_buffer_size Minimum buffer size to contain the key material
- *
- * \retval #PSA_SUCCESS
- * The minimum size for a buffer to contain the key material has been
- * returned successfully.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * The type and/or the size in bits of the key or the combination of
- * the two is not supported.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key is declared with a lifetime not known to us.
- */
-psa_status_t psa_driver_wrapper_get_key_buffer_size(
- const psa_key_attributes_t *attributes,
- size_t *key_buffer_size )
-{
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
- psa_key_type_t key_type = attributes->core.type;
- size_t key_bits = attributes->core.bits;
-
- *key_buffer_size = 0;
- switch( location )
- {
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
- /* Emulate property 'builtin_key_size' */
- if( psa_key_id_is_builtin(
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
- psa_get_key_id( attributes ) ) ) )
- {
- *key_buffer_size = sizeof( psa_drv_slot_number_t );
- return( PSA_SUCCESS );
- }
-#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
- *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
- key_bits );
- return( ( *key_buffer_size != 0 ) ?
- PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-
- default:
- (void)key_type;
- (void)key_bits;
- return( PSA_ERROR_INVALID_ARGUMENT );
- }
-}
-
-psa_status_t psa_driver_wrapper_generate_key(
+static inline psa_status_t psa_driver_wrapper_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
@@ -853,7 +774,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
attributes->core.bits == 256 )
@@ -866,7 +787,7 @@
break;
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -894,7 +815,7 @@
return( status );
}
-psa_status_t psa_driver_wrapper_import_key(
+static inline psa_status_t psa_driver_wrapper_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
@@ -975,7 +896,7 @@
{% endwith %}
}
-psa_status_t psa_driver_wrapper_export_key(
+static inline psa_status_t psa_driver_wrapper_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
@@ -1037,108 +958,7 @@
{% endwith %}
}
-psa_status_t psa_driver_wrapper_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
-
-{
-{% with entry_point = "export_public_key" -%}
-{% macro entry_point_param(driver) -%}
-attributes,
-key_buffer,
-key_buffer_size,
-data,
-data_size,
-data_length
-{% endmacro %}
- psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
- psa_get_key_lifetime( attributes ) );
-
- /* Try dynamically-registered SE interface first */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- const psa_drv_se_t *drv;
- psa_drv_se_context_t *drv_context;
-
- if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
- {
- if( ( drv->key_management == NULL ) ||
- ( drv->key_management->p_export_public == NULL ) )
- {
- return( PSA_ERROR_NOT_SUPPORTED );
- }
-
- return( drv->key_management->p_export_public(
- drv_context,
- *( (psa_key_slot_number_t *)key_buffer ),
- data, data_size, data_length ) );
- }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
- switch( location )
- {
- case PSA_KEY_LOCATION_LOCAL_STORAGE:
- /* Key is stored in the slot in export representation, so
- * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-{% with nest_indent=12 %}
-{% include "OS-template-transparent.jinja" -%}
-{% endwith -%}
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- /* Fell through, meaning no accelerator supports this operation */
- return( psa_export_public_key_internal( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
-
- /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-{% with nest_indent=8 %}
-{% include "OS-template-opaque.jinja" -%}
-{% endwith -%}
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- default:
- /* Key is declared with a lifetime not known to us */
- return( status );
- }
-{% endwith %}
-}
-
-psa_status_t psa_driver_wrapper_get_builtin_key(
- psa_drv_slot_number_t slot_number,
- psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
-{
-{% with entry_point = "get_builtin_key" -%}
-{% macro entry_point_param(driver) -%}
-slot_number,
-attributes,
-key_buffer,
-key_buffer_size,
-key_buffer_length
-{% endmacro %}
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
- switch( location )
- {
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-{% with nest_indent=8 %}
-{% include "OS-template-opaque.jinja" -%}
-{% endwith -%}
-#endif /* PSA_CRYPTO_DRIVER_TEST */
- default:
- (void) slot_number;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) key_buffer_length;
- return( PSA_ERROR_DOES_NOT_EXIST );
- }
-{% endwith %}
-}
-
-psa_status_t psa_driver_wrapper_copy_key(
+static inline psa_status_t psa_driver_wrapper_copy_key(
psa_key_attributes_t *attributes,
const uint8_t *source_key, size_t source_key_length,
uint8_t *target_key_buffer, size_t target_key_buffer_size,
@@ -1190,7 +1010,7 @@
/*
* Cipher functions
*/
-psa_status_t psa_driver_wrapper_cipher_encrypt(
+static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@@ -1282,7 +1102,7 @@
}
}
-psa_status_t psa_driver_wrapper_cipher_decrypt(
+static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@@ -1364,7 +1184,7 @@
}
}
-psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@@ -1437,7 +1257,7 @@
}
}
-psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@@ -1510,7 +1330,7 @@
}
}
-psa_status_t psa_driver_wrapper_cipher_set_iv(
+static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length )
@@ -1545,7 +1365,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_cipher_update(
+static inline psa_status_t psa_driver_wrapper_cipher_update(
psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
@@ -1591,7 +1411,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_cipher_finish(
+static inline psa_status_t psa_driver_wrapper_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
@@ -1629,7 +1449,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_cipher_abort(
+static inline psa_status_t psa_driver_wrapper_cipher_abort(
psa_cipher_operation_t *operation )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1669,7 +1489,7 @@
/*
* Hashing functions
*/
-psa_status_t psa_driver_wrapper_hash_compute(
+static inline psa_status_t psa_driver_wrapper_hash_compute(
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1705,7 +1525,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t psa_driver_wrapper_hash_setup(
+static inline psa_status_t psa_driver_wrapper_hash_setup(
psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
@@ -1738,7 +1558,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t psa_driver_wrapper_hash_clone(
+static inline psa_status_t psa_driver_wrapper_hash_clone(
const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation )
{
@@ -1763,7 +1583,7 @@
}
}
-psa_status_t psa_driver_wrapper_hash_update(
+static inline psa_status_t psa_driver_wrapper_hash_update(
psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
@@ -1788,7 +1608,7 @@
}
}
-psa_status_t psa_driver_wrapper_hash_finish(
+static inline psa_status_t psa_driver_wrapper_hash_finish(
psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
@@ -1815,7 +1635,7 @@
}
}
-psa_status_t psa_driver_wrapper_hash_abort(
+static inline psa_status_t psa_driver_wrapper_hash_abort(
psa_hash_operation_t *operation )
{
switch( operation->id )
@@ -1834,7 +1654,7 @@
}
}
-psa_status_t psa_driver_wrapper_aead_encrypt(
+static inline psa_status_t psa_driver_wrapper_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@@ -1886,7 +1706,7 @@
}
}
-psa_status_t psa_driver_wrapper_aead_decrypt(
+static inline psa_status_t psa_driver_wrapper_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@@ -1938,7 +1758,7 @@
}
}
-psa_status_t psa_driver_wrapper_aead_encrypt_setup(
+static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@@ -1986,7 +1806,7 @@
}
}
-psa_status_t psa_driver_wrapper_aead_decrypt_setup(
+static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@@ -2036,7 +1856,7 @@
}
}
-psa_status_t psa_driver_wrapper_aead_set_nonce(
+static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
psa_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length )
@@ -2070,7 +1890,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_aead_set_lengths(
+static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
psa_aead_operation_t *operation,
size_t ad_length,
size_t plaintext_length )
@@ -2104,7 +1924,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_aead_update_ad(
+static inline psa_status_t psa_driver_wrapper_aead_update_ad(
psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length )
@@ -2138,7 +1958,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_aead_update(
+static inline psa_status_t psa_driver_wrapper_aead_update(
psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
@@ -2180,7 +2000,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_aead_finish(
+static inline psa_status_t psa_driver_wrapper_aead_finish(
psa_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
@@ -2225,7 +2045,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_aead_verify(
+static inline psa_status_t psa_driver_wrapper_aead_verify(
psa_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
@@ -2253,7 +2073,7 @@
if( status == PSA_SUCCESS )
{
if( tag_length != check_tag_length ||
- mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
+ mbedtls_ct_memcmp( tag, check_tag, tag_length )
!= 0 )
status = PSA_ERROR_INVALID_SIGNATURE;
}
@@ -2288,7 +2108,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-psa_status_t psa_driver_wrapper_aead_abort(
+static inline psa_status_t psa_driver_wrapper_aead_abort(
psa_aead_operation_t *operation )
{
switch( operation->id )
@@ -2317,7 +2137,7 @@
/*
* MAC functions
*/
-psa_status_t psa_driver_wrapper_mac_compute(
+static inline psa_status_t psa_driver_wrapper_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@@ -2385,7 +2205,7 @@
}
}
-psa_status_t psa_driver_wrapper_mac_sign_setup(
+static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
@@ -2457,7 +2277,7 @@
}
}
-psa_status_t psa_driver_wrapper_mac_verify_setup(
+static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
@@ -2529,7 +2349,7 @@
}
}
-psa_status_t psa_driver_wrapper_mac_update(
+static inline psa_status_t psa_driver_wrapper_mac_update(
psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length )
@@ -2562,7 +2382,7 @@
}
}
-psa_status_t psa_driver_wrapper_mac_sign_finish(
+static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
@@ -2597,7 +2417,7 @@
}
}
-psa_status_t psa_driver_wrapper_mac_verify_finish(
+static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
@@ -2630,7 +2450,7 @@
}
}
-psa_status_t psa_driver_wrapper_mac_abort(
+static inline psa_status_t psa_driver_wrapper_mac_abort(
psa_mac_operation_t *operation )
{
switch( operation->id )
@@ -2658,7 +2478,7 @@
/*
* Asymmetric cryptography
*/
-psa_status_t psa_driver_wrapper_asymmetric_encrypt(
+static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
@@ -2716,7 +2536,7 @@
}
}
-psa_status_t psa_driver_wrapper_asymmetric_decrypt(
+static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
@@ -2774,7 +2594,7 @@
}
}
-psa_status_t psa_driver_wrapper_key_agreement(
+static inline psa_status_t psa_driver_wrapper_key_agreement(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@@ -2785,7 +2605,7 @@
size_t shared_secret_size,
size_t *shared_secret_length
)
- {
+{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
@@ -2805,7 +2625,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
PSA_ALG_IS_ECDH(alg) &&
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
@@ -2823,7 +2643,7 @@
if( status != PSA_ERROR_NOT_SUPPORTED)
return( status );
}
-#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Software Fallback */
@@ -2859,9 +2679,9 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
- }
+}
-psa_status_t psa_driver_wrapper_pake_setup(
+static inline psa_status_t psa_driver_wrapper_pake_setup(
psa_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs )
{
@@ -2875,6 +2695,7 @@
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
+ status = PSA_ERROR_NOT_SUPPORTED;
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_pake_setup(
@@ -2892,19 +2713,17 @@
inputs );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
- return status;
#endif
- return( PSA_ERROR_NOT_SUPPORTED );
+ return status;
/* Add cases for opaque driver here */
default:
/* Key is declared with a lifetime not known to us */
(void)operation;
- (void)inputs;
- (void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
-psa_status_t psa_driver_wrapper_pake_output(
+
+static inline psa_status_t psa_driver_wrapper_pake_output(
psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
uint8_t *output,
@@ -2936,7 +2755,7 @@
}
}
-psa_status_t psa_driver_wrapper_pake_input(
+static inline psa_status_t psa_driver_wrapper_pake_input(
psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
const uint8_t *input,
@@ -2968,7 +2787,7 @@
}
}
-psa_status_t psa_driver_wrapper_pake_get_implicit_key(
+static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
psa_pake_operation_t *operation,
uint8_t *output, size_t output_size,
size_t *output_length )
@@ -2997,7 +2816,7 @@
}
}
-psa_status_t psa_driver_wrapper_pake_abort(
+static inline psa_status_t psa_driver_wrapper_pake_abort(
psa_pake_operation_t * operation )
{
switch( operation->id )
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
new file mode 100644
index 0000000..2aae628
--- /dev/null
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
@@ -0,0 +1,224 @@
+/*
+ * Functions to delegate cryptographic operations to an available
+ * and appropriate accelerator.
+ * Warning: This file is now auto-generated.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+
+/* BEGIN-common headers */
+#include "common.h"
+#include "psa_crypto_aead.h"
+#include "psa_crypto_cipher.h"
+#include "psa_crypto_core.h"
+#include "psa_crypto_driver_wrappers_no_static.h"
+#include "psa_crypto_hash.h"
+#include "psa_crypto_mac.h"
+#include "psa_crypto_pake.h"
+#include "psa_crypto_rsa.h"
+
+#include "mbedtls/platform.h"
+/* END-common headers */
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+/* BEGIN-driver headers */
+{% for driver in drivers -%}
+/* Headers for {{driver.prefix}} {{driver.type}} driver */
+{% if driver['mbedtls/h_condition'] is defined -%}
+#if {{ driver['mbedtls/h_condition'] }}
+{% endif -%}
+{% for header in driver.headers -%}
+#include "{{ header }}"
+{% endfor %}
+{% if driver['mbedtls/h_condition'] is defined -%}
+#endif
+{% endif -%}
+{% endfor %}
+/* END-driver headers */
+
+/* Auto-generated values depending on which drivers are registered.
+ * ID 0 is reserved for unallocated operations.
+ * ID 1 is reserved for the Mbed TLS software driver. */
+/* BEGIN-driver id definition */
+#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
+{% for driver in drivers -%}
+#define {{(driver.prefix + "_" + driver.type + "_driver_id").upper()}} ({{ loop.index + 1 }})
+{% endfor %}
+/* END-driver id */
+
+/* BEGIN-Common Macro definitions */
+{% macro entry_point_name(capability, entry_point, driver) -%}
+ {% if capability.name is defined and entry_point in capability.names.keys() -%}
+ {{ capability.names[entry_point]}}
+ {% else -%}
+ {{driver.prefix}}_{{driver.type}}_{{entry_point}}
+ {% endif -%}
+{% endmacro %}
+/* END-Common Macro definitions */
+
+/* Support the 'old' SE interface when asked to */
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
+ * SE driver is present, to avoid unused argument errors at compile time. */
+#ifndef PSA_CRYPTO_DRIVER_PRESENT
+#define PSA_CRYPTO_DRIVER_PRESENT
+#endif
+#include "psa_crypto_se.h"
+#endif
+
+/** Get the key buffer size required to store the key material of a key
+ * associated with an opaque driver.
+ *
+ * \param[in] attributes The key attributes.
+ * \param[out] key_buffer_size Minimum buffer size to contain the key material
+ *
+ * \retval #PSA_SUCCESS
+ * The minimum size for a buffer to contain the key material has been
+ * returned successfully.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The type and/or the size in bits of the key or the combination of
+ * the two is not supported.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The key is declared with a lifetime not known to us.
+ */
+psa_status_t psa_driver_wrapper_get_key_buffer_size(
+ const psa_key_attributes_t *attributes,
+ size_t *key_buffer_size )
+{
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ psa_key_type_t key_type = attributes->core.type;
+ size_t key_bits = attributes->core.bits;
+
+ *key_buffer_size = 0;
+ switch( location )
+ {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ /* Emulate property 'builtin_key_size' */
+ if( psa_key_id_is_builtin(
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
+ psa_get_key_id( attributes ) ) ) )
+ {
+ *key_buffer_size = sizeof( psa_drv_slot_number_t );
+ return( PSA_SUCCESS );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+ *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
+ key_bits );
+ return( ( *key_buffer_size != 0 ) ?
+ PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
+ default:
+ (void)key_type;
+ (void)key_bits;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+psa_status_t psa_driver_wrapper_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ uint8_t *data, size_t data_size, size_t *data_length )
+
+{
+{% with entry_point = "export_public_key" -%}
+{% macro entry_point_param(driver) -%}
+attributes,
+key_buffer,
+key_buffer_size,
+data,
+data_size,
+data_length
+{% endmacro %}
+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
+ psa_get_key_lifetime( attributes ) );
+
+ /* Try dynamically-registered SE interface first */
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ const psa_drv_se_t *drv;
+ psa_drv_se_context_t *drv_context;
+
+ if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
+ {
+ if( ( drv->key_management == NULL ) ||
+ ( drv->key_management->p_export_public == NULL ) )
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ return( drv->key_management->p_export_public(
+ drv_context,
+ *( (psa_key_slot_number_t *)key_buffer ),
+ data, data_size, data_length ) );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+{% with nest_indent=12 %}
+{% include "OS-template-transparent.jinja" -%}
+{% endwith -%}
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ /* Fell through, meaning no accelerator supports this operation */
+ return( psa_export_public_key_internal( attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length ) );
+
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+{% with nest_indent=8 %}
+{% include "OS-template-opaque.jinja" -%}
+{% endwith -%}
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ return( status );
+ }
+{% endwith %}
+}
+
+psa_status_t psa_driver_wrapper_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+{
+{% with entry_point = "get_builtin_key" -%}
+{% macro entry_point_param(driver) -%}
+slot_number,
+attributes,
+key_buffer,
+key_buffer_size,
+key_buffer_length
+{% endmacro %}
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ switch( location )
+ {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+{% with nest_indent=8 %}
+{% include "OS-template-opaque.jinja" -%}
+{% endwith -%}
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ (void) slot_number;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) key_buffer_length;
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+{% endwith %}
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index 0775003..781e72a 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -2,19 +2,7 @@
* Error message information
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index e7e6fc6..b60aba0 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -2,19 +2,7 @@
* Query Mbed TLS compile time configurations from mbedtls_config.h
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt
index 0e40597..d820d4d 100644
--- a/scripts/data_files/version_features.fmt
+++ b/scripts/data_files/version_features.fmt
@@ -2,19 +2,7 @@
* Version feature information
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/scripts/data_files/vs2013-app-template.vcxproj b/scripts/data_files/vs2013-app-template.vcxproj
index 039fd09..2fe9cf3 100644
--- a/scripts/data_files/vs2013-app-template.vcxproj
+++ b/scripts/data_files/vs2013-app-template.vcxproj
@@ -99,7 +99,7 @@
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>bcrypt.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -118,7 +118,7 @@
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>bcrypt.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
</Link>
<ProjectReference>
@@ -142,7 +142,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>bcrypt.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -162,7 +162,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
- <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
+ <AdditionalDependencies>bcrypt.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
diff --git a/scripts/data_files/vs2013-main-template.vcxproj b/scripts/data_files/vs2013-main-template.vcxproj
index c0f3a3c..51861e1 100644
--- a/scripts/data_files/vs2013-main-template.vcxproj
+++ b/scripts/data_files/vs2013-main-template.vcxproj
@@ -91,6 +91,7 @@
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
+ <AdditionalDependencies>bcrypt.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -106,6 +107,7 @@
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
+ <AdditionalDependencies>bcrypt.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -124,6 +126,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
+ <AdditionalDependencies>bcrypt.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/scripts/data_files/vs6-app-template.dsp b/scripts/data_files/vs6-app-template.dsp
deleted file mode 100644
index 87dbea2..0000000
--- a/scripts/data_files/vs6-app-template.dsp
+++ /dev/null
@@ -1,101 +0,0 @@
-# Microsoft Developer Studio Project File - Name="<APPNAME>" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=<APPNAME> - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "<APPNAME>.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "<APPNAME>.mak" CFG="<APPNAME> - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "<APPNAME> - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "<APPNAME> - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "<APPNAME> - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir ""
-# PROP BASE Intermediate_Dir "temp"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir ""
-# PROP Intermediate_Dir "temp"
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x40c /d "NDEBUG"
-# ADD RSC /l 0x40c /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-
-!ELSEIF "$(CFG)" == "<APPNAME> - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir ""
-# PROP BASE Intermediate_Dir "temp"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir ""
-# PROP Intermediate_Dir "temp"
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD BASE RSC /l 0x40c /d "_DEBUG"
-# ADD RSC /l 0x40c /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-
-!ENDIF
-
-# Begin Target
-
-# Name "<APPNAME> - Win32 Release"
-# Name "<APPNAME> - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE=..\..\programs\<PATHNAME>.c
-# ADD CPP /I "../../include"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project
diff --git a/scripts/data_files/vs6-main-template.dsp b/scripts/data_files/vs6-main-template.dsp
deleted file mode 100644
index 89d3fc7..0000000
--- a/scripts/data_files/vs6-main-template.dsp
+++ /dev/null
@@ -1,94 +0,0 @@
-# Microsoft Developer Studio Project File - Name="mbedtls" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static Library" 0x0104
-
-CFG=mbedtls - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "mbedtls.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "mbedtls.mak" CFG="mbedtls - Win32 Debug"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "mbedtls - Win32 Release" (based on "Win32 (x86) Static Library")
-!MESSAGE "mbedtls - Win32 Debug" (based on "Win32 (x86) Static Library")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "mbedtls - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir ""
-# PROP BASE Intermediate_Dir "temp"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir ""
-# PROP Intermediate_Dir "temp"
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_MBCS" /D "_LIB" /YX /FD /c
-# ADD CPP /nologo /W3 /GX /O2 /I "../../include" /D "NDEBUG" /D "WIN32" /D "_MBCS" /D "_LIB" /YX /FD /c
-# ADD BASE RSC /l 0x40c /d "NDEBUG"
-# ADD RSC /l 0x40c /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LIB32=link.exe -lib
-# ADD BASE LIB32 /nologo
-# ADD LIB32 /nologo
-
-!ELSEIF "$(CFG)" == "mbedtls - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir ""
-# PROP BASE Intermediate_Dir "temp"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir ""
-# PROP Intermediate_Dir "temp"
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
-# ADD CPP /nologo /W3 /GX /Z7 /Od /I "../../include" /D "_DEBUG" /D "WIN32" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
-# ADD BASE RSC /l 0x40c /d "_DEBUG"
-# ADD RSC /l 0x40c /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LIB32=link.exe -lib
-# ADD BASE LIB32 /nologo
-# ADD LIB32 /nologo
-
-!ENDIF
-
-# Begin Target
-
-# Name "mbedtls - Win32 Release"
-# Name "mbedtls - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-SOURCE_ENTRIES
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-HEADER_ENTRIES
-# End Group
-# End Target
-# End Project
diff --git a/scripts/data_files/vs6-workspace-template.dsw b/scripts/data_files/vs6-workspace-template.dsw
deleted file mode 100644
index ef90098..0000000
--- a/scripts/data_files/vs6-workspace-template.dsw
+++ /dev/null
@@ -1,18 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-APP_ENTRIES
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-
diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt
index 9e26b3c..7b002ec 100644
--- a/scripts/driver.requirements.txt
+++ b/scripts/driver.requirements.txt
@@ -14,6 +14,6 @@
Jinja2 >= 2.10.1; python_version < '3.10'
Jinja2 >= 2.10.3; python_version >= '3.10'
# Jinja2 >=2.10, <3.0 needs a separate package for type annotations
-types-Jinja2
+types-Jinja2 >= 2.11.9
jsonschema >= 3.2.0
-types-jsonschema
+types-jsonschema >= 3.2.0
diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index 43fc7df..3eb2ff4 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -8,19 +8,7 @@
# scripts/ecc-heap.sh | tee ecc-heap.log
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -eu
diff --git a/scripts/ecp_comb_table.py b/scripts/ecp_comb_table.py
index 6719be1..6146e88 100755
--- a/scripts/ecp_comb_table.py
+++ b/scripts/ecp_comb_table.py
@@ -7,19 +7,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import os
import subprocess
diff --git a/scripts/find-mem-leak.cocci b/scripts/find-mem-leak.cocci
deleted file mode 100644
index 8179e2b..0000000
--- a/scripts/find-mem-leak.cocci
+++ /dev/null
@@ -1,20 +0,0 @@
-@@
-expression x, y;
-statement S;
-@@
- x = mbedtls_calloc(...);
- y = mbedtls_calloc(...);
- ...
-* if (x == NULL || y == NULL)
- S
-
-@@
-expression x, y;
-statement S;
-@@
- if (
-* (x = mbedtls_calloc(...)) == NULL
- ||
-* (y = mbedtls_calloc(...)) == NULL
- )
- S
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index 6c0fc25..614a493 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -1,23 +1,11 @@
#!/bin/sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
-# This script determines ROM size (or code size) for the standard mbed TLS
+# This script determines ROM size (or code size) for the standard Mbed TLS
# configurations, when built for a Cortex M3/M4 target.
#
# Configurations included:
@@ -108,7 +96,7 @@
fi
log ""
-log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
+log "Mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
log "$( arm-none-eabi-gcc --version | head -n1 )"
log "CFLAGS=$ARMGCC_FLAGS"
diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py
index e0c4793..624ab81 100755
--- a/scripts/generate_driver_wrappers.py
+++ b/scripts/generate_driver_wrappers.py
@@ -1,24 +1,13 @@
#!/usr/bin/env python3
-"""Generate library/psa_crypto_driver_wrappers.c
+"""Generate library/psa_crypto_driver_wrappers.h
+ library/psa_crypto_driver_wrappers_no_static.c
This module is invoked by the build scripts to auto generate the
- psa_crypto_driver_wrappers.c based on template files in
- script/data_files/driver_templates/.
+ psa_crypto_driver_wrappers.h and psa_crypto_driver_wrappers_no_static
+ based on template files in script/data_files/driver_templates/.
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import sys
import os
@@ -59,19 +48,19 @@
return template.render(drivers=driver_jsoncontext)
-
def generate_driver_wrapper_file(template_dir: str,
output_dir: str,
+ template_file_name: str,
driver_jsoncontext: list) -> None:
"""
Generate the file psa_crypto_driver_wrapper.c.
"""
driver_wrapper_template_filename = \
- os.path.join(template_dir, "psa_crypto_driver_wrappers.c.jinja")
+ os.path.join(template_dir, template_file_name)
result = render(driver_wrapper_template_filename, driver_jsoncontext)
- with open(file=os.path.join(output_dir, "psa_crypto_driver_wrappers.c"),
+ with open(file=os.path.join(output_dir, os.path.splitext(template_file_name)[0]),
mode='w',
encoding='UTF-8') as out_file:
out_file.write(result)
@@ -119,17 +108,17 @@
return json_data
-def load_schemas(mbedtls_root: str) -> Dict[str, Any]:
+def load_schemas(project_root: str) -> Dict[str, Any]:
"""
Load schemas map
"""
schema_file_paths = {
- 'transparent': os.path.join(mbedtls_root,
+ 'transparent': os.path.join(project_root,
'scripts',
'data_files',
'driver_jsons',
'driver_transparent_schema.json'),
- 'opaque': os.path.join(mbedtls_root,
+ 'opaque': os.path.join(project_root,
'scripts',
'data_files',
'driver_jsons',
@@ -142,13 +131,13 @@
return driver_schema
-def read_driver_descriptions(mbedtls_root: str,
+def read_driver_descriptions(project_root: str,
json_directory: str,
jsondriver_list: str) -> list:
"""
Merge driver JSON files into a single ordered JSON after validation.
"""
- driver_schema = load_schemas(mbedtls_root)
+ driver_schema = load_schemas(project_root)
with open(file=os.path.join(json_directory, jsondriver_list),
mode='r',
@@ -167,15 +156,18 @@
), file)
+TEMPLATE_FILENAMES = ["psa_crypto_driver_wrappers.h.jinja",
+ "psa_crypto_driver_wrappers_no_static.c.jinja"]
+
def main() -> int:
"""
Main with command line arguments.
"""
- def_arg_mbedtls_root = build_tree.guess_mbedtls_root()
+ def_arg_project_root = build_tree.guess_project_root()
parser = argparse.ArgumentParser()
- parser.add_argument('--mbedtls-root', default=def_arg_mbedtls_root,
- help='root directory of mbedtls source code')
+ parser.add_argument('--project-root', default=def_arg_project_root,
+ help='root directory of repo source code')
parser.add_argument('--template-dir',
help='directory holding the driver templates')
parser.add_argument('--json-dir',
@@ -184,30 +176,35 @@
help='output file\'s location')
args = parser.parse_args()
- mbedtls_root = os.path.abspath(args.mbedtls_root)
+ project_root = os.path.abspath(args.project_root)
+
+ crypto_core_directory = build_tree.crypto_core_directory(project_root)
output_directory = args.output_directory if args.output_directory is not None else \
- os.path.join(mbedtls_root, 'library')
+ crypto_core_directory
+
template_directory = args.template_dir if args.template_dir is not None else \
- os.path.join(mbedtls_root,
+ os.path.join(project_root,
'scripts',
'data_files',
'driver_templates')
json_directory = args.json_dir if args.json_dir is not None else \
- os.path.join(mbedtls_root,
+ os.path.join(project_root,
'scripts',
'data_files',
'driver_jsons')
try:
# Read and validate list of driver jsons from driverlist.json
- merged_driver_json = read_driver_descriptions(mbedtls_root,
+ merged_driver_json = read_driver_descriptions(project_root,
json_directory,
'driverlist.json')
except DriverReaderException as e:
trace_exception(e)
return 1
- generate_driver_wrapper_file(template_directory, output_directory, merged_driver_json)
+ for template_filename in TEMPLATE_FILENAMES:
+ generate_driver_wrapper_file(template_directory, output_directory,
+ template_filename, merged_driver_json)
return 0
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 664a349..0134c94 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -6,19 +6,7 @@
# or generate_errors.pl include_dir data_dir error_file
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use strict;
use warnings;
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index e0de6b7..cea8c11 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -1,19 +1,7 @@
#!/usr/bin/env perl
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use strict;
@@ -39,8 +27,8 @@
my $feature_format_file = $data_dir.'/version_features.fmt';
-my @sections = ( "System support", "mbed TLS modules",
- "mbed TLS feature support" );
+my @sections = ( "System support", "Mbed TLS modules",
+ "Mbed TLS feature support" );
my $line_separator = $/;
undef $/;
diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py
index 960a079..f13b507 100755
--- a/scripts/generate_psa_constants.py
+++ b/scripts/generate_psa_constants.py
@@ -12,19 +12,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import os
import sys
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index ddbebfa..39743da 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -7,56 +7,41 @@
# form (if any). This facilitates querying the compile time configuration of
# the library, for example, for testing.
#
-# The query_config.c is generated from the current configuration at
-# include/mbedtls/mbedtls_config.h. The idea is that the mbedtls_config.h contains ALL the
+# The query_config.c is generated from the default configuration files
+# include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h.
+# The idea is that mbedtls_config.h and crypto_config.h contain ALL the
# compile time configurations available in Mbed TLS (commented or uncommented).
-# This script extracts the configuration macros from the mbedtls_config.h and this
+# This script extracts the configuration macros from the two files and this
# information is used to automatically generate the body of the query_config()
# function by using the template in scripts/data_files/query_config.fmt.
#
# Usage: scripts/generate_query_config.pl without arguments, or
-# generate_query_config.pl mbedtls_config_file template_file output_file [psa_crypto_config_file]
+# generate_query_config.pl mbedtls_config_file psa_crypto_config_file template_file output_file
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use strict;
-my ($mbedtls_config_file, $query_config_format_file, $query_config_file, $psa_crypto_config_file);
+my ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file);
my $default_mbedtls_config_file = "./include/mbedtls/mbedtls_config.h";
+my $default_psa_crypto_config_file = "./include/psa/crypto_config.h";
my $default_query_config_format_file = "./scripts/data_files/query_config.fmt";
my $default_query_config_file = "./programs/test/query_config.c";
-my $default_psa_crypto_config_file = "./include/psa/crypto_config.h";
if( @ARGV ) {
- die "Invalid number of arguments - usage: $0 [CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 3;
- ($mbedtls_config_file, $query_config_format_file, $query_config_file) = @ARGV;
+ die "Invalid number of arguments - usage: $0 [MBED_TLS_CONFIG_FILE PSA_CRYPTO_CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 4;
+ ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file) = @ARGV;
-f $mbedtls_config_file or die "No such file: $mbedtls_config_file";
+ -f $psa_crypto_config_file or die "No such file: $psa_crypto_config_file";
-f $query_config_format_file or die "No such file: $query_config_format_file";
- if (defined($psa_crypto_config_file) && length($psa_crypto_config_file)) {
- -f $psa_crypto_config_file or die "No such file: $psa_crypto_config_file";
- } else {
- $psa_crypto_config_file = (-f $default_psa_crypto_config_file) ? $default_psa_crypto_config_file : undef;
- }
} else {
$mbedtls_config_file = $default_mbedtls_config_file;
+ $psa_crypto_config_file = $default_psa_crypto_config_file;
$query_config_format_file = $default_query_config_format_file;
$query_config_file = $default_query_config_file;
- $psa_crypto_config_file = $default_psa_crypto_config_file;
unless(-f $mbedtls_config_file && -f $query_config_format_file && -f $psa_crypto_config_file) {
chdir '..' or die;
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
index 19be415..a0544f1 100755
--- a/scripts/generate_ssl_debug_helpers.py
+++ b/scripts/generate_ssl_debug_helpers.py
@@ -8,19 +8,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import sys
import re
import os
@@ -356,19 +344,8 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
*/
#include "common.h"
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 4fad322..96ade2f 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -7,19 +7,7 @@
# Takes no argument.
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use warnings;
use strict;
@@ -156,6 +144,7 @@
my $guid = gen_app_guid( $path );
$path =~ s!/!\\!g;
(my $appname = $path) =~ s/.*\\//;
+ my $is_test_app = ($path =~ m/^test\\/);
my $srcs = "<ClCompile Include=\"..\\..\\programs\\$path.c\" \/>";
if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
@@ -170,7 +159,9 @@
$content =~ s/<SOURCES>/$srcs/g;
$content =~ s/<APPNAME>/$appname/g;
$content =~ s/<GUID>/$guid/g;
- $content =~ s/INCLUDE_DIRECTORIES\n/$include_directories/g;
+ $content =~ s/INCLUDE_DIRECTORIES\n/($is_test_app ?
+ $library_include_directories :
+ $include_directories)/ge;
content_to_file( $content, "$dir/$appname.$ext" );
}
diff --git a/scripts/gitignore_patch.sh b/scripts/gitignore_patch.sh
deleted file mode 100755
index 74ec66c..0000000
--- a/scripts/gitignore_patch.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Purpose
-#
-# For adapting gitignore files for releases so generated files can be included.
-#
-# Usage: gitignore_add_generated_files.sh [ -h | --help ] etc
-#
-
-set -eu
-
-print_usage()
-{
- echo "Usage: $0"
- echo -e " -h|--help\t\tPrint this help."
- echo -e " -i|--ignore\t\tAdd generated files to the gitignores."
- echo -e " -u|--unignore\t\tRemove generated files from the gitignores."
-}
-
-if [[ $# -eq 0 ]]; then
- print_usage
- exit 1
-elif [[ $# -ge 2 ]]; then
- echo "Too many arguments!"
- exit 1
-fi
-
-case "$1" in
- -i | --ignore)
- IGNORE=true
- ;;
- -u | --uignore)
- IGNORE=false
- ;;
- -h | --help | "")
- print_usage
- exit 1
- ;;
- *)
- echo "Unknown argument: $1"
- echo "run '$0 --help' for options"
- exit 1
-esac
-
-GITIGNORES=$(find . -name ".gitignore")
-for GITIGNORE in $GITIGNORES; do
- if $IGNORE; then
- sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^# //' $GITIGNORE
- sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE
- sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE
- else
- sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/# /' $GITIGNORE
- sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE
- sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE
- fi
-done
diff --git a/scripts/lcov.sh b/scripts/lcov.sh
index 8d141ee..0584a0a 100755
--- a/scripts/lcov.sh
+++ b/scripts/lcov.sh
@@ -26,32 +26,25 @@
}
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -eu
+# Repository detection
+in_mbedtls_build_dir () {
+ test -d library
+}
+
# Collect stats and build a HTML report.
lcov_library_report () {
rm -rf Coverage
mkdir Coverage Coverage/tmp
- lcov --capture --initial --directory library -o Coverage/tmp/files.info
- lcov --rc lcov_branch_coverage=1 --capture --directory library -o Coverage/tmp/tests.info
+ lcov --capture --initial --directory $library_dir -o Coverage/tmp/files.info
+ lcov --rc lcov_branch_coverage=1 --capture --directory $library_dir -o Coverage/tmp/tests.info
lcov --rc lcov_branch_coverage=1 --add-tracefile Coverage/tmp/files.info --add-tracefile Coverage/tmp/tests.info -o Coverage/tmp/all.info
lcov --rc lcov_branch_coverage=1 --remove Coverage/tmp/all.info -o Coverage/tmp/final.info '*.h'
gendesc tests/Descriptions.txt -o Coverage/tmp/descriptions
- genhtml --title "mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
+ genhtml --title "$title" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
rm -f Coverage/tmp/*.info Coverage/tmp/descriptions
echo "Coverage report in: Coverage/index.html"
}
@@ -59,9 +52,9 @@
# Reset the traces to 0.
lcov_reset_traces () {
# Location with plain make
- rm -f library/*.gcda
+ rm -f $library_dir/*.gcda
# Location with CMake
- rm -f library/CMakeFiles/*.dir/*.gcda
+ rm -f $library_dir/CMakeFiles/*.dir/*.gcda
}
if [ $# -gt 0 ] && [ "$1" = "--help" ]; then
@@ -69,6 +62,14 @@
exit
fi
+if in_mbedtls_build_dir; then
+ library_dir='library'
+ title='Mbed TLS'
+else
+ library_dir='core'
+ title='TF-PSA-Crypto'
+fi
+
main=lcov_library_report
while getopts r OPTLET; do
case $OPTLET in
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index 9cf34f6..abcfc39 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -1,7 +1,7 @@
@rem Generate automatically-generated configuration-independent source files
@rem and build scripts.
@rem Perl and Python 3 must be on the PATH.
-@rem psa_crypto_driver_wrappers.c needs to be generated prior to
+@rem psa_crypto_driver_wrappers.h needs to be generated prior to
@rem generate_visualc_files.pl being invoked.
python scripts\generate_driver_wrappers.py || exit /b 1
perl scripts\generate_errors.pl || exit /b 1
diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl
index eaf56ae..52ca606 100755
--- a/scripts/massif_max.pl
+++ b/scripts/massif_max.pl
@@ -3,19 +3,7 @@
# Parse a massif.out.xxx file and output peak total memory usage
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use warnings;
use strict;
diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py
index 6fd6223..ef3e3a0 100644
--- a/scripts/mbedtls_dev/asymmetric_key_data.py
+++ b/scripts/mbedtls_dev/asymmetric_key_data.py
@@ -4,19 +4,8 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import binascii
import re
diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py
index 3bef16d..eebc858 100644
--- a/scripts/mbedtls_dev/bignum_common.py
+++ b/scripts/mbedtls_dev/bignum_common.py
@@ -1,18 +1,7 @@
"""Common features for bignum in test generation framework."""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
from abc import abstractmethod
import enum
diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py
index 563492b..909f6a3 100644
--- a/scripts/mbedtls_dev/bignum_core.py
+++ b/scripts/mbedtls_dev/bignum_core.py
@@ -1,18 +1,7 @@
"""Framework classes for generation of bignum core test cases."""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import random
diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py
index 897e319..5c6c2c8 100644
--- a/scripts/mbedtls_dev/bignum_data.py
+++ b/scripts/mbedtls_dev/bignum_data.py
@@ -1,19 +1,8 @@
"""Base values and datasets for bignum generated tests and helper functions that
produced them."""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import random
diff --git a/scripts/mbedtls_dev/bignum_mod.py b/scripts/mbedtls_dev/bignum_mod.py
index 77c7b1b..f554001 100644
--- a/scripts/mbedtls_dev/bignum_mod.py
+++ b/scripts/mbedtls_dev/bignum_mod.py
@@ -1,18 +1,7 @@
"""Framework classes for generation of bignum mod test cases."""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
from typing import Dict, List
diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py
index 7121f2f..37ad27a 100644
--- a/scripts/mbedtls_dev/bignum_mod_raw.py
+++ b/scripts/mbedtls_dev/bignum_mod_raw.py
@@ -1,18 +1,7 @@
"""Framework classes for generation of bignum mod_raw test cases."""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
from typing import Iterator, List
diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py
index f52b785..ec67e4c 100644
--- a/scripts/mbedtls_dev/build_tree.py
+++ b/scripts/mbedtls_dev/build_tree.py
@@ -2,32 +2,60 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import os
import inspect
+from typing import Optional
+def looks_like_tf_psa_crypto_root(path: str) -> bool:
+ """Whether the given directory looks like the root of the PSA Crypto source tree."""
+ return all(os.path.isdir(os.path.join(path, subdir))
+ for subdir in ['include', 'core', 'drivers', 'programs', 'tests'])
def looks_like_mbedtls_root(path: str) -> bool:
"""Whether the given directory looks like the root of the Mbed TLS source tree."""
return all(os.path.isdir(os.path.join(path, subdir))
for subdir in ['include', 'library', 'programs', 'tests'])
-def check_repo_path():
+def looks_like_root(path: str) -> bool:
+ return looks_like_tf_psa_crypto_root(path) or looks_like_mbedtls_root(path)
+
+def crypto_core_directory(root: Optional[str] = None, relative: Optional[bool] = False) -> str:
"""
- Check that the current working directory is the project root, and throw
+ Return the path of the directory containing the PSA crypto core
+ for either TF-PSA-Crypto or Mbed TLS.
+
+ Returns either the full path or relative path depending on the
+ "relative" boolean argument.
+ """
+ if root is None:
+ root = guess_project_root()
+ if looks_like_tf_psa_crypto_root(root):
+ if relative:
+ return "core"
+ return os.path.join(root, "core")
+ elif looks_like_mbedtls_root(root):
+ if relative:
+ return "library"
+ return os.path.join(root, "library")
+ else:
+ raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found')
+
+def crypto_library_filename(root: Optional[str] = None) -> str:
+ """Return the crypto library filename for either TF-PSA-Crypto or Mbed TLS."""
+ if root is None:
+ root = guess_project_root()
+ if looks_like_tf_psa_crypto_root(root):
+ return "tfpsacrypto"
+ elif looks_like_mbedtls_root(root):
+ return "mbedcrypto"
+ else:
+ raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found')
+
+def check_repo_path():
+ """Check that the current working directory is the project root, and throw
an exception if not.
"""
if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
@@ -42,16 +70,15 @@
for d in [os.path.curdir,
os.path.pardir,
os.path.join(os.path.pardir, os.path.pardir)]:
- if looks_like_mbedtls_root(d):
+ if looks_like_root(d):
os.chdir(d)
return
raise Exception('Mbed TLS source tree not found')
+def guess_project_root():
+ """Guess project source code directory.
-def guess_mbedtls_root():
- """Guess mbedTLS source code directory.
-
- Return the first possible mbedTLS root directory
+ Return the first possible project root directory.
"""
dirs = set({})
for frame in inspect.stack():
@@ -62,6 +89,32 @@
if d in dirs:
continue
dirs.add(d)
- if looks_like_mbedtls_root(d):
+ if looks_like_root(d):
return d
- raise Exception('Mbed TLS source tree not found')
+ raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found')
+
+def guess_mbedtls_root(root: Optional[str] = None) -> str:
+ """Guess Mbed TLS source code directory.
+
+ Return the first possible Mbed TLS root directory.
+ Raise an exception if we are not in Mbed TLS.
+ """
+ if root is None:
+ root = guess_project_root()
+ if looks_like_mbedtls_root(root):
+ return root
+ else:
+ raise Exception('Mbed TLS source tree not found')
+
+def guess_tf_psa_crypto_root(root: Optional[str] = None) -> str:
+ """Guess TF-PSA-Crypto source code directory.
+
+ Return the first possible TF-PSA-Crypto root directory.
+ Raise an exception if we are not in TF-PSA-Crypto.
+ """
+ if root is None:
+ root = guess_project_root()
+ if looks_like_tf_psa_crypto_root(root):
+ return root
+ else:
+ raise Exception('TF-PSA-Crypto source tree not found')
diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py
index 9bd17d6..f2cbbe4 100644
--- a/scripts/mbedtls_dev/c_build_helper.py
+++ b/scripts/mbedtls_dev/c_build_helper.py
@@ -2,19 +2,8 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import os
import platform
diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py
new file mode 100644
index 0000000..a36de69
--- /dev/null
+++ b/scripts/mbedtls_dev/crypto_data_tests.py
@@ -0,0 +1,112 @@
+"""Generate test data for cryptographic mechanisms.
+
+This module is a work in progress, only implementing a few cases for now.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+
+import hashlib
+from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import
+
+from . import crypto_knowledge
+from . import psa_information
+from . import test_case
+
+
+def psa_low_level_dependencies(*expressions: str) -> List[str]:
+ """Infer dependencies of a PSA low-level test case by looking for PSA_xxx symbols.
+
+ This function generates MBEDTLS_PSA_BUILTIN_xxx symbols.
+ """
+ high_level = psa_information.automatic_dependencies(*expressions)
+ for dep in high_level:
+ assert dep.startswith('PSA_WANT_')
+ return ['MBEDTLS_PSA_BUILTIN_' + dep[9:] for dep in high_level]
+
+
+class HashPSALowLevel:
+ """Generate test cases for the PSA low-level hash interface."""
+
+ def __init__(self, info: psa_information.Information) -> None:
+ self.info = info
+ base_algorithms = sorted(info.constructors.algorithms)
+ all_algorithms = \
+ [crypto_knowledge.Algorithm(expr)
+ for expr in info.constructors.generate_expressions(base_algorithms)]
+ self.algorithms = \
+ [alg
+ for alg in all_algorithms
+ if (not alg.is_wildcard and
+ alg.can_do(crypto_knowledge.AlgorithmCategory.HASH))]
+
+ # CALCULATE[alg] = function to return the hash of its argument in hex
+ # TO-DO: implement the None entries with a third-party library, because
+ # hashlib might not have everything, depending on the Python version and
+ # the underlying OpenSSL. On Ubuntu 16.04, truncated sha512 and sha3/shake
+ # are not available. On Ubuntu 22.04, md2, md4 and ripemd160 are not
+ # available.
+ CALCULATE = {
+ 'PSA_ALG_MD5': lambda data: hashlib.md5(data).hexdigest(),
+ 'PSA_ALG_RIPEMD160': None, #lambda data: hashlib.new('ripdemd160').hexdigest()
+ 'PSA_ALG_SHA_1': lambda data: hashlib.sha1(data).hexdigest(),
+ 'PSA_ALG_SHA_224': lambda data: hashlib.sha224(data).hexdigest(),
+ 'PSA_ALG_SHA_256': lambda data: hashlib.sha256(data).hexdigest(),
+ 'PSA_ALG_SHA_384': lambda data: hashlib.sha384(data).hexdigest(),
+ 'PSA_ALG_SHA_512': lambda data: hashlib.sha512(data).hexdigest(),
+ 'PSA_ALG_SHA_512_224': None, #lambda data: hashlib.new('sha512_224').hexdigest()
+ 'PSA_ALG_SHA_512_256': None, #lambda data: hashlib.new('sha512_256').hexdigest()
+ 'PSA_ALG_SHA3_224': None, #lambda data: hashlib.sha3_224(data).hexdigest(),
+ 'PSA_ALG_SHA3_256': None, #lambda data: hashlib.sha3_256(data).hexdigest(),
+ 'PSA_ALG_SHA3_384': None, #lambda data: hashlib.sha3_384(data).hexdigest(),
+ 'PSA_ALG_SHA3_512': None, #lambda data: hashlib.sha3_512(data).hexdigest(),
+ 'PSA_ALG_SHAKE256_512': None, #lambda data: hashlib.shake_256(data).hexdigest(64),
+ } #type: Dict[str, Optional[Callable[[bytes], str]]]
+
+ @staticmethod
+ def one_test_case(alg: crypto_knowledge.Algorithm,
+ function: str, note: str,
+ arguments: List[str]) -> test_case.TestCase:
+ """Construct one test case involving a hash."""
+ tc = test_case.TestCase()
+ tc.set_description('{}{} {}'
+ .format(function,
+ ' ' + note if note else '',
+ alg.short_expression()))
+ tc.set_dependencies(psa_low_level_dependencies(alg.expression))
+ tc.set_function(function)
+ tc.set_arguments([alg.expression] +
+ ['"{}"'.format(arg) for arg in arguments])
+ return tc
+
+ def test_cases_for_hash(self,
+ alg: crypto_knowledge.Algorithm
+ ) -> Iterator[test_case.TestCase]:
+ """Enumerate all test cases for one hash algorithm."""
+ calc = self.CALCULATE[alg.expression]
+ if calc is None:
+ return # not implemented yet
+
+ short = b'abc'
+ hash_short = calc(short)
+ long = (b'Hello, world. Here are 16 unprintable bytes: ['
+ b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a'
+ b'\x80\x81\x82\x83\xfe\xff]. '
+ b' This message was brought to you by a natural intelligence. '
+ b' If you can read this, good luck with your debugging!')
+ hash_long = calc(long)
+
+ yield self.one_test_case(alg, 'hash_empty', '', [calc(b'')])
+ yield self.one_test_case(alg, 'hash_valid_one_shot', '',
+ [short.hex(), hash_short])
+ for n in [0, 1, 64, len(long) - 1, len(long)]:
+ yield self.one_test_case(alg, 'hash_valid_multipart',
+ '{} + {}'.format(n, len(long) - n),
+ [long[:n].hex(), calc(long[:n]),
+ long[n:].hex(), hash_long])
+
+ def all_test_cases(self) -> Iterator[test_case.TestCase]:
+ """Enumerate all test cases for all hash algorithms."""
+ for alg in self.algorithms:
+ yield from self.test_cases_for_hash(alg)
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 45d253b..285d6c6 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -4,19 +4,8 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import enum
import re
diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py
index 410c77e..b40f3b1 100644
--- a/scripts/mbedtls_dev/ecp.py
+++ b/scripts/mbedtls_dev/ecp.py
@@ -1,18 +1,7 @@
"""Framework classes for generation of ecp test cases."""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
from typing import List
diff --git a/scripts/mbedtls_dev/logging_util.py b/scripts/mbedtls_dev/logging_util.py
new file mode 100644
index 0000000..ddd7c7f
--- /dev/null
+++ b/scripts/mbedtls_dev/logging_util.py
@@ -0,0 +1,46 @@
+"""Auxiliary functions used for logging module.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+
+import logging
+import sys
+
+def configure_logger(
+ logger: logging.Logger,
+ log_format="[%(levelname)s]: %(message)s",
+ split_level=logging.WARNING
+ ) -> None:
+ """
+ Configure the logging.Logger instance so that:
+ - Format is set to any log_format.
+ Default: "[%(levelname)s]: %(message)s"
+ - loglevel >= split_level are printed to stderr.
+ - loglevel < split_level are printed to stdout.
+ Default: logging.WARNING
+ """
+ class MaxLevelFilter(logging.Filter):
+ # pylint: disable=too-few-public-methods
+ def __init__(self, max_level, name=''):
+ super().__init__(name)
+ self.max_level = max_level
+
+ def filter(self, record: logging.LogRecord) -> bool:
+ return record.levelno <= self.max_level
+
+ log_formatter = logging.Formatter(log_format)
+
+ # set loglevel >= split_level to be printed to stderr
+ stderr_hdlr = logging.StreamHandler(sys.stderr)
+ stderr_hdlr.setLevel(split_level)
+ stderr_hdlr.setFormatter(log_formatter)
+
+ # set loglevel < split_level to be printed to stdout
+ stdout_hdlr = logging.StreamHandler(sys.stdout)
+ stdout_hdlr.addFilter(MaxLevelFilter(split_level - 1))
+ stdout_hdlr.setFormatter(log_formatter)
+
+ logger.addHandler(stderr_hdlr)
+ logger.addHandler(stdout_hdlr)
diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py
index 3cad2a3..d68be00 100644
--- a/scripts/mbedtls_dev/macro_collector.py
+++ b/scripts/mbedtls_dev/macro_collector.py
@@ -2,19 +2,8 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import itertools
import re
diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py
new file mode 100644
index 0000000..b21a0cf
--- /dev/null
+++ b/scripts/mbedtls_dev/psa_information.py
@@ -0,0 +1,161 @@
+"""Collect information about PSA cryptographic mechanisms.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+
+import re
+from collections import OrderedDict
+from typing import FrozenSet, List, Optional
+
+from . import macro_collector
+
+
+class Information:
+ """Gather information about PSA constructors."""
+
+ def __init__(self) -> None:
+ self.constructors = self.read_psa_interface()
+
+ @staticmethod
+ def remove_unwanted_macros(
+ constructors: macro_collector.PSAMacroEnumerator
+ ) -> None:
+ # Mbed TLS does not support finite-field DSA.
+ # Don't attempt to generate any related test case.
+ constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
+ constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
+
+ def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
+ """Return the list of known key types, algorithms, etc."""
+ constructors = macro_collector.InputsForTest()
+ header_file_names = ['include/psa/crypto_values.h',
+ 'include/psa/crypto_extra.h']
+ test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
+ for header_file_name in header_file_names:
+ constructors.parse_header(header_file_name)
+ for test_cases in test_suites:
+ constructors.parse_test_cases(test_cases)
+ self.remove_unwanted_macros(constructors)
+ constructors.gather_arguments()
+ return constructors
+
+
+def psa_want_symbol(name: str) -> str:
+ """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
+ if name.startswith('PSA_'):
+ return name[:4] + 'WANT_' + name[4:]
+ else:
+ raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
+
+def finish_family_dependency(dep: str, bits: int) -> str:
+ """Finish dep if it's a family dependency symbol prefix.
+
+ A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
+ qualified by the key size. If dep is such a symbol, finish it by adjusting
+ the prefix and appending the key size. Other symbols are left unchanged.
+ """
+ return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
+
+def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
+ """Finish any family dependency symbol prefixes.
+
+ Apply `finish_family_dependency` to each element of `dependencies`.
+ """
+ return [finish_family_dependency(dep, bits) for dep in dependencies]
+
+SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
+ 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
+ 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
+ 'PSA_ALG_ANY_HASH', # only in policies
+ 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
+ 'PSA_ALG_KEY_AGREEMENT', # chaining
+ 'PSA_ALG_TRUNCATED_MAC', # modifier
+])
+def automatic_dependencies(*expressions: str) -> List[str]:
+ """Infer dependencies of a test case by looking for PSA_xxx symbols.
+
+ The arguments are strings which should be C expressions. Do not use
+ string literals or comments as this function is not smart enough to
+ skip them.
+ """
+ used = set()
+ for expr in expressions:
+ used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
+ used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
+ return sorted(psa_want_symbol(name) for name in used)
+
+# Define set of regular expressions and dependencies to optionally append
+# extra dependencies for test case based on key description.
+
+# Skip AES test cases which require 192- or 256-bit key
+# if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined
+AES_128BIT_ONLY_DEP_REGEX = re.compile(r'AES\s(192|256)')
+AES_128BIT_ONLY_DEP = ['!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH']
+# Skip AES/ARIA/CAMELLIA test cases which require decrypt operation in ECB mode
+# if MBEDTLS_BLOCK_CIPHER_NO_DECRYPT enabled.
+ECB_NO_PADDING_DEP_REGEX = re.compile(r'(AES|ARIA|CAMELLIA).*ECB_NO_PADDING')
+ECB_NO_PADDING_DEP = ['!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT']
+
+DEPENDENCY_FROM_DESCRIPTION = OrderedDict()
+DEPENDENCY_FROM_DESCRIPTION[AES_128BIT_ONLY_DEP_REGEX] = AES_128BIT_ONLY_DEP
+DEPENDENCY_FROM_DESCRIPTION[ECB_NO_PADDING_DEP_REGEX] = ECB_NO_PADDING_DEP
+def generate_deps_from_description(
+ description: str
+ ) -> List[str]:
+ """Return additional dependencies based on test case description and REGEX.
+ """
+ dep_list = []
+ for regex, deps in DEPENDENCY_FROM_DESCRIPTION.items():
+ if re.search(regex, description):
+ dep_list += deps
+
+ return dep_list
+
+# A temporary hack: at the time of writing, not all dependency symbols
+# are implemented yet. Skip test cases for which the dependency symbols are
+# not available. Once all dependency symbols are available, this hack must
+# be removed so that a bug in the dependency symbols properly leads to a test
+# failure.
+def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
+ return frozenset(symbol
+ for line in open(filename)
+ for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
+_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
+def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
+ global _implemented_dependencies #pylint: disable=global-statement,invalid-name
+ if _implemented_dependencies is None:
+ _implemented_dependencies = \
+ read_implemented_dependencies('include/psa/crypto_config.h')
+ if not all((dep.lstrip('!') in _implemented_dependencies or
+ not dep.lstrip('!').startswith('PSA_WANT'))
+ for dep in dependencies):
+ dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
+
+def tweak_key_pair_dependency(dep: str, usage: str):
+ """
+ This helper function add the proper suffix to PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
+ symbols according to the required usage.
+ """
+ ret_list = list()
+ if dep.endswith('KEY_PAIR'):
+ if usage == "BASIC":
+ # BASIC automatically includes IMPORT and EXPORT for test purposes (see
+ # config_psa.h).
+ ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_BASIC', dep))
+ ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_IMPORT', dep))
+ ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_EXPORT', dep))
+ elif usage == "GENERATE":
+ ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_GENERATE', dep))
+ else:
+ # No replacement to do in this case
+ ret_list.append(dep)
+ return ret_list
+
+def fix_key_pair_dependencies(dep_list: List[str], usage: str):
+ new_list = [new_deps
+ for dep in dep_list
+ for new_deps in tweak_key_pair_dependency(dep, usage)]
+
+ return new_list
diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py
index bae9938..b1fc377 100644
--- a/scripts/mbedtls_dev/psa_storage.py
+++ b/scripts/mbedtls_dev/psa_storage.py
@@ -7,19 +7,8 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import re
import struct
@@ -27,6 +16,7 @@
import unittest
from . import c_build_helper
+from . import build_tree
class Expr:
@@ -51,13 +41,16 @@
def update_cache(self) -> None:
"""Update `value_cache` for expressions registered in `unknown_values`."""
expressions = sorted(self.unknown_values)
+ includes = ['include']
+ if build_tree.looks_like_tf_psa_crypto_root('.'):
+ includes.append('drivers/builtin/include')
values = c_build_helper.get_c_expression_values(
'unsigned long', '%lu',
expressions,
header="""
#include <psa/crypto.h>
""",
- include_path=['include']) #type: List[str]
+ include_path=includes) #type: List[str]
for e, v in zip(expressions, values):
self.value_cache[e] = int(v, 0)
self.unknown_values.clear()
diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py
index 8f08703..6ed5e84 100644
--- a/scripts/mbedtls_dev/test_case.py
+++ b/scripts/mbedtls_dev/test_case.py
@@ -2,19 +2,8 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import binascii
import os
diff --git a/scripts/mbedtls_dev/test_data_generation.py b/scripts/mbedtls_dev/test_data_generation.py
index 02aa510..a84f7dd 100644
--- a/scripts/mbedtls_dev/test_data_generation.py
+++ b/scripts/mbedtls_dev/test_data_generation.py
@@ -7,19 +7,8 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import argparse
import os
diff --git a/scripts/mbedtls_dev/typing_util.py b/scripts/mbedtls_dev/typing_util.py
index 4c34449..2ec448d 100644
--- a/scripts/mbedtls_dev/typing_util.py
+++ b/scripts/mbedtls_dev/typing_util.py
@@ -2,19 +2,8 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
from typing import Any
diff --git a/scripts/memory.sh b/scripts/memory.sh
index e3ce9d6..d119374 100755
--- a/scripts/memory.sh
+++ b/scripts/memory.sh
@@ -7,19 +7,7 @@
# since for memory we want debug information.
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -eu
diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py
index c00d58e..9888abe 100755
--- a/scripts/min_requirements.py
+++ b/scripts/min_requirements.py
@@ -3,19 +3,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import argparse
import os
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 5356132..b056ffd 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -3,19 +3,7 @@
# output_env.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
@@ -170,13 +158,6 @@
print_version "$OPENSSL" "version" "default"
echo
-if [ -n "${OPENSSL_LEGACY+set}" ]; then
- print_version "$OPENSSL_LEGACY" "version" "legacy"
-else
- echo " * openssl (legacy): Not configured."
-fi
-echo
-
if [ -n "${OPENSSL_NEXT+set}" ]; then
print_version "$OPENSSL_NEXT" "version" "next"
else
@@ -192,20 +173,6 @@
print_version "$GNUTLS_SERV" "--version" "default" "head -n 1"
echo
-if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then
- print_version "$GNUTLS_LEGACY_CLI" "--version" "legacy" "head -n 1"
-else
- echo " * gnutls-cli (legacy): Not configured."
-fi
-echo
-
-if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
- print_version "$GNUTLS_LEGACY_SERV" "--version" "legacy" "head -n 1"
-else
- echo " * gnutls-serv (legacy): Not configured."
-fi
-echo
-
echo " * Installed asan versions:"
if type dpkg-query >/dev/null 2>/dev/null; then
if ! dpkg-query -f '${Status} ${Package}: ${Version}\n' -W 'libasan*' |
diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh
new file mode 100755
index 0000000..3b63ed9
--- /dev/null
+++ b/scripts/prepare_release.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+print_usage()
+{
+ cat <<EOF
+Usage: $0 [OPTION]...
+Prepare the source tree for a release.
+
+Options:
+ -u Prepare for development (undo the release preparation)
+EOF
+}
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -eu
+
+if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
+ print_usage
+ exit
+fi
+
+unrelease= # if non-empty, we're in undo-release mode
+while getopts u OPTLET; do
+ case $OPTLET in
+ u) unrelease=1;;
+ \?)
+ echo 1>&2 "$0: unknown option: -$OPTLET"
+ echo 1>&2 "Try '$0 --help' for more information."
+ exit 3;;
+ esac
+done
+
+
+
+#### .gitignore processing ####
+
+GITIGNORES=$(find . -name ".gitignore")
+for GITIGNORE in $GITIGNORES; do
+ if [ -n "$unrelease" ]; then
+ sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE
+ sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE
+ sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE
+ else
+ sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE
+ sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE
+ sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE
+ fi
+done
+
+
+
+#### Build scripts ####
+
+# GEN_FILES defaults on (non-empty) in development, off (empty) in releases
+if [ -n "$unrelease" ]; then
+ r=' yes'
+else
+ r=''
+fi
+sed -i 's/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1'"$r/" Makefile */Makefile
+
+# GEN_FILES defaults on in development, off in releases
+if [ -n "$unrelease" ]; then
+ r='ON'
+else
+ r='OFF'
+fi
+sed -i '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt
diff --git a/scripts/rm-calloc-cast.cocci b/scripts/rm-calloc-cast.cocci
deleted file mode 100644
index 89481c0..0000000
--- a/scripts/rm-calloc-cast.cocci
+++ /dev/null
@@ -1,7 +0,0 @@
-@rm_calloc_cast@
-expression x, n, m;
-type T;
-@@
- x =
-- (T *)
- mbedtls_calloc(n, m)
diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh
index 558970f..455f892 100755
--- a/scripts/tmp_ignore_makefiles.sh
+++ b/scripts/tmp_ignore_makefiles.sh
@@ -4,19 +4,7 @@
# git development
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
IGNORE=""
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 9bd93f1..68bc57f 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -1,5 +1,8 @@
+find_package(Threads)
+
set(libs
${mbedtls_target}
+ ${CMAKE_THREAD_LIBS_INIT}
)
# Set the project root directory if it's not already defined, as may happen if
@@ -118,8 +121,10 @@
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_data_tests.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_knowledge.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/macro_collector.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_information.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_storage.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py
diff --git a/tests/Makefile b/tests/Makefile
index 75dc3c6..29197b7 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -49,7 +49,7 @@
ifdef WINDOWS_BUILD
DLEXT=dll
EXEXT=.exe
-LOCAL_LDFLAGS += -lws2_32
+LOCAL_LDFLAGS += -lws2_32 -lbcrypt
ifdef SHARED
SHARED_SUFFIX=.$(DLEXT)
endif
@@ -57,6 +57,10 @@
DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
+
+ifeq ($(THREADING),pthread)
+LOCAL_LDFLAGS += -lpthread
+endif
endif
ifdef WINDOWS
@@ -65,6 +69,14 @@
PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
endif
+# See root Makefile
+GEN_FILES ?= yes
+ifdef GEN_FILES
+gen_file_dep =
+else
+gen_file_dep = |
+endif
+
.PHONY: generated_files
GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \
$(PYTHON) scripts/generate_bignum_tests.py --list || \
@@ -97,7 +109,7 @@
# Use an intermediate phony dependency so that parallel builds don't run
# a separate instance of the recipe for each output file.
.SECONDARY: generated_bignum_test_data generated_ecp_test_data generated_psa_test_data
-$(GENERATED_BIGNUM_DATA_FILES): generated_bignum_test_data
+$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data
generated_bignum_test_data: scripts/generate_bignum_tests.py
generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_common.py
generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_core.py
@@ -109,7 +121,7 @@
echo " Gen $(GENERATED_BIGNUM_DATA_FILES)"
$(PYTHON) scripts/generate_bignum_tests.py
-$(GENERATED_ECP_DATA_FILES): generated_ecp_test_data
+$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data
generated_ecp_test_data: scripts/generate_ecp_tests.py
generated_ecp_test_data: ../scripts/mbedtls_dev/bignum_common.py
generated_ecp_test_data: ../scripts/mbedtls_dev/ecp.py
@@ -119,10 +131,12 @@
echo " Gen $(GENERATED_ECP_DATA_FILES)"
$(PYTHON) scripts/generate_ecp_tests.py
-$(GENERATED_PSA_DATA_FILES): generated_psa_test_data
+$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data
generated_psa_test_data: scripts/generate_psa_tests.py
+generated_psa_test_data: ../scripts/mbedtls_dev/crypto_data_tests.py
generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py
generated_psa_test_data: ../scripts/mbedtls_dev/macro_collector.py
+generated_psa_test_data: ../scripts/mbedtls_dev/psa_information.py
generated_psa_test_data: ../scripts/mbedtls_dev/psa_storage.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_case.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_data_generation.py
diff --git a/tests/compat-in-docker.sh b/tests/compat-in-docker.sh
index 29c8787..e703c57 100755
--- a/tests/compat-in-docker.sh
+++ b/tests/compat-in-docker.sh
@@ -22,19 +22,7 @@
# - compat.sh for notes about invocation of that script.
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
source tests/scripts/docker_env.sh
diff --git a/tests/compat.sh b/tests/compat.sh
index 2e03e44..ac29e50 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -3,19 +3,7 @@
# compat.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
@@ -108,6 +96,7 @@
EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305'
VERBOSE=""
MEMCHECK=0
+PRESERVE_LOGS=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
# hidden option: skip DTLS with OpenSSL
@@ -126,8 +115,40 @@
printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
printf " -M|--memcheck\tCheck memory leaks and errors.\n"
printf " -v|--verbose\tSet verbose output.\n"
+ printf " --list-test-cases\tList all potential test cases (No Execution)\n"
printf " --outcome-file\tFile where test outcomes are written\n"
printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
+ printf " --preserve-logs\tPreserve logs of successful tests as well\n"
+}
+
+# print_test_case <CLIENT> <SERVER> <STANDARD_CIPHER_SUITE>
+print_test_case() {
+ for i in $3; do
+ uniform_title $1 $2 $i
+ echo $TITLE
+ done
+}
+
+# list_test_cases lists all potential test cases in compat.sh without execution
+list_test_cases() {
+ reset_ciphersuites
+ for TYPE in $TYPES; do
+ add_common_ciphersuites
+ add_openssl_ciphersuites
+ add_gnutls_ciphersuites
+ add_mbedtls_ciphersuites
+ done
+
+ for VERIFY in $VERIFIES; do
+ VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
+ for MODE in $MODES; do
+ print_test_case m O "$O_CIPHERS"
+ print_test_case O m "$O_CIPHERS"
+ print_test_case m G "$G_CIPHERS"
+ print_test_case G m "$G_CIPHERS"
+ print_test_case m m "$M_CIPHERS"
+ done
+ done
}
get_options() {
@@ -157,9 +178,18 @@
-M|--memcheck)
MEMCHECK=1
;;
+ # Please check scripts/check_test_cases.py correspondingly
+ # if you have to modify option, --list-test-cases
+ --list-test-cases)
+ list_test_cases
+ exit $?
+ ;;
--outcome-file)
shift; MBEDTLS_TEST_OUTCOME_FILE=$1
;;
+ --preserve-logs)
+ PRESERVE_LOGS=1
+ ;;
-h|--help)
print_usage
exit 0
@@ -225,7 +255,7 @@
{
if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
then
- # Ciphersuite for mbed TLS
+ # Ciphersuite for Mbed TLS
M_CIPHERS=$( filter "$M_CIPHERS" )
# Ciphersuite for OpenSSL
@@ -235,7 +265,7 @@
G_CIPHERS=$( filter "$G_CIPHERS" )
fi
- # For GnuTLS client -> mbed TLS server,
+ # For GnuTLS client -> Mbed TLS server,
# we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
if is_dtls "$MODE" && [ "X$VERIFY" = "XYES" ]; then
G_CIPHERS=""
@@ -592,7 +622,7 @@
fi
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
- O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$O_MODE"
+ O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE"
G_SERVER_ARGS="-p $PORT --http $G_MODE"
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
@@ -826,6 +856,14 @@
echo "EXIT: $EXIT" >> $CLI_OUT
}
+# uniform_title <CLIENT> <SERVER> <STANDARD_CIPHER_SUITE>
+# $TITLE is considered as test case description for both --list-test-cases and
+# MBEDTLS_TEST_OUTCOME_FILE. This function aims to control the format of
+# each test case description.
+uniform_title() {
+ TITLE="$1->$2 $MODE,$VERIF $3"
+}
+
# record_outcome <outcome> [<failure-reason>]
record_outcome() {
echo "$1"
@@ -842,12 +880,16 @@
fi
}
+save_logs() {
+ cp $SRV_OUT c-srv-${TESTS}.log
+ cp $CLI_OUT c-cli-${TESTS}.log
+}
+
# display additional information if test case fails
report_fail() {
FAIL_PROMPT="outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
record_outcome "FAIL" "$FAIL_PROMPT"
- cp $SRV_OUT c-srv-${TESTS}.log
- cp $CLI_OUT c-cli-${TESTS}.log
+ save_logs
echo " ! $FAIL_PROMPT"
if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
@@ -863,8 +905,7 @@
run_client() {
# announce what we're going to do
TESTS=$(( $TESTS + 1 ))
- TITLE="${1%"${1#?}"}->${SERVER_NAME%"${SERVER_NAME#?}"}"
- TITLE="$TITLE $MODE,$VERIF $2"
+ uniform_title "${1%"${1#?}"}" "${SERVER_NAME%"${SERVER_NAME#?}"}" $2
DOTS72="........................................................................"
printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72"
@@ -966,6 +1007,9 @@
case $RESULT in
"0")
record_outcome "PASS"
+ if [ "$PRESERVE_LOGS" -gt 0 ]; then
+ save_logs
+ fi
;;
"1")
record_outcome "SKIP"
diff --git a/tests/configs/config-wrapper-malloc-0-null.h b/tests/configs/config-wrapper-malloc-0-null.h
deleted file mode 100644
index fc649bf..0000000
--- a/tests/configs/config-wrapper-malloc-0-null.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/* mbedtls_config.h wrapper that forces calloc(0) to return NULL.
- * Used for testing.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "mbedtls/mbedtls_config.h"
-
-#include <stdlib.h>
-
-#ifndef MBEDTLS_PLATFORM_STD_CALLOC
-static inline void *custom_calloc(size_t nmemb, size_t size)
-{
- if (nmemb == 0 || size == 0) {
- return NULL;
- }
- return calloc(nmemb, size);
-}
-
-#define MBEDTLS_PLATFORM_MEMORY
-#define MBEDTLS_PLATFORM_STD_CALLOC custom_calloc
-#endif
diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h
index 38286d1..d825ee9 100644
--- a/tests/configs/tls13-only.h
+++ b/tests/configs/tls13-only.h
@@ -7,19 +7,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* Enable TLS 1.3 and core 1.3 features */
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index 8c2680d..639496b 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -7,32 +7,44 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#if defined(PSA_CRYPTO_DRIVER_TEST_ALL)
+/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the
+ * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx
+ * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but
+ * here we arrange to have both active so that psa_crypto_*.c includes
+ * the built-in implementations and the driver code can call the built-in
+ * implementations.
+ *
+ * The point of this test mode is to verify that the
+ * driver entry points are called when they should be in a lightweight
+ * way, without requiring an actual driver. This is different from builds
+ * with libtestdriver1, where we make a copy of the library source code
+ * and use that as an external driver.
+ */
/* Enable the use of the test driver in the library, and build the generic
* part of the test driver. */
#define PSA_CRYPTO_DRIVER_TEST
+/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the
+ * built-in implementations won't be enabled. */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#error \
+ "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG"
+#endif
+
/* Use the accelerator driver for all cryptographic mechanisms for which
* the test driver implemented. */
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR
#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
diff --git a/tests/configs/user-config-malloc-0-null.h b/tests/configs/user-config-malloc-0-null.h
new file mode 100644
index 0000000..fada9ee
--- /dev/null
+++ b/tests/configs/user-config-malloc-0-null.h
@@ -0,0 +1,22 @@
+/* mbedtls_config.h modifier that forces calloc(0) to return NULL.
+ * Used for testing.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <stdlib.h>
+
+#ifndef MBEDTLS_PLATFORM_STD_CALLOC
+static inline void *custom_calloc(size_t nmemb, size_t size)
+{
+ if (nmemb == 0 || size == 0) {
+ return NULL;
+ }
+ return calloc(nmemb, size);
+}
+
+#define MBEDTLS_PLATFORM_MEMORY
+#define MBEDTLS_PLATFORM_STD_CALLOC custom_calloc
+#endif
diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h
new file mode 100644
index 0000000..52d4b08
--- /dev/null
+++ b/tests/configs/user-config-zeroize-memset.h
@@ -0,0 +1,17 @@
+/* mbedtls_config.h modifier that defines mbedtls_platform_zeroize() to be
+ * memset(), so that the compile can check arguments for us.
+ * Used for testing.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <string.h>
+
+/* Define _ALT so we don't get the built-in implementation. The test code will
+ * also need to define MBEDTLS_TEST_DEFINES_ZEROIZE so we don't get the
+ * declaration. */
+#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len)
diff --git a/tests/context-info.sh b/tests/context-info.sh
index 88dfcaa..55e3219 100755
--- a/tests/context-info.sh
+++ b/tests/context-info.sh
@@ -3,19 +3,7 @@
# context-info.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# This program is intended for testing the ssl_context_info program
#
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 5230a30..a7035cb 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1,7 +1,7 @@
## This file contains a record of how some of the test data was
## generated. The final build products are committed to the repository
## as well to make sure that the test data is identical. You do not
-## need to use this makefile unless you're extending mbed TLS's tests.
+## need to use this makefile unless you're extending Mbed TLS's tests.
## Many data files were generated prior to the existence of this
## makefile, so the method of their generation was not recorded.
@@ -38,12 +38,15 @@
test_ca_crt = test-ca.crt
test_ca_key_file_rsa = test-ca.key
+test_ca_key_file_rsa_unenc = test-ca_unenc.key
test_ca_pwd_rsa = PolarSSLTest
test_ca_config_file = test-ca.opensslconf
$(test_ca_key_file_rsa):
$(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048
-all_final += $(test_ca_key_file_rsa)
+$(test_ca_key_file_rsa_unenc): $(test_ca_key_file_rsa)
+ $(OPENSSL) rsa -passin pass:$(test_ca_pwd_rsa) -in $< -out $@
+all_final += $(test_ca_key_file_rsa) $(test_ca_key_file_rsa_unenc)
test-ca.req.sha256: $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
@@ -60,6 +63,14 @@
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
all_final += test-ca.key.der
+# This is only used for generating cert_example_multi_nocn.crt
+test-ca_nocn.crt: $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 selfsign=1 \
+ subject_key=$(test_ca_key_file_rsa) subject_pwd=$(test_ca_pwd_rsa) subject_name="C=NL" \
+ issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) issuer_name="C=NL" \
+ not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
+all_intermediate += test-ca_nocn.crt
+
test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
all_final += test-ca-sha1.crt
@@ -99,6 +110,16 @@
-passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 \
-in $< > $@
+cert_example_multi_nocn.csr: rsa_pkcs1_1024_clear.pem
+ $(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name='C=NL'
+all_intermediate += cert_example_multi_nocn.csr
+
+parse_input/cert_example_multi_nocn.crt cert_example_multi_nocn.crt: cert_example_multi_nocn.csr test-ca_nocn.crt
+ $(OPENSSL) x509 -req -CA test-ca_nocn.crt -CAkey $(test_ca_key_file_rsa) \
+ -extfile $(test_ca_config_file) -extensions ext_multi_nocn -passin "pass:$(test_ca_pwd_rsa)" \
+ -set_serial 0xf7c67ff8e9a963f9 -days 3653 -sha1 -in $< > $@
+all_final += cert_example_multi_nocn.crt
+
parse_input/test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem
$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage
parse_input/test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem
@@ -168,13 +189,26 @@
test_ca_key_file_ec = test-ca2.key
test-ca2.req.sha256: $(test_ca_key_file_ec)
- $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) \
+ subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
all_intermediate += test-ca2.req.sha256
test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
- $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 selfsign=1 \
+ request_file=test-ca2.req.sha256 \
+ issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" \
+ issuer_key=$(test_ca_key_file_ec) \
+ not_before=20190210144400 not_after=20290210144400 \
+ md=SHA256 version=3 output_file=$@
all_final += test-ca2.crt
+test-ca2.ku-%.crt: test-ca2.ku-%.crt.openssl.v3_ext $(test_ca_key_file_ec) test-ca2.req.sha256
+ $(OPENSSL) x509 -req -in test-ca2.req.sha256 -extfile $< \
+ -signkey $(test_ca_key_file_ec) -days 3653 -out $@
+
+all_final += test-ca2.ku-crl.crt test-ca2.ku-crt.crt test-ca2.ku-crt_crl.crt \
+ test-ca2.ku-ds.crt
+
test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \
issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \
@@ -199,10 +233,14 @@
all_final += $(test_ca_ec_cat)
parse_input/test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
- $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \
+ -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" \
+ -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
parse_input/test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
- $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \
+ -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 \
+ -in test-ca.req_ec.sha256 -out $@
parse_input/test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
@@ -414,9 +452,23 @@
# try to forge a copy of test-int-ca3 with different key
server5-ss-forgeca.crt: server5.key
- $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" \
+ -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca \
+ -days 3650 -sha256 -key $< -out $@
all_final += server5-ss-forgeca.crt
+server5-selfsigned.crt: server5.key
+ openssl req -x509 -key server5.key \
+ -sha256 -days 3650 -nodes \
+ -addext basicConstraints=critical,CA:FALSE \
+ -addext keyUsage=critical,digitalSignature \
+ -addext subjectKeyIdentifier=hash \
+ -addext authorityKeyIdentifier=none \
+ -set_serial 0x53a2cb4b124ead837da894b2 \
+ -subj "/CN=selfsigned/OU=testing/O=PolarSSL/C=NL" \
+ -out $@
+all_final += server5-selfsigned.crt
+
parse_input/server5-othername.crt.der: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -outform der -out $@
@@ -486,6 +538,65 @@
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
all_final += test-int-ca3-badsign.crt
+# server9*
+
+server9.csr: server9.key
+ $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
+ -key $< -out $@
+parse_input/server9.crt server9.crt: server9-sha1.crt
+ cp $< $@
+all_final += server9.crt
+all_intermediate += server9.csr server9-sha1.crt
+
+server9-%.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
+ -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
+ -set_serial $(SERVER9_CRT_SERIAL) -days 3653 \
+ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
+ -sigopt rsa_mgf1_md:$(@F:server9-%.crt=%) -$(@F:server9-%.crt=%) \
+ -in $< -out $@
+server9-sha1.crt: SERVER9_CRT_SERIAL=22
+parse_input/server9-sha224.crt server9-sha224.crt: SERVER9_CRT_SERIAL=23
+parse_input/server9-sha256.crt server9-sha256.crt: SERVER9_CRT_SERIAL=24
+parse_input/server9-sha384.crt server9-sha384.crt: SERVER9_CRT_SERIAL=25
+parse_input/server9-sha512.crt server9-sha512.crt: SERVER9_CRT_SERIAL=26
+all_final += server9-sha224.crt server9-sha256.crt server9-sha384.crt server9-sha512.crt
+
+server9-defaults.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
+ -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
+ -set_serial 72 -days 3653 \
+ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max -sha1 \
+ -in $< -out $@
+all_final += server9-defaults.crt
+
+server9-badsign.crt: server9.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += server9-badsign.crt
+
+server9-with-ca.crt: server9.crt $(test_ca_crt)
+ cat $^ > $@
+all_final += server9-with-ca.crt
+
+server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
+ -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
+ -set_serial 24 -days 3653 \
+ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
+ -sigopt rsa_mgf1_md:sha224 -sha256 \
+ -in $< -out $@
+all_final += server9-bad-mgfhash.crt
+
+server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) \
+ opensslcnf/server9.crt.v3_ext \
+ ../scripts/generate_server9_bad_saltlen.py
+ ../scripts/generate_server9_bad_saltlen.py --ca-name test-ca \
+ --ca-password $(test_ca_pwd_rsa) --csr server9.csr \
+ --openssl-extfile opensslcnf/server9.crt.v3_ext \
+ --anounce_saltlen 0xde --actual_saltlen 0x20 \
+ --output $@
+all_final += server9-bad-saltlen.crt
+
# server10*
server10.crt: server10.key test-int-ca3.crt test-int-ca3.key
@@ -1304,8 +1415,7 @@
server1.req.sha256.ext: server1.key
# Generating this with OpenSSL as a comparison point to test we're getting the same result
- openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" -addext "subjectAltName=URI:http://pki.example.com/,IP:127.1.1.0,DNS:example.com"
-all_final += server1.req.sha256.ext
+ openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -config server1.req.sha256.conf
parse_input/server1.req.sha384 server1.req.sha384: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
@@ -1338,6 +1448,14 @@
parse_input/server1.req.commas.sha256: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256
+parse_input/server1.req.hashsymbol.sha256: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=\#PolarSSL,CN=PolarSSL Server 1" md=SHA256
+
+parse_input/server1.req.spaces.sha256: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O= PolarSSL ,CN=PolarSSL Server 1" md=SHA256
+
+parse_input/server1.req.asciichars.sha256: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=极地SSL,CN=PolarSSL Server 1" md=SHA256
# server2*
server2_pwd_ec = PolarSSLTest
@@ -1388,6 +1506,32 @@
$(OPENSSL) req -key $< -out $@ -new -nodes -subj "/C=NL/O=PolarSSL/CN=PolarSSL Server 1" -sha1 -addext keyUsage=digitalSignature,nonRepudiation
all_final += server5.req.ku.sha1
+server5.ku-ds.crt: SERVER5_CRT_SERIAL=45
+server5.ku-ds.crt: SERVER5_KEY_USAGE=digital_signature
+server5.ku-ka.crt: SERVER5_CRT_SERIAL=46
+server5.ku-ka.crt: SERVER5_KEY_USAGE=key_agreement
+server5.ku-ke.crt: SERVER5_CRT_SERIAL=47
+server5.ku-ke.crt: SERVER5_KEY_USAGE=key_encipherment
+server5.eku-cs.crt: SERVER5_CRT_SERIAL=58
+server5.eku-cs.crt: SERVER5_EXT_KEY_USAGE=codeSigning
+server5.eku-cs_any.crt: SERVER5_CRT_SERIAL=59
+server5.eku-cs_any.crt: SERVER5_EXT_KEY_USAGE=codeSigning,any
+server5.eku-cli.crt: SERVER5_CRT_SERIAL=60
+server5.eku-cli.crt: SERVER5_EXT_KEY_USAGE=clientAuth
+server5.eku-srv_cli.crt: SERVER5_CRT_SERIAL=61
+server5.eku-srv_cli.crt: SERVER5_EXT_KEY_USAGE=serverAuth,clientAuth
+server5.eku-srv.crt: SERVER5_CRT_SERIAL=62
+server5.eku-srv.crt: SERVER5_EXT_KEY_USAGE=serverAuth
+server5.ku-%.crt: SERVER5_EXT_OPTS=key_usage=$(SERVER5_KEY_USAGE)
+server5.eku-%.crt: SERVER5_EXT_OPTS=ext_key_usage=$(SERVER5_EXT_KEY_USAGE)
+server5.%.crt: server5.key
+ $(MBEDTLS_CERT_WRITE) \
+ subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=$(SERVER5_CRT_SERIAL) \
+ issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) $(SERVER5_EXT_OPTS) \
+ not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
+all_final += server5.ku-ka.crt server5.ku-ke.crt server5.ku-ds.crt
+all_final += server5.eku-cs.crt server5.eku-cs_any.crt server5.eku-cli.crt server5.eku-srv_cli.crt server5.eku-srv.crt
+
# server6*
server6.csr: server6.key
@@ -1399,6 +1543,18 @@
-extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@
all_final += server6.crt
+server6-ss-child.csr : server6.key
+ $(OPENSSL) req -new -subj "/CN=selfsigned-child/OU=testing/O=PolarSSL/C=NL" \
+ -key $< -out $@
+all_intermediate += server6-ss-child.csr
+server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext
+ $(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \
+ -extfile server6-ss-child.crt.openssl.v3_ext \
+ -set_serial 0x53a2cb5822399474a7ec79ec \
+ -days 3650 -sha256 -in $< -out $@
+all_final += server6-ss-child.crt
+
+
################################################################
### Generate certificates for CRT write check tests
################################################################
@@ -1449,7 +1605,13 @@
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
-all_final += server1.crt server1.noauthid.crt server1.crt.der server1.commas.crt
+server1.hashsymbol.crt: server1.key parse_input/server1.req.hashsymbol.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.hashsymbol.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+server1.spaces.crt: server1.key parse_input/server1.req.spaces.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.spaces.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+server1.asciichars.crt: server1.key parse_input/server1.req.asciichars.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.asciichars.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt server1.hashsymbol.crt server1.spaces.crt server1.asciichars.crt
parse_input/server1.key_usage.crt: parse_input/server1.req.sha256
server1.key_usage.crt: server1.req.sha256
@@ -1487,6 +1649,16 @@
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der
+server1-nospace.crt: server1.key test-ca.crt
+ $(MBEDTLS_CERT_WRITE) subject_key=$< serial=31\
+ subject_name="C=NL,O=PolarSSL,CN=polarssl.example" \
+ issuer_crt=test-ca.crt issuer_key=$(test_ca_key_file_rsa) \
+ issuer_pwd=$(test_ca_pwd_rsa) \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=3 authority_identifier=1 \
+ output_file=$@
+all_final += server1-nospace.crt
+
server1_ca.crt: server1.crt $(test_ca_crt)
cat server1.crt $(test_ca_crt) > $@
all_final += server1_ca.crt
@@ -1545,8 +1717,13 @@
crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
-crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf
- $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@
+crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) \
+ $(test_ca_config_file) \
+ test-ca.server1.future-crl.db \
+ test-ca.server1.future-crl.opensslconf
+ $(FAKETIME) -f '+10y' $(OPENSSL) ca -gencrl \
+ -config test-ca.server1.future-crl.opensslconf -crldays 365 \
+ -passin "pass:$(test_ca_pwd_rsa)" -out $@
server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
@@ -1564,6 +1741,25 @@
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += server2-sha256.crt
+server2.ku-ka.crt: SERVER2_CRT_SERIAL=42
+server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement
+server2.ku-ke.crt: SERVER2_CRT_SERIAL=43
+server2.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment
+server2.ku-ds.crt: SERVER2_CRT_SERIAL=44
+server2.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature
+server2.ku-ds_ke.crt: SERVER2_CRT_SERIAL=48
+server2.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment
+server2.ku-%.crt: server2.req.sha256
+ $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \
+ issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
+ key_usage="$(SERVER2_KEY_USAGE)" \
+ not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt
+
+server2-badsign.crt: server2.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += server2-badsign.crt
+
# server3*
parse_input/server3.crt server3.crt: server3.key
@@ -1820,6 +2016,41 @@
dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1
all_final += pkcs7_data_cert_signeddata_sha256.der
+# - test-ca-v1.crt: v1 "CA", signs
+# server1-v1.crt: v1 "intermediate CA", signs
+# server2-v1*.crt: EE cert (without of with chain in same file)
+
+test-ca-v1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial_hex=53a2b68e05400e555c9395e5 \
+ request_file=test-ca.req.sha256 \
+ selfsign=1 issuer_name="CN=PolarSSL Test CA v1,OU=testing,O=PolarSSL,C=NL" \
+ issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
+ not_before=20190210144400 not_after=20290210144400 md=SHA256 version=1 \
+ output_file=$@
+all_final += test-ca-v1.crt
+
+server1-v1.crt: server1.key test-ca-v1.crt
+ $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6c704cd4d8ebc800bc1\
+ subject_name="CN=server1/int-ca-v1,OU=testing,O=PolarSSL,C=NL" \
+ issuer_crt=test-ca-v1.crt issuer_key=$(test_ca_key_file_rsa) \
+ issuer_pwd=$(test_ca_pwd_rsa) \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=1 \
+ output_file=$@
+all_final += server1-v1.crt
+
+server2-v1.crt: server2.key server1-v1.crt
+ $(MBEDTLS_CERT_WRITE) subject_key=$< serial_hex=53a2b6d9235dbc4573f9b76c\
+ subject_name="CN=server2,OU=testing,O=PolarSSL,C=NL" \
+ issuer_crt=server1-v1.crt issuer_key=server1.key \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=1 \
+ output_file=$@
+all_final += server2-v1.crt
+
+server2-v1-chain.crt: server2-v1.crt server1-v1.crt
+ cat $^ > $@
+
################################################################
#### Generate C format test certs header
################################################################
diff --git a/tests/data_files/cert_example_multi_nocn.crt b/tests/data_files/cert_example_multi_nocn.crt
index 1634846..08bf63c 100644
--- a/tests/data_files/cert_example_multi_nocn.crt
+++ b/tests/data_files/cert_example_multi_nocn.crt
@@ -1,13 +1,16 @@
-----BEGIN CERTIFICATE-----
-MIIB/TCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
-BAYTAk5MMB4XDTE0MDEyMjEwMDQzM1oXDTI0MDEyMjEwMDQzM1owDTELMAkGA1UE
-BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2pt
-WZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNz
-UnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ
-81kybdHg6G3eUu1mtKkL2kCVAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+MIICfjCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
+BAYTAk5MMB4XDTIzMDUxODAyMDUwMVoXDTMzMDUxODAyMDUwMVowDTELMAkGA1UE
+BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMc4ksXD9HAQCGv4EzXs
+8wEciiUPlYI2HqoelhJVGqz4e3UzC3BXM5zZlfFNTEQ3yL7EoD/kZDzT88kCQz3D
+fFuOeaoJhK6CEzcKv4VpvSo1Ymyx/uSs4EKyQXx75J0nFJssB2uOQz0/bHY6Rpoc
+cA0lnbwIx0D82AI3Yv996/wtAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgMEkGA1UdEQRCMECCHHd3dy5zaG90b2thbi1icmF1bnNjaHdlaWcuZGWCFHd3
-dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4GB
-ABjx1ytrqCyFC5/0cjWnbLK9vsvLny2ZikDewfRxqJ5zAxGWLqHOr1SmUmu2DrvB
-bkT9g5z19+iMhPnzJz1x7Q2m7WTIJTuUPK+hKZJATDLNhZ86h5Nkw8k9YzKcOrPm
-EIqsy55CSgLU0ntljqSBvSb4ifrF1NnIWej2lSfN6r+3
+dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4IB
+AQAuomKlMLwSkP3zvGuA9awDdITM/uCzfd77yi60zMNtFHDMu2YZ2npQSl0czab6
+/8fX9goaU8V3cx4KXSLMx7i9AsP1r559Uo3c/4oTZd3xBsElMAn/TXiuujZ2RwdL
+RcMOJerlThOE0dtNdniJj7lPaan70CELP/CUn8KgeWgztQJj4ghfUwnLn6RnpLfl
+YyM/Xq2YbwnQWHXSe3CPTy5RCWalt3SgZf6IDcD6CNq1Q2l14iR78OWnlxGTFmjP
+ez3OzxNT2BZz0AiP0WvTbUtvfuxw9G3fHHe5ClsAopIA3tD246jHOAlqAnOEBC/x
+IABbWjY/briP9U4R6x+mg2ck
-----END CERTIFICATE-----
diff --git a/tests/data_files/crl-rsa-pss-sha1-badsign.pem b/tests/data_files/crl-rsa-pss-sha1-badsign.pem
index 7e2a596..d236910 100644
--- a/tests/data_files/crl-rsa-pss-sha1-badsign.pem
+++ b/tests/data_files/crl-rsa-pss-sha1-badsign.pem
@@ -1,14 +1,14 @@
-----BEGIN X509 CRL-----
MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x
-NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4
-WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
-1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
-MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC
-AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS
-4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0
-MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo
-mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O
-7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa
-y6li0JzWNHtkKUlCv2+SESZbD3NU8GQY
+ETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBFw0y
+MzA1MTcwODA3NDlaFw0zMzA1MTcwODA3NDlaMCgwEgIBChcNMjMwNTE3MDgwNzQ5
+WjASAgEWFw0yMzA1MTcwODA3NDlaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
+1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NM
+MRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMBMGCSqGSIb3DQEBCjAGogQC
+AgDqA4IBAQCMUepEfAXs1G3hDE7rcIPT/AFv/oLQSVwRE8O2G5r4j0CgzN6CSGNi
+8qfFVX6f7ds+QM4pxAXk5FH4QJJkev0ZBQxmA/ZDLEFmmCEfPMsA69nG//Xeq+Xz
+ZOqJpAewmXoP2UUxV5rRpAIr9g9NvDkTT012eQEpoGkJlpxOln1VW+Dk24PCZFWf
+Nf8GMUzUsXfXm7ZdCeuc8ZDYNma0nWAMR9Jw6qaEhyH4Fd/scFvXiF/i4cpVp8Rk
+M71wSrCC0pkFzw4/bYMnf0aHle/lNg5e78SAT+/6PA8pXL7Urc0IufOfxCGwqY27
+IXSTrZJj4WeQMk289pIccMHj5DUSo4u0
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha1.pem b/tests/data_files/crl-rsa-pss-sha1.pem
index 59ca4f7..c129c0c 100644
--- a/tests/data_files/crl-rsa-pss-sha1.pem
+++ b/tests/data_files/crl-rsa-pss-sha1.pem
@@ -1,14 +1,14 @@
-----BEGIN X509 CRL-----
MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x
-NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4
-WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
-1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
-MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC
-AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS
-4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0
-MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo
-mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O
-7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa
-y6li0JzWNHtkKUlCv2+SESZbD3NU8GQZ
+ETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBFw0y
+MzA1MTcwODA3NDlaFw0zMzA1MTcwODA3NDlaMCgwEgIBChcNMjMwNTE3MDgwNzQ5
+WjASAgEWFw0yMzA1MTcwODA3NDlaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
+1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NM
+MRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMBMGCSqGSIb3DQEBCjAGogQC
+AgDqA4IBAQCMUepEfAXs1G3hDE7rcIPT/AFv/oLQSVwRE8O2G5r4j0CgzN6CSGNi
+8qfFVX6f7ds+QM4pxAXk5FH4QJJkev0ZBQxmA/ZDLEFmmCEfPMsA69nG//Xeq+Xz
+ZOqJpAewmXoP2UUxV5rRpAIr9g9NvDkTT012eQEpoGkJlpxOln1VW+Dk24PCZFWf
+Nf8GMUzUsXfXm7ZdCeuc8ZDYNma0nWAMR9Jw6qaEhyH4Fd/scFvXiF/i4cpVp8Rk
+M71wSrCC0pkFzw4/bYMnf0aHle/lNg5e78SAT+/6PA8pXL7Urc0IufOfxCGwqY27
+IXSTrZJj4WeQMk289pIccMHj5DUSo4uO
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha224.pem b/tests/data_files/crl-rsa-pss-sha224.pem
index a51d5d9..1108b3d 100644
--- a/tests/data_files/crl-rsa-pss-sha224.pem
+++ b/tests/data_files/crl-rsa-pss-sha224.pem
@@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
-MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgShGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAIEogQCAgDiMDsxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
-MTM1NjA2WhcNMjQwMTE4MTM1NjA2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
-FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
-PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
-A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
-SAFlAwQCBKEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBAEJI
-i9sQOzMvvOTksN48+X+kk/wkLMKRGI222lqU6y6tP1LX3OE/+KN8gPXR+lCC+e0v
-TsRTJkpKEcmHZoP/8kOtZnLb9PdITKGMQnZ+dmn5MFEzZI/zyrYWuJTuK1Q83w0e
-Mc88cAhu8i4PTk/WnsWDphK1Q2YRupmmwWSUpp1Z2rpR+YSCedC01TVrtSUJUBw9
-NSqKDhyWYJIbS6/bFaERswC8xlMRhyLHUvikjmAK36TbIdhTnEffHOPW75sEOEEB
-f0A3VtlZ7y5yt2/a6vOauJCivxKt/PutdHfBqH43QQmoVLWC2FmT9ADTJwcsZB3D
-a6JSqCIMRCQY2JOUn0A=
+MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgQFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA4jA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
+MDUxNzA4MDc0OVoXDTMzMDUxNzA4MDc0OVowKDASAgEKFw0yMzA1MTcwODA3NDla
+MBICARYXDTIzMDUxNzA4MDc0OVqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
+ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
+GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
+BglghkgBZQMEAgQFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA
+4gOCAQEANsElK5qMavcgBXsqgysCIIwEPj+dXdBOwXW17HWh2jcSwAssFNRxhiIc
+PoUjj2fNlbOWXLPoxXBitgkJ31UAYCteGSv3j5P3WEuriVwCG889JEoMWn9U4+f9
+f5jSVNfynyiAOiwpA0TrOhZOAs9SEj742S1pzhsb9yaOXeQXNnDv8HYe3uX9/D9w
+ynot+/EwCYEuvK8XQ6qnV6588NHEAd9x+OcV9pxWrmUE8Muz1KffBwD5+SOW+Taj
+4fKQPcKJoRXOKyLXpOz7yMl/6fCf6h3Qj/H4YI/2gsWI0iduKoXDsuQkMEdPTZvk
+7P88YK3/4MReaZS3sDyhhUrojELPXw==
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha256.pem b/tests/data_files/crl-rsa-pss-sha256.pem
index f16a491..26f7935 100644
--- a/tests/data_files/crl-rsa-pss-sha256.pem
+++ b/tests/data_files/crl-rsa-pss-sha256.pem
@@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
-MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgGhGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeMDsxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
-MTM1NjE2WhcNMjQwMTE4MTM1NjE2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
-FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
-PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
-A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
-SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAEZ4
-oqp9i5eXrN6aCSTaU1j07MVTFW/U1jQAq6GseB6bEvoEXFMUHJsgAObqCK9flfEC
-FEqXqWSo33hhPU7AKKttbDLjUYRNnQAPRUnRIl1/a1+UjqgKchWWD9ityeW8ICxo
-IdATX9reYmPDLIMqTC7zuflYkvrvdEOuBORQP5mn4j8t84MSQF/p4qzaU0XxLo4X
-ckzZCcHpa45AApCDjJMd9onhFVCYsykiYrF9NQFO8TI4lQ5jv79GoufEzvhY1SPB
-r1xz4sMpfyaoPaa3SM2/nD65E5jzXell2u2VWNGKv4zAQP0E5yGel+1rklBltadb
-XLdJyyak33CLBKu+nJc=
+MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3jA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
+MDUxNzA4MDc0OVoXDTMzMDUxNzA4MDc0OVowKDASAgEKFw0yMzA1MTcwODA3NDla
+MBICARYXDTIzMDUxNzA4MDc0OVqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
+ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
+GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
+BglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA
+3gOCAQEAHLzvRF0RVQL48ZGVFnTk1nsOHXVHS0UVMItsILurXJ4XrOgN1I7iTzu2
+wYNtgr+T15jwsPdgU+Gg3127vb2Djm0IUX0dCfYpSFRUv8BjaK962ZPjM0rkWhC6
+JUTWSLMAMy4ScqcoC7e4vuN2h4kPOzlvDBIhzWKA03+taAtuIOWjXZu2/Cyeggxs
+oXARKI8BEv4b94xwiFJMoMuzcYAkuDIH4MRYANVgOS/zncCRS9D5ZerfoBt70LKX
+nzJtT4a0XoxbUJeU8MZ0fR5aAHUQulAPA9CMmBsHkSx7pzAAhCwx/vXbnWPyhA6G
+XG6gCKcDR5PZQvQNgi29SLlhRTT5TA==
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha384.pem b/tests/data_files/crl-rsa-pss-sha384.pem
index 50f7e4c..45431f0 100644
--- a/tests/data_files/crl-rsa-pss-sha384.pem
+++ b/tests/data_files/crl-rsa-pss-sha384.pem
@@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
-MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgDOMDsxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
-MTM1NjI4WhcNMjQwMTE4MTM1NjI4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
-FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
-PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
-A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
-SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBAAco
-SntUGDLBOAu0IIZaVea5Nt1NMsMcppC0hWPuH1LKAwyUODBqpT+0+AuALK0eIdYR
-a7mAB+cv2fFwmwxnQWJ1Fvx4ft/N2AAfB83VRKpSo3xR8bxloHfTWKmyxJHmH9j1
-EYmLS86rj3Nhjf4m/YlQQ3Im5HwOgSgBOE8glq5D+0Wmsi9LsNEZXEzMw7TMUgbs
-y9o/ghYF/shKU4mewK3DeM9gQiTcH5A4ISXR87hBQ08AKJRAG1CLvTyzqWiUUY+k
-q8iZDYF17sHrPi2yn8q9c4zdxiaWDGDdL0Lh90wXGTAageoGEq25TMuL5FpX+u1u
-KUH/xf1jEnNzbYNGiZw=
+MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgIFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIEAgIAzjA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
+MDUxNzA4MDc1MFoXDTMzMDUxNzA4MDc1MFowKDASAgEKFw0yMzA1MTcwODA3NTBa
+MBICARYXDTIzMDUxNzA4MDc1MFqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
+ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
+GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
+BglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIEAgIA
+zgOCAQEAnZvMo3nmKXPV+q4m1CdMA7jUtdanJBHDAv2+LZLq4T1QpyN+nmLEB1yX
+ARN8/5Px47zm7XyZw6HI1Il34MjblAKIPBVXoswj4YLRceijwiG1bxkh1Kz3lcV0
+GCNPNo7tMPii9iATWlVzWBCzx2rLmt/ys0DtNRCMISOYGW1HkyuO28dwA6nUJwSS
+Ddjr3iilavnBdpzddH9AiN5Fm0sfrFBANx79Qyp0/r8hqrv7rT33maeRKj3S4e9G
+zpO6uHPAh9Obo93DxpKpXoMwxDiHv+bwHPO4J1YOiryy/KZmHhzUMPfvP09pGg9f
+zGO/bOyiHGH0Lf4F9JVMxpfitdbtwg==
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha512.pem b/tests/data_files/crl-rsa-pss-sha512.pem
index 0f1d651..71f2b7c 100644
--- a/tests/data_files/crl-rsa-pss-sha512.pem
+++ b/tests/data_files/crl-rsa-pss-sha512.pem
@@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
-MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgOhGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAIDogQCAgC+MDsxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
-MTM1NjM4WhcNMjQwMTE4MTM1NjM4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
-FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
-PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
-A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
-SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBAB9F
-ywBfxOjetxNbCFhOYoPY2jvFCFVdlowMGuxEhX/LktqiBXqRc2r5naQSzuHqO8Iq
-1zACtiDLri0CvgSHlravBNeY4c2wj//ueFE89tY5pK9E6vZp7cV+RfMx2YfGPAA2
-t7tWZ2rJWzELg8cZ8hpjSwFH7JmgJzjE5gi2gADhBYO6Vv5S3SOgqNjiN1OM31AU
-p6GHK5Y1jurF5Zwzs+w3wXoXgpOxxwEC4eiS86c9kNSudwTLvDTU0bYEQE1cF+K0
-sB8QWABFJfuO5kjD2w3rWgmAiOKsZoxd1xrda+WD3JhDXnoVq3oVBIVlWVz6YID8
-enMfMvwScA5AImzu9xA=
+MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgMFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIEAgIAvjA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
+MDUxNzA4MDc1MFoXDTMzMDUxNzA4MDc1MFowKDASAgEKFw0yMzA1MTcwODA3NTBa
+MBICARYXDTIzMDUxNzA4MDc1MFqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
+ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
+GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
+BglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIEAgIA
+vgOCAQEAtMPpQMet9BfMRLg0AW9QfL3QkktV7xk++BqYFOYynBiqxjQH4AKu3wU8
+eiGd3+2xNpQd2/sG7UUNo1Vnl9gCHRiT4bje6+CdvvqaZKSgpmsiztbgBAYORriF
+flKOKOOQTxaikqJ4t7vp727JmstADuyizTgOBE0k3V1glas8B0G122YheeHF02S4
++33Nss4hbfbTilR0RccOaqiXzF9bkFsTlD5KgyUFZbFtdy+1zHZLnRUAJA1HmDeP
+r5p2mJxKwXmZzLnw/FPa8fUH665TKYk08AuIpN+VHdPwiBoYHJ2YZJWgM+1qHq1y
+tlyoAOC6beqsh9OfxcQZaEiWbUI9yQ==
-----END X509 CRL-----
diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh
index d7d8797..4e1fd48 100755
--- a/tests/data_files/dir-maxpath/long.sh
+++ b/tests/data_files/dir-maxpath/long.sh
@@ -1,19 +1,7 @@
#!/bin/sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -eu
diff --git a/tests/data_files/opensslcnf/server9.crt.v3_ext b/tests/data_files/opensslcnf/server9.crt.v3_ext
new file mode 100644
index 0000000..f8d201b
--- /dev/null
+++ b/tests/data_files/opensslcnf/server9.crt.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:false
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl
index ce8ed6f..5f4b3d0 100755
--- a/tests/data_files/print_c.pl
+++ b/tests/data_files/print_c.pl
@@ -1,19 +1,7 @@
#!/usr/bin/env perl
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use strict;
use warnings;
diff --git a/tests/data_files/server1-nospace.crt b/tests/data_files/server1-nospace.crt
index 932c236..4c3cb90 100644
--- a/tests/data_files/server1-nospace.crt
+++ b/tests/data_files/server1-nospace.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDhDCCAmygAwIBAgIBHzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwMzI2MDkyMzEyWhcNMjQwMzIzMDkyMzEyWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEHBvbGFyc3NsLmV4YW1wbGUwggEiMA0G
+MIIDPjCCAiagAwIBAgIBHzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEHBvbGFyc3NsLmV4YW1wbGUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAh89QGrVVVOL/TbugmUuFWFeib+4
6EWQ2+6IFlLT8UNQR5YSWWSHa/0r4Eb5c77dz5LhkVvtZqBviSl5RYDQg2rVQUN3
Xzl8CQRHgrBXOXDto+wVGR6oMwhHwQVCqf1Mw7Tf3QYfTRBRQGdzEw9A+G2BJV8K
sVPGMH4VOaz5Wu5/kp6mBVvnE5eFtSOS2dQkBtUJJYl1B92mGo8/CRm+rWUsZOuV
m9z+QV4XptpsW2nMAroULBYknErczdD3Umdz8S2gI/1+9DHKLXDKiQsE2y6mT3Bu
ns69WIniU1meblqSZeKIPwyUGaPd5eidlRPtKdurcBLcWsprF6tSglSxAgMBAAGj
-gZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
-YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBD
-QYIBADANBgkqhkiG9w0BAQsFAAOCAQEAXs4vQqlIlxrMbE6IwAHLcGJuz17Ru/en
-H9bUnnSh1pxa+NHMKZHBG3GT0iaxsVtXf56/tXH4+HL7ntJjrczGN1PbhMGPyt94
-556ZgDxkHT9k7KjPAIs9BrjFHvl9NyIZzcbwkiC0qGvdzjSfe3AiSYuhXI/9/Hog
-uUwReH+T2U/ICEHQ5O8aV5nvpgqL3EeEmyx3bu+YXtZMWQUYzX+ya4TnKVPdqwbf
-ebr6v1hLXrUFl6rZ3wEJ6MqUW3SGZRkCVNZUOD6Ky3+EiLwYFhuKGdFqSS0JAAD7
-ZO3yPu5hu3BhAQYavK4Yyfi9IQmubBqxopPwyzjG1HPw2lj+oapH0w==
+TTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKmMB8G
+A1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUAA4IB
+AQC8fX3ZiHu6GoYBB5Vo1l6CXXDhHB6r43Pp+BHoOCouiiy4useiPLu5S84gmNoC
+v8ZR+b9lAaysCMHAbth9vgtW+aXckBY6xKo8CsmGXcqZqujD6qrDif5q6UpXa4Oe
+fr6ITkecY4Z9oN/aN5el5zzUd5zkoyQDI5Bn1gMdvV7AwM7Haq+5gTFwM7HJnphz
+GZ8GLxWU1dWeAfsGm58ey6J28OjIkmfP3yL/kBKMhiQZydbH9Y8Yal7YwhayXxES
+i7YwhNmPcGAgDBm5Sno7BvHiIqsNX1sssC3aZUaZvldJGY+4Y9fFZHenBwTREj/S
+CnEgazC2RJ3kYg3mP/QhE0US
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1-v1.crt b/tests/data_files/server1-v1.crt
index 47f1fff..8ca9007 100644
--- a/tests/data_files/server1-v1.crt
+++ b/tests/data_files/server1-v1.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIIDITCCAgkCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
-ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
-EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA5MTFaGA8yMDI0
-MDYxODEwMDkxMVowTjEaMBgGA1UEAxMRc2VydmVyMS9pbnQtY2EtdjExEDAOBgNV
-BAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
-v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
-Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
-XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
-65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
-cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
-ATANBgkqhkiG9w0BAQsFAAOCAQEAPJl3fbVeTJ6gVAvCoLYM8JY5U7ZhrCCdBghw
-WuZBS/TWwf4WLP0G/ZtTyTOENcT0gWHf0/VnXtNPw2/yBjWsLtTXxN2XQlEVf3j/
-WcQxWgSESYdx/sT/uTW6qihuONPWkTQizmx7OG6vBuGx3g54s9/oeJKXOraNqud3
-G4KBrytOazliMfoKO2hnzaeydpaDtb2tZX8apN/6KqQpTAcXsWrZRW9XEHWq2sNz
-IR1nIE1F/9gnqi9Xy0HQprteLRUvM4tEQ35m4H20eS5Y9gJlE/DqXmMQ7aiU8DgP
-krj+Z18pcrssO+Etv0BOiPjmU9TWWpDMj34ef7U/OH5qJxkSrA==
+MIIDHTCCAgUCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
+DBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLDAd0ZXN0aW5nMREwDwYDVQQK
+DAhQb2xhclNTTDELMAkGA1UEBhMCTkwwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEw
+MTQ0NDA2WjBOMRowGAYDVQQDDBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwH
+dGVzdGluZzERMA8GA1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhF
+kNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185
+fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVfCrFT
+xjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTrlZvc
+/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9wbp7O
+vViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQABMA0G
+CSqGSIb3DQEBCwUAA4IBAQBrdYAEzdH6ryyYaolYvp8Fvq0wZxp6Bdcxvi0LUGmb
+TdWcNrPU9IYASc5QSrSWPj0c9vhLVbDZAONfn92thi7C2zQXok2Q3jW038ycNSXN
+lVxFkdY4GYa3E6Og1LVIySyzfyyNuHKKWbB5wZCWbzOgu2Q1MHSNvPhKjbDhyGtT
+Mq3Qy6TyzUFbXMRBixcJC/Cy4zsqvWBanVtBmwlvgE4Q50CUgybzSEIL5j+aPLuW
+aj8j2NRB2+7vPeoWd8ry5YxEKB3DRuXHHyyFnT5O8MpWuCl764qFMc8S/i7yVcmZ
+egZQw0dCmE5J4EGX0BEQEM24ll2e8SxL351hbCQ+EfvF
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.asciichars.crt b/tests/data_files/server1.asciichars.crt
new file mode 100644
index 0000000..824e46e
--- /dev/null
+++ b/tests/data_files/server1.asciichars.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDESMBAG
+A1UECgwJ5p6B5ZywU1NMMRowGAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
+v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
+Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
+XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
+65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
+cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
+AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
+HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD
+ggEBAHqJLYmgkQ6yqml3PZM6iwbmo+lZLyDEPFpl/thHZm5LI8TTYOeU+wMAZ6KI
+VumyjZxypmLF2MiiJ2f3zQooU7H1waAcTpsafTuD6RRYdthYYxs1L9gCm1ZT2Ga8
+fgn3wrugPLUrtSM/TkTj6F4XkSlluzZpEKsSYLSoyde+uQgdbtR+3Tc+3oU8xBMM
+N6uq4VQC49avIQkI+598E3vKrjGGt3l2a1Ts1qvXWjo9mpJW5GM4e1zfogKnc8XQ
+K1hYQ39wL42l9Hijwre85O0PSBfbNOv1BPSDm8das3VNzGsUIz8InkAKAKCKwxG6
+BCw3D/CE8s6DCnpb+eK1sVJwZ4E=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.hashsymbol.crt b/tests/data_files/server1.hashsymbol.crt
new file mode 100644
index 0000000..9db7300
--- /dev/null
+++ b/tests/data_files/server1.hashsymbol.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDESMBAG
+A1UECgwJI1BvbGFyU1NMMRowGAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
+v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
+Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
+XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
+65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
+cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
+AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
+HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD
+ggEBAJcKcv/Xro61Sxm0GH42pYu7AvtD2b8nynvA8BW9gCHmiIHvHQWNO9NTMuno
+1+HdzQVF1JxHC/A/hvXsczxGEc3jVnVeg1fwi8mZ/Fy1XtAVCTA0yJu7JTaaYbg+
+IU2y7Nu36FSOztLpOfHGmwVDoJ1+wCzG/id64hXwJRrHvUfGK4EvIsV97swhk2Do
+zSAfDA9N+QNV4zeiF9mLMOpUhCUBq8r41EDqm9lM0wSd3HNen8jwO20F4F1b1dYm
+L+bMarvUgHq91f128m2fF3sWNnz4RGoagSI/aOU/AP6Ksq8SUruGHpqrVWLClA6n
+EyyTPlNTwYIRCydZt7zlsw1/4h4=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.req.sha256.conf b/tests/data_files/server1.req.sha256.conf
new file mode 100644
index 0000000..0d35818
--- /dev/null
+++ b/tests/data_files/server1.req.sha256.conf
@@ -0,0 +1,17 @@
+req_extensions = req_ext
+
+[req_ext]
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[alt_names]
+email = mail@example.com
+DNS = example.com
+dirName = dirname_sect
+IP = 127.0.0.1
+URI = http://pki.example.com
+
+[dirname_sect]
+C=UK
+O=Mbed TLS
+CN=Mbed TLS directoryName SAN
diff --git a/tests/data_files/server1.req.sha256.ext b/tests/data_files/server1.req.sha256.ext
index c5ff5c5..1bb05da 100644
--- a/tests/data_files/server1.req.sha256.ext
+++ b/tests/data_files/server1.req.sha256.ext
@@ -1,18 +1,20 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIC3jCCAcYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+MIIDPzCCAicCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
-DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaBdMFsGCSqGSIb3DQEJDjFO
-MEwwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNQYDVR0RBC4wLIYXaHR0cDovL3BraS5l
-eGFtcGxlLmNvbS+HBH8BAQCCC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IB
-AQCGmTIXEUvTqwChkzRtxPIQDDchrMnCXgUrTSxre5nvUOpjVlcIIPGWAwxRovfe
-pW6OaGZ/3xD0dRAcOW08sTD6GRUazFrubPA1eZiNC7vYdWV59qm84N5yRR/s8Hm+
-okwI47m7W9C0pfaNXchgFUQBn16TrZxPXklbCpBJ/TFV+1ODY0sJPHYiCFpYI+Jz
-YuJmadP2BHucl8wv2RyVHywOmV1sDc74i9igVrBCAh8wu+kqImMtrnkGZDxrnj/L
-5P1eDfdqG2cN+s40RnMQMosh3UfqpNV/bTgAqBPP2uluT9L1KpWcjZeuvisOgVTq
-XwFI5s34fen2DUVw6MWNfbDK
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaCBvTCBugYJKoZIhvcNAQkO
+MYGsMIGpMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIGRBgNVHREEgYkwgYaBEG1haWxA
+ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tpEcwRTELMAkGA1UEBhMCVUsxETAPBgNV
+BAoMCE1iZWQgVExTMSMwIQYDVQQDDBpNYmVkIFRMUyBkaXJlY3RvcnlOYW1lIFNB
+TocEfwAAAYYWaHR0cDovL3BraS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOC
+AQEAclrNmmgAoa4ctwyBwD1T8jbyBeuxTf+ifc+MQ6pE7YuYSlanHE5l/CoVlW14
+lR5gA01pWJJ7T8RBvo25OqXbvMFSafeGXpSHOG69A6p/7YULtbPuS6uvtdR0m3t+
+2IacL0q5FsSmPw07RNfVGDFniKVqD8eAuYnhFztk0+uZVYD4xGezUckb2wTbzFpu
+lUA/NhoWfCyV44TDR5fy23qNXywEhatDU/3nMmSJpBVy4y7J6BQVCl/fbyuKIOqu
+0OVP+FvANSO46twA9+38hI+/nPuVwtbBvg1aLBMbLZ3Egi2uozokYFYL22JYNGJo
+XORQgR66Sdrvfhiug+F5xmldCg==
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.spaces.crt b/tests/data_files/server1.spaces.crt
new file mode 100644
index 0000000..b77132a
--- /dev/null
+++ b/tests/data_files/server1.spaces.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA+MQswCQYDVQQGEwJOTDETMBEG
+A1UECgwKIFBvbGFyU1NMIDEaMBgGA1UEAwwRUG9sYXJTU0wgU2VydmVyIDEwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAh89QGrVVVOL/TbugmUuFWFe
+ib+46EWQ2+6IFlLT8UNQR5YSWWSHa/0r4Eb5c77dz5LhkVvtZqBviSl5RYDQg2rV
+QUN3Xzl8CQRHgrBXOXDto+wVGR6oMwhHwQVCqf1Mw7Tf3QYfTRBRQGdzEw9A+G2B
+JV8KsVPGMH4VOaz5Wu5/kp6mBVvnE5eFtSOS2dQkBtUJJYl1B92mGo8/CRm+rWUs
+ZOuVm9z+QV4XptpsW2nMAroULBYknErczdD3Umdz8S2gI/1+9DHKLXDKiQsE2y6m
+T3Buns69WIniU1meblqSZeKIPwyUGaPd5eidlRPtKdurcBLcWsprF6tSglSxAgMB
+AAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
+A4IBAQBsR3jOFh7uGF5MCvEK8DrSmmvcFJzMmTRp0hCMeb0wEULhrMKeRDIa2yvr
+FrHHCUNAk2HjsjJevpCM8f3ibDqecckfbxE2vT9IUCmPrtOWmhQR/Il5TR9FvYns
+4BF1KUPRqGUFAXoIN+xKcYdp+myIluGHumM4Bop7tAZ5gg68IV/UJh5RqShxiLgV
+rxHzrp6oM1kn199m2wc1Twy2YwcNmfJDSOLV6K4xWjwcc8Eq+rLhuWUs5GNdrSEY
+ZjWmF1AlbVVChU3Dl5XOAY8T6+wJst5RIwkf1Fl1TPCZX8FWzGM9HYiYW0cC7cno
+IdSS7mVGxNrNe+6/Cu+zfqeiLdN2
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-v1-chain.crt b/tests/data_files/server2-v1-chain.crt
index 84bb6b2..8ac003b 100644
--- a/tests/data_files/server2-v1-chain.crt
+++ b/tests/data_files/server2-v1-chain.crt
@@ -1,38 +1,38 @@
-----BEGIN CERTIFICATE-----
-MIIDFTCCAf0CDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
-ExFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECxMHdGVzdGluZzERMA8GA1UEChMI
-UG9sYXJTU0wxCzAJBgNVBAYTAk5MMCIYDzIwMTQwNjE5MTAwOTI5WhgPMjAyNDA2
-MTgxMDA5MjlaMEQxEDAOBgNVBAMTB3NlcnZlcjIxEDAOBgNVBAsTB3Rlc3Rpbmcx
-ETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCI
-p+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj
-+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ
-4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYva
-i0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P
-6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAATANBgkqhkiG9w0B
-AQsFAAOCAQEAivCCMBfC5YNeozwp8vAWpiRUakhtO8ysvCfQsZD4tWLlSkrjoUtG
-3RNd9gDVDGb852GswtNMKHJC1AeZuXdh3eBoDBNTXnR/9UkHgWNBy5f+JH2irYrc
-ps5ofpYJZe7K6xQjl+RLc8nfUUaVfS3dJnyLr9k5kg4in48p+hEF6oXDBu2zdufF
-53k/U98FTvFkVisEDFzLXyKX0fAZxfMk4qnEoBflH4fEXfkuuaBUVdoGGIMRLNAW
-GIyRxr+zj+OJL+ZjjAkY4JqtEuUuLjODn//DHI/MkqE0LANOvbb4akpgZsyvSSO3
-o38d1wQHw5+bO+YDqdfIdQXguU5mtS1xAw==
+MIIDETCCAfkCDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
+DBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwHdGVzdGluZzERMA8GA1UECgwI
+UG9sYXJTU0wxCzAJBgNVBAYTAk5MMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0
+NDQwNlowRDEQMA4GA1UEAwwHc2VydmVyMjEQMA4GA1UECwwHdGVzdGluZzERMA8G
+A1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r
+lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2
+2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ
+Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i
+GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb
+y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQBmzdRQV8c0AbT8+IlPf7EpzfdhBwBtDj7N8GPEHL+NqS1hHt7TH3L7jBN3
+CqLUgrAP1LFmQrjW5IPZYNZEA+LxMMjAehvOH71pBsFGvQOpx2CwmqM86s9FIgIa
+zob7L34+xVEZfmR09PsLiT7gF13ht0HkvVZ2haBU0k3vV97aEVvPtbqrlR6RfLrZ
+8nXBFt5CkzGxepS4wBCW4TrGXxpMJ0WnnhcLJVnExUd6YbzGP+ewXCKegD1wDX6z
+UsEVGDQV97u3tszF43kx0nu/Q5DYMCqJV0kpIsMB467xPnNqyMdGtTbZq2Is8oj6
+VA+fctBdN0CW4jo+qkOif0l/F8Az
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDITCCAgkCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
-ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
-EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA5MTFaGA8yMDI0
-MDYxODEwMDkxMVowTjEaMBgGA1UEAxMRc2VydmVyMS9pbnQtY2EtdjExEDAOBgNV
-BAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
-v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
-Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
-XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
-65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
-cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
-ATANBgkqhkiG9w0BAQsFAAOCAQEAPJl3fbVeTJ6gVAvCoLYM8JY5U7ZhrCCdBghw
-WuZBS/TWwf4WLP0G/ZtTyTOENcT0gWHf0/VnXtNPw2/yBjWsLtTXxN2XQlEVf3j/
-WcQxWgSESYdx/sT/uTW6qihuONPWkTQizmx7OG6vBuGx3g54s9/oeJKXOraNqud3
-G4KBrytOazliMfoKO2hnzaeydpaDtb2tZX8apN/6KqQpTAcXsWrZRW9XEHWq2sNz
-IR1nIE1F/9gnqi9Xy0HQprteLRUvM4tEQ35m4H20eS5Y9gJlE/DqXmMQ7aiU8DgP
-krj+Z18pcrssO+Etv0BOiPjmU9TWWpDMj34ef7U/OH5qJxkSrA==
+MIIDHTCCAgUCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
+DBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLDAd0ZXN0aW5nMREwDwYDVQQK
+DAhQb2xhclNTTDELMAkGA1UEBhMCTkwwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEw
+MTQ0NDA2WjBOMRowGAYDVQQDDBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwH
+dGVzdGluZzERMA8GA1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhF
+kNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185
+fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVfCrFT
+xjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTrlZvc
+/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9wbp7O
+vViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQABMA0G
+CSqGSIb3DQEBCwUAA4IBAQBrdYAEzdH6ryyYaolYvp8Fvq0wZxp6Bdcxvi0LUGmb
+TdWcNrPU9IYASc5QSrSWPj0c9vhLVbDZAONfn92thi7C2zQXok2Q3jW038ycNSXN
+lVxFkdY4GYa3E6Og1LVIySyzfyyNuHKKWbB5wZCWbzOgu2Q1MHSNvPhKjbDhyGtT
+Mq3Qy6TyzUFbXMRBixcJC/Cy4zsqvWBanVtBmwlvgE4Q50CUgybzSEIL5j+aPLuW
+aj8j2NRB2+7vPeoWd8ry5YxEKB3DRuXHHyyFnT5O8MpWuCl764qFMc8S/i7yVcmZ
+egZQw0dCmE5J4EGX0BEQEM24ll2e8SxL351hbCQ+EfvF
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-v1.crt b/tests/data_files/server2-v1.crt
index 7ef7968..990cd4b 100644
--- a/tests/data_files/server2-v1.crt
+++ b/tests/data_files/server2-v1.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIIDFTCCAf0CDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
-ExFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECxMHdGVzdGluZzERMA8GA1UEChMI
-UG9sYXJTU0wxCzAJBgNVBAYTAk5MMCIYDzIwMTQwNjE5MTAwOTI5WhgPMjAyNDA2
-MTgxMDA5MjlaMEQxEDAOBgNVBAMTB3NlcnZlcjIxEDAOBgNVBAsTB3Rlc3Rpbmcx
-ETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCI
-p+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj
-+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ
-4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYva
-i0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P
-6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAATANBgkqhkiG9w0B
-AQsFAAOCAQEAivCCMBfC5YNeozwp8vAWpiRUakhtO8ysvCfQsZD4tWLlSkrjoUtG
-3RNd9gDVDGb852GswtNMKHJC1AeZuXdh3eBoDBNTXnR/9UkHgWNBy5f+JH2irYrc
-ps5ofpYJZe7K6xQjl+RLc8nfUUaVfS3dJnyLr9k5kg4in48p+hEF6oXDBu2zdufF
-53k/U98FTvFkVisEDFzLXyKX0fAZxfMk4qnEoBflH4fEXfkuuaBUVdoGGIMRLNAW
-GIyRxr+zj+OJL+ZjjAkY4JqtEuUuLjODn//DHI/MkqE0LANOvbb4akpgZsyvSSO3
-o38d1wQHw5+bO+YDqdfIdQXguU5mtS1xAw==
+MIIDETCCAfkCDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
+DBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwHdGVzdGluZzERMA8GA1UECgwI
+UG9sYXJTU0wxCzAJBgNVBAYTAk5MMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0
+NDQwNlowRDEQMA4GA1UEAwwHc2VydmVyMjEQMA4GA1UECwwHdGVzdGluZzERMA8G
+A1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r
+lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2
+2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ
+Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i
+GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb
+y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQBmzdRQV8c0AbT8+IlPf7EpzfdhBwBtDj7N8GPEHL+NqS1hHt7TH3L7jBN3
+CqLUgrAP1LFmQrjW5IPZYNZEA+LxMMjAehvOH71pBsFGvQOpx2CwmqM86s9FIgIa
+zob7L34+xVEZfmR09PsLiT7gF13ht0HkvVZ2haBU0k3vV97aEVvPtbqrlR6RfLrZ
+8nXBFt5CkzGxepS4wBCW4TrGXxpMJ0WnnhcLJVnExUd6YbzGP+ewXCKegD1wDX6z
+UsEVGDQV97u3tszF43kx0nu/Q5DYMCqJV0kpIsMB467xPnNqyMdGtTbZq2Is8oj6
+VA+fctBdN0CW4jo+qkOif0l/F8Az
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.ku-ds.crt b/tests/data_files/server2.ku-ds.crt
index 3bd07d0..d1e1251 100644
--- a/tests/data_files/server2.ku-ds.crt
+++ b/tests/data_files/server2.ku-ds.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIBLDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNDA5MDg0NDUxWhcNMjQwNDA2MDg0NDUxWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MIIDRzCCAi+gAwIBAgIBLDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
-XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
-A1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAc4kubASrFXFtplkYp6FUcnUn
-Pf/6laS1htI+3y+q1UHWe2PcagZtCHTCUGBSWLeUIiaIBheaIRqv+4sSFVuXB7hV
-0PGXpO5btth4R8BHzGqCdObKvPujp5BDq3xgcAFicA3HUMNsJoTDv/RYXY7je1Q5
-ntVyVPeji0AWMUYQjcqHTQQPGBgdJrRTMaYglZh15IhJ16ICNd9rWIeBA0h/+r0y
-QuFEBz0nfe7Dvpqct7gJCv+7/5tCujx4LT17z7oK8BZN5SePAGU2ykJsUXk8ZICT
-ongaQQVQwS6/GJ6A5V8ecaUvFrTby1h9+2sOW8n2NRGiaaG5gkvxVeayemcmOQ==
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
+DQEBBQUAA4IBAQCcDy5VWW133eL1TesUkejziAz9QNBHvWkKNs0jF6+fRgWgFP5Y
+EE87rQX0Z1XiyTDB4LdKfivRi3TMD7EX8o6q9C3H/ilu5anrgha8WziMrtv/s9IF
+QjpyHdnXGoXmA9uDqQLtucR5yep3ux4mlwS8GG3IUkpkdysNOrVvSARm0ZagQ9tn
+YZyEjGd8wP3jKYNJAB2OdnvX9OqBmEyvSmMucSidkMkdLrUcjmOtz+AkqoRGewwc
+eClstlp8NEuP37q2KLYtbQMpio1Kzsr3PCey1UImKNjauypS2Dpzl1RnmBw+c5En
+SdLMa+ns3odRhF0IvENDhz/mKZJvwtoz/NBz
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.ku-ds_ke.crt b/tests/data_files/server2.ku-ds_ke.crt
index ebee7e1..eb23245 100644
--- a/tests/data_files/server2.ku-ds_ke.crt
+++ b/tests/data_files/server2.ku-ds_ke.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIBMDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNDA5MTAwMjQ5WhcNMjQwNDA2MTAwMjQ5WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MIIDRzCCAi+gAwIBAgIBMDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
-XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
-A1UdDwQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAnW7+h85xBP2KJzFSpWfGirVe
-ApdC9bX0Z1sVMmD486N+ty9W6BP6kJRxLDX0fOuRc3x7mCy5qZg/Yj40+yQSoA0w
-bTNwJjuR8iMqWIqLw9hWR+E9T4lYLZWyGJVjlVTkO4i5wifwhoJE9Doohh/6crn5
-ImWgEkgT/wDVIHoamciO6KU36d0iAEEP2eYgxv2/sVHvjjsseTdvYh3D3VuOmQtS
-uUvFxc6H5kYoq/yodJWDaOn3RS8pEpDsiW+abcWyxNTPtHFroJV7e9aaVmhlRSzw
-sYDyD/ZyIlavoPSEiD3LTT/Tp6BIpz+zb4WHOHLEvUCsZputqxPVcNoEAi9xuA==
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3
+DQEBBQUAA4IBAQB6u7D3tAsB75aZEcUfv2XyeLX4P99mzx2yOBSsPaIDTRyv0XoT
+vbgUA7viX/F7I8b2kc6ihRXSu/98c7Vr/uSm0LfV3VMgoAXBCWNg/5c/N3c0YnZ2
+imuv0yeXw5cJI3iYQJmllawdrGgOslfPuO7kqrFt3uGaylITpVLQ7w7iDpPbAFM8
+kPpO6CMyCFi6miQYoZchTTP9X3dpbpNdB2FlSVT55J6TIvH5x4t7XCFJuvYYJxrf
+8I3UFR3OnBR625zUHXJ6uV8yHG5ze+4K2n9CHcyX7zuZ+bB0e8wIS6Xf99M+1ApF
+ESvXwHI0Fu8s/PJ+leD28CRJQMuAOJIYBMnS
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.ku-ka.crt b/tests/data_files/server2.ku-ka.crt
index 90f7c4a..ce97e82 100644
--- a/tests/data_files/server2.ku-ka.crt
+++ b/tests/data_files/server2.ku-ka.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIBKjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNDA5MDg0NDIzWhcNMjQwNDA2MDg0NDIzWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MIIDRzCCAi+gAwIBAgIBKjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
-XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
-A1UdDwQEAwIDCDANBgkqhkiG9w0BAQUFAAOCAQEAriPloIWfu7U8d1hls97C7OBI
-OiE2xFh2UmuN/9hTK2CyW6MtBf8aG3l4jQDrsutHO0gUyoR67ug4yj+s+0S/zETZ
-q6mPo7cBbVwjhGciQRiYgufFpdnbXR05HDgOVPK7qqjL6UOZnbu5caIEvIJgdwXn
-n8WB9x/Ii4/2S9ysmRdRhDBYekzgH3Ac2UnHJTMh1XaSL817MW6B9BDKHt4xa7pW
-cplDzrFKYbmxSSxzALE4Dr+zRvmDx4bcYpBkRRfOhnnR1caQBgaZzPcX/Vu+vw8e
-qs2nyBW5RBu8MBCBU1DpqOSo6jl0QTpuq3NzQZIouG9fyckqDJS5ibrxQTutPw==
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgMIMA0GCSqGSIb3
+DQEBBQUAA4IBAQAxJDMtlqpFHKw5ymqzgfnm0aY51PZOXpsPfoed7Vz2PzSB2eJ0
+JQc+QuLhippy8hnPmPZg/HQ/gedbxFKPiIiYEh86GvnBFozQ+c8sE0h6tJgVOJJi
+ADUNeVJoq03WIroTMqAB0uW0rHB+OFm7uRwIDFr2gWVrKZKg/KsDrxtng2wPOgbU
+xvPRtNyaOZjV0GjuBhWxpPTxXw27e5Mq3MS5B9piZgPXmam5lZdOe0LNrbQShfmP
+4mk4drjdQaUrL3JLpLt8S4oihZU+dOHkYdZVHSAuuGikZK7qPfEdP/yrZTCgtY54
+vXxv47xT9L+pWtiTosBmsy/ewvWprVJIxLh3
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.ku-ke.crt b/tests/data_files/server2.ku-ke.crt
index 8daa0c1..21e6cf0 100644
--- a/tests/data_files/server2.ku-ke.crt
+++ b/tests/data_files/server2.ku-ke.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIBKzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNDA5MDg0NDM5WhcNMjQwNDA2MDg0NDM5WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MIIDRzCCAi+gAwIBAgIBKzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
-XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
-A1UdDwQEAwIFIDANBgkqhkiG9w0BAQUFAAOCAQEAqreLAIuxeLGKbhoEROYRqXxO
-ndaC6uDcpxhgmEW7B2DW6ZtX8155v3ov61MuMas8fEQjD5STDP9qERxNTePnhW3m
-kDZd2jUBE3ioHhTBv47i1PYU+DRe42kY6z0jUmNPK8TsTKfdbqTGXg9THe1KYB7q
-hdljqGS08IgBl/q2lK2OOSycu27xhfb9Mo0BcLBab92WgyBu+cFPQsKiL4mD7QyJ
-+73Ndb21EuANUjsRDQ3NPklssJcyJB2v85eekwk1acZUG21no3wdTvjxhVE/Xrdz
-zUP9WkvAVfUrwGjUzG4YHE8wkHO7xKbKixNt+nQmDhe+tHVbztZjVwFJ8010gg==
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgUgMA0GCSqGSIb3
+DQEBBQUAA4IBAQCeNpH2eSUXpq0CPlE6P1/bJW2f0vKFWMnZ6B3eFCdMCcKJ6LYV
+BA1Dn5G5HEW4mBMJfyMwD5sklyEzQDCgIDjws+BRUflMr71AerfesHIGdW4jAw10
+aWwFMeszzZ54ZahX2GHPcwWfTccSf9tpSaRMlNBEIz8lfb2iEZ2HR9eAmAqYgtR1
+RbYcsNfC0oBYOCTRmvXi+wpGcUWn+VbIv6rHrQYnWXiPAuPJUqIpM0x9q0kT6NCi
+LfdhaVV2DPnvBYGRcXX78JK5/MQt/sv4JSefRpvxpVQCmbo0amz7hUMHGCflAbro
+FpyBlfcpj0lSRoaU9x0mCYzqwDYd+4NJZUGT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-selfsigned.crt b/tests/data_files/server5-selfsigned.crt
index cb55647..0eafe70 100644
--- a/tests/data_files/server5-selfsigned.crt
+++ b/tests/data_files/server5-selfsigned.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzTCCAXKgAwIBAgIMU6LLSxJOrYN9qJSyMAoGCCqGSM49BAMCMEcxEzARBgNV
-BAMTCnNlbGZzaWduZWQxEDAOBgNVBAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFy
-U1NMMQswCQYDVQQGEwJOTDAiGA8yMDE0MDYxOTExMzY0M1oYDzIwMjQwNjE4MTEz
-NjQzWjBHMRMwEQYDVQQDEwpzZWxmc2lnbmVkMRAwDgYDVQQLEwd0ZXN0aW5nMREw
-DwYDVQQKEwhQb2xhclNTTDELMAkGA1UEBhMCTkwwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/q
-L9I0XV0WvYqIwmt3DVXNiioO+gHItO3/o0AwPjAMBgNVHRMBAf8EAjAAMA8GA1Ud
-DwEB/wQFAwMHgAAwHQYDVR0OBBYEFLZtURgXjmWq8uzV8wHkbFLCNB1bMAoGCCqG
-SM49BAMCA0kAMEYCIQCf/bzFoge0pCOIrtHrABgc1+Cl9kjlsICpduXhdHUMOwIh
-AOJ+nBHfaEGyF4PRJvn/jMDeIaH1zisinVzC2v+JQOWq
+MIIBxzCCAW2gAwIBAgIMU6LLSxJOrYN9qJSyMAoGCCqGSM49BAMCMEcxEzARBgNV
+BAMMCnNlbGZzaWduZWQxEDAOBgNVBAsMB3Rlc3RpbmcxETAPBgNVBAoMCFBvbGFy
+U1NMMQswCQYDVQQGEwJOTDAeFw0yMzA1MDkwMjQ5NTdaFw0zMzA1MDYwMjQ5NTda
+MEcxEzARBgNVBAMMCnNlbGZzaWduZWQxEDAOBgNVBAsMB3Rlc3RpbmcxETAPBgNV
+BAoMCFBvbGFyU1NMMQswCQYDVQQGEwJOTDBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA2CMR/+ov0jRd
+XRa9iojCa3cNVc2KKg76Aci07f+jPzA9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/
+BAQDAgeAMB0GA1UdDgQWBBRQYaWP1AfZ14IBDOVlf4xjRqcTvjAKBggqhkjOPQQD
+AgNIADBFAiAXiJxDrd5aLzGB/Uc3kYBIBuSUIMGvol2c8EvwmF3zmQIhAPFrKMgA
+s2awzo/PBB5gFTkDub88wRYwS1R9JPYCXUO0
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-ss-forgeca.crt b/tests/data_files/server5-ss-forgeca.crt
index 2265bf5..cf5bd6d 100644
--- a/tests/data_files/server5-ss-forgeca.crt
+++ b/tests/data_files/server5-ss-forgeca.crt
@@ -1,11 +1,11 @@
-----BEGIN CERTIFICATE-----
-MIIBlDCCATmgAwIBAgIBTTAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
+MIIBkzCCATmgAwIBAgIBTTAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
A1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTEwODQzWhcNMjUwODI5MTEwODQzWjBKMQswCQYD
+YXRlIENBIDMwHhcNMjMwNTE3MDkxNDIxWhcNMzMwNTE0MDkxNDIxWjBKMQswCQYD
VQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRl
c3QgaW50ZXJtZWRpYXRlIENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
-wmt3DVXNiioO+gHItO3/oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kA
-MEYCIQDBFcXh+IloVYbMiHfCFhw6cYJsj7PZXuTdDMMkNbyJNAIhALz7fBVAMYz9
-/g48bLdYT47LOc9QNuaboLIxsq5RseJL
+wmt3DVXNiioO+gHItO3/oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gA
+MEUCIQD0f3GH9cEJ7cJWPIfwAL/1cGREqO//O/1XggWZv/clnQIgQmlMzGzuUDHq
+/mTgGQ9ceSAB9B9im9rcgY6DRFZULnY=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.eku-cli.crt b/tests/data_files/server5.eku-cli.crt
index 8aa2e44..8d04559 100644
--- a/tests/data_files/server5.eku-cli.crt
+++ b/tests/data_files/server5.eku-cli.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB5DCCAWmgAwIBAgIBPDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMTIxWhcNMjQwNDA3MTcyMTIxWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jYjBgMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAoGCCqGSM49BAMCA2kA
-MGYCMQCzHyEvd56zm1AzfDBi3psz3rDL/m0RN2WnbRBQJxIJqjwEXOrKazko9m9q
-owgau88CMQDuI0fsq5tnyiHPaDSAE21/6hlrCR6deNbwzB94OuPIbx1wIas9D1jc
-//iSmKtbl8Y=
+MIIB6zCCAW6gAwIBAgIBPDAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NlMGMwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDAYIKoZIzj0E
+AwIFAANpADBmAjEAoC1Xxg8Xt3tvM2ZER4jCRv7iSYPWGgNtcYNJj3G0lb0PYi1l
+Nd0cqdGxydhm7RJLAjEApAE8koD1ccIPnSFTagT7shOSz1/lOU4wwAWswcwolzt3
+xrvFlMoTeJx3sS3Zqdr8
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.eku-cs.crt b/tests/data_files/server5.eku-cs.crt
index db97b40..c00bc3b 100644
--- a/tests/data_files/server5.eku-cs.crt
+++ b/tests/data_files/server5.eku-cs.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB4zCCAWmgAwIBAgIBOjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMDQxWhcNMjQwNDA3MTcyMDQxWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jYjBgMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MBMGA1UdJQQMMAoGCCsGAQUFBwMDMAoGCCqGSM49BAMCA2gA
-MGUCMQC294oVK6fUjH/abI1xzytTusi8dl7518L0Y19q8zi9K19OtxzPK09h7xyy
-gaJRvpUCMFS6hYhrht38yqwwhSVlnmTMVtira58mEUhL6v7Qzw1sz/Dm4aXkW3s6
-JQV1kqqbRw==
+MIIB6jCCAW6gAwIBAgIBOjAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NlMGMwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwDAYIKoZIzj0E
+AwIFAANoADBlAjBlMU7Fh18cel20P3rY7esvtPLDHQQKWSCO91XHHkZi1zRPq2px
+nwVHayXnOS3CPRsCMQCQDYTyVMS8oEIrm0XPI6HrbCMUq2bhPwaYpelU/asOzYI3
+gOjGCDFHtyedJHVK0rs=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.eku-cs_any.crt b/tests/data_files/server5.eku-cs_any.crt
index 8fa8632..912d929 100644
--- a/tests/data_files/server5.eku-cs_any.crt
+++ b/tests/data_files/server5.eku-cs_any.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB6TCCAW+gAwIBAgIBOzAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMDU4WhcNMjQwNDA3MTcyMDU4WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jaDBmMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MBkGA1UdJQQSMBAGCCsGAQUFBwMDBgRVHSUAMAoGCCqGSM49
-BAMCA2gAMGUCMQCSYaq/9IKOTkzIrU/eOtpha/3af3JwT6vKh4N3cSX62ksMz0GT
-Uxmq4UGMBt4VmBkCMBGpYqof6hS1o92ltNRpDSHuVQ+nke1lOsoQ1plZp4SI+bY1
-bUD/WrUSLlwikZAeng==
+MIIB8DCCAXSgAwIBAgIBOzAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NrMGkwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwHAYDVR0lAQH/BBIwEAYIKwYBBQUHAwMGBFUdJQAwDAYI
+KoZIzj0EAwIFAANoADBlAjEA89+l8gNC0H75Tzdz/75W6EjGSzZ3m50S4cK5jD6+
+ZZLpRcbIqPqMT2MNkCm7ImNpAjAlTkFLVCGnTNX/q7QWOrx8aPXXAeZtY5NFxd66
+EJJb+YHTQ80hZhLWX8/QaAJjniU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.eku-srv.crt b/tests/data_files/server5.eku-srv.crt
index 64312f6..b173afc 100644
--- a/tests/data_files/server5.eku-srv.crt
+++ b/tests/data_files/server5.eku-srv.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB5DCCAWmgAwIBAgIBPjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMTU0WhcNMjQwNDA3MTcyMTU0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jYjBgMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMCA2kA
-MGYCMQDQzjWB0xZs/8IsqJb7owYYtCiT17939Uuc/1yBF69pJRy7KV/qJlHNvlVu
-qwWVTx0CMQDNW/0dlX1gU6ashrZv5Ly4sijg/g645fFpfMKCNXysEb9xiBeEj5de
-2x5sX/0OSx4=
+MIIB6jCCAW6gAwIBAgIBPjAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NlMGMwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDAYIKoZIzj0E
+AwIFAANoADBlAjEAh+l47FmXR/nUxD8bfnS3sT+QTgc8pXUEqh/gXUs2xINVSoL+
+ZewgcNb2UanzCNheAjAnUY4b0M9YHp/eJjls5RzGX6JXtcWwn9JvO1HqMQnHthcy
+hPEQ3lW7XG0DIQS1drk=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.eku-srv_cli.crt b/tests/data_files/server5.eku-srv_cli.crt
index 9f58fed..be2531e 100644
--- a/tests/data_files/server5.eku-srv_cli.crt
+++ b/tests/data_files/server5.eku-srv_cli.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB7DCCAXOgAwIBAgIBPTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMTQyWhcNMjQwNDA3MTcyMTQyWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jbDBqMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggq
-hkjOPQQDAgNnADBkAjAmQjJxxC82ZhBpH/GQkOQXDmaaV/JHRHGok1cWn3j3Xj8A
-fqRZkp8JihpGIMse208CMFCMdNAfNd1tv+oPuynoK5Oh6/YlASX/otJT68voEIAN
-SmsT1m9VPQMIyUo/3RtYjg==
+MIIB8zCCAXigAwIBAgIBPTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NvMG0wCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAwGCCqGSM49BAMCBQADZwAwZAIwHu/xjSqHK91yEM+KgEFGU8Xc3o9rEVrCBFeW
+ChIa3slZZdG4OuIm06Tsabf0pBLHAjBYKjoUwWEuDOOQKbbJZG8gKDzMAgEpe/RW
+wAjY7i6CzZ1NKfFQ9fQdwA+yjq2fnlg=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.ku-ds.crt b/tests/data_files/server5.ku-ds.crt
index 58dd071..dafff9b 100644
--- a/tests/data_files/server5.ku-ds.crt
+++ b/tests/data_files/server5.ku-ds.crt
@@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIICLTCCAbKgAwIBAgIBLTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDA5MDg0ODM1WhcNMjQwNDA2MDg0ODM1WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgaowgacwCQYDVR0TBAIwADAd
-BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAsG
-A1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEAzp4DkFMq7eDB0x5FeS9gYDaG
-Ol8rVnWlRTLQzHZBQjKp+TcBdHZaBPoi8LyXtWA4AjEA6OWhsuTcv/qXOscQT0rL
-eEh8wcCQeJK1uNd78lNvx3W0Pcxdb6cd7AhaAKgXL+r4
+MIIB4zCCAWagAwIBAgIBLTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NdMFswCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwDgYDVR0PAQH/BAQDAgeAMAwGCCqGSM49BAMCBQADaQAw
+ZgIxALHO0QR+4vz+fj4WwBQMa55oJDlp1J0PpqoJYKTf6DRx5rNuZxSbNu2wJQWz
+MJ9ekQIxAMPo/Rhu4e9KRkEf9rYU9Ynd7t9/PCsXw4JZuxZfToURDsrAI/Pnqc0H
+4+FA/EuPJA==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.ku-ka.crt b/tests/data_files/server5.ku-ka.crt
index 2447326..74a4235 100644
--- a/tests/data_files/server5.ku-ka.crt
+++ b/tests/data_files/server5.ku-ka.crt
@@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIICKzCCAbKgAwIBAgIBLjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDA5MDg0ODUwWhcNMjQwNDA2MDg0ODUwWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgaowgacwCQYDVR0TBAIwADAd
-BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAsG
-A1UdDwQEAwIDCDAKBggqhkjOPQQDAgNnADBkAjACzKQ88/NvngMQBFc9rC484+gO
-BRkXP28BqRcj8sBt3EfmEGH23BuhkZuB1OFZuMICMC4/pHgbOQtaY9WZPUROUVVZ
-OuO6XsVbhiE0rb/mumqmUwuOrCtC/KFdvFZol4BNGA==
+MIIB4jCCAWagAwIBAgIBLjAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NdMFswCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwDgYDVR0PAQH/BAQDAgMIMAwGCCqGSM49BAMCBQADaAAw
+ZQIwCVbbPiS8MJUOz8JBmgLHojKDaJOd4lSfSak0GSl02UjT8OiNyRzA+FlFWO94
+YMjyAjEA14/ubZ1ZW3/0hkiFHzhTD2SXbTfYbhDZSq2PR+9sBlUrrx1GhzWw/cOD
+3jZd4DQO
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.ku-ke.crt b/tests/data_files/server5.ku-ke.crt
index 41ae5ad..6b4e74e 100644
--- a/tests/data_files/server5.ku-ke.crt
+++ b/tests/data_files/server5.ku-ke.crt
@@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIICKzCCAbKgAwIBAgIBLzAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDA5MDg0OTA0WhcNMjQwNDA2MDg0OTA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgaowgacwCQYDVR0TBAIwADAd
-BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAsG
-A1UdDwQEAwIFIDAKBggqhkjOPQQDAgNnADBkAjAMl0Cjv9f45bHeJTul5XpYeJeT
-52ZaOLTa/uTLy948EnEIi6sj3nFb9fvsUbsOOjECMAXAMY64KOqzixefz3y3XS/d
-9miyeArPOmXU2JJ3LGuNbqqj9IbABawB1OD8v8gRmg==
+MIIB4TCCAWagAwIBAgIBLzAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NdMFswCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwDgYDVR0PAQH/BAQDAgUgMAwGCCqGSM49BAMCBQADZwAw
+ZAIwezTY0tigIg6u1dFl90LHYcZ+lJK4BO5Y6U9pn952NFo24NsL8qnG4nxwsL3M
+VvV7AjBQ+oZyKSyNp8XRAHYC6lERH7/Gh7HrVWyTRo9iPPL6tE4x/jE7jL9ifgl+
+F6982sk=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server6-ss-child.crt b/tests/data_files/server6-ss-child.crt
index 3c6fd4d..fc28f34 100644
--- a/tests/data_files/server6-ss-child.crt
+++ b/tests/data_files/server6-ss-child.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB8jCCAZmgAwIBAgIMU6LLWCI5lHSn7HnsMAoGCCqGSM49BAMCMEcxEzARBgNV
-BAMTCnNlbGZzaWduZWQxEDAOBgNVBAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFy
-U1NMMQswCQYDVQQGEwJOTDAiGA8yMDE0MDYxOTExMzY1NloYDzIwMjQwNjE4MTEz
-NjU2WjBNMRkwFwYDVQQDExBzZWxmc2lnbmVkLWNoaWxkMRAwDgYDVQQLEwd0ZXN0
-aW5nMREwDwYDVQQKEwhQb2xhclNTTDELMAkGA1UEBhMCTkwwWTATBgcqhkjOPQIB
-BggqhkjOPQMBBwNCAASBWTF2SST6Fa2roDFuDu0zEfqRJVXBsMGcA3I+mLotpHI3
-iR9DN40fjjrY8FfoL0/JAKT323MPssYElNFAOzjjo2EwXzAMBgNVHRMBAf8EAjAA
-MA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFDxZrEo+LvwCNi/afcvLnHqyiZlT
-MB8GA1UdIwQYMBaAFLZtURgXjmWq8uzV8wHkbFLCNB1bMAoGCCqGSM49BAMCA0cA
-MEQCIAMlQ59/NW7S0hP1cu5OTD2zqT087bEmnIfOTBYfj8UFAiBBrrz2dipODVYx
-vvTsQmSCzjrm+JtQQoWa+cdnAG3w5g==
+MIIB7jCCAZSgAwIBAgIMU6LLWCI5lHSn7HnsMAoGCCqGSM49BAMCMEcxEzARBgNV
+BAMMCnNlbGZzaWduZWQxEDAOBgNVBAsMB3Rlc3RpbmcxETAPBgNVBAoMCFBvbGFy
+U1NMMQswCQYDVQQGEwJOTDAeFw0yMzA1MDkwNjA2NDJaFw0zMzA1MDYwNjA2NDJa
+ME0xGTAXBgNVBAMMEHNlbGZzaWduZWQtY2hpbGQxEDAOBgNVBAsMB3Rlc3Rpbmcx
+ETAPBgNVBAoMCFBvbGFyU1NMMQswCQYDVQQGEwJOTDBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJH0M3
+jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
+VR0PAQH/BAQDAgeAMB0GA1UdDgQWBBR+ZY8+MwMU5eG+YLLghX+M52ArezAfBgNV
+HSMEGDAWgBRQYaWP1AfZ14IBDOVlf4xjRqcTvjAKBggqhkjOPQQDAgNIADBFAiAl
+Y2yXg5sZunmo+McUBzvSao1wRxw+9XBSM+Dph5gfhgIhAPlI+lSvD4mzlBzn01Mg
+0tMpKHbY34iadcMWBUgibMiA
-----END CERTIFICATE-----
diff --git a/tests/data_files/server6-ss-child.crt.openssl.v3_ext b/tests/data_files/server6-ss-child.crt.openssl.v3_ext
new file mode 100644
index 0000000..dd9cdaa
--- /dev/null
+++ b/tests/data_files/server6-ss-child.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = critical,CA:false
+keyUsage=critical,digitalSignature
+subjectKeyIdentifier=hash
+
diff --git a/tests/data_files/server9-bad-mgfhash.crt b/tests/data_files/server9-bad-mgfhash.crt
index 34ef69e..ad29942 100644
--- a/tests/data_files/server9-bad-mgfhash.crt
+++ b/tests/data_files/server9-bad-mgfhash.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAN4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgSiBAICAN4DggEBAIfliohNjz4CLGbHWgWRBFQ3
-Difn027ZnULTvokT67ii1sJzESzqaIakyyu8GRwfoFRNh/rbGfe4C6e9SkwKbnDg
-WE9SWbK6ukIQbMy69C+CVqFlRUHbONw/dmcneAWyZYGx/2Sf4D5kkpIWNDBeKuaV
-H69XPZCeN3QAACmdAfo4NYW0I69a1OSaUrTyGT1nBOrzQ8Y0aJBnCJAte49bhQEW
-KJv0kMj+8ZG1X0RoSdklf3GqdLUbsfJ2txu14GGAxy4C1gl2JWzoBHN5LMLf0cZ9
-uEYui7N/5bkSv8KXdbGvSzgn6zZ0MiCJMiiGEf0L1FxBiBCVsK4C2idpiZH+e28=
+MIIDYzCCAhagAwIBAgIBGDBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCBAUAogQCAgDeMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwODM5NDhaFw0zMzA1MTcwODM5NDhaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMB0GA1UdDgQWBBTu88f1HxWlTUeJwdMiY7Lfp869UTBj
+BgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMC
+TkwxETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENB
+ggEDMAkGA1UdEwQCMAAwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA3gOCAQEAaQlf1GPhvPHp
+hFgTdIB5x5zACVb4a4ONuySVckfMpWk2nlkRSu3Kgv4j8l/jfNpfr+we4lG72xEn
+FV3em8dEzxvXd5jXCfR/hWJKYVoWh0055qWw7FpG20vRFKttU8UFclL7KvMs4InZ
+vDpbPs5EwBQXTg/manL9TD9t/zqWAUJj1yHWiIISYzfWmsaoTi8jNxSR1+lkmPPP
+ZWQwyUJrh82Mw3VwNGxXOfpGIwmjXPia8MafjjH/RtHNx7ukCk+6q1ZlH57NolZJ
+dlQTJv21+vxyYr6GZdHXzdJwWMnFSof6VGwayNzetSnVhJb0SQqTBt8Vu5xQtXGa
+QcCjGyCAIg==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-bad-saltlen.crt b/tests/data_files/server9-bad-saltlen.crt
index f4da883..45bf20e 100644
--- a/tests/data_files/server9-bad-saltlen.crt
+++ b/tests/data_files/server9-bad-saltlen.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAE7T54cyUf0ByNr34JaojFam
-hV0T9QSc4wJ17sX67rxYIorXU8MynaneJzFxD9utOD3dq2TON18VswhT2McDgefl
-XMwivCC0nWod8Pk638QaHxbaqC7XSq0QRBfOMXwV7knLNxI8smc9UJaco39VEcGD
-yCkq4By/VCWTpvJ+1hx4zZ8WoXpFJFM5m5y9oEz4lgNv/6Wu7ILztyOk2yJiSR8r
-YooC4zVeUOZuDO6At/NXZuSvmKmr+tfFrFA1AA/7yR5odQbqFVNSJ+u0x1Jv8Ra6
-JXA4cXsnaDaRe+Wm0L0p+2PtQWXE5npXYIbFHAA9EOC3Ab8oaP9M/F6yQMa/2is=
+MIIDYzCCAhagAwIBAgIBGDBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogQCAgDeMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MjIwNzMwMDZaFw0zMzA1MTkwNzMwMDZaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3gOCAQEAlQo9OnchZbLQ
+PTXs9NgXDoQb4JvUG/Fsq09/e8ivWaHkE7mKeNRrP8qMdAw914Bs1NQf9F75CWJe
+5YtmLcE5gSbVj3qa6zVuQWEcrseKz6wpAFLsHKbF6kKfUgcI56xmD2DhhIHny+5B
+9ObM0RQpCmAYXjU2CvknXeBzpX2cGOLD/Nexk1oBF6PI0rDUBqg3cexsJ5XfJwYg
+tkjkZ321s9N09BsioauH6d9x9/Ysz7Qp7Bqpb1E7dV4bDuT5vwPWwPIUAav897Vt
+s0uMZHoVasj57UwqDv8tm0db6f2VOL7r5GBMjbp6newW8Me47uXSBXKy8tFJMolj
+yKuEQkKKyA==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-badsign.crt b/tests/data_files/server9-badsign.crt
index 9e56541..8656b1a 100644
--- a/tests/data_files/server9-badsign.crt
+++ b/tests/data_files/server9-badsign.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
-EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
-Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
-TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
+EwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3Qg
+Q0EwHhcNMjMwNTE3MDgwNDAwWhcNMzMwNTE3MDgwNDAwWjA0MQswCQYDVQQGEwJO
+TDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
-qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
-wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
-OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
-clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
-vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
-te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
-Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
-88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
-JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
-o4Hl/lqjwCFG
+qQvaQJUCAwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEw
+YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QYIBAzAJBgNVHRMEAjAAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQC2DLHQ05x6
+imJNztE/Tnk/lPQ01Pw6Girdbk4bgxcGwGj+1u5wAIHNpJ50TOggg3HxTyb7p344
+/tVMxz7nrHZQ5ASdn2kDCyCmEqhmj48isWAIml+7J9cBeImJoEfYqjtqtoVkGxFy
+SuoZAQWkkqDpyFhKhIjLQ8JuSE6wWMX/kc6TFSSxepnZU1SFOXfCiaVr5tFQzBP7
+loppIANLjKeMjpOdU86PmRQ2LyzaCH1OMnjVndeqNmZt0NyzZ18cFPvm6+DVVVuP
+Q+6nReShCdAlU+dJqsqj8JsQneNMTxjv4OBoXVmE/kZTj/DBTtwmxkVi7K4aYMFi
+UYUZ4RiwG1/0
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-defaults.crt b/tests/data_files/server9-defaults.crt
index 4ce5c87..8613f52 100644
--- a/tests/data_files/server9-defaults.crt
+++ b/tests/data_files/server9-defaults.crt
@@ -1,19 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIDBjCCAe6gAwIBAgIBSDANBgkqhkiG9w0BAQowADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNjA1MTU1NjUzWhcNMjQwNjAyMTU1NjUzWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B
+MIIC+TCCAeGgAwIBAgIBSDANBgkqhkiG9w0BAQowADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2gHqroDsK7
E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOor+c4mwiL
Y5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0qQvaQJUC
-AwEAAaOBnzCBnDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJwdMiY7Lf
-p869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBU
-ZXN0IENBggEAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQowAAOCAQEAGUdim4uy
-/rBDFMF8qhjH1qsv0o8ON4HgP3YXbdKdIMfd+p5KtoqHQnrkixWxaIvfORnR4mGm
-f8H5BimwIkNLxy7zS88TVDOYel8g7B2yl0nq4biki83NStNBYZJjxKT0ud5O5mGd
-jHdy9vTEc7h8q+SHzRdgpNFXyKY5OQYng1LHco8h1UR8/nmPMuDtocHMnmMXu68a
-69+TtZxx90/V4gJZOoL1iCi8HEsKoJzm/L8ji54OYt7FxgFfE3VmLsXeMaWYO8GS
-BUxh5kqZ25O8hQXK5ywfuVK83Do/SsoClbgx9mboybseGVFIJaxs9e66GFDMoI3B
-09JqWv4DoLNnwg==
+AwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEwYwYDVR0j
+BFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBDQYIBAzAJ
+BgNVHRMEAjAAMA0GCSqGSIb3DQEBCjAAA4IBAQASsc5y7sDP4prOLGAl2EB5d+Gg
+w/Vk9+g3KXpeIUCL6gmECNLENmmBe6zZR8/Ax6R1hUe/Cbflepxsx627Eg29NCZK
+Bo/AQoz658kwEzr4jhF8M6y9sdsf5/OauoRxDLcMEywIkgmuFvZIpyEwXix6arsK
+mNWnW0FwSr2NaXozD7OquGwTEAvAbtei+5JAeVvvGi1u32D2JPVHk3zv05LXtx8b
+8bEmzZLthFk3GbSkGHC3K5rjNgTMwY0BhNBW6qFyY5mL0bHVDbZQxD9RRwDifGty
+fTo7odJDAHU1xucWF6dOU5nAqiFKlc3eITdBKt+d10yBSr7qXciHkHpAzCvh
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-sha224.crt b/tests/data_files/server9-sha224.crt
index 1b05f31..ed648c8 100644
--- a/tests/data_files/server9-sha224.crt
+++ b/tests/data_files/server9-sha224.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBFzA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIwOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTczNloXDTI0MDExODEzNTczNlowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBADJExjfWWvL28lgj+GGgviqo
-PHZLxI0pLQUnFJQ9Kpu6jxfICseBF00Z6BJE/RcYDpIie5GDt/8u/i6xB6Li29Pm
-g5nANgd/Y3fFnW7d0ydVjiSnetlPuf/jTlWQl6mQTH2xqYu8J8d3JRxQdRiDYbVm
-uywW2d6rksiqm6dPD5l4A5DcemcYo8f/1Ifj5WNDCV8/OHex+AnW2ccDvWAnVgSR
-B2VpOXJzVFuBsuf4tGVm/2TUMSB6NcvFc6TeJk1kzbZxii4QjKXtH1SfrVP59iEe
-l17NYAEWARjBpQWBiutRG+QM2et0sNiUBuWxTkvd0eSgencNysVAOsZqrqaX3CY=
+MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCBAUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCBAUAogQCAgDiMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgQFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA4gOCAQEAjG73ZOe2pQn6
+jqiTHALGM0IG8BBCamo3gzbCjZPz3ZnTpZii1pQSFPGEBaKCgrtKrjvoP21ZDUnq
+3HjTUzGtGbHk3h+UJcVYgFuONidguUDaALGtXIPWUlqBBeJL+Y+01zJRnMpC2hV7
+JUOM3es02te8RM6srCdW1fP9x+Lx4G2Kjj7kEzKafEbwFesS4LbBXsWkID8xDPHO
+DLKvg66tPeksDBT4n7f7H51eNlyIwwMDKTc+N9Ri5OeW1HOqtbyo/yJlHvQqnCld
+E8gW+AVoeZmN6n/4yemnCEkFRqgbRSIGVoPmOY9d/FfGLmClcaZFPcH+w1JDhF71
+3egYnUY/9g==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-sha256.crt b/tests/data_files/server9-sha256.crt
index 7d0aa39..ef37b3f 100644
--- a/tests/data_files/server9-sha256.crt
+++ b/tests/data_files/server9-sha256.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAH0+knqkcLaxeDkenBQgd4Qg
-3ZyAhtpiLU689mw+3cXB/uzFrCIxEL5aGh1eSj+DszB+FtsZ06ux7JVQqVOA2Wm9
-yLxC6wF8OOYj0nBa91BWLhRAHLhmIdWsVk7Hl9KojZd4TwV2N+ZEV/BLxyoRvK4H
-V4xCpzgDSiTPe8Etk4r+0akbr6bsOUBayPb7MGLHubZKq8NsFAmmynp+fPmHd3SE
-0ooJdiZ1MmKPKLE5Og/hXCI8qeiXQUR6oQ7b2XONsrI2HIj2SA9dA5qmHwE5PbMu
-zqxQ3R83boqLXbkFORn+UiYLmffqdoWuNy00BHMCrxRA9DUv+WyN4npLMF8rOJw=
+MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogQCAgDeMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3gOCAQEAXcWlfbIjRJX3
+eCkj03eKLvhawFndN6mWMOTVvr20Vdhhn57wngSKYgtsbOZhpT+pIXTTpxhku7uS
+Pg6NDU0W13xbrcIsYxkZRcN6AYcnV0NxnhdfkmxwDjLyohgm8IdgvHb04r73OP0j
+KmnZfJJpnxkVGD8NFGj2hBCR7ynbVBAfJegl0Lruxc4AlrniG6MW9xfkmE3EfOQg
+dwZv3UuhxzEhLmR933BCijwfhBVfyzarGjDtZjQYNwWKhRl+OXM+L14Ofq7htSxz
+kSM5KJfCAzLFNd6N2YU84IhqwTS4CZ/bE1HchEYPtXm97bj8Vldrfv2up/4Rc0kF
+a8P+xLLmug==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-sha384.crt b/tests/data_files/server9-sha384.crt
index aaa63e6..2ea0108 100644
--- a/tests/data_files/server9-sha384.crt
+++ b/tests/data_files/server9-sha384.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGTA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTc1OFoXDTI0MDExODEzNTc1OFowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBABf8Gyq2VYuN1EBW1nOapDQp
-B/KuafNW2GEJ7FmQKNyA7MIj1Yqo2MtJ6/OQojRQ3F5rnO4yjmvIPsXeQaMxJBiI
-aaoAlLpH++F+oXMq/0aS0WSZrSLrsh2Fpay9cBDGwek2rDOX9kM+ZcPzGitVwWKX
-TnOW22hpcl7u95CpZH+JZTcto5nL3tTyV9pIy+tSKQQfjPB+G0TAZCsOkbCGPLug
-qdjvqFQwOf15VxQMj7NRiXjlqJvsx+I7B2AIhrs4DzQMEyiWq9S/PzpQuFU5v/Kg
-s2iMLJ5ygv5aN3PYqGlE1ZmvgyRp5h/LaTGI2L6lzRTnecOhtPv30N2tyaDAEfo=
+MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgDOMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgIFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIEAgIAzgOCAQEAmTU2HqAA7gbB
+tJlDAve8nGbdCim4YjRXWceHGCpoFIWrs6onlHCvnZ2Wr8iPk+wnd7ShIpp8vGb/
+476y8pfaA2n8vYWhQKDCTTUXJN4tUc7i8Uz4RGdK48vHVvZCtCT/8MmPPouOIZcU
+/Kkenw2jv5R/CpiirVUsjNx6BYcdu1zzEU+uoBLom6sZ6LGRlIB0prFWcxrVjfzx
+2C8ZxMW8NWj6EQipQJ2U+CCycA2HkbCmt3FnEXmN5OWThvnKdshoPkMn2HwhAOzn
+cjZQhQT3WSufvZ9bYe7HZ5e1e7k6aMXBvW89ECxc12mZfSjlYmlvfHZuO8D2sP2i
+RidkcXFMxQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-sha512.crt b/tests/data_files/server9-sha512.crt
index a211b92..4abdf68 100644
--- a/tests/data_files/server9-sha512.crt
+++ b/tests/data_files/server9-sha512.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGjA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6Ea
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTgxMloXDTI0MDExODEzNTgxMlowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6EaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBACdVozFq6rUiXo+ib5Y2oPsR
-6xxl4Ydn3LpUoYrPpTOrhcXJWW/tOLHGuCF/mSRfUzKaMIfL418cZHYnvumvuttu
-6z3tp5E1VsiZCU2MWJnzjKSxFBOss43AmpJHHoapGFZu2pxObBPqegAKHYkKWOLk
-tJDj47PurWgEek9j1nL7Pc1tVf59fm/ySp4fWkXLLvQiKid1516VioLyacUvK3zU
-6Egz8jMt7D5c9KpaExLRTANVsThqO5/dmR36bOwm3Hpbde7DNdgxru41tiLMqJs/
-5pX3ceaJ1XQ/l0idj5/9ipvqHHUguyk7H22HwQHQdSD9oIha8kEM3P6CjpfE7yY=
+MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAwUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAwUAogQCAgC+MDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgMFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIEAgIAvgOCAQEAVut9oL/0V/vo
+f9VKxAZfyy0zFy+LOHzV1H5qQaPKJnXIAUp/sDtvOjugqHKjamg6dCIVy292Yxcx
+rW8WcMR1Bj9MQ5Qrv++TZ0a1e0qet1GYxj4MQkU30XlJq/Jh7ede9Vh/yBxKTQq7
+oaJ6fOTFWcz1JZDrZrKffBOqIp5jQWPARilUDN6FiRNYV3/14aWVGnNbqGfoY8CC
+WvpC0iAvrQxjdQQf6nIYrzcGNzvrpRbhpzBPUyUIrM1o+nyiNAJPlyncjFwmfw9g
+80FP1XnRIIKmlTTG7ivkjHKzE6WXZSQPjArg0jxQAX1uLKJGFhu+ueKyoPOHQXS0
+O1z3OQn3+w==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-with-ca.crt b/tests/data_files/server9-with-ca.crt
index 0478cff..51c0ada 100644
--- a/tests/data_files/server9-with-ca.crt
+++ b/tests/data_files/server9-with-ca.crt
@@ -1,99 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
-EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
-Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
-TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
+EwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3Qg
+Q0EwHhcNMjMwNTE3MDgwNDAwWhcNMzMwNTE3MDgwNDAwWjA0MQswCQYDVQQGEwJO
+TDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
-qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
-wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
-OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
-clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
-vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
-te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
-Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
-88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
-JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
-o4Hl/lqjwCEG
+qQvaQJUCAwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEw
+YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QYIBAzAJBgNVHRMEAjAAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQC2DLHQ05x6
+imJNztE/Tnk/lPQ01Pw6Girdbk4bgxcGwGj+1u5wAIHNpJ50TOggg3HxTyb7p344
+/tVMxz7nrHZQ5ASdn2kDCyCmEqhmj48isWAIml+7J9cBeImJoEfYqjtqtoVkGxFy
+SuoZAQWkkqDpyFhKhIjLQ8JuSE6wWMX/kc6TFSSxepnZU1SFOXfCiaVr5tFQzBP7
+loppIANLjKeMjpOdU86PmRQ2LyzaCH1OMnjVndeqNmZt0NyzZ18cFPvm6+DVVVuP
+Q+6nReShCdAlU+dJqsqj8JsQneNMTxjv4OBoXVmE/kZTj/DBTtwmxkVi7K4aYMFi
+UYUZ4RiwG1/7
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:00 2011 GMT
- Not After : Feb 12 14:44:00 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
- 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
- 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
- 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
- e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
- cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
- ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
- 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
- c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
- 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
- e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
- 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
- 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
- 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
- e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
- 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
- ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
- a2:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
- serial:00
-
- Signature Algorithm: sha1WithRSAEncryption
- b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
- 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
- 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
- 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
- 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
- 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
- 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
- e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
- e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
- 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
- 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
- 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
- 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
- e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
- f7:e0:e9:54
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
-/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
-BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
-dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
-SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
-DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
-pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
-m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
-7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9.crt b/tests/data_files/server9.crt
index a6f9fbc..26567ae 100644
--- a/tests/data_files/server9.crt
+++ b/tests/data_files/server9.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
-EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
-Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
-TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
+EwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3Qg
+Q0EwHhcNMjMwNTE3MDgwNDAwWhcNMzMwNTE3MDgwNDAwWjA0MQswCQYDVQQGEwJO
+TDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
-qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
-wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
-OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
-clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
-vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
-te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
-Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
-88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
-JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
-o4Hl/lqjwCEG
+qQvaQJUCAwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEw
+YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QYIBAzAJBgNVHRMEAjAAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQC2DLHQ05x6
+imJNztE/Tnk/lPQ01Pw6Girdbk4bgxcGwGj+1u5wAIHNpJ50TOggg3HxTyb7p344
+/tVMxz7nrHZQ5ASdn2kDCyCmEqhmj48isWAIml+7J9cBeImJoEfYqjtqtoVkGxFy
+SuoZAQWkkqDpyFhKhIjLQ8JuSE6wWMX/kc6TFSSxepnZU1SFOXfCiaVr5tFQzBP7
+loppIANLjKeMjpOdU86PmRQ2LyzaCH1OMnjVndeqNmZt0NyzZ18cFPvm6+DVVVuP
+Q+6nReShCdAlU+dJqsqj8JsQneNMTxjv4OBoXVmE/kZTj/DBTtwmxkVi7K4aYMFi
+UYUZ4RiwG1/7
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-v1.crt b/tests/data_files/test-ca-v1.crt
index e5a3b1c..2f10f6d 100644
--- a/tests/data_files/test-ca-v1.crt
+++ b/tests/data_files/test-ca-v1.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIIDIzCCAgsCDFOito4FQA5VXJOV5TANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
-ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
-EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA4MTRaGA8yMDI0
-MDYxODEwMDgxNFowUDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBDQSB2MTEQMA4G
-A1UECxMHdGVzdGluZzERMA8GA1UEChMIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN83/Be74JadP4beljJ9RKUW
-oM0h8ZnU7OrLfBhYCJSl7JvFi98aHpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6j
-MFKp8udAcBTLRKJyC8LlQPk+5aYOs/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8
-Ko/vJ2DDxp/LuuxgfbfmhDK+T/tYJiIDW9S01fv145YucMDkLr38Lu7iQVXANC59
-JHJpy0exFECDfWf0hvYxq/F5pLK1LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp
-/KzbLijRfgJLI6AV8jhlZAnqDG6OGxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QID
-AQABMA0GCSqGSIb3DQEBCwUAA4IBAQBoXC5AlXI5azyOPvmNse2qHhO7BrXOEjH+
-9g5P/VsrVADhsUGv6x0A2oLoWXtOjGDIWWH53BWHkCUCu4T5D5C6+I47rXWl4pAr
-J+h+tQVZo6J0AJxfPse/NnrjsboUSWhunmo/iTrU6S4KJBguIKP6T1DZoD/8EYgU
-x+fXDmvRO+MTesWDiY+p+FHEzsu3b9EBtG9dUiR/zzXi/ktFCfrgstKGSuW6+j7m
-lcduTxsogi6Uc3tWKtn6qpSGR0uBoCz6emFO7Smmy/tIyVA88lH0+3UnxOvu4TAK
-uvjYkOcZqhprDiMfhxBB7pxbfiviEANTbgSfCtZewSNz2RUJ9ocy
+MIIDHzCCAgcCDFOito4FQA5VXJOV5TANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
+DBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLDAd0ZXN0aW5nMREwDwYDVQQK
+DAhQb2xhclNTTDELMAkGA1UEBhMCTkwwHhcNMTkwMjEwMTQ0NDAwWhcNMjkwMjEw
+MTQ0NDAwWjBQMRwwGgYDVQQDDBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQL
+DAd0ZXN0aW5nMREwDwYDVQQKDAhQb2xhclNTTDELMAkGA1UEBhMCTkwwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAEw
+DQYJKoZIhvcNAQELBQADggEBAAtVAWmbymwKDj9v8m7SVLHF0mw4i3gBFVPJqYRQ
+y9CnUD68kUr4qK7wyQIv/gDRYuqZVNnBq4Jwzm+tPEBHpYAF5H/7Mynpb4h+uZ3a
+6kaWURXKzx53ZuFHLu1FuRov+SZU3ZtXClTYFKeyDb+fcth/8thR9V59v7ZE7zlb
+8zbyL+dqfyxvmxZCUzHbNKVrliiUUFXfW53T+B7Ysxner5mnqM1aPxckhXVHEJ47
+TBoIhpBoJ/HmHCiWz8BeoowSpG7u+QOezIKk8l5Pd2f8MeqwyaqIeAy0lh2nP7pB
+UtWET/0bsdiPn8SR9B3hWpKUDRvnHDDZuZiKtrdDEqsD04M=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 434876c..0340e9e 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -41,6 +41,11 @@
[multiple_san]
subjectAltName=@alt_names
+[ext_multi_nocn]
+basicConstraints = CA:false
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment
+subjectAltName = DNS:www.shotokan-braunschweig.de,DNS:www.massimo-abate.eu,IP:192.168.1.1,IP:192.168.69.144
+
[hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456
diff --git a/tests/data_files/test-ca2.ku-crl.crt b/tests/data_files/test-ca2.ku-crl.crt
index 4fb4083..303a2c0 100644
--- a/tests/data_files/test-ca2.ku-crl.crt
+++ b/tests/data_files/test-ca2.ku-crl.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzDCCAVOgAwIBAgIJAP6mZLzh0IPSMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xNDA0MDkxMTIzMzhaFw0yNDA0MDYxMTIzMzhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
-BgNVHQ8EBAMCAQIwCgYIKoZIzj0EAwIDZwAwZAIwZOCKY0EHXYzI4cQsFnfOrxm1
-ufvNeZ4ZcSZWrkTBazW2OBCuCP9SLznec3SFOUvvAjAKe/qycfxkHivjieCEG1Kt
-m2D4QKSJELUhTHr4zdkeqbzgui0y3iouaoyWsKvetNg=
+MIIB2DCCAV6gAwIBAgIUN3DAVq0Kn9k3FPUPZGW2d3rZn28wCgYIKoZIzj0EAwIw
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1ow
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
+Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
+Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwIBAjAKBggqhkjOPQQDAgNoADBlAjAxoq/Q4PEA
+8SDd3cQaVIwx8oJVEzfJo1BB2w1LnjvUXZrQydjNXMU4Jgorm/2/uLgCMQCyI6cZ
+EAIgKPYlT6/zJHBj45qejs527OfI4Xn+kQ7OvHQtHaCAzQw4h7Jfx+gXaUo=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.ku-crl.crt.openssl.v3_ext b/tests/data_files/test-ca2.ku-crl.crt.openssl.v3_ext
new file mode 100644
index 0000000..4bc5d3c
--- /dev/null
+++ b/tests/data_files/test-ca2.ku-crl.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:true
+subjectKeyIdentifier=none
+keyUsage = cRLSign
+
diff --git a/tests/data_files/test-ca2.ku-crt.crt b/tests/data_files/test-ca2.ku-crt.crt
index edacc64..5cad7b2 100644
--- a/tests/data_files/test-ca2.ku-crt.crt
+++ b/tests/data_files/test-ca2.ku-crt.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzTCCAVOgAwIBAgIJAODh6PAeD9/vMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xNDA0MDkxMTIzNTRaFw0yNDA0MDYxMTIzNTRaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
-BgNVHQ8EBAMCAgQwCgYIKoZIzj0EAwIDaAAwZQIwGGlbynd1jU3WkUx6Irhk9Lob
-z2B+1eIO6+eu3En8B3rh8Ipfxo0e0hpfaRFYP1MUAjEAjxxBchRWJAzZ6/47Wg/7
-UoasRINgP5B/uJhTnftS1bqyuWHastb4LW5/YLOvPbMQ
+MIIB2DCCAV6gAwIBAgIUYDcYIJ6EBbKafKeXLgPLE+RsJZowCgYIKoZIzj0EAwIw
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxMjEwMzEwNVoXDTMzMDUxMjEwMzEwNVow
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
+Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
+Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwICBDAKBggqhkjOPQQDAgNoADBlAjBwsfyYiZB6
+PpDgIbYRbZ4VT9GGFNE3L4C1IH8RNwzvywLvQfVp3ocRAkzEoRpmKAsCMQDOGm48
+d7zKl7IzmBuOWXYlukWDDWwpNI67z7g0JawfypKIxcPTZFiQXVtDdTdkrGY=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.ku-crt.crt.openssl.v3_ext b/tests/data_files/test-ca2.ku-crt.crt.openssl.v3_ext
new file mode 100644
index 0000000..997c893
--- /dev/null
+++ b/tests/data_files/test-ca2.ku-crt.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:true
+subjectKeyIdentifier=none
+keyUsage = keyCertSign
+
diff --git a/tests/data_files/test-ca2.ku-crt_crl.crt b/tests/data_files/test-ca2.ku-crt_crl.crt
index ac74e40..4c69582 100644
--- a/tests/data_files/test-ca2.ku-crt_crl.crt
+++ b/tests/data_files/test-ca2.ku-crt_crl.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzDCCAVOgAwIBAgIJAPejOupCJS65MAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xNDA0MDkxMTIyMjVaFw0yNDA0MDYxMTIyMjVaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
-BgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDZwAwZAIwMKLVXB4YBQ0Ha4dEvFPcJtau
-TS5Vd4UqG3xQ10YcJogweuqaGHSFgdnEUfoX+4p5AjApMnYXFfUjSmlyfJmTaswO
-gaR5sUnnw33NA9j1ercem3asCYz6a8T0zo8/rR33XVU=
+MIIB2TCCAV6gAwIBAgIUd5f42F4ahjkx9AIN035pcF4WFikwCgYIKoZIzj0EAwIw
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1ow
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
+Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
+Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNpADBmAjEA6IUvQwSw
+vEkHjU9YNsPcUsJf0UTHUW1T8mNbgk+zCl6fzeU73oCXH6zoi5q6vLgjAjEAv63C
+xknmJJ4H3Zlc+O5GlcX9VQNZDn1xV7hf2yW1Gf7wLTnSWTf5bXATaIQ6QLO1
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.ku-crt_crl.crt.openssl.v3_ext b/tests/data_files/test-ca2.ku-crt_crl.crt.openssl.v3_ext
new file mode 100644
index 0000000..0fd73a2
--- /dev/null
+++ b/tests/data_files/test-ca2.ku-crt_crl.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:true
+subjectKeyIdentifier=none
+keyUsage = keyCertSign, cRLSign
+
diff --git a/tests/data_files/test-ca2.ku-ds.crt b/tests/data_files/test-ca2.ku-ds.crt
index c28e17b..2907aa7 100644
--- a/tests/data_files/test-ca2.ku-ds.crt
+++ b/tests/data_files/test-ca2.ku-ds.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzDCCAVOgAwIBAgIJAPOkPR3wsvm5MAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xNDA0MDkxMTI0MTNaFw0yNDA0MDYxMTI0MTNaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
-BgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDZwAwZAIwGRCmU/rWNjW13g8ITuq3pMXb
-jgwTFJHVlbMDiFJwUrRvytPV9doJOfzJ8nAQ0cZ1AjAbJ8QAV2e+DmYZpWc/p6Ug
-nQdac59ev+lH+ju6wET3jNDjUthUPrdgqa54+UWQ5r4=
+MIIB2TCCAV6gAwIBAgIUb5xsO6FEmAz+XpGFHpW7ODFvup0wCgYIKoZIzj0EAwIw
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1ow
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
+Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
+Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA44HVvGYv
+meA3SpaNJmubLKjsQlGNnEUUo1IO0NBP5yWG0dRFkX8NQ0bzH/1n6FJcAjEAm9wj
+xdmEPUr6PY54c0IQJNeeF76L1/+EszXrSDQ7TLv1YC4d4uMNmqwR9EGuUX+/
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.ku-ds.crt.openssl.v3_ext b/tests/data_files/test-ca2.ku-ds.crt.openssl.v3_ext
new file mode 100644
index 0000000..08e49d4
--- /dev/null
+++ b/tests/data_files/test-ca2.ku-ds.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:true
+subjectKeyIdentifier=none
+keyUsage = digitalSignature
+
diff --git a/tests/data_files/test-ca_unenc.key b/tests/data_files/test-ca_unenc.key
new file mode 100644
index 0000000..2941bbe
--- /dev/null
+++ b/tests/data_files/test-ca_unenc.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAwN83/Be74JadP4beljJ9RKUWoM0h8ZnU7OrLfBhYCJSl7JvF
+i98aHpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6jMFKp8udAcBTLRKJyC8LlQPk+
+5aYOs/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8Ko/vJ2DDxp/LuuxgfbfmhDK+
+T/tYJiIDW9S01fv145YucMDkLr38Lu7iQVXANC59JHJpy0exFECDfWf0hvYxq/F5
+pLK1LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp/KzbLijRfgJLI6AV8jhlZAnq
+DG6OGxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QIDAQABAoIBAD/3B9M0b9vJN7eE
+3DdF4WOtuLZ1scc1tHcqW3f5fuDBo9G3y6lawYfaWvoX5NU4A95omIHstfIqjeks
+86blMhd/M4HoOHLVnPpO+yb1FQuvhGarAuAY1ZF81o/JS3YIKx2BaDDh+nBsE04Q
+AzU+xcpYIIohGDigD+3Eu0Vv9YRbsM9OnVgTazU1aaHSxPLBSAQgUblrpF2lS4SI
+Q0iZLLukl9bWGPbsXNExScnyjwtN7wkC/n39u68rg5QixKc+ZvXgV9zy7Sw+gXR2
+HpZvdB4yDhQx0HTw9Ae9w9EiwqiVkgZ/QwKRvN0jAYmUIERk9R1n0o/oaaUpJeZQ
+nOPpy3UCgYEA4ik+qmvVWR6c5kfVttfj8Y6e6YNfEJ9j7AREzD/42ToX4E/+2E3N
+RlR0vwrEZ5yn2IllTP1YKkcP9De2VbAd7ac5/E+jxHU6o5inRfVmy3xl+4Aj5v/9
+mR+Oa/9ek2bfbG/D9jgu/2m1rK67xnEWa9D4Itn4onIg0uI6cEveqy8CgYEA2lGb
+uLIqFHVYQI0ncPoxSLAgITT6TFeoEYjzp64h6bYr0c2n+NgMinYiNUTOPyUpg315
+pzHW7LK/2jS29rI783haBIMzPqLigYIT1DUXY5uexI2RTAN3x3Fb7oNt1XiI9ix5
+wkq0eZBwv980VpZx4w5okbzqyzPAvkXX/DD9ATsCgYEA0p8qtzgZxxeVc3iu9ct1
+g38ZS8uG+0oVmrYXBEkHjfZmSgb2BaffZoI8/7YdV4kzX5wFdX/zXdw0ZXKFIqQU
+G0HD5NCeadXrOHRwQ9zZUOSXbXPW+8in+rTCxJ1dDNWfebNUwrdsPX3LLfjE83ha
+Myq4DG0G+vJi00LQvchKpQ0CgYEA1KmQFd6/LMSNnfuhwuSD43llItO3SWxNlB8i
+sWDnOgCxOKKrD7RsqueeNON8QHhTsvkj6qCa6mDIj6av3ykJSwYeMa0X2tjR6TOr
+WxgIW4f4pR/9u9zY7ZdX5MNz1vCeAaabSI56tLvliJHFKt9LutCLPgOXdy9HflEM
+rmWN3ocCgYAgJA/Sr8IoO5cgspJJ6wloQLK+0cODlDQ41snsNAn5QW1cQpT3BPwy
+OWm8HPs+YZjAgNg2R8Ntwi7ngSoXNGQwTpa7Jha5QTb+itZTfKrsOUJQ7+OzASgy
+ym31mh6fN77+OCAikYzNlQLyTW8atEPwGd9lwJLnnS8J5+xpqMKPDQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/test_certs.h.jinja2 b/tests/data_files/test_certs.h.jinja2
index 92131dd..4a64b3a 100644
--- a/tests/data_files/test_certs.h.jinja2
+++ b/tests/data_files/test_certs.h.jinja2
@@ -2,19 +2,7 @@
* X.509 test certificates
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */
diff --git a/tests/data_files/tls13_early_data.txt b/tests/data_files/tls13_early_data.txt
new file mode 100644
index 0000000..0c84b07
--- /dev/null
+++ b/tests/data_files/tls13_early_data.txt
@@ -0,0 +1,3 @@
+EarlyData context: line 0 lf
+EarlyData context: line 1 lf
+EarlyData context: If it appears, that means early_data received.
diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile
index d44cdff..e4c49fa 100644
--- a/tests/docker/bionic/Dockerfile
+++ b/tests/docker/bionic/Dockerfile
@@ -10,19 +10,7 @@
# for the set of Docker images we use on the CI.
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
ARG MAKEFLAGS_PARALLEL=""
ARG MY_REGISTRY=
diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh
index ce43467..9192678 100755
--- a/tests/git-scripts/pre-push.sh
+++ b/tests/git-scripts/pre-push.sh
@@ -2,19 +2,7 @@
# pre-push.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
diff --git a/tests/include/alt-dummy/aes_alt.h b/tests/include/alt-dummy/aes_alt.h
index 21d85f1..dc47dd1 100644
--- a/tests/include/alt-dummy/aes_alt.h
+++ b/tests/include/alt-dummy/aes_alt.h
@@ -1,19 +1,7 @@
/* aes_alt.h with dummy types for MBEDTLS_AES_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef AES_ALT_H
diff --git a/tests/include/alt-dummy/aria_alt.h b/tests/include/alt-dummy/aria_alt.h
index aabec9c..94db8c7 100644
--- a/tests/include/alt-dummy/aria_alt.h
+++ b/tests/include/alt-dummy/aria_alt.h
@@ -1,19 +1,7 @@
/* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef ARIA_ALT_H
diff --git a/tests/include/alt-dummy/camellia_alt.h b/tests/include/alt-dummy/camellia_alt.h
index b42613b..97bc16b 100644
--- a/tests/include/alt-dummy/camellia_alt.h
+++ b/tests/include/alt-dummy/camellia_alt.h
@@ -1,19 +1,7 @@
/* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef CAMELLIA_ALT_H
diff --git a/tests/include/alt-dummy/ccm_alt.h b/tests/include/alt-dummy/ccm_alt.h
index 5ec7d4e..c25f42b 100644
--- a/tests/include/alt-dummy/ccm_alt.h
+++ b/tests/include/alt-dummy/ccm_alt.h
@@ -1,19 +1,7 @@
/* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef CCM_ALT_H
diff --git a/tests/include/alt-dummy/chacha20_alt.h b/tests/include/alt-dummy/chacha20_alt.h
index a53a330..6fd84d0 100644
--- a/tests/include/alt-dummy/chacha20_alt.h
+++ b/tests/include/alt-dummy/chacha20_alt.h
@@ -1,19 +1,7 @@
/* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef CHACHA20_ALT_H
diff --git a/tests/include/alt-dummy/chachapoly_alt.h b/tests/include/alt-dummy/chachapoly_alt.h
index 584a421..de28ced 100644
--- a/tests/include/alt-dummy/chachapoly_alt.h
+++ b/tests/include/alt-dummy/chachapoly_alt.h
@@ -1,19 +1,7 @@
/* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef CHACHAPOLY_ALT_H
diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h
index 13c998d..68b53d7 100644
--- a/tests/include/alt-dummy/cmac_alt.h
+++ b/tests/include/alt-dummy/cmac_alt.h
@@ -1,19 +1,7 @@
/* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef CMAC_ALT_H
diff --git a/tests/include/alt-dummy/des_alt.h b/tests/include/alt-dummy/des_alt.h
index 3b8abe4..d079861 100644
--- a/tests/include/alt-dummy/des_alt.h
+++ b/tests/include/alt-dummy/des_alt.h
@@ -1,19 +1,7 @@
/* des_alt.h with dummy types for MBEDTLS_DES_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
*/
diff --git a/tests/include/alt-dummy/dhm_alt.h b/tests/include/alt-dummy/dhm_alt.h
index ccb3bd3..3cb51d2 100644
--- a/tests/include/alt-dummy/dhm_alt.h
+++ b/tests/include/alt-dummy/dhm_alt.h
@@ -1,19 +1,7 @@
/* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef DHM_ALT_H
diff --git a/tests/include/alt-dummy/ecjpake_alt.h b/tests/include/alt-dummy/ecjpake_alt.h
index 90c21da..4d75248 100644
--- a/tests/include/alt-dummy/ecjpake_alt.h
+++ b/tests/include/alt-dummy/ecjpake_alt.h
@@ -1,19 +1,7 @@
/* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef ECJPAKE_ALT_H
diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h
index 56c9810..d204b18 100644
--- a/tests/include/alt-dummy/ecp_alt.h
+++ b/tests/include/alt-dummy/ecp_alt.h
@@ -1,19 +1,7 @@
/* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef ECP_ALT_H
diff --git a/tests/include/alt-dummy/gcm_alt.h b/tests/include/alt-dummy/gcm_alt.h
index 7be5b62..cfa73d2 100644
--- a/tests/include/alt-dummy/gcm_alt.h
+++ b/tests/include/alt-dummy/gcm_alt.h
@@ -1,19 +1,7 @@
/* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef GCM_ALT_H
diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h
index 1f3e5ed..e3a15d7 100644
--- a/tests/include/alt-dummy/md5_alt.h
+++ b/tests/include/alt-dummy/md5_alt.h
@@ -1,19 +1,7 @@
/* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MD5_ALT_H
diff --git a/tests/include/alt-dummy/nist_kw_alt.h b/tests/include/alt-dummy/nist_kw_alt.h
index 8fec116..1274d40 100644
--- a/tests/include/alt-dummy/nist_kw_alt.h
+++ b/tests/include/alt-dummy/nist_kw_alt.h
@@ -1,19 +1,7 @@
/* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef NIST_KW_ALT_H
diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h
index 836f299..6757392 100644
--- a/tests/include/alt-dummy/platform_alt.h
+++ b/tests/include/alt-dummy/platform_alt.h
@@ -1,19 +1,7 @@
/* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PLATFORM_ALT_H
diff --git a/tests/include/alt-dummy/poly1305_alt.h b/tests/include/alt-dummy/poly1305_alt.h
index 5a8295f..c8ed1bc 100644
--- a/tests/include/alt-dummy/poly1305_alt.h
+++ b/tests/include/alt-dummy/poly1305_alt.h
@@ -1,19 +1,7 @@
/* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef POLY1305_ALT_H
diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h
index ca3b338..72ae47e 100644
--- a/tests/include/alt-dummy/ripemd160_alt.h
+++ b/tests/include/alt-dummy/ripemd160_alt.h
@@ -1,19 +1,7 @@
/* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef RIPEMD160_ALT_H
diff --git a/tests/include/alt-dummy/rsa_alt.h b/tests/include/alt-dummy/rsa_alt.h
index 24f672b..eabc26d 100644
--- a/tests/include/alt-dummy/rsa_alt.h
+++ b/tests/include/alt-dummy/rsa_alt.h
@@ -1,19 +1,7 @@
/* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef RSA_ALT_H
diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h
index 36bf71d..d8ac971 100644
--- a/tests/include/alt-dummy/sha1_alt.h
+++ b/tests/include/alt-dummy/sha1_alt.h
@@ -1,19 +1,7 @@
/* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef SHA1_ALT_H
diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h
index 304734b..b1900ad 100644
--- a/tests/include/alt-dummy/sha256_alt.h
+++ b/tests/include/alt-dummy/sha256_alt.h
@@ -1,19 +1,7 @@
/* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef SHA256_ALT_H
diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h
index 13e5810..857bc91 100644
--- a/tests/include/alt-dummy/sha512_alt.h
+++ b/tests/include/alt-dummy/sha512_alt.h
@@ -1,19 +1,7 @@
/* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef SHA512_ALT_H
diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h
index 4003506..07d5da4 100644
--- a/tests/include/alt-dummy/threading_alt.h
+++ b/tests/include/alt-dummy/threading_alt.h
@@ -1,19 +1,7 @@
/* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef THREADING_ALT_H
diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h
index 9d4e100..69bee60 100644
--- a/tests/include/alt-dummy/timing_alt.h
+++ b/tests/include/alt-dummy/timing_alt.h
@@ -1,19 +1,7 @@
/* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TIMING_ALT_H
diff --git a/tests/include/baremetal-override/time.h b/tests/include/baremetal-override/time.h
index 40eed2d..0a44275 100644
--- a/tests/include/baremetal-override/time.h
+++ b/tests/include/baremetal-override/time.h
@@ -1,18 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#error "time.h included in a configuration without MBEDTLS_HAVE_TIME"
diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h
index de84264..fdf3a2d 100644
--- a/tests/include/spe/crypto_spe.h
+++ b/tests/include/spe/crypto_spe.h
@@ -1,18 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
*/
diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h
index 74bbbd5..6d267b6 100644
--- a/tests/include/test/arguments.h
+++ b/tests/include/test/arguments.h
@@ -8,19 +8,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_ARGUMENTS_H
diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h
index dee3cbd..2eb9171 100644
--- a/tests/include/test/asn1_helpers.h
+++ b/tests/include/test/asn1_helpers.h
@@ -2,19 +2,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef ASN1_HELPERS_H
diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h
index fc97d23..2f6bf89 100644
--- a/tests/include/test/bignum_helpers.h
+++ b/tests/include/test/bignum_helpers.h
@@ -7,19 +7,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_BIGNUM_HELPERS_H
diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h
index 65c5582..db69536 100644
--- a/tests/include/test/certs.h
+++ b/tests/include/test/certs.h
@@ -5,19 +5,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CERTS_H
#define MBEDTLS_CERTS_H
diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h
index f3d676e..c5658eb 100644
--- a/tests/include/test/constant_flow.h
+++ b/tests/include/test/constant_flow.h
@@ -6,19 +6,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_CONSTANT_FLOW_H
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
index 037a255..a033e39 100644
--- a/tests/include/test/drivers/aead.h
+++ b/tests/include/test/drivers/aead.h
@@ -2,19 +2,7 @@
* Test driver for AEAD driver entry points.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H
diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h
index c602d2f..0ac7708 100644
--- a/tests/include/test/drivers/asymmetric_encryption.h
+++ b/tests/include/test/drivers/asymmetric_encryption.h
@@ -2,19 +2,7 @@
* Test driver for asymmetric encryption.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
index 54c37f7..2fe47e4 100644
--- a/tests/include/test/drivers/cipher.h
+++ b/tests/include/test/drivers/cipher.h
@@ -2,19 +2,7 @@
* Test driver for cipher functions
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
@@ -35,11 +23,17 @@
/* If not PSA_SUCCESS, return this error code instead of processing the
* function call. */
psa_status_t forced_status;
+ psa_status_t forced_status_encrypt;
+ psa_status_t forced_status_set_iv;
/* Count the amount of times one of the cipher driver functions is called. */
unsigned long hits;
+ unsigned long hits_encrypt;
+ unsigned long hits_set_iv;
} mbedtls_test_driver_cipher_hooks_t;
-#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 }
+#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, \
+ PSA_SUCCESS, PSA_SUCCESS, PSA_SUCCESS, \
+ 0, 0, 0 }
static inline mbedtls_test_driver_cipher_hooks_t
mbedtls_test_driver_cipher_hooks_init(void)
{
diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h
index 2585fd9..4eb27f0 100644
--- a/tests/include/test/drivers/config_test_driver.h
+++ b/tests/include/test/drivers/config_test_driver.h
@@ -7,19 +7,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_CONFIG_H
@@ -53,7 +41,4 @@
//#define MBEDTLS_PEM_PARSE_C
//#define MBEDTLS_BASE64_C
-#include "mbedtls/config_psa.h"
-#include "mbedtls/check_config.h"
-
#endif /* MBEDTLS_CONFIG_H */
diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h
index 138327a..768a9a6 100644
--- a/tests/include/test/drivers/crypto_config_test_driver_extension.h
+++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h
@@ -32,6 +32,14 @@
#endif
#endif
+#if defined(PSA_WANT_ALG_CMAC)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
+#undef MBEDTLS_PSA_ACCEL_ALG_CMAC
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
+#endif
+#endif
+
#if defined(PSA_WANT_ALG_CTR)
#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR)
#undef MBEDTLS_PSA_ACCEL_ALG_CTR
@@ -40,6 +48,126 @@
#endif
#endif
+#if defined(PSA_WANT_ALG_STREAM_CIPHER)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER)
+#undef MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
+#undef MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
+#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
+#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
+#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
+#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
+#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_K1_192)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
+#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_K1_224)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
+#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_K1_256)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
+#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_192)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
+#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_224)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
+#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_256)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
+#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_384)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
+#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ECC_SECP_R1_521)
+#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
+#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521
+#else
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1
+#endif
+#endif
+
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
#undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
@@ -152,6 +280,38 @@
#endif
#endif
+#if defined(PSA_WANT_ALG_SHA3_224)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
+#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_224
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_256)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
+#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_256
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_384)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
+#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_384
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_512)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
+#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_512
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 1
+#endif
+#endif
+
#if defined(PSA_WANT_ALG_XTS)
#if defined(MBEDTLS_PSA_ACCEL_ALG_XTS)
#undef MBEDTLS_PSA_ACCEL_ALG_XTS
@@ -361,38 +521,114 @@
#endif
#endif
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1
-#define MBEDTLS_PSA_ACCEL_ALG_CCM 1
-#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
-#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1
+#if defined(PSA_WANT_ALG_GCM)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
+#undef MBEDTLS_PSA_ACCEL_ALG_GCM
+#else
#define MBEDTLS_PSA_ACCEL_ALG_GCM 1
-#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
-#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1
-#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1
-#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1
-
-#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \
- defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) && \
- defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
-#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1
-#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1
-#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1
-#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1
-#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1
+#endif
#endif
+#if defined(PSA_WANT_ALG_CCM)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM)
+#undef MBEDTLS_PSA_ACCEL_ALG_CCM
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_CCM 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG)
+#undef MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_CBC_MAC)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
+#undef MBEDTLS_PSA_ACCEL_ALG_CBC_MAC
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_HMAC)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+#undef MBEDTLS_PSA_ACCEL_ALG_HMAC
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_HKDF)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
+#undef MBEDTLS_PSA_ACCEL_ALG_HKDF
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
+#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_HKDF_EXPAND)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
+#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_OAEP)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
+#undef MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1
+#endif
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
+#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1
+#endif
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_DERIVE)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE)
+#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE
+#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1
+#endif
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_HMAC)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC)
+#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC
+#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1
+#endif
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_DES)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
+#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
+#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1
+#endif
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RAW_DATA)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA)
+#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA
+#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1
+#endif
+#endif
diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h
index f1da8d3..ad48c45 100644
--- a/tests/include/test/drivers/hash.h
+++ b/tests/include/test/drivers/hash.h
@@ -2,19 +2,7 @@
* Test driver for hash driver entry points.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H
diff --git a/tests/include/test/drivers/key_agreement.h b/tests/include/test/drivers/key_agreement.h
index aaf74a8..ca82b3a 100644
--- a/tests/include/test/drivers/key_agreement.h
+++ b/tests/include/test/drivers/key_agreement.h
@@ -2,19 +2,7 @@
* Test driver for key agreement functions.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index 43df0d6..526adbb 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -2,19 +2,7 @@
* Test driver for generating and verifying keys.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
@@ -38,6 +26,8 @@
/* Count the amount of times one of the key management driver functions
* is called. */
unsigned long hits;
+ /* Subset of hits which only counts key operations with EC key */
+ unsigned long hits_export_public_key;
/* Location of the last key management driver called to import a key. */
psa_key_location_t location;
} mbedtls_test_driver_key_management_hooks_t;
@@ -46,7 +36,7 @@
* sense that no PSA specification will assign a meaning to this location
* (stated first in version 1.0.1 of the specification) and that it is not
* used as a location of an opaque test drivers. */
-#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 }
+#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0x800000 }
static inline mbedtls_test_driver_key_management_hooks_t
mbedtls_test_driver_key_management_hooks_init(void)
{
diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h
index bdc2b70..d92eff9 100644
--- a/tests/include/test/drivers/mac.h
+++ b/tests/include/test/drivers/mac.h
@@ -2,19 +2,7 @@
* Test driver for MAC driver entry points.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H
diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h
index 331ee49..d292ca0 100644
--- a/tests/include/test/drivers/pake.h
+++ b/tests/include/test/drivers/pake.h
@@ -2,19 +2,7 @@
* Test driver for PAKE driver entry points.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H
diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h
index 4c56a12..8c5703e 100644
--- a/tests/include/test/drivers/signature.h
+++ b/tests/include/test/drivers/signature.h
@@ -2,19 +2,7 @@
* Test driver for signature functions.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
index 541ee03..74605d6 100644
--- a/tests/include/test/drivers/test_driver.h
+++ b/tests/include/test/drivers/test_driver.h
@@ -2,19 +2,7 @@
* Umbrella include for all of the test driver functionality
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_TEST_DRIVER_H
diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h
index 01bfb91..e3e331d 100644
--- a/tests/include/test/fake_external_rng_for_test.h
+++ b/tests/include/test/fake_external_rng_for_test.h
@@ -4,19 +4,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index dd4a6a2..7c962a2 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -7,19 +7,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_HELPERS_H
@@ -32,6 +20,21 @@
#include "mbedtls/build_info.h"
+#if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */
+# define MBEDTLS_TEST_HAVE_ASAN
+#endif
+#if defined(__has_feature)
+# if __has_feature(address_sanitizer) /* clang -fsanitize=address */
+# define MBEDTLS_TEST_HAVE_ASAN
+# endif
+# if __has_feature(memory_sanitizer) /* clang -fsanitize=memory */
+# define MBEDTLS_TEST_HAVE_MSAN
+# endif
+# if __has_feature(thread_sanitizer) /* clang -fsanitize=thread */
+# define MBEDTLS_TEST_HAVE_TSAN
+# endif
+#endif
+
#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \
defined(MBEDTLS_TEST_HOOKS)
#define MBEDTLS_TEST_MUTEX_USAGE
@@ -252,10 +255,18 @@
#endif
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-/** Permanently activate the mutex usage verification framework. See
- * threading_helpers.c for information. */
+/**
+ * Activate the mutex usage verification framework. See threading_helpers.c for
+ * information.
+ * */
void mbedtls_test_mutex_usage_init(void);
+/**
+ * Deactivate the mutex usage verification framework. See threading_helpers.c
+ * for information.
+ */
+void mbedtls_test_mutex_usage_end(void);
+
/** Call this function after executing a test case to check for mutex usage
* errors. */
void mbedtls_test_mutex_usage_check(void);
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index eb3bcb8..8de9c4d 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -6,19 +6,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_MACROS_H
@@ -61,6 +49,16 @@
} \
} while (0)
+/** This macro asserts fails the test with given output message.
+ *
+ * \param MESSAGE The message to be outputed on assertion
+ */
+#define TEST_FAIL(MESSAGE) \
+ do { \
+ mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \
+ goto exit; \
+ } while (0)
+
/** Evaluate two integer expressions and fail the test case if they have
* different values.
*
@@ -133,6 +131,38 @@
} \
} while (0)
+/** Allocate memory dynamically and fail the test case if this fails.
+ * The allocated memory will be filled with zeros.
+ *
+ * You must set \p pointer to \c NULL before calling this macro and
+ * put `mbedtls_free(pointer)` in the test's cleanup code.
+ *
+ * If \p item_count is zero, the resulting \p pointer will not be \c NULL.
+ *
+ * This macro expands to an instruction, not an expression.
+ * It may jump to the \c exit label.
+ *
+ * \param pointer An lvalue where the address of the allocated buffer
+ * will be stored.
+ * This expression may be evaluated multiple times.
+ * \param item_count Number of elements to allocate.
+ * This expression may be evaluated multiple times.
+ *
+ * Note: if passing size 0, mbedtls_calloc may return NULL. In this case,
+ * we reattempt to allocate with the smallest possible buffer to assure a
+ * non-NULL pointer.
+ */
+#define TEST_CALLOC_NONNULL(pointer, item_count) \
+ do { \
+ TEST_ASSERT((pointer) == NULL); \
+ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
+ (item_count)); \
+ if (((pointer) == NULL) && ((item_count) == 0)) { \
+ (pointer) = mbedtls_calloc(1, 1); \
+ } \
+ TEST_ASSERT((pointer) != NULL); \
+ } while (0)
+
/* For backwards compatibility */
#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count)
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index c0f76c8..0b8c221 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_CRYPTO_HELPERS_H
@@ -28,9 +16,6 @@
#include <psa/crypto.h>
#endif
-#if defined(MBEDTLS_MD_LIGHT)
-#include "mbedtls/md.h"
-#endif
#if defined(MBEDTLS_PSA_CRYPTO_C)
/** Initialize the PSA Crypto subsystem. */
@@ -241,7 +226,9 @@
int mbedtls_test_inject_entropy_restore(void);
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-
+/** Parse binary string and convert it to a long integer
+ */
+uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
/** Skip a test case if the given key is a 192 bits AES key and the AES
* implementation is at least partially provided by an accelerator or
@@ -405,4 +392,27 @@
#define MD_OR_USE_PSA_DONE() ((void) 0)
#endif
+/** \def AES_PSA_INIT
+ *
+ * Call this macro to initialize the PSA subsystem if AES_C is not defined,
+ * so that CTR_DRBG uses PSA implementation to get AES-ECB.
+ *
+ * If the initialization fails, mark the test case as failed and jump to the
+ * \p exit label.
+ */
+/** \def AES_PSA_DONE
+ *
+ * Call this macro at the end of a test case if you called #AES_PSA_INIT.
+ *
+ * This is like #PSA_DONE except it does nothing under the same conditions as
+ * #AES_PSA_INIT.
+ */
+#if defined(MBEDTLS_AES_C)
+#define AES_PSA_INIT() ((void) 0)
+#define AES_PSA_DONE() ((void) 0)
+#else /* MBEDTLS_AES_C */
+#define AES_PSA_INIT() PSA_INIT()
+#define AES_PSA_DONE() PSA_DONE()
+#endif /* MBEDTLS_AES_C */
+
#endif /* PSA_CRYPTO_HELPERS_H */
diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h
index b5e3d35..a658d17 100644
--- a/tests/include/test/psa_exercise_key.h
+++ b/tests/include/test/psa_exercise_key.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_EXERCISE_KEY_H
@@ -58,12 +46,13 @@
*
* For simplicity's sake, stick to block ciphers with 16-byte blocks.
*/
-#if defined(MBEDTLS_AES_C)
+#if defined(PSA_WANT_KEY_TYPE_AES)
#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES
-#elif defined(MBEDTLS_ARIA_C)
+#elif defined(PSA_WANT_KEY_TYPE_ARIA)
#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA
-#elif defined(MBEDTLS_CAMELLIA_C)
+#elif defined(PSA_WANT_KEY_TYPE_CAMELLIA)
#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA
+#else
#undef KNOWN_SUPPORTED_BLOCK_CIPHER
#endif
@@ -93,13 +82,13 @@
*
* This is used in some smoke tests.
*/
-#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR)
+#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CTR)
#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC)
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CBC_NO_PADDING)
#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB)
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CFB)
#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB)
+#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_OFB)
#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB
#else
#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
@@ -119,6 +108,7 @@
* The inputs \p input1 and \p input2 are, in order:
* - HKDF: salt, info.
* - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label.
+ * - PBKDF2: input cost, salt.
*
* \param operation The operation object to use.
* It must be in the initialized state.
diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h
index 2665fac..b617189 100644
--- a/tests/include/test/psa_helpers.h
+++ b/tests/include/test/psa_helpers.h
@@ -3,19 +3,7 @@
*/
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef PSA_HELPERS_H
diff --git a/tests/include/test/random.h b/tests/include/test/random.h
index c557208..6304e05 100644
--- a/tests/include/test/random.h
+++ b/tests/include/test/random.h
@@ -7,19 +7,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef TEST_RANDOM_H
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 1f160c7..d03c624 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -5,19 +5,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef SSL_HELPERS_H
@@ -50,21 +38,21 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SSL_HAVE_AES)
+#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA384)
#define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384
#endif
#if defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256
#endif
-#endif /* MBEDTLS_GCM_C */
-#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256)
+#endif /* MBEDTLS_SSL_HAVE_GCM */
+#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256
#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256
#endif
-#endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256)
+#endif /* MBEDTLS_SSL_HAVE_AES */
+#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256
#endif
@@ -497,7 +485,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C)
+ defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES)
int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
const unsigned char *iv,
size_t iv_len,
@@ -505,8 +493,8 @@
size_t ilen,
unsigned char *output,
size_t *olen);
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC &&
- MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC &&
+ MBEDTLS_SSL_HAVE_AES */
int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
@@ -516,6 +504,27 @@
size_t cid0_len,
size_t cid1_len);
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+/**
+ * \param[in,out] record The record to prepare.
+ * It must contain the data to MAC at offset
+ * `record->data_offset`, of length
+ * `record->data_length`.
+ * On success, write the MAC immediately
+ * after the data and increment
+ * `record->data_length` accordingly.
+ * \param[in,out] transform_out The out transform, typically prepared by
+ * mbedtls_test_ssl_build_transforms().
+ * Its HMAC context may be used. Other than that
+ * it is treated as an input parameter.
+ *
+ * \return 0 on success, an `MBEDTLS_ERR_xxx` error code
+ * or -1 on error.
+ */
+int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
+ mbedtls_ssl_transform *transform_out);
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
/*
* Populate a session structure for serialization tests.
* Choose dummy values, mostly non-0 to distinguish from the init default.
diff --git a/tests/make-in-docker.sh b/tests/make-in-docker.sh
index 0ee08dc..e57d09d 100755
--- a/tests/make-in-docker.sh
+++ b/tests/make-in-docker.sh
@@ -14,19 +14,7 @@
# for the set of Docker images we use on the CI.
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
source tests/scripts/docker_env.sh
diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh
index 56d2e29..1190a87 100755
--- a/tests/opt-testcases/tls13-compat.sh
+++ b/tests/opt-testcases/tls13-compat.sh
@@ -3,19 +3,7 @@
# tls13-compat.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index 758da1d..4581bc5 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -3,19 +3,7 @@
# tls13-kex-modes.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by
@@ -562,7 +550,7 @@
-s "found pre_shared_key extension" \
-S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
- -s "Pre shared key found" \
+ -S "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
@@ -745,7 +733,7 @@
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
- -s "Pre shared key found" \
+ -S "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
@@ -1425,7 +1413,7 @@
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
- -s "Pre shared key found" \
+ -S "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index f30384d..c1682e3 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -3,19 +3,7 @@
# tls13-misc.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
requires_gnutls_tls1_3
@@ -98,7 +86,7 @@
-S "key exchange mode: psk$" \
-s "ticket is not authentic" \
-S "ticket is expired" \
- -S "Invalid ticket start time" \
+ -S "Invalid ticket creation time" \
-S "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
@@ -117,7 +105,7 @@
-S "key exchange mode: psk$" \
-S "ticket is not authentic" \
-s "ticket is expired" \
- -S "Invalid ticket start time" \
+ -S "Invalid ticket creation time" \
-S "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
@@ -136,7 +124,7 @@
-S "key exchange mode: psk$" \
-S "ticket is not authentic" \
-S "ticket is expired" \
- -s "Invalid ticket start time" \
+ -s "Invalid ticket creation time" \
-S "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
@@ -155,7 +143,7 @@
-S "key exchange mode: psk$" \
-S "ticket is not authentic" \
-S "ticket is expired" \
- -S "Invalid ticket start time" \
+ -S "Invalid ticket creation time" \
-s "Ticket age exceeds limitation" \
-S "Ticket age outside tolerance window"
@@ -174,7 +162,7 @@
-S "key exchange mode: psk$" \
-S "ticket is not authentic" \
-S "ticket is expired" \
- -S "Invalid ticket start time" \
+ -S "Invalid ticket creation time" \
-S "Ticket age exceeds limitation" \
-s "Ticket age outside tolerance window"
@@ -193,7 +181,7 @@
-S "key exchange mode: psk$" \
-S "ticket is not authentic" \
-S "ticket is expired" \
- -S "Invalid ticket start time" \
+ -S "Invalid ticket creation time" \
-S "Ticket age exceeds limitation" \
-s "Ticket age outside tolerance window"
@@ -273,9 +261,11 @@
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: basic check, good" \
- "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \
- "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \
+ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \
+ --earlydata --maxearlydata 16384 --disable-client-cert" \
+ "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \
0 \
+ -c "received max_early_data_size: 16384" \
-c "Reconnecting with saved session" \
-c "NewSessionTicket: early_data(42) extension received." \
-c "ClientHello: early_data(42) extension exists." \
@@ -297,7 +287,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \
"$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
- "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \
+ "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1" \
0 \
-c "Reconnecting with saved session" \
-C "NewSessionTicket: early_data(42) extension received." \
@@ -423,7 +413,8 @@
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
- -s "found matched identity"
+ -s "found matched identity" \
+ -s "key exchange mode: psk_ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@@ -435,7 +426,8 @@
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
- -s "found matched identity"
+ -s "found matched identity" \
+ -s "key exchange mode: psk_ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@@ -478,7 +470,8 @@
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
- -s "found matched identity"
+ -s "found matched identity" \
+ -s "key exchange mode: psk_ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@@ -491,5 +484,26 @@
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
- -s "found matched identity"
+ -s "found matched identity" \
+ -s "key exchange mode: psk_ephemeral"
+EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
+EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
+
+requires_gnutls_next
+requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
+ "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \
+ -d 10 -r --earlydata $EARLY_DATA_INPUT " \
+ 0 \
+ -s "NewSessionTicket: early_data(42) extension exists." \
+ -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EncryptedExtensions: early_data(42) extension exists." \
+ -s "$( tail -1 $EARLY_DATA_INPUT )"
diff --git a/tests/scripts/all-in-docker.sh b/tests/scripts/all-in-docker.sh
index 7c03d91..b2a31c2 100755
--- a/tests/scripts/all-in-docker.sh
+++ b/tests/scripts/all-in-docker.sh
@@ -17,19 +17,7 @@
# See also all.sh for notes about invocation of that script.
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
source tests/scripts/docker_env.sh
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 386a949..933c563 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -3,19 +3,7 @@
# all.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
@@ -50,10 +38,13 @@
# * G++
# * arm-gcc and mingw-gcc
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
-# * OpenSSL and GnuTLS command line tools, recent enough for the
-# interoperability tests. If they don't support old features which we want
-# to test, then a legacy version of these tools must be present as well
-# (search for LEGACY below).
+# * OpenSSL and GnuTLS command line tools, in suitable versions for the
+# interoperability tests. The following are the official versions at the
+# time of writing:
+# * GNUTLS_{CLI,SERV} = 3.4.10
+# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
+# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
+# * OPENSSL_NEXT = 1.1.1a
# See the invocation of check_tools below for details.
#
# This script must be invoked from the toplevel directory of a git
@@ -123,15 +114,27 @@
# Enable ksh/bash extended file matching patterns
shopt -s extglob
+in_mbedtls_repo () {
+ test -d include -a -d library -a -d programs -a -d tests
+}
+
+in_tf_psa_crypto_repo () {
+ test -d include -a -d core -a -d drivers -a -d programs -a -d tests
+}
+
pre_check_environment () {
- if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ if in_mbedtls_repo || in_tf_psa_crypto_repo; then :; else
+ echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
exit 1
fi
}
pre_initialize_variables () {
- CONFIG_H='include/mbedtls/mbedtls_config.h'
+ if in_mbedtls_repo; then
+ CONFIG_H='include/mbedtls/mbedtls_config.h'
+ else
+ CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
+ fi
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
@@ -141,8 +144,10 @@
backup_suffix='.all.bak'
# Files clobbered by config.py
files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
- # Files clobbered by in-tree cmake
- files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
+ if in_mbedtls_repo; then
+ # Files clobbered by in-tree cmake
+ files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
+ fi
append_outcome=0
MEMORY=0
@@ -158,6 +163,9 @@
# basic-build-test.sh as well.
RELEASE_SEED=1
+ # Specify character collation for regular expressions and sorting with C locale
+ export LC_COLLATE=C
+
: ${MBEDTLS_TEST_OUTCOME_FILE=}
: ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
export MBEDTLS_TEST_OUTCOME_FILE
@@ -165,12 +173,9 @@
# Default commands, can be overridden by the environment
: ${OPENSSL:="openssl"}
- : ${OPENSSL_LEGACY:="$OPENSSL"}
: ${OPENSSL_NEXT:="$OPENSSL"}
: ${GNUTLS_CLI:="gnutls-cli"}
: ${GNUTLS_SERV:="gnutls-serv"}
- : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
- : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
: ${ARMC5_BIN_DIR:=/usr/bin}
: ${ARMC6_BIN_DIR:=/usr/bin}
@@ -191,6 +196,12 @@
# CFLAGS and LDFLAGS for Asan builds that don't use CMake
# default to -O2, use -Ox _after_ this if you want another level
ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
+ # Normally, tests should use this compiler for ASAN testing
+ ASAN_CC=clang
+
+ # Platform tests have an allocation that returns null
+ export ASAN_OPTIONS="allocator_may_return_null=1"
+ export MSAN_OPTIONS="allocator_may_return_null=1"
# Gather the list of available components. These are the functions
# defined in this script whose name starts with "component_".
@@ -205,6 +216,9 @@
esac
SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
done
+
+ # Option to enable linking with pthreads under make
+ MAKE_THREADING_FLAGS="THREADING=pthread"
}
# Test whether the component $1 is included in the command line patterns.
@@ -282,10 +296,7 @@
--gcc-latest=<GCC_latest_path> Latest version of GCC available
--gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
--gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
- --gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
- --gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests.
--openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
- --openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests..
--openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
EOF
}
@@ -295,7 +306,9 @@
# Does not remove generated source files.
cleanup()
{
- command make clean
+ if in_mbedtls_repo; then
+ command make clean
+ fi
# Remove CMake artefacts
find . -name .git -prune -o \
@@ -392,13 +405,12 @@
FLAGS="$1"
msg "build: ARM Compiler 6 ($FLAGS)"
+ make clean
ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
WARNING_CFLAGS='-Werror -xc -std=c99' make lib
msg "size: ARM Compiler 6 ($FLAGS)"
"$ARMC6_FROMELF" -z library/*.o
-
- make clean
}
err_msg()
@@ -408,9 +420,9 @@
check_tools()
{
- for TOOL in "$@"; do
- if ! `type "$TOOL" >/dev/null 2>&1`; then
- err_msg "$TOOL not found!"
+ for tool in "$@"; do
+ if ! `type "$tool" >/dev/null 2>&1`; then
+ err_msg "$tool not found!"
exit 1
fi
done
@@ -454,8 +466,8 @@
--gcc-earliest) shift; GCC_EARLIEST="$1";;
--gcc-latest) shift; GCC_LATEST="$1";;
--gnutls-cli) shift; GNUTLS_CLI="$1";;
- --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
- --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
+ --gnutls-legacy-cli) shift;; # ignored for backward compatibility
+ --gnutls-legacy-serv) shift;; # ignored for backward compatibility
--gnutls-serv) shift; GNUTLS_SERV="$1";;
--help|-h) usage; exit;;
--keep-going|-k) KEEP_GOING=1;;
@@ -469,7 +481,6 @@
--no-memory) MEMORY=0;;
--no-quiet) QUIET=0;;
--openssl) shift; OPENSSL="$1";;
- --openssl-legacy) shift; OPENSSL_LEGACY="$1";;
--openssl-next) shift; OPENSSL_NEXT="$1";;
--outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
@@ -552,7 +563,7 @@
fi
if ! git diff --quiet "$CONFIG_H"; then
- err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. "
+ err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
echo "You can either delete or preserve your work, or force the test by rerunning the"
echo "script as: $0 --force"
exit 1
@@ -618,6 +629,7 @@
case "$1" in
"msg "*) false;;
"cd "*) false;;
+ "diff "*) true;;
*make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
*test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
*make*check*) true;;
@@ -724,12 +736,9 @@
echo "SEED: ${SEED-"UNSET"}"
echo
echo "OPENSSL: $OPENSSL"
- echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
echo "OPENSSL_NEXT: $OPENSSL_NEXT"
echo "GNUTLS_CLI: $GNUTLS_CLI"
echo "GNUTLS_SERV: $GNUTLS_SERV"
- echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
- echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
}
@@ -753,13 +762,10 @@
if [ -n "${SEED-}" ]; then
export SEED
fi
- set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
+ set "$@" OPENSSL="$OPENSSL"
set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
- set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
- set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
- check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
- "$GNUTLS_CLI" "$GNUTLS_SERV" \
- "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
+ check_tools "$OPENSSL" "$OPENSSL_NEXT" \
+ "$GNUTLS_CLI" "$GNUTLS_SERV"
;;
esac
@@ -854,7 +860,7 @@
# Example:
# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
-# 4b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
+# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
# additional arguments will be passed to make: this can be useful if
# you don't want to build everything when iterating during development.
# Example:
@@ -864,25 +870,61 @@
# Adjust the configuration - for both libtestdriver1 and main library,
# as they should have the same PSA_WANT macros.
helper_libtestdriver1_adjust_config() {
- BASE_CONFIG=$1
+ base_config=$1
# Select the base configuration
- if [ "$BASE_CONFIG" != "default" ]; then
- scripts/config.py "$BASE_CONFIG"
+ if [ "$base_config" != "default" ]; then
+ scripts/config.py "$base_config"
fi
# Enable PSA-based config (necessary to use drivers)
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
- # partial support for cipher operations in the driver test library.
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
-
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
}
+# When called with no parameter this function disables all builtin curves.
+# The function optionally accepts 1 parameter: a space-separated list of the
+# curves that should be kept enabled.
+helper_disable_builtin_curves() {
+ allowed_list="${1:-}"
+ scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
+
+ for curve in $allowed_list; do
+ scripts/config.py set $curve
+ done
+}
+
+# Helper returning the list of supported elliptic curves from CRYPTO_CONFIG_H,
+# without the "PSA_WANT_" prefix. This becomes handy for accelerating curves
+# in the following helpers.
+helper_get_psa_curve_list () {
+ loc_list=""
+ for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ loc_list="$loc_list $item"
+ done
+
+ echo "$loc_list"
+}
+
+# Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
+# is useful to easily get a list of key type symbols to accelerate.
+# The function accepts a single argument which is the key type: ECC, DH, RSA.
+helper_get_psa_key_type_list() {
+ key_type="$1"
+ loc_list=""
+ for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
+ # Skip DERIVE for elliptic keys since there is no driver dispatch for
+ # it so it cannot be accelerated.
+ if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
+ loc_list="$loc_list $item"
+ fi
+ done
+
+ echo "$loc_list"
+}
+
# Build the drivers library libtestdriver1.a (with ASan).
#
# Parameters:
@@ -891,7 +933,7 @@
# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
helper_libtestdriver1_make_drivers() {
loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
- make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# Build the main libraries, programs and tests,
@@ -909,7 +951,7 @@
# we need flags both with and without the LIBTESTDRIVER1_ prefix
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS "$@"
}
################################################################
@@ -990,6 +1032,62 @@
unset opt
}
+component_check_test_dependencies () {
+ msg "Check: test case dependencies: legacy vs PSA" # < 1s
+ # The purpose of this component is to catch unjustified dependencies on
+ # legacy feature macros (MBEDTLS_xxx) in PSA tests. Generally speaking,
+ # PSA test should use PSA feature macros (PSA_WANT_xxx, more rarely
+ # MBEDTLS_PSA_xxx).
+ #
+ # Most of the time, use of legacy MBEDTLS_xxx macros are mistakes, which
+ # this component is meant to catch. However a few of them are justified,
+ # mostly by the absence of a PSA equivalent, so this component includes a
+ # list of expected exceptions.
+
+ found="check-test-deps-found-$$"
+ expected="check-test-deps-expected-$$"
+
+ # Find legacy dependencies in PSA tests
+ grep 'depends_on' \
+ tests/suites/test_suite_psa*.data tests/suites/test_suite_psa*.function |
+ grep -Eo '!?MBEDTLS_[^: ]*' |
+ grep -v MBEDTLS_PSA_ |
+ sort -u > $found
+
+ # Expected ones with justification - keep in sorted order by ASCII table!
+ rm -f $expected
+ # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes
+ echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected
+ # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES
+ echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected
+ # This is used by import_rsa_made_up() in test_suite_psa_crypto in order
+ # to build a fake RSA key of the wanted size based on
+ # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by
+ # the test code and that's probably the most convenient way of achieving
+ # the test's goal.
+ echo "MBEDTLS_ASN1_WRITE_C" >> $expected
+ # No PSA equivalent - we should probably have one in the future.
+ echo "MBEDTLS_ECP_RESTARTABLE" >> $expected
+ # No PSA equivalent - needed by some init tests
+ echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected
+ # Used by two tests that are about an extension to the PSA standard;
+ # as such, no PSA equivalent.
+ echo "MBEDTLS_PEM_PARSE_C" >> $expected
+
+ # Compare reality with expectation.
+ # We want an exact match, to ensure the above list remains up-to-date.
+ #
+ # The output should be empty. When it's not:
+ # - Each '+' line is a macro that was found but not expected. You want to
+ # find where that macro occurs, and either replace it with PSA macros, or
+ # add it to the exceptions list above with a justification.
+ # - Each '-' line is a macro that was expected but not found; it means the
+ # exceptions list above should be updated by removing that macro.
+ diff -U0 $expected $found
+
+ rm $found $expected
+}
+
component_check_doxygen_warnings () {
msg "Check: doxygen warnings (builds the documentation)" # ~ 3s
tests/scripts/doxygen.sh
@@ -1012,6 +1110,9 @@
msg "selftest: make, default config (out-of-box)" # ~10s
programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~10s
+ tests/scripts/run_demos.py
}
component_test_default_cmake_gcc_asan () {
@@ -1022,9 +1123,15 @@
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
make test
+ msg "program demos (ASan build)" # ~10s
+ tests/scripts/run_demos.py
+
msg "test: selftest (ASan build)" # ~ 10s
programs/test/selftest
+ msg "test: metatests (GCC, ASan build)"
+ tests/scripts/run-metatests.sh any asan
+
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
tests/ssl-opt.sh
@@ -1077,19 +1184,6 @@
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
tests/context-info.sh
-
- msg "test: check direct ECP dependencies in TLS and X.509"
- docs/architecture/psa-migration/syms.sh full
-
- # TODO: replace "mbedtls_ecp_curve" with "mbedtls_ecp" also for
- # "full-tls-external" once Issue6839 is completed
- not grep mbedtls_ecp_curve full-libmbedtls-external
- not grep mbedtls_ecp full-libmbedx509-external
-
- rm full-libmbedtls-external \
- full-libmbedtls-modules \
- full-libmbedx509-external \
- full-libmbedx509-modules
}
@@ -1114,34 +1208,6 @@
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
tests/context-info.sh
-
- msg "test: check direct ECP dependencies in TLS and X.509"
- docs/architecture/psa-migration/syms.sh full
-
- # TODO: replace "mbedtls_ecp_curve" with "mbedtls_ecp" also for
- # "full-tls-external" once Issue6839 is completed
- not grep mbedtls_ecp_curve full-libmbedtls-external
- not grep mbedtls_ecp full-libmbedx509-external
-
- rm full-libmbedtls-external \
- full-libmbedtls-modules \
- full-libmbedx509-external \
- full-libmbedx509-modules
-}
-
-component_test_full_cmake_gcc_asan_new_bignum_test_hooks () {
- msg "build: full config, cmake, gcc, ASan"
- scripts/config.py full
- scripts/config.py set MBEDTLS_TEST_HOOKS
- scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: main suites (inc. selftests) (full config, ASan build)"
- make test
-
- msg "test: selftest (ASan build)" # ~ 10s
- programs/test/selftest
}
component_test_psa_crypto_key_id_encodes_owner () {
@@ -1213,14 +1279,14 @@
# whether they're on or off. So, disable cmake's (over-sensitive here)
# dependency resolution for generated files and just rely on them being
# present (thanks to pre_generate_files) by turning GEN_FILES off.
- CC=gcc cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
tests/scripts/test-ref-configs.pl
}
component_test_no_renegotiation () {
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
@@ -1236,7 +1302,7 @@
scripts/config.py unset MBEDTLS_FS_IO
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
@@ -1249,7 +1315,7 @@
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
scripts/config.py set MBEDTLS_RSA_NO_CRT
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
@@ -1272,7 +1338,7 @@
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: Full minus CTR_DRBG, classic crypto - main suites"
@@ -1294,7 +1360,7 @@
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
@@ -1318,7 +1384,7 @@
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: Full minus HMAC_DRBG, classic crypto - main suites"
@@ -1345,7 +1411,7 @@
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
@@ -1380,7 +1446,7 @@
# When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
# the SSL test programs don't have an RNG and can't work. Explicitly
# make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
- make CFLAGS="$ASAN_CFLAGS -O2 -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - main suites"
make test
@@ -1399,7 +1465,7 @@
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
- make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
make test
@@ -1414,7 +1480,7 @@
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_CTR_DRBG_C
- make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
make test
@@ -1432,7 +1498,7 @@
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ
scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE
- make CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
make test
@@ -1452,6 +1518,7 @@
component_test_crypto_full_md_light_only () {
msg "build: crypto_full with only the light subset of MD"
scripts/config.py crypto_full
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
# Disable MD
scripts/config.py unset MBEDTLS_MD_C
# Disable direct dependencies of MD_C
@@ -1465,69 +1532,155 @@
# Note: MD-light is auto-enabled in build_info.h by modules that need it,
# which we haven't disabled, so no need to explicitly enable it.
- make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
# Make sure we don't have the HMAC functions, but the hashing functions
not grep mbedtls_md_hmac library/md.o
grep mbedtls_md library/md.o
msg "test: crypto_full with only the light subset of MD"
- make test
+ make $MAKE_THREADING_FLAGS test
}
component_test_full_no_cipher () {
- msg "build: full minus CIPHER"
+ msg "build: full no CIPHER no PSA_CRYPTO_C"
scripts/config.py full
scripts/config.py unset MBEDTLS_CIPHER_C
- # Direct dependencies
- scripts/config.py unset MBEDTLS_CCM_C
+ # Don't pull in cipher via PSA mechanisms
+ # (currently ignored anyway because we completely disable PSA)
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
+ # Disable features that depend on CIPHER_C
scripts/config.py unset MBEDTLS_CMAC_C
- scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_NIST_KW_C
scripts/config.py unset MBEDTLS_PKCS12_C
scripts/config.py unset MBEDTLS_PKCS5_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_SSL_TLS_C
scripts/config.py unset MBEDTLS_SSL_TICKET_C
- # Indirect dependencies
- scripts/config.py unset MBEDTLS_SSL_CLI_C
+ # Disable features that depend on PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY
- scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID
- scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py unset MBEDTLS_SSL_SRV_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
- make
- msg "test: full minus CIPHER"
- make test
+ msg "test: full no CIPHER no PSA_CRYPTO_C"
+ make $MAKE_THREADING_FLAGS test
}
-component_test_crypto_full_no_cipher () {
- msg "build: crypto_full minus CIPHER"
- scripts/config.py crypto_full
+# This is a common configurator and test function that is used in:
+# - component_test_full_no_cipher_with_crypto
+# - component_test_full_no_cipher_with_crypto_config
+# It accepts 2 input parameters:
+# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
+# - $2: a text string which describes the test component
+common_test_full_no_cipher_with_psa_crypto () {
+ USE_CRYPTO_CONFIG="$1"
+ COMPONENT_DESCRIPTION="$2"
+
+ msg "build: $COMPONENT_DESCRIPTION"
+
+ scripts/config.py full
scripts/config.py unset MBEDTLS_CIPHER_C
- # Direct dependencies
- scripts/config.py unset MBEDTLS_CCM_C
+
+ if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
+ # The built-in implementation of the following algs/key-types depends
+ # on CIPHER_C so we disable them.
+ # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
+ # so we keep them enabled.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+ else
+ # Don't pull in cipher via PSA mechanisms
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
+ # Disable cipher modes/keys that make PSA depend on CIPHER_C.
+ # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
+ scripts/config.py unset-all MBEDTLS_CIPHER_MODE
+ scripts/config.py unset MBEDTLS_DES_C
+ # Dependencies on AES_C
+ scripts/config.py unset MBEDTLS_CTR_DRBG_C
+ fi
+ # The following modules directly depends on CIPHER_C
scripts/config.py unset MBEDTLS_CMAC_C
- scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_NIST_KW_C
scripts/config.py unset MBEDTLS_PKCS12_C
scripts/config.py unset MBEDTLS_PKCS5_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- # Indirect dependencies
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_LMS_C
- scripts/config.py unset MBEDTLS_LMS_PRIVATE
- make
- msg "test: crypto_full minus CIPHER"
+ make $MAKE_THREADING_FLAGS
+
+ # Ensure that CIPHER_C was not re-enabled
+ not grep mbedtls_cipher_init library/cipher.o
+
+ msg "test: $COMPONENT_DESCRIPTION"
+ make test
+}
+
+component_test_full_no_cipher_with_crypto() {
+ common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG"
+}
+
+component_test_full_no_cipher_with_crypto_config() {
+ common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER"
+}
+
+component_test_full_no_ccm() {
+ msg "build: full no PSA_WANT_ALG_CCM"
+
+ # Full config enables:
+ # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
+ # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
+ scripts/config.py full
+
+ # Disable PSA_WANT_ALG_CCM so that CCM is not supported in PSA. CCM_C is still
+ # enabled, but not used from TLS since USE_PSA is set.
+ # This is helpful to ensure that TLS tests below have proper dependencies.
+ #
+ # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause
+ # PSA_WANT_ALG_CCM to be re-enabled.
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM
+
+ make $MAKE_THREADING_FLAGS
+
+ msg "test: full no PSA_WANT_ALG_CCM"
+ make test
+}
+
+component_test_full_no_ccm_star_no_tag() {
+ msg "build: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
+
+ # Full config enables CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
+ scripts/config.py full
+
+ # Disable CCM_STAR_NO_TAG, which is the target of this test, as well as all
+ # other components that enable MBEDTLS_PSA_BUILTIN_CIPHER internal symbol.
+ # This basically disables all unauthenticated ciphers on the PSA side, while
+ # keeping AEADs enabled.
+ #
+ # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause
+ # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled.
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
+
+ make $MAKE_THREADING_FLAGS
+
+ # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled
+ not grep mbedtls_psa_cipher library/psa_crypto_cipher.o
+
+ msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG"
make test
}
@@ -1579,7 +1732,7 @@
scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE
scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
- make
+ make $MAKE_THREADING_FLAGS
msg "test: full minus bignum"
make test
@@ -1749,6 +1902,9 @@
component_test_tls1_2_ecjpake_compatibility() {
msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA"
scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ # Explicitly make lib first to avoid a race condition:
+ # https://github.com/Mbed-TLS/mbedtls/issues/8229
+ make lib
make -C programs ssl/ssl_server2 ssl/ssl_client2
cp programs/ssl/ssl_server2 s2_no_use_psa
cp programs/ssl/ssl_client2 c2_no_use_psa
@@ -1756,6 +1912,7 @@
msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA"
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
make clean
+ make lib
make -C programs ssl/ssl_server2 ssl/ssl_client2
make -C programs test/udp_proxy test/query_compile_time_config
@@ -1780,6 +1937,9 @@
msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
+ msg "test: metatests (clang, ASan)"
+ tests/scripts/run-metatests.sh any asan
+
msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
tests/ssl-opt.sh -f ECDH
@@ -1796,12 +1956,10 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_ECJPAKE_C
# Disable all curves
- for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
- scripts/config.py unset "$c"
- done
+ scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED
- make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
msg "test: Everest ECDH context, only Curve25519" # ~ 50s
make test
@@ -1811,7 +1969,7 @@
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
@@ -1822,7 +1980,7 @@
msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
@@ -1832,7 +1990,7 @@
component_test_small_ssl_dtls_max_buffering () {
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
@@ -1842,7 +2000,7 @@
component_test_small_mbedtls_ssl_dtls_max_buffering () {
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
@@ -1852,7 +2010,7 @@
component_test_psa_collect_statuses () {
msg "build+test: psa_collect_statuses" # ~30s
scripts/config.py full
- tests/scripts/psa_collect_statuses.py
+ tests/scripts/psa_collect_statuses.py --make-vars="$MAKE_THREADING_FLAGS"
# Check that psa_crypto_init() succeeded at least once
grep -q '^0:psa_crypto_init:' tests/statuses.log
rm -f tests/statuses.log
@@ -1870,6 +2028,12 @@
msg "test: cpp_dummy_build (full config, clang)" # ~ 1s
programs/test/cpp_dummy_build
+ msg "test: metatests (clang)"
+ tests/scripts/run-metatests.sh any pthread
+
+ msg "program demos (full config, clang)" # ~10s
+ tests/scripts/run_demos.py
+
msg "test: psa_constant_names (full config, clang)" # ~ 1s
tests/scripts/test_psa_constant_names.py
@@ -1877,7 +2041,7 @@
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
msg "test: compat.sh NULL (full config)" # ~ 2 min
- env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL'
+ tests/compat.sh -e '^$' -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -1894,6 +2058,16 @@
export SKIP_TEST_SUITES
}
+skip_all_except_given_suite () {
+ # Skip all but the given test suite
+ SKIP_TEST_SUITES=$(
+ ls -1 tests/suites/test_suite_*.function |
+ grep -v $1.function |
+ sed 's/tests.suites.test_suite_//; s/\.function$//' |
+ tr '\n' ,)
+ export SKIP_TEST_SUITES
+}
+
component_test_memsan_constant_flow () {
# This tests both (1) accesses to undefined memory, and (2) branches or
# memory access depending on secret values. To distinguish between those:
@@ -1931,7 +2105,7 @@
make test
}
-component_test_valgrind_constant_flow () {
+component_release_test_valgrind_constant_flow () {
# This tests both (1) everything that valgrind's memcheck usually checks
# (heap buffer overflows, use of uninitialized memory, use-after-free,
# etc.) and (2) branches or memory access depending on secret values,
@@ -1953,9 +2127,19 @@
# details are left in Testing/<date>/DynamicAnalysis.xml
msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
make memcheck
+
+ # Test asm path in constant time module - by default, it will test the plain C
+ # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s)
+ msg "test: valgrind asm constant_time"
+ scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM
+ skip_all_except_given_suite test_suite_constant_time
+ cmake -D CMAKE_BUILD_TYPE:String=Release .
+ make clean
+ make
+ make memcheck
}
-component_test_valgrind_constant_flow_psa () {
+component_release_test_valgrind_constant_flow_psa () {
# This tests both (1) everything that valgrind's memcheck usually checks
# (heap buffer overflows, use of uninitialized memory, use-after-free,
# etc.) and (2) branches or memory access depending on secret values,
@@ -1978,6 +2162,19 @@
make memcheck
}
+component_test_tsan () {
+ msg "build: TSan (clang)"
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_THREADING_C
+ scripts/config.py set MBEDTLS_THREADING_PTHREAD
+
+ CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
+ make
+
+ msg "test: main suites (TSan)"
+ make test
+}
+
component_test_default_no_deprecated () {
# Test that removing the deprecated features from the default
# configuration leaves something consistent.
@@ -1992,7 +2189,7 @@
component_test_full_no_deprecated () {
msg "build: make, full_no_deprecated config" # ~ 30s
scripts/config.py full_no_deprecated
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' $MAKE_THREADING_FLAGS
msg "test: make, full_no_deprecated config" # ~ 5s
make test
@@ -2009,7 +2206,7 @@
scripts/config.py full_no_deprecated
scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' $MAKE_THREADING_FLAGS
msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s
make test
@@ -2029,10 +2226,13 @@
# By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set.
# Expect warnings from '#warning' directives in check_config.h and
# from the use of deprecated functions in test suites.
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' $MAKE_THREADING_FLAGS tests
msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
make test
+
+ msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s
+ tests/scripts/run_demos.py
}
# Check that the specified libraries exist and are empty.
@@ -2051,7 +2251,7 @@
component_build_crypto_full () {
msg "build: make, crypto only, full config"
scripts/config.py crypto_full
- make CFLAGS='-O1 -Werror'
+ make CFLAGS='-O1 -Werror' $MAKE_THREADING_FLAGS
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
@@ -2111,73 +2311,73 @@
# depends.py family of tests
component_test_depends_py_cipher_id () {
msg "test/build: depends.py cipher_id (gcc)"
- tests/scripts/depends.py cipher_id --unset-use-psa
+ tests/scripts/depends.py cipher_id --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_cipher_chaining () {
msg "test/build: depends.py cipher_chaining (gcc)"
- tests/scripts/depends.py cipher_chaining --unset-use-psa
+ tests/scripts/depends.py cipher_chaining --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_cipher_padding () {
msg "test/build: depends.py cipher_padding (gcc)"
- tests/scripts/depends.py cipher_padding --unset-use-psa
+ tests/scripts/depends.py cipher_padding --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_curves () {
msg "test/build: depends.py curves (gcc)"
- tests/scripts/depends.py curves --unset-use-psa
+ tests/scripts/depends.py curves --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_hashes () {
msg "test/build: depends.py hashes (gcc)"
- tests/scripts/depends.py hashes --unset-use-psa
+ tests/scripts/depends.py hashes --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_kex () {
msg "test/build: depends.py kex (gcc)"
- tests/scripts/depends.py kex --unset-use-psa
+ tests/scripts/depends.py kex --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_pkalgs () {
msg "test/build: depends.py pkalgs (gcc)"
- tests/scripts/depends.py pkalgs --unset-use-psa
+ tests/scripts/depends.py pkalgs --unset-use-psa --make-vars="$MAKE_THREADING_FLAGS"
}
# PSA equivalents of the depends.py tests
component_test_depends_py_cipher_id_psa () {
msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py cipher_id
+ tests/scripts/depends.py cipher_id --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_cipher_chaining_psa () {
msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py cipher_chaining
+ tests/scripts/depends.py cipher_chaining --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_cipher_padding_psa () {
msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py cipher_padding
+ tests/scripts/depends.py cipher_padding --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_curves_psa () {
msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py curves
+ tests/scripts/depends.py curves --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_hashes_psa () {
msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py hashes
+ tests/scripts/depends.py hashes --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_kex_psa () {
msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py kex
+ tests/scripts/depends.py kex --make-vars="$MAKE_THREADING_FLAGS"
}
component_test_depends_py_pkalgs_psa () {
msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined"
- tests/scripts/depends.py pkalgs
+ tests/scripts/depends.py pkalgs --make-vars="$MAKE_THREADING_FLAGS"
}
component_build_no_pk_rsa_alt_support () {
@@ -2189,7 +2389,7 @@
scripts/config.py set MBEDTLS_X509_CRT_WRITE_C
# Only compile - this is primarily to test for compile issues
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' $MAKE_THREADING_FLAGS
}
component_build_module_alt () {
@@ -2208,9 +2408,9 @@
# The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
# directly and assumes the implementation works with partial groups.
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
- # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*
- scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
- scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ # MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
# MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
@@ -2248,7 +2448,7 @@
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)"
@@ -2264,7 +2464,7 @@
tests/compat.sh
msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
- env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL'
+ tests/compat.sh -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -2275,11 +2475,8 @@
# Algorithms and key types to accelerate
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
- KEY_TYPE_ECC_KEY_PAIR_BASIC \
- KEY_TYPE_ECC_KEY_PAIR_IMPORT \
- KEY_TYPE_ECC_KEY_PAIR_EXPORT \
- KEY_TYPE_ECC_KEY_PAIR_GENERATE \
- KEY_TYPE_ECC_PUBLIC_KEY"
+ $(helper_get_psa_key_type_list "ECC") \
+ $(helper_get_psa_curve_list)"
# Configure
# ---------
@@ -2299,7 +2496,8 @@
# -----
# These hashes are needed for some ECDSA signature tests.
- loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
@@ -2320,11 +2518,8 @@
# Algorithms and key types to accelerate
loc_accel_list="ALG_ECDH \
- KEY_TYPE_ECC_KEY_PAIR_BASIC \
- KEY_TYPE_ECC_KEY_PAIR_IMPORT \
- KEY_TYPE_ECC_KEY_PAIR_EXPORT \
- KEY_TYPE_ECC_KEY_PAIR_GENERATE \
- KEY_TYPE_ECC_PUBLIC_KEY"
+ $(helper_get_psa_key_type_list "ECC") \
+ $(helper_get_psa_curve_list)"
# Configure
# ---------
@@ -2360,15 +2555,11 @@
}
component_test_psa_crypto_config_accel_ffdh () {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
+ msg "build: full with accelerated FFDH"
# Algorithms and key types to accelerate
loc_accel_list="ALG_FFDH \
- KEY_TYPE_DH_KEY_PAIR_BASIC \
- KEY_TYPE_DH_KEY_PAIR_IMPORT \
- KEY_TYPE_DH_KEY_PAIR_EXPORT \
- KEY_TYPE_DH_KEY_PAIR_GENERATE \
- KEY_TYPE_DH_PUBLIC_KEY"
+ $(helper_get_psa_key_type_list "DH")"
# Configure
# ---------
@@ -2396,15 +2587,15 @@
# Run the tests
# -------------
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
+ msg "test: full with accelerated FFDH"
make test
- msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH alg"
+ msg "ssl-opt: full with accelerated FFDH alg"
tests/ssl-opt.sh -f "ffdh"
}
component_test_psa_crypto_config_reference_ffdh () {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
+ msg "build: full with non-accelerated FFDH"
# Start with full (USE_PSA and TLS 1.3)
helper_libtestdriver1_adjust_config "full"
@@ -2412,19 +2603,21 @@
# Disable things that are not supported
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- make
+ make $MAKE_THREADING_FLAGS
- msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
+ msg "test suites: full with non-accelerated FFDH alg"
make test
- msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
+ msg "ssl-opt: full with non-accelerated FFDH alg"
tests/ssl-opt.sh -f "ffdh"
}
component_test_psa_crypto_config_accel_pake() {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
+ msg "build: full with accelerated PAKE"
- loc_accel_list="ALG_JPAKE"
+ loc_accel_list="ALG_JPAKE \
+ $(helper_get_psa_key_type_list "ECC") \
+ $(helper_get_psa_curve_list)"
# Configure
# ---------
@@ -2448,10 +2641,196 @@
# Run the tests
# -------------
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
+ msg "test: full with accelerated PAKE"
+ make $MAKE_THREADING_FLAGS test
+}
+
+component_test_psa_crypto_config_accel_ecc_some_key_types () {
+ msg "build: full with accelerated EC algs and some key types"
+
+ # Algorithms and key types to accelerate
+ # For key types, use an explicitly list to omit GENERATE (and DERIVE)
+ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
+ ALG_ECDH \
+ ALG_JPAKE \
+ KEY_TYPE_ECC_PUBLIC_KEY \
+ KEY_TYPE_ECC_KEY_PAIR_BASIC \
+ KEY_TYPE_ECC_KEY_PAIR_IMPORT \
+ KEY_TYPE_ECC_KEY_PAIR_EXPORT \
+ $(helper_get_psa_curve_list)"
+
+ # Configure
+ # ---------
+
+ # start with config full for maximum coverage (also enables USE_PSA)
+ helper_libtestdriver1_adjust_config "full"
+
+ # Disable modules that are accelerated - some will be re-enabled
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py unset MBEDTLS_ECDH_C
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+ scripts/config.py unset MBEDTLS_ECP_C
+
+ # Disable all curves - those that aren't accelerated should be re-enabled
+ helper_disable_builtin_curves
+
+ # Restartable feature is not yet supported by PSA. Once it will in
+ # the future, the following line could be removed (see issues
+ # 6061, 6332 and following ones)
+ scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+
+ # this is not supported by the driver API yet
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+
+ # Build
+ # -----
+
+ # These hashes are needed for some ECDSA signature tests.
+ loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
+ helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
+
+ helper_libtestdriver1_make_main "$loc_accel_list"
+
+ # ECP should be re-enabled but not the others
+ not grep mbedtls_ecdh_ library/ecdh.o
+ not grep mbedtls_ecdsa library/ecdsa.o
+ not grep mbedtls_ecjpake library/ecjpake.o
+ grep mbedtls_ecp library/ecp.o
+
+ # Run the tests
+ # -------------
+
+ msg "test suites: full with accelerated EC algs and some key types"
+ make $MAKE_THREADING_FLAGS test
+}
+
+# Run tests with only (non-)Weierstrass accelerated
+# Common code used in:
+# - component_test_psa_crypto_config_accel_ecc_weierstrass_curves
+# - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves
+common_test_psa_crypto_config_accel_ecc_some_curves () {
+ weierstrass=$1
+ if [ $weierstrass -eq 1 ]; then
+ desc="Weierstrass"
+ else
+ desc="non-Weierstrass"
+ fi
+
+ msg "build: crypto_full minus PK with accelerated EC algs and $desc curves"
+
+ # Note: Curves are handled in a special way by the libtestdriver machinery,
+ # so we only want to include them in the accel list when building the main
+ # libraries, hence the use of a separate variable.
+ # Note: the following loop is a modified version of
+ # helper_get_psa_curve_list that only keeps Weierstrass families.
+ loc_weierstrass_list=""
+ loc_non_weierstrass_list=""
+ for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+ case $item in
+ ECC_BRAINPOOL*|ECC_SECP*)
+ loc_weierstrass_list="$loc_weierstrass_list $item"
+ ;;
+ *)
+ loc_non_weierstrass_list="$loc_non_weierstrass_list $item"
+ ;;
+ esac
+ done
+ if [ $weierstrass -eq 1 ]; then
+ loc_curve_list=$loc_weierstrass_list
+ else
+ loc_curve_list=$loc_non_weierstrass_list
+ fi
+
+ # Algorithms and key types to accelerate
+ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
+ ALG_ECDH \
+ ALG_JPAKE \
+ $(helper_get_psa_key_type_list "ECC") \
+ $loc_curve_list"
+
+ # Configure
+ # ---------
+
+ # Start with config crypto_full and remove PK_C:
+ # that's what's supported now, see docs/driver-only-builds.md.
+ helper_libtestdriver1_adjust_config "crypto_full"
+ scripts/config.py unset MBEDTLS_PK_C
+ scripts/config.py unset MBEDTLS_PK_PARSE_C
+ scripts/config.py unset MBEDTLS_PK_WRITE_C
+ # We need to disable RSA too or PK will be re-enabled.
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
+ scripts/config.py unset MBEDTLS_RSA_C
+ scripts/config.py unset MBEDTLS_PKCS1_V15
+ scripts/config.py unset MBEDTLS_PKCS1_V21
+
+ # Disable modules that are accelerated - some will be re-enabled
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py unset MBEDTLS_ECDH_C
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+ scripts/config.py unset MBEDTLS_ECP_C
+
+ # Disable all curves - those that aren't accelerated should be re-enabled
+ helper_disable_builtin_curves
+
+ # Restartable feature is not yet supported by PSA. Once it will in
+ # the future, the following line could be removed (see issues
+ # 6061, 6332 and following ones)
+ scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+
+ # this is not supported by the driver API yet
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+
+ # Build
+ # -----
+
+ # These hashes are needed for some ECDSA signature tests.
+ loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
+ helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
+
+ helper_libtestdriver1_make_main "$loc_accel_list"
+
+ # We expect ECDH to be re-enabled for the missing curves
+ grep mbedtls_ecdh_ library/ecdh.o
+ # We expect ECP to be re-enabled, however the parts specific to the
+ # families of curves that are accelerated should be ommited.
+ # - functions with mxz in the name are specific to Montgomery curves
+ # - ecp_muladd is specific to Weierstrass curves
+ ##nm library/ecp.o | tee ecp.syms
+ if [ $weierstrass -eq 1 ]; then
+ not grep mbedtls_ecp_muladd library/ecp.o
+ grep mxz library/ecp.o
+ else
+ grep mbedtls_ecp_muladd library/ecp.o
+ not grep mxz library/ecp.o
+ fi
+ # We expect ECDSA and ECJPAKE to be re-enabled only when
+ # Weierstrass curves are not accelerated
+ if [ $weierstrass -eq 1 ]; then
+ not grep mbedtls_ecdsa library/ecdsa.o
+ not grep mbedtls_ecjpake library/ecjpake.o
+ else
+ grep mbedtls_ecdsa library/ecdsa.o
+ grep mbedtls_ecjpake library/ecjpake.o
+ fi
+
+ # Run the tests
+ # -------------
+
+ msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves"
make test
}
+component_test_psa_crypto_config_accel_ecc_weierstrass_curves () {
+ common_test_psa_crypto_config_accel_ecc_some_curves 1
+}
+
+component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves () {
+ common_test_psa_crypto_config_accel_ecc_some_curves 0
+}
+
# Auxiliary function to build config for all EC based algorithms (EC-JPAKE,
# ECDH, ECDSA) with and without drivers.
# The input parameter is a boolean value which indicates:
@@ -2463,11 +2842,11 @@
# - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
# - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
# This supports comparing their test coverage with analyze_outcomes.py.
-config_psa_crypto_config_ecp_ligh_only () {
- DRIVER_ONLY="$1"
+config_psa_crypto_config_ecp_light_only () {
+ driver_only="$1"
# start with config full for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full"
- if [ "$DRIVER_ONLY" -eq 1 ]; then
+ if [ "$driver_only" -eq 1 ]; then
# Disable modules that are accelerated
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_ECDH_C
@@ -2483,29 +2862,31 @@
# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only
component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
+ msg "build: full with accelerated EC algs"
# Algorithms and key types to accelerate
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
ALG_ECDH \
ALG_JPAKE \
- KEY_TYPE_ECC_KEY_PAIR_BASIC \
- KEY_TYPE_ECC_KEY_PAIR_IMPORT \
- KEY_TYPE_ECC_KEY_PAIR_EXPORT \
- KEY_TYPE_ECC_KEY_PAIR_GENERATE \
- KEY_TYPE_ECC_PUBLIC_KEY"
+ $(helper_get_psa_key_type_list "ECC") \
+ $(helper_get_psa_curve_list)"
# Configure
# ---------
# Use the same config as reference, only without built-in EC algs
- config_psa_crypto_config_ecp_ligh_only 1
+ config_psa_crypto_config_ecp_light_only 1
+
+ # Do not disable builtin curves because that support is required for:
+ # - MBEDTLS_PK_PARSE_EC_EXTENDED
+ # - MBEDTLS_PK_PARSE_EC_COMPRESSED
# Build
# -----
# These hashes are needed for some ECDSA signature tests.
- loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
helper_libtestdriver1_make_main "$loc_accel_list"
@@ -2519,25 +2900,25 @@
# Run the tests
# -------------
- msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
- make test
+ msg "test suites: full with accelerated EC algs"
+ make $MAKE_THREADING_FLAGS test
- msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
+ msg "ssl-opt: full with accelerated EC algs"
tests/ssl-opt.sh
}
# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only
component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
- msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
+ msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs"
- config_psa_crypto_config_ecp_ligh_only 0
+ config_psa_crypto_config_ecp_light_only 0
- make
+ make $MAKE_THREADING_FLAGS
- msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
+ msg "test suites: full with non-accelerated EC algs"
make test
- msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
+ msg "ssl-opt: full with non-accelerated EC algs"
tests/ssl-opt.sh
}
@@ -2555,13 +2936,11 @@
# PK_C and RSA_C are always disabled to ensure there is no remaining dependency
# on the ECP module.
config_psa_crypto_no_ecp_at_all () {
- DRIVER_ONLY="$1"
+ driver_only="$1"
# start with full config for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full"
- # enable support for drivers and configuring PSA-only algorithms
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- if [ "$DRIVER_ONLY" -eq 1 ]; then
+ if [ "$driver_only" -eq 1 ]; then
# Disable modules that are accelerated
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_ECDH_C
@@ -2587,30 +2966,30 @@
#
# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
- msg "build: full + accelerated EC algs + USE_PSA - ECP"
+ msg "build: full + accelerated EC algs - ECP"
# Algorithms and key types to accelerate
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
ALG_ECDH \
ALG_JPAKE \
- KEY_TYPE_ECC_KEY_PAIR_BASIC \
- KEY_TYPE_ECC_KEY_PAIR_IMPORT \
- KEY_TYPE_ECC_KEY_PAIR_EXPORT \
- KEY_TYPE_ECC_KEY_PAIR_GENERATE \
- KEY_TYPE_ECC_PUBLIC_KEY"
+ $(helper_get_psa_key_type_list "ECC") \
+ $(helper_get_psa_curve_list)"
# Configure
# ---------
# Set common configurations between library's and driver's builds
config_psa_crypto_no_ecp_at_all 1
+ # Disable all the builtin curves. All the required algs are accelerated.
+ helper_disable_builtin_curves
# Build
# -----
# Things we wanted supported in libtestdriver1, but not accelerated in the main library:
- # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic.
- loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
+ loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
@@ -2620,16 +2999,16 @@
not grep mbedtls_ecdsa_ library/ecdsa.o
not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecjpake_ library/ecjpake.o
- # Also ensure that ECP or RSA modules were not re-enabled
+ # Also ensure that ECP module was not re-enabled
not grep mbedtls_ecp_ library/ecp.o
# Run the tests
# -------------
- msg "test: full + accelerated EC algs + USE_PSA - ECP"
- make test
+ msg "test: full + accelerated EC algs - ECP"
+ make $MAKE_THREADING_FLAGS test
- msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP"
+ msg "ssl-opt: full + accelerated EC algs - ECP"
tests/ssl-opt.sh
}
@@ -2637,68 +3016,69 @@
# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
# Keep in sync with its accelerated counterpart.
component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
- msg "build: full + non accelerated EC algs + USE_PSA"
+ msg "build: full + non accelerated EC algs"
config_psa_crypto_no_ecp_at_all 0
- make
+ make $MAKE_THREADING_FLAGS
- msg "test: full + non accelerated EC algs + USE_PSA"
+ msg "test: full + non accelerated EC algs"
make test
- msg "ssl-opt: full + non accelerated EC algs + USE_PSA"
+ msg "ssl-opt: full + non accelerated EC algs"
tests/ssl-opt.sh
}
-# Helper function used in:
-# - component_test_psa_crypto_config_accel_all_curves_except_p192
-# - component_test_psa_crypto_config_accel_all_curves_except_x25519
-# to build and test with all accelerated curves a part from the specified one.
-psa_crypto_config_accel_all_curves_except_one () {
- BUILTIN_CURVE=$1
-
- msg "build: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
-
- # Accelerate all EC algs (all EC curves are automatically accelerated as
- # well in the built-in version due to the "PSA_WANT_xxx" symbols in
- # "crypto_config.h")
- loc_accel_list="ALG_ECDH \
- ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
- ALG_JPAKE \
- KEY_TYPE_ECC_KEY_PAIR_BASIC \
- KEY_TYPE_ECC_KEY_PAIR_IMPORT \
- KEY_TYPE_ECC_KEY_PAIR_EXPORT \
- KEY_TYPE_ECC_KEY_PAIR_GENERATE \
- KEY_TYPE_ECC_PUBLIC_KEY"
-
- # Configure
- # ---------
-
+# This is a common configuration helper used directly from:
+# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
+# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
+# and indirectly from:
+# - component_test_psa_crypto_config_accel_ecc_no_bignum
+# - accelerate all EC algs, disable RSA and FFDH
+# - component_test_psa_crypto_config_reference_ecc_no_bignum
+# - this is the reference component of the above
+# - it still disables RSA and FFDH, but it uses builtin EC algs
+# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
+# - accelerate all EC and FFDH algs, disable only RSA
+# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
+# - this is the reference component of the above
+# - it still disables RSA, but it uses builtin EC and FFDH algs
+#
+# This function accepts 2 parameters:
+# $1: a boolean value which states if we are testing an accelerated scenario
+# or not.
+# $2: a string value which states which components are tested. Allowed values
+# are "ECC" or "ECC_DH".
+config_psa_crypto_config_accel_ecc_ffdh_no_bignum() {
+ driver_only="$1"
+ test_target="$2"
+ # start with full config for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full"
- # restartable is not yet supported in PSA
- scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+ if [ "$driver_only" -eq 1 ]; then
+ # Disable modules that are accelerated
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py unset MBEDTLS_ECDH_C
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+ # Disable ECP module (entirely)
+ scripts/config.py unset MBEDTLS_ECP_C
+ # Also disable bignum
+ scripts/config.py unset MBEDTLS_BIGNUM_C
+ fi
- # disable modules for which we have drivers
- scripts/config.py unset MBEDTLS_ECDSA_C
- scripts/config.py unset MBEDTLS_ECDH_C
- scripts/config.py unset MBEDTLS_ECJPAKE_C
+ # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
+ scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
+ scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
- # Ensure also RSA and asssociated algs are disabled so that the size of
- # the public/private keys cannot be taken from there
+ # RSA support is intentionally disabled on this test because RSA_C depends
+ # on BIGNUM_C.
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_PKCS1_V15
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
- # Disable RSA on the PSA side too
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset $ALG
- done
# Also disable key exchanges that depend on RSA
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@@ -2706,65 +3086,269 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- # Explicitly disable all SW implementation for elliptic curves
- for CURVE in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
- scripts/config.py unset "$CURVE"
- done
- # Just leave SW implementation for the specified curve for allowing to
- # build with ECP_C.
- scripts/config.py set $BUILTIN_CURVE
- # Accelerate all curves listed in "crypto_config.h" (skipping the ones that
- # are commented out).
- # Note: Those are handled in a special way by the libtestdriver machinery,
- # so we only want to include them in the accel list when building the main
- # libraries, hence the use of a separate variable.
- loc_curve_list=""
- for CURVE in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- loc_curve_list="$loc_curve_list $CURVE"
- done
+ if [ "$test_target" = "ECC" ]; then
+ # When testing ECC only, we disable FFDH support, both from builtin and
+ # PSA sides, and also disable the key exchanges that depend on DHM.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
+ scripts/config.py unset MBEDTLS_DHM_C
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ else
+ # When testing ECC and DH instead, we disable DHM and depending key
+ # exchanges only in the accelerated build
+ if [ "$driver_only" -eq 1 ]; then
+ scripts/config.py unset MBEDTLS_DHM_C
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ fi
+ fi
+
+ # Restartable feature is not yet supported by PSA. Once it will in
+ # the future, the following line could be removed (see issues
+ # 6061, 6332 and following ones)
+ scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+}
+
+# Common helper used by:
+# - component_test_psa_crypto_config_accel_ecc_no_bignum
+# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum
+#
+# The goal is to build and test accelerating either:
+# - ECC only or
+# - both ECC and FFDH
+#
+# It is meant to be used in conjunction with
+# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers
+# coverage analysis in the "analyze_outcomes.py" script.
+common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
+ test_target="$1"
+
+ # This is an internal helper to simplify text message handling
+ if [ "$test_target" = "ECC_DH" ]; then
+ accel_text="ECC/FFDH"
+ removed_text="ECP - DH"
+ else
+ accel_text="ECC"
+ removed_text="ECP"
+ fi
+
+ msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
+
+ # By default we accelerate all EC keys/algs
+ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
+ ALG_ECDH \
+ ALG_JPAKE \
+ $(helper_get_psa_key_type_list "ECC") \
+ $(helper_get_psa_curve_list)"
+ # Optionally we can also add DH to the list of accelerated items
+ if [ "$test_target" = "ECC_DH" ]; then
+ loc_accel_list="$loc_accel_list \
+ ALG_FFDH \
+ $(helper_get_psa_key_type_list "DH")"
+ fi
+
+ # Configure
+ # ---------
+
+ # Set common configurations between library's and driver's builds
+ config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target"
+ # Disable all the builtin curves. All the required algs are accelerated.
+ helper_disable_builtin_curves
# Build
# -----
- # These hashes are needed for some ECDSA signature tests.
- loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ # Things we wanted supported in libtestdriver1, but not accelerated in the main library:
+ # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic.
+ loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
+
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
- # (See above regarding loc_curve_list.)
- helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list"
+ helper_libtestdriver1_make_main "$loc_accel_list"
- # make sure excluded modules were not auto-re-enabled by accident
- not grep mbedtls_ecdh_ library/ecdh.o
+ # Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
+ not grep mbedtls_ecdh_ library/ecdh.o
not grep mbedtls_ecjpake_ library/ecjpake.o
- if [ $BUILTIN_CURVE == "MBEDTLS_ECP_DP_SECP192R1_ENABLED" ]; then
- # The only built-in curve is Short Weierstrass, so ECP shouldn't have
- # support for Montgomery curves. Functions with mxz in their name
- # are specific to Montgomery curves.
- not grep mxz library/ecp.o
- elif [ $BUILTIN_CURVE == "MBEDTLS_ECP_DP_CURVE25519_ENABLED" ]; then
- # The only built-in curve is Montgomery, so ECP shouldn't have
- # support for Short Weierstrass curves. Functions with mbedtls_ecp_muladd
- # in their name are specific to Short Weierstrass curves.
- not grep mbedtls_ecp_muladd library/ecp.o
- else
- err_msg "Error: $BUILTIN_CURVE is not supported in psa_crypto_config_accel_all_curves_except_one()"
- exit 1
- fi
+ # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled
+ not grep mbedtls_ecp_ library/ecp.o
+ not grep mbedtls_rsa_ library/rsa.o
+ not grep mbedtls_mpi_ library/bignum.o
+ not grep mbedtls_dhm_ library/dhm.o
# Run the tests
# -------------
- msg "test: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
+ msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM"
+
+ make $MAKE_THREADING_FLAGS test
+
+ msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
+ tests/ssl-opt.sh
+}
+
+# Common helper used by:
+# - component_test_psa_crypto_config_reference_ecc_no_bignum
+# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum
+#
+# The goal is to build and test a reference scenario (i.e. with builtin
+# components) compared to the ones used in
+# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above.
+#
+# It is meant to be used in conjunction with
+# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers'
+# coverage analysis in "analyze_outcomes.py" script.
+common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
+ test_target="$1"
+
+ # This is an internal helper to simplify text message handling
+ if [ "$test_target" = "ECC_DH" ]; then
+ accel_text="ECC/FFDH"
+ else
+ accel_text="ECC"
+ fi
+
+ msg "build: full + non accelerated $accel_text algs + USE_PSA"
+
+ config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target"
+
+ make $MAKE_THREADING_FLAGS
+
+ msg "test suites: full + non accelerated EC algs + USE_PSA"
+ make test
+
+ msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA"
+ tests/ssl-opt.sh
+}
+
+component_test_psa_crypto_config_accel_ecc_no_bignum () {
+ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC"
+}
+
+component_test_psa_crypto_config_reference_ecc_no_bignum () {
+ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC"
+}
+
+component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
+ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH"
+}
+
+component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
+ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH"
+}
+
+# Helper for setting common configurations between:
+# - component_test_tfm_config_p256m_driver_accel_ec()
+# - component_test_tfm_config()
+common_tfm_config () {
+ # Enable TF-M config
+ cp configs/config-tfm.h "$CONFIG_H"
+ echo "#undef MBEDTLS_PSA_CRYPTO_CONFIG_FILE" >> "$CONFIG_H"
+ cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
+
+ # Other config adjustment to make the tests pass.
+ # This should probably be adopted upstream.
+ #
+ # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS
+ echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H"
+
+ # Config adjustment for better test coverage in our environment.
+ # This is not needed just to build and pass tests.
+ #
+ # Enable filesystem I/O for the benefit of PK parse/write tests.
+ echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H"
+}
+
+# Keep this in sync with component_test_tfm_config() as they are both meant
+# to be used in analyze_outcomes.py for driver's coverage analysis.
+component_test_tfm_config_p256m_driver_accel_ec () {
+ msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
+
+ common_tfm_config
+
+ # Build crypto library
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
+
+ # Make sure any built-in EC alg was not re-enabled by accident (additive config)
+ not grep mbedtls_ecdsa_ library/ecdsa.o
+ not grep mbedtls_ecdh_ library/ecdh.o
+ not grep mbedtls_ecjpake_ library/ecjpake.o
+ # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled
+ not grep mbedtls_ecp_ library/ecp.o
+ not grep mbedtls_rsa_ library/rsa.o
+ not grep mbedtls_dhm_ library/dhm.o
+ not grep mbedtls_mpi_ library/bignum.o
+ # Check that p256m was built
+ grep -q p256_ecdsa_ library/libmbedcrypto.a
+
+ # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
+ # files, so we want to ensure that it has not be re-enabled accidentally.
+ not grep mbedtls_cipher library/cipher.o
+
+ # Run the tests
+ msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
make test
}
-component_test_psa_crypto_config_accel_all_curves_except_p192 () {
- psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_SECP192R1_ENABLED
+# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as
+# they are both meant to be used in analyze_outcomes.py for driver's coverage
+# analysis.
+component_test_tfm_config() {
+ common_tfm_config
+
+ # Disable P256M driver, which is on by default, so that analyze_outcomes
+ # can compare this test with test_tfm_config_p256m_driver_accel_ec
+ echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
+
+ msg "build: TF-M config"
+ make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
+
+ # Check that p256m was not built
+ not grep p256_ecdsa_ library/libmbedcrypto.a
+
+ # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
+ # files, so we want to ensure that it has not be re-enabled accidentally.
+ not grep mbedtls_cipher library/cipher.o
+
+ msg "test: TF-M config"
+ make test
}
-component_test_psa_crypto_config_accel_all_curves_except_x25519 () {
- psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_CURVE25519_ENABLED
+# Common helper for component_full_without_ecdhe_ecdsa() and
+# component_full_without_ecdhe_ecdsa_and_tls13() which:
+# - starts from the "full" configuration minus the list of symbols passed in
+# as 1st parameter
+# - build
+# - test only TLS (i.e. test_suite_tls and ssl-opt)
+build_full_minus_something_and_test_tls () {
+ symbols_to_disable="$1"
+
+ msg "build: full minus something, test TLS"
+
+ scripts/config.py full
+ for sym in $symbols_to_disable; do
+ echo "Disabling $sym"
+ scripts/config.py unset $sym
+ done
+
+ make $MAKE_THREADING_FLAGS
+
+ msg "test: full minus something, test TLS"
+ ( cd tests; ./test_suite_ssl )
+
+ msg "ssl-opt: full minus something, test TLS"
+ tests/ssl-opt.sh
+}
+
+component_full_without_ecdhe_ecdsa () {
+ build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
+}
+
+component_full_without_ecdhe_ecdsa_and_tls13 () {
+ build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ MBEDTLS_SSL_PROTO_TLS1_3"
}
# This is an helper used by:
@@ -2775,23 +3359,22 @@
# - $1 is the key type under test, i.e. ECC/RSA/DH
# - $2 is the key option to be unset (i.e. generate, derive, etc)
build_and_test_psa_want_key_pair_partial() {
- KEY_TYPE=$1
- UNSET_OPTION=$2
- DISABLED_PSA_WANT="PSA_WANT_KEY_TYPE_${KEY_TYPE}_KEY_PAIR_${UNSET_OPTION}"
+ key_type=$1
+ unset_option=$2
+ disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}"
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
# crypto_config.h so we just disable the one we don't want.
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$DISABLED_PSA_WANT"
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
- make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
- msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}"
+ msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${disabled_psa_want}"
make test
}
@@ -2803,76 +3386,75 @@
build_and_test_psa_want_key_pair_partial "ECC" "GENERATE"
}
-component_test_psa_crypto_config_accel_rsa_signature () {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
+config_psa_crypto_accel_rsa () {
+ driver_only=$1
- loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY"
+ # Start from crypto_full config (no X.509, no TLS)
+ helper_libtestdriver1_adjust_config "crypto_full"
+
+ if [ "$driver_only" -eq 1 ]; then
+ # Remove RSA support and its dependencies
+ scripts/config.py unset MBEDTLS_RSA_C
+ scripts/config.py unset MBEDTLS_PKCS1_V15
+ scripts/config.py unset MBEDTLS_PKCS1_V21
+
+ # We need PEM parsing in the test library as well to support the import
+ # of PEM encoded RSA keys.
+ scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
+ scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
+ fi
+}
+
+component_test_psa_crypto_config_accel_rsa_crypto () {
+ msg "build: crypto_full with accelerated RSA"
+
+ loc_accel_list="ALG_RSA_OAEP ALG_RSA_PSS \
+ ALG_RSA_PKCS1V15_CRYPT ALG_RSA_PKCS1V15_SIGN \
+ KEY_TYPE_RSA_PUBLIC_KEY \
+ KEY_TYPE_RSA_KEY_PAIR_BASIC \
+ KEY_TYPE_RSA_KEY_PAIR_GENERATE \
+ KEY_TYPE_RSA_KEY_PAIR_IMPORT \
+ KEY_TYPE_RSA_KEY_PAIR_EXPORT"
# Configure
# ---------
- # Start from default config (no TLS 1.3, no USE_PSA)
- helper_libtestdriver1_adjust_config "default"
-
- # It seems it is not possible to remove only the support for RSA signature
- # in the library. Thus we have to remove all RSA support (signature and
- # encryption/decryption). AS there is no driver support for asymmetric
- # encryption/decryption so far remove RSA encryption/decryption from the
- # application algorithm list.
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-
- # Remove RSA support and its dependencies
- scripts/config.py unset MBEDTLS_RSA_C
- scripts/config.py unset MBEDTLS_PKCS1_V15
- scripts/config.py unset MBEDTLS_PKCS1_V21
- scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-
- # Make sure both the library and the test library support the SHA hash
- # algorithms and only those ones (SHA256 is included by default). That way:
- # - the test library can compute the RSA signatures even in the case of a
- # composite RSA signature algorithm based on a SHA hash (no other hash
- # used in the unit tests).
- # - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is
- # fulfilled as the hash SHA algorithm is supported by the library, and
- # thus the tests are run, not skipped.
- # - when testing a signature key with an algorithm wildcard built from
- # PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash
- # algorithm based on the hashes supported by the library is also
- # supported by the test library.
- # Disable unwanted hashes here, we'll enable hashes we want in loc_extra_list.
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160_C
- scripts/config.py unset MBEDTLS_MD5_C
- scripts/config.py unset MBEDTLS_RIPEMD160_C
-
- # We need PEM parsing in the test library as well to support the import
- # of PEM encoded RSA keys.
- scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C
- scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C
+ config_psa_crypto_accel_rsa 1
# Build
# -----
- # These hashes are needed for some RSA-PSS signature tests.
- loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ # These hashes are needed for unit tests.
+ loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512 ALG_MD5"
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
- not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
+ not grep mbedtls_rsa library/rsa.o
# Run the tests
# -------------
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
+ msg "test: crypto_full with accelerated RSA"
+ make $MAKE_THREADING_FLAGS test
+}
+
+component_test_psa_crypto_config_reference_rsa_crypto () {
+ msg "build: crypto_full with non-accelerated RSA"
+
+ # Configure
+ # ---------
+ config_psa_crypto_accel_rsa 0
+
+ # Build
+ # -----
+ make $MAKE_THREADING_FLAGS
+
+ # Run the tests
+ # -------------
+ msg "test: crypto_full with non-accelerated RSA"
make test
}
@@ -2931,7 +3513,9 @@
component_test_psa_crypto_config_accel_hash () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash"
- loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
+ ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
# Configure
# ---------
@@ -2947,6 +3531,7 @@
scripts/config.py unset MBEDTLS_SHA256_C
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
+ scripts/config.py unset MBEDTLS_SHA3_C
# Build
# -----
@@ -2975,7 +3560,9 @@
# This component ensures that all the test cases for
# md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run.
- loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
+ ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
# Start from default config (no TLS 1.3, no USE_PSA)
helper_libtestdriver1_adjust_config "default"
@@ -2990,20 +3577,21 @@
# Auxiliary function to build config for hashes with and without drivers
config_psa_crypto_hash_use_psa () {
- DRIVER_ONLY="$1"
+ driver_only="$1"
# start with config full for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full"
- if [ "$DRIVER_ONLY" -eq 1 ]; then
+ if [ "$driver_only" -eq 1 ]; then
# disable the built-in implementation of hashes
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
scripts/config.py unset MBEDTLS_SHA1_C
scripts/config.py unset MBEDTLS_SHA224_C
scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
- scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA3_C
fi
}
@@ -3011,9 +3599,11 @@
# is related to this component and both components need to be kept in sync.
# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa.
component_test_psa_crypto_config_accel_hash_use_psa () {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ msg "test: full with accelerated hashes"
- loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
+ loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
+ ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
+ ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
# Configure
# ---------
@@ -3038,18 +3628,18 @@
# Run the tests
# -------------
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ msg "test: full with accelerated hashes"
make test
# This is mostly useful so that we can later compare outcome files with
# the reference config in analyze_outcomes.py, to check that the
# dependency declarations in ssl-opt.sh and in TLS code are correct.
- msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ msg "test: ssl-opt.sh, full with accelerated hashes"
tests/ssl-opt.sh
# This is to make sure all ciphersuites are exercised, but we don't need
# interop testing (besides, we already got some from ssl-opt.sh).
- msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
+ msg "test: compat.sh, full with accelerated hashes"
tests/compat.sh -p mbedTLS -V YES
}
@@ -3058,37 +3648,31 @@
# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
# Both components need to be kept in sync.
component_test_psa_crypto_config_reference_hash_use_psa() {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
+ msg "test: full without accelerated hashes"
config_psa_crypto_hash_use_psa 0
- make
+ make $MAKE_THREADING_FLAGS
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
+ msg "test: full without accelerated hashes"
make test
- msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
+ msg "test: ssl-opt.sh, full without accelerated hashes"
tests/ssl-opt.sh
}
component_test_psa_crypto_config_accel_cipher () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
- loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES"
+ loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
+ ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \
+ KEY_TYPE_DES"
# Configure
# ---------
- # Start from the default config (no TLS 1.3, no USE_PSA)
- helper_libtestdriver1_adjust_config "default"
-
- # There is no intended accelerator support for ALG CMAC. Therefore, asking
- # for it in the build implies the inclusion of the Mbed TLS cipher
- # operations. As we want to test here with cipher operations solely
- # supported by accelerators, disabled this PSA configuration option.
- # (Note: the same applies to STREAM_CIPHER and ECB_NO_PADDING, which are
- # already disabled by helper_libtestdriver1_adjust_config above.)
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
+ # Start from the full config
+ helper_libtestdriver1_adjust_config "full"
# Disable the things that are being accelerated
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
@@ -3098,6 +3682,7 @@
scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
scripts/config.py unset MBEDTLS_DES_C
+ scripts/config.py unset MBEDTLS_CMAC_C
# Build
# -----
@@ -3119,21 +3704,22 @@
component_test_psa_crypto_config_accel_aead () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
- loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
+ loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \
+ KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
# Configure
# ---------
- # Start from default config (no TLS 1.3, no USE_PSA)
- helper_libtestdriver1_adjust_config "default"
+ # Start from full config
+ helper_libtestdriver1_adjust_config "full"
# Disable things that are being accelerated
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
- # Features that depend on AEAD
- scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
- scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+ # Disable CCM_STAR_NO_TAG because this re-enables CCM_C.
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
# Build
# -----
@@ -3154,19 +3740,60 @@
make test
}
-component_test_psa_crypto_config_accel_pake() {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
+# This is a common configuration function used in:
+# - component_test_psa_crypto_config_accel_cipher_aead
+# - component_test_psa_crypto_config_reference_cipher_aead
+common_psa_crypto_config_accel_cipher_aead() {
+ # Start from the full config
+ helper_libtestdriver1_adjust_config "full"
- loc_accel_list="ALG_JPAKE"
+ # CIPHER_C is disabled in the accelerated test component so we disable
+ # all the features that depend on it both in the accelerated and in the
+ # reference components.
+ scripts/config.py unset MBEDTLS_PKCS5_C
+ scripts/config.py unset MBEDTLS_PKCS12_C
+
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+}
+
+# The 2 following test components, i.e.
+# - component_test_psa_crypto_config_accel_cipher_aead
+# - component_test_psa_crypto_config_reference_cipher_aead
+# are meant to be used together in analyze_outcomes.py script in order to test
+# driver's coverage for ciphers and AEADs.
+component_test_psa_crypto_config_accel_cipher_aead () {
+ msg "build: full config with accelerated cipher and AEAD"
+
+ loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \
+ ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \
+ ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \
+ KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
# Configure
# ---------
- helper_libtestdriver1_adjust_config "full"
+ common_psa_crypto_config_accel_cipher_aead
- # Make build-in fallback not available
- scripts/config.py unset MBEDTLS_ECJPAKE_C
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ # Disable the things that are being accelerated
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ scripts/config.py unset MBEDTLS_CMAC_C
+ scripts/config.py unset MBEDTLS_DES_C
+ scripts/config.py unset MBEDTLS_AES_C
+ scripts/config.py unset MBEDTLS_ARIA_C
+ scripts/config.py unset MBEDTLS_CHACHA20_C
+ scripts/config.py unset MBEDTLS_CAMELLIA_C
+
+ # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA
+ # does not depend on it.
+ scripts/config.py unset MBEDTLS_CIPHER_C
# Build
# -----
@@ -3176,25 +3803,66 @@
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_ecjpake_init library/ecjpake.o
+ not grep mbedtls_cipher library/cipher.o
+ not grep mbedtls_des library/des.o
+ not grep mbedtls_aes library/aes.o
+ not grep mbedtls_aria library/aria.o
+ not grep mbedtls_camellia library/camellia.o
+ not grep mbedtls_ccm library/ccm.o
+ not grep mbedtls_gcm library/gcm.o
+ not grep mbedtls_chachapoly library/chachapoly.o
+ not grep mbedtls_cmac library/cmac.o
# Run the tests
# -------------
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
+ msg "test: full config with accelerated cipher and AEAD"
+ make $MAKE_THREADING_FLAGS test
+
+ msg "ssl-opt: full config with accelerated cipher and AEAD"
+ tests/ssl-opt.sh
+
+ msg "compat.sh: full config with accelerated cipher and AEAD"
+ tests/compat.sh -V NO -p mbedTLS
+}
+
+component_test_psa_crypto_config_reference_cipher_aead () {
+ msg "build: full config with non-accelerated cipher and AEAD"
+ common_psa_crypto_config_accel_cipher_aead
+
+ make $MAKE_THREADING_FLAGS
+
+ msg "test: full config with non-accelerated cipher and AEAD"
+ make test
+
+ msg "ssl-opt: full config with non-accelerated cipher and AEAD"
+ tests/ssl-opt.sh
+
+ msg "compat.sh: full config with non-accelerated cipher and AEAD"
+ tests/compat.sh -V NO -p mbedTLS
+}
+
+component_test_aead_chachapoly_disabled() {
+ msg "build: full minus CHACHAPOLY"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
+
+ msg "test: full minus CHACHAPOLY"
make test
}
-component_test_psa_crypto_config_chachapoly_disabled() {
- # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
- msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+component_test_aead_only_ccm() {
+ msg "build: full minus CHACHAPOLY and GCM"
scripts/config.py full
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
+ scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
- make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
- msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+ msg "test: full minus CHACHAPOLY and GCM"
make test
}
@@ -3212,11 +3880,8 @@
# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
component_build_psa_accel_alg_ecdh() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH
- # without MBEDTLS_ECDH_C
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_ECDH_C
@@ -3226,79 +3891,36 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test.
-component_build_psa_accel_key_type_ecc_key_pair() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx"
- scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test.
-component_build_psa_accel_key_type_ecc_public_key() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
- scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
component_build_psa_accel_alg_hmac() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
component_build_psa_accel_alg_hkdf() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF
- # without MBEDTLS_HKDF_C
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_HKDF_C
# Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
component_build_psa_accel_alg_md5() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
@@ -3311,15 +3933,13 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
component_build_psa_accel_alg_ripemd160() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3332,15 +3952,13 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
component_build_psa_accel_alg_sha1() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3353,15 +3971,13 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
component_build_psa_accel_alg_sha224() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3371,15 +3987,13 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
component_build_psa_accel_alg_sha256() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3389,15 +4003,13 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
component_build_psa_accel_alg_sha384() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3409,15 +4021,13 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
component_build_psa_accel_alg_sha512() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
@@ -3430,15 +4040,13 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
@@ -3446,15 +4054,13 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
@@ -3462,15 +4068,13 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_oaep() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
@@ -3478,15 +4082,13 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_pss() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
@@ -3494,15 +4096,13 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_key_type_rsa_key_pair() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx and PSA_WANT_ALG_RSA_PSS
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
@@ -3511,91 +4111,169 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_key_type_rsa_public_key() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
}
support_build_tfm_armcc () {
- armc6_cc="$ARMC6_BIN_DIR/armclang"
- (check_tools "$armc6_cc" > /dev/null 2>&1)
+ support_build_armcc
}
component_build_tfm_armcc() {
# test the TF-M configuration can build cleanly with various warning flags enabled
- cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H"
- cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
+ cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, armclang armv7-m thumb2"
- make clean
- armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
+ armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
}
component_build_tfm() {
- # test the TF-M configuration can build cleanly with various warning flags enabled
- cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H"
- cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
+ # Check that the TF-M configuration can build cleanly with various
+ # warning flags enabled. We don't build or run tests, since the
+ # TF-M configuration needs a TF-M platform. A tweaked version of
+ # the configuration that works on mainstream platforms is in
+ # configs/config-tfm.h, tested via test-ref-configs.pl.
+ cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, clang, armv7-m thumb2"
- make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
+ make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
msg "build: TF-M config, gcc native build"
make clean
- make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op"
+ make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe"
}
-component_build_aes_variations() { # ~45s
- # aes.o has many #if defined(...) guards that intersect in complex ways.
- # Test that all the combinations build cleanly. The most common issue is
- # unused variables/functions, so ensure -Wunused is set.
+# Test that the given .o file builds with all (valid) combinations of the given options.
+#
+# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ...
+#
+# The validator function is the name of a function to validate the combination of options.
+# It may be "" if all combinations are valid.
+# It receives a string containing a combination of options, as passed to the compiler,
+# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid.
+build_test_config_combos() {
+ file=$1
+ shift
+ validate_options=$1
+ shift
+ options=("$@")
+ # clear all of the options so that they can be overridden on the clang commandline
+ for opt in "${options[@]}"; do
+ ./scripts/config.py unset ${opt}
+ done
+
+ # enter the directory containing the target file & strip the dir from the filename
+ cd $(dirname ${file})
+ file=$(basename ${file})
+
+ # The most common issue is unused variables/functions, so ensure -Wunused is set.
+ warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
+
+ # Extract the command generated by the Makefile to build the target file.
+ # This ensures that we have any include paths, macro definitions, etc
+ # that may be applied by make.
+ # Add -fsyntax-only as we only want a syntax check and don't need to generate a file.
+ compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c"
+
+ makefile=$(TMPDIR=. mktemp)
+ deps=""
+
+ len=${#options[@]}
+ source_file=${file%.o}.c
+
+ targets=0
+ echo 'include Makefile' >${makefile}
+
+ for ((i = 0; i < $((2**${len})); i++)); do
+ # generate each of 2^n combinations of options
+ # each bit of $i is used to determine if options[i] will be set or not
+ target="t"
+ clang_args=""
+ for ((j = 0; j < ${len}; j++)); do
+ if (((i >> j) & 1)); then
+ opt=-D${options[$j]}
+ clang_args="${clang_args} ${opt}"
+ target="${target}${opt}"
+ fi
+ done
+
+ # if combination is not known to be invalid, add it to the makefile
+ if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then
+ cmd="${compile_cmd} ${clang_args}"
+ echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile}
+
+ deps="${deps} ${target}"
+ ((++targets))
+ fi
+ done
+
+ echo "build_test_config_combos: ${deps}" >> ${makefile}
+
+ # execute all of the commands via Make (probably in parallel)
+ make -s -f ${makefile} build_test_config_combos
+ echo "$targets targets checked"
+
+ # clean up the temporary makefile
+ rm ${makefile}
+}
+
+validate_aes_config_variations() {
+ if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then
+ if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then
+ return 1
+ fi
+ if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \
+ ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then
+ return 1
+ fi
+ fi
+ return 0
+}
+
+component_build_aes_variations() {
+ # 18s - around 90ms per clang invocation on M1 Pro
+ #
+ # aes.o has many #if defined(...) guards that intersect in complex ways.
+ # Test that all the combinations build cleanly.
+
+ MBEDTLS_ROOT_DIR="$PWD"
msg "build: aes.o for all combinations of relevant config options"
- for a in set unset; do
- for b in set unset; do
- for c in set unset; do
- for d in set unset; do
- for e in set unset; do
- for f in set unset; do
- for g in set unset; do
- echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
- echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
- echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
- echo ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
- echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
- echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
- echo ./scripts/config.py $g MBEDTLS_PADLOCK_C
+ build_test_config_combos library/aes.o validate_aes_config_variations \
+ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
+ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
+ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
+ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
- ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
- ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
- ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
- ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
- ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
- ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
- ./scripts/config.py $g MBEDTLS_PADLOCK_C
+ cd "$MBEDTLS_ROOT_DIR"
+ msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT"
- rm -f library/aes.o
- make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
- done
- done
- done
- done
- done
- done
- done
+ # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES,
+ # manually set or unset those configurations to check
+ # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o.
+ scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
+ scripts/config.py unset MBEDTLS_DES_C
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+ build_test_config_combos library/aes.o validate_aes_config_variations \
+ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
+ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
+ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
+ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
}
component_test_no_platform () {
@@ -3603,27 +4281,18 @@
# This should catch missing mbedtls_printf definitions, and by disabling file
# IO, it should catch missing '#include <stdio.h>'
msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
- scripts/config.py full
+ scripts/config.py full_no_platform
scripts/config.py unset MBEDTLS_PLATFORM_C
scripts/config.py unset MBEDTLS_NET_C
- scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
- scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_VSNPRINTF_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_SETBUF_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
- scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.py unset MBEDTLS_FS_IO
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' $MAKE_THREADING_FLAGS test
}
component_build_no_std_function () {
@@ -3641,14 +4310,14 @@
msg "build: full config except SSL server, make, gcc" # ~ 30s
scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_SRV_C
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' $MAKE_THREADING_FLAGS
}
component_build_no_ssl_cli () {
msg "build: full config except SSL client, make, gcc" # ~ 30s
scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_CLI_C
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' $MAKE_THREADING_FLAGS
}
component_build_no_sockets () {
@@ -3693,7 +4362,7 @@
# Run max fragment length tests with MFL disabled
msg "build: default config except MFL extension (ASan build)" # ~ 30s
scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: ssl-opt.sh, MFL-related tests"
@@ -3703,7 +4372,7 @@
component_test_asan_remove_peer_certificate () {
msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
@@ -3724,7 +4393,7 @@
scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MFL tests (disabled MFL extension case) & large packet tests"
@@ -3737,7 +4406,7 @@
component_test_variable_ssl_in_out_buffer_len () {
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
@@ -3754,7 +4423,7 @@
msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)"
@@ -3813,7 +4482,7 @@
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc
scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
@@ -3823,7 +4492,7 @@
component_test_malloc_0_null () {
msg "build: malloc(0) returns NULL (ASan+UBSan build)"
scripts/config.py full
- make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
msg "test: malloc(0) returns NULL (ASan+UBSan build)"
make test
@@ -3854,7 +4523,7 @@
# We can only grep /proc/cpuinfo on Linux, so this also checks for Linux
(gcc -v 2>&1 | grep Target | grep -q x86_64) &&
[[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] &&
- (grep '^flags' /proc/cpuinfo | grep -qw aes)
+ (lscpu | grep -qw aes)
}
component_test_aesni () { # ~ 60s
@@ -3867,29 +4536,299 @@
msg "build: default config with different AES implementations"
scripts/config.py set MBEDTLS_AESNI_C
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py set MBEDTLS_HAVE_ASM
# test the intrinsics implementation
msg "AES tests, test intrinsics"
make clean
- make test programs/test/selftest CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
# check that we built intrinsics - this should be used by default when supported by the compiler
- ./programs/test/selftest | grep "AESNI code" | grep -q "intrinsics"
+ ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
# test the asm implementation
msg "AES tests, test assembly"
make clean
- make test programs/test/selftest CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes'
# check that we built assembly - this should be built if the compiler does not support intrinsics
- ./programs/test/selftest | grep "AESNI code" | grep -q "assembly"
+ ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly"
# test the plain C implementation
scripts/config.py unset MBEDTLS_AESNI_C
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
msg "AES tests, plain C"
make clean
- make test programs/test/selftest CC=gcc CFLAGS='-O2 -Werror'
+ make CC=gcc CFLAGS='-O2 -Werror'
# check that there is no AESNI code present
- ./programs/test/selftest | not grep -q "AESNI code"
+ ./programs/test/selftest aes | not grep -q "AESNI code"
+ not grep -q "AES note: using AESNI" ./programs/test/selftest
+ grep -q "AES note: built-in implementation." ./programs/test/selftest
+
+ # test the intrinsics implementation
+ scripts/config.py set MBEDTLS_AESNI_C
+ scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
+ msg "AES tests, test AESNI only"
+ make clean
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes'
+ ./programs/test/selftest aes | grep -q "AES note: using AESNI"
+ ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
+ grep -q "AES note: using AESNI" ./programs/test/selftest
+ not grep -q "AES note: built-in implementation." ./programs/test/selftest
+}
+
+support_test_aesni_m32() {
+ support_test_m32_no_asm && (lscpu | grep -qw aes)
+}
+
+component_test_aesni_m32 () { # ~ 60s
+ # This tests are duplicated from component_test_aesni for i386 target
+ #
+ # AESNI intrinsic code supports i386 and assembly code does not support it.
+
+ msg "build: default config with different AES implementations"
+ scripts/config.py set MBEDTLS_AESNI_C
+ scripts/config.py set MBEDTLS_PADLOCK_C
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+ scripts/config.py set MBEDTLS_HAVE_ASM
+
+ # test the intrinsics implementation with gcc
+ msg "AES tests, test intrinsics (gcc)"
+ make clean
+ make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
+ # check that we built intrinsics - this should be used by default when supported by the compiler
+ ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
+ grep -q "AES note: using AESNI" ./programs/test/selftest
+ grep -q "AES note: built-in implementation." ./programs/test/selftest
+ grep -q "AES note: using VIA Padlock" ./programs/test/selftest
+ grep -q mbedtls_aesni_has_support ./programs/test/selftest
+
+ scripts/config.py set MBEDTLS_AESNI_C
+ scripts/config.py unset MBEDTLS_PADLOCK_C
+ scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
+ msg "AES tests, test AESNI only"
+ make clean
+ make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32'
+ ./programs/test/selftest aes | grep -q "AES note: using AESNI"
+ ./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
+ grep -q "AES note: using AESNI" ./programs/test/selftest
+ not grep -q "AES note: built-in implementation." ./programs/test/selftest
+ not grep -q "AES note: using VIA Padlock" ./programs/test/selftest
+ not grep -q mbedtls_aesni_has_support ./programs/test/selftest
+}
+
+support_test_aesni_m32_clang() {
+ support_test_aesni_m32 && if command -v clang > /dev/null ; then
+ # clang >= 4 is required to build with target attributes
+ clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
+ [[ "${clang_ver}" -ge 4 ]]
+ else
+ # clang not available
+ false
+ fi
+}
+
+component_test_aesni_m32_clang() {
+
+ scripts/config.py set MBEDTLS_AESNI_C
+ scripts/config.py set MBEDTLS_PADLOCK_C
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+ scripts/config.py set MBEDTLS_HAVE_ASM
+
+ # test the intrinsics implementation with clang
+ msg "AES tests, test intrinsics (clang)"
+ make clean
+ make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
+ # check that we built intrinsics - this should be used by default when supported by the compiler
+ ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
+ grep -q "AES note: using AESNI" ./programs/test/selftest
+ grep -q "AES note: built-in implementation." ./programs/test/selftest
+ grep -q "AES note: using VIA Padlock" ./programs/test/selftest
+ grep -q mbedtls_aesni_has_support ./programs/test/selftest
+}
+
+# For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
+component_build_aes_aesce_armcc () {
+ msg "Build: AESCE test on arm64 platform without plain C."
+ scripts/config.py baremetal
+
+ # armc[56] don't support SHA-512 intrinsics
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+
+ # Stop armclang warning about feature detection for A64_CRYPTO.
+ # With this enabled, the library does build correctly under armclang,
+ # but in baremetal builds (as tested here), feature detection is
+ # unavailable, and the user is notified via a #warning. So enabling
+ # this feature would prevent us from building with -Werror on
+ # armclang. Tracked in #7198.
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+ scripts/config.py set MBEDTLS_HAVE_ASM
+
+ msg "AESCE, build with default configuration."
+ scripts/config.py set MBEDTLS_AESCE_C
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+ armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
+
+ msg "AESCE, build AESCE only"
+ scripts/config.py set MBEDTLS_AESCE_C
+ scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
+ armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
+}
+
+support_build_aes_armce() {
+ # clang >= 4 is required to build with AES extensions
+ ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
+ [ "${ver}" -ge 11 ]
+}
+
+component_build_aes_armce () {
+ # Test variations of AES with Armv8 crypto extensions
+ scripts/config.py set MBEDTLS_AESCE_C
+ scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
+
+ msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
+ make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+
+ msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
+ make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+
+ msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
+ make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+
+ msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
+ make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+
+ msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
+ make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+
+ msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
+ make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+
+ # test for presence of AES instructions
+ scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
+ msg "clang, test A32 crypto instructions built"
+ make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+ msg "clang, test T32 crypto instructions built"
+ make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+ msg "clang, test aarch64 crypto instructions built"
+ make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
+
+ # test for absence of AES instructions
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+ scripts/config.py unset MBEDTLS_AESCE_C
+ msg "clang, test A32 crypto instructions not built"
+ make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+ msg "clang, test T32 crypto instructions not built"
+ make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+ msg "clang, test aarch64 crypto instructions not built"
+ make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
+}
+
+support_build_sha_armce() {
+ if command -v clang > /dev/null ; then
+ # clang >= 4 is required to build with SHA extensions
+ clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
+
+ [[ "${clang_ver}" -ge 4 ]]
+ else
+ # clang not available
+ false
+ fi
+}
+
+component_build_sha_armce () {
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+
+
+ # Test variations of SHA256 Armv8 crypto extensions
+ scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+ msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64"
+ make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+ msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+
+
+ # test the deprecated form of the config option
+ scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+
+ scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+ msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64"
+ make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+
+
+ # test the deprecated form of the config option
+ scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
+ msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+
+
+ # examine the disassembly for presence of SHA instructions
+ for opt in MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT; do
+ scripts/config.py set ${opt}
+ msg "${opt} clang, test A32 crypto instructions built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+
+ msg "${opt} clang, test T32 crypto instructions built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+
+ msg "${opt} clang, test aarch64 crypto instructions built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
+ scripts/config.py unset ${opt}
+ done
+
+
+ # examine the disassembly for absence of SHA instructions
+ msg "clang, test A32 crypto instructions not built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
+ not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+
+ msg "clang, test T32 crypto instructions not built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
+ not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+
+ msg "clang, test aarch64 crypto instructions not built"
+ make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
+ not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
+}
+
+# For timebeing, no VIA Padlock platform available.
+component_build_aes_via_padlock () {
+
+ msg "AES:VIA PadLock, build with default configuration."
+ scripts/config.py unset MBEDTLS_AESNI_C
+ scripts/config.py set MBEDTLS_PADLOCK_C
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
+ grep -q mbedtls_padlock_has_support ./programs/test/selftest
+
+}
+
+support_build_aes_via_padlock_only () {
+ ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
+ [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
+ [ "`dpkg --print-foreign-architectures`" == "i386" ]
+}
+
+support_build_aes_aesce_armcc () {
+ support_build_armcc
}
component_test_aes_only_128_bit_keys () {
@@ -3959,12 +4898,164 @@
make test
}
+# helper for common_block_cipher_no_decrypt() which:
+# - enable/disable the list of config options passed from -s/-u respectively.
+# - build
+# - test for tests_suite_xxx
+# - selftest
+#
+# Usage: helper_block_cipher_no_decrypt_build_test
+# [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]]
+# Options: -s set_opts the list of config options to enable
+# -u unset_opts the list of config options to disable
+# -c cflags the list of options passed to CFLAGS
+# -l ldflags the list of options passed to LDFLAGS
+helper_block_cipher_no_decrypt_build_test () {
+ while [ $# -gt 0 ]; do
+ case "$1" in
+ -s)
+ shift; local set_opts="$1";;
+ -u)
+ shift; local unset_opts="$1";;
+ -c)
+ shift; local cflags="-Werror -Wall -Wextra $1";;
+ -l)
+ shift; local ldflags="$1";;
+ esac
+ shift
+ done
+ set_opts="${set_opts:-}"
+ unset_opts="${unset_opts:-}"
+ cflags="${cflags:-}"
+ ldflags="${ldflags:-}"
+
+ [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts
+ [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts
+
+ msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
+ make clean
+ make CC=gcc CFLAGS="$cflags" LDFLAGS="$ldflags"
+
+ # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
+ not grep mbedtls_aes_setkey_dec library/aes.o
+ not grep mbedtls_aria_setkey_dec library/aria.o
+ not grep mbedtls_camellia_setkey_dec library/camellia.o
+ # Make sure we don't have mbedtls_internal_aes_decrypt in AES
+ not grep mbedtls_internal_aes_decrypt library/aes.o
+ # Make sure we don't have mbedtls_aesni_inverse_key in AESNI
+ not grep mbedtls_aesni_inverse_key library/aesni.o
+
+ msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
+ make test
+
+ msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}"
+ programs/test/selftest
+}
+
+# This is a common configuration function used in:
+# - component_test_block_cipher_no_decrypt_aesni_legacy()
+# - component_test_block_cipher_no_decrypt_aesni_use_psa()
+# in order to test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics,
+# AESNI assembly and AES C implementation on x86_64 and with AESNI intrinsics
+# on x86.
+common_block_cipher_no_decrypt () {
+ # test AESNI intrinsics
+ helper_block_cipher_no_decrypt_build_test \
+ -s "MBEDTLS_AESNI_C" \
+ -c "-mpclmul -msse2 -maes"
+
+ # test AESNI assembly
+ helper_block_cipher_no_decrypt_build_test \
+ -s "MBEDTLS_AESNI_C" \
+ -c "-mno-pclmul -mno-sse2 -mno-aes"
+
+ # test AES C implementation
+ helper_block_cipher_no_decrypt_build_test \
+ -u "MBEDTLS_AESNI_C"
+
+ # test AESNI intrinsics for i386 target
+ helper_block_cipher_no_decrypt_build_test \
+ -s "MBEDTLS_AESNI_C" \
+ -c "-m32 -mpclmul -msse2 -maes" \
+ -l "-m32"
+}
+
+# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx:
+# usage: 0: no PSA crypto configuration
+# 1: use PSA crypto configuration
+config_block_cipher_no_decrypt () {
+ use_psa=$1
+
+ scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
+ scripts/config.py unset MBEDTLS_DES_C
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+
+ if [ "$use_psa" -eq 1 ]; then
+ # Enable support for cryptographic mechanisms through the PSA API.
+ # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
+ fi
+}
+
+component_test_block_cipher_no_decrypt_aesni () {
+ config_block_cipher_no_decrypt 0
+ common_block_cipher_no_decrypt
+}
+
+component_test_block_cipher_no_decrypt_aesni_use_psa () {
+ config_block_cipher_no_decrypt 1
+ common_block_cipher_no_decrypt
+}
+
+support_test_block_cipher_no_decrypt_aesce_armcc () {
+ support_build_armcc
+}
+
+component_test_block_cipher_no_decrypt_aesce_armcc () {
+ scripts/config.py baremetal
+
+ # armc[56] don't support SHA-512 intrinsics
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+
+ # Stop armclang warning about feature detection for A64_CRYPTO.
+ # With this enabled, the library does build correctly under armclang,
+ # but in baremetal builds (as tested here), feature detection is
+ # unavailable, and the user is notified via a #warning. So enabling
+ # this feature would prevent us from building with -Werror on
+ # armclang. Tracked in #7198.
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py set MBEDTLS_HAVE_ASM
+
+ config_block_cipher_no_decrypt 1
+
+ # test AESCE baremetal build
+ scripts/config.py set MBEDTLS_AESCE_C
+ msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
+ armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
+
+ # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
+ not grep mbedtls_aes_setkey_dec library/aes.o
+ not grep mbedtls_aria_setkey_dec library/aria.o
+ not grep mbedtls_camellia_setkey_dec library/camellia.o
+ # Make sure we don't have mbedtls_internal_aes_decrypt in AES
+ not grep mbedtls_internal_aes_decrypt library/aes.o
+ # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE
+ not grep mbedtls_aesce_inverse_key library/aesce.o
+ not grep aesce_decrypt_block library/aesce.o
+}
+
component_test_ctr_drbg_aes_256_sha_256 () {
msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
scripts/config.py full
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
@@ -3976,7 +5067,7 @@
scripts/config.py full
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
@@ -3989,7 +5080,7 @@
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
@@ -4006,16 +5097,16 @@
}
component_test_psa_crypto_drivers () {
- msg "build: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
+ msg "build: full + test drivers dispatching to builtins"
scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
loc_cflags="${loc_cflags} -I../tests/include -O2"
- make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" $MAKE_THREADING_FLAGS
- msg "test: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
+ msg "test: full + test drivers dispatching to builtins"
make test
}
@@ -4040,7 +5131,7 @@
$cc --version
for opt in "$@"; do
msg "build/test: $cc $opt, $info" # ~ 30s
- make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
+ make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" $MAKE_THREADING_FLAGS
# We're confident enough in compilers to not run _all_ the tests,
# but at least run the unit tests. In particular, runs with
# optimizations use inline assembly whereas runs with -O0
@@ -4095,7 +5186,7 @@
msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
scripts/config.py -w full_config.h full
echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H"
- make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
+ make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" $MAKE_THREADING_FLAGS
# Make sure this feature is enabled. We'll disable it in the next phase.
programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
make clean
@@ -4104,7 +5195,7 @@
# In the user config, disable one feature (for simplicity, pick a feature
# that nothing else depends on).
echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
- make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'"
+ make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" $MAKE_THREADING_FLAGS
not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
rm -f user_config.h full_config.h
@@ -4152,17 +5243,23 @@
programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H
}
-component_test_m32_o0 () {
- # Build without optimization, so as to use portable C code (in a 32-bit
+component_test_m32_no_asm () {
+ # Build without assembly, so as to use portable C code (in a 32-bit
# build) and not the i386-specific inline assembly.
- msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
+ #
+ # Note that we require gcc, because clang Asan builds fail to link for
+ # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue).
+ msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
scripts/config.py full
- make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS"
+ scripts/config.py unset MBEDTLS_HAVE_ASM
+ scripts/config.py unset MBEDTLS_PADLOCK_C
+ scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS
- msg "test: i386, make, gcc -O0 (ASan build)"
+ msg "test: i386, make, gcc, no asm (ASan build)"
make test
}
-support_test_m32_o0 () {
+support_test_m32_no_asm () {
case $(uname -m) in
amd64|x86_64) true;;
*) false;;
@@ -4174,7 +5271,8 @@
# and go faster for tests.
msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
scripts/config.py full
- make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
+ scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" $MAKE_THREADING_FLAGS
msg "test: i386, make, gcc -O2 (ASan build)"
make test
@@ -4183,13 +5281,14 @@
tests/ssl-opt.sh
}
support_test_m32_o2 () {
- support_test_m32_o0 "$@"
+ support_test_m32_no_asm "$@"
}
component_test_m32_everest () {
msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
- make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
+ scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
@@ -4202,13 +5301,13 @@
tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
}
support_test_m32_everest () {
- support_test_m32_o0 "$@"
+ support_test_m32_no_asm "$@"
}
component_test_mx32 () {
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
scripts/config.py full
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' $MAKE_THREADING_FLAGS
msg "test: 64-bit ILP32, make, gcc"
make test
@@ -4223,7 +5322,7 @@
component_test_min_mpi_window_size () {
msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s
scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
@@ -4272,7 +5371,7 @@
msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
scripts/config.py full
scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
- make CFLAGS='-Werror -O1'
+ make CFLAGS='-Werror -O1' $MAKE_THREADING_FLAGS
msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
make test
@@ -4282,7 +5381,7 @@
msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
scripts/config.py full
scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
- make CFLAGS='-Werror -O1'
+ make CFLAGS='-Werror -O1' $MAKE_THREADING_FLAGS
msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
make test
@@ -4296,7 +5395,7 @@
scripts/config.py unset MBEDTLS_ERROR_C
scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY
scripts/config.py unset MBEDTLS_VERSION_FEATURES
- make CFLAGS='-Werror -Os'
+ make CFLAGS='-Werror -Os' $MAKE_THREADING_FLAGS
msg "test: no strings" # ~ 10s
make test
@@ -4307,7 +5406,7 @@
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl set MBEDTLS_X509_REMOVE_INFO
- make CFLAGS='-Werror -O2'
+ make CFLAGS='-Werror -O2' $MAKE_THREADING_FLAGS
msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
make test
@@ -4410,13 +5509,16 @@
# armc[56] don't support SHA-512 intrinsics
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm
+ scripts/config.py unset MBEDTLS_AESCE_C
+
# Stop armclang warning about feature detection for A64_CRYPTO.
# With this enabled, the library does build correctly under armclang,
# but in baremetal builds (as tested here), feature detection is
# unavailable, and the user is notified via a #warning. So enabling
# this feature would prevent us from building with -Werror on
# armclang. Tracked in #7198.
- scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
scripts/config.py set MBEDTLS_HAVE_ASM
@@ -4425,8 +5527,6 @@
msg "size: ARM Compiler 5"
"$ARMC5_FROMELF" -z library/*.o
- make clean
-
# Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
# ARM Compiler 6 - Target ARMv7-A
@@ -4444,14 +5544,18 @@
# ARM Compiler 6 - Target ARMv8-M
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
- # ARM Compiler 6 - Target ARMv8.2-A - AArch64
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
-
# ARM Compiler 6 - Target Cortex-M0 - no optimisation
armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
# ARM Compiler 6 - Target Cortex-M0
armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
+
+ # ARM Compiler 6 - Target ARMv8.2-A - AArch64
+ #
+ # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
+ # that we have in our CI
+ scripts/config.py set MBEDTLS_AESCE_C
+ armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
}
support_build_armcc () {
@@ -4603,7 +5707,7 @@
scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
make test
@@ -4617,7 +5721,7 @@
scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
scripts/config.py set MBEDTLS_SSL_EARLY_DATA
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
make test
@@ -4642,15 +5746,20 @@
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs
# note Make tests only builds the tests, but doesn't run them
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests
make WINDOWS_BUILD=1 clean
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests
+ make WINDOWS_BUILD=1 clean
+
+ msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESNI_C)" # ~ 30s
+ ./scripts/config.py unset MBEDTLS_AESNI_C #
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib
make WINDOWS_BUILD=1 clean
}
support_build_mingw() {
@@ -4669,6 +5778,12 @@
msg "test: main suites (MSan)" # ~ 10s
make test
+ msg "test: metatests (MSan)"
+ tests/scripts/run-metatests.sh any msan
+
+ msg "program demos (MSan)" # ~20s
+ tests/scripts/run_demos.py
+
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
tests/ssl-opt.sh
@@ -4680,7 +5795,7 @@
fi
}
-component_test_valgrind () {
+component_release_test_valgrind () {
msg "build: Release (clang)"
# default config, in particular without MBEDTLS_USE_PSA_CRYPTO
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
@@ -4708,7 +5823,7 @@
fi
}
-component_test_valgrind_psa () {
+component_release_test_valgrind_psa () {
msg "build: Release, full (clang)"
# full config, in particular with MBEDTLS_USE_PSA_CRYPTO
scripts/config.py full
@@ -4750,11 +5865,16 @@
}
component_test_cmake_out_of_source () {
+ # Remove existing generated files so that we use the ones cmake
+ # generates
+ make neat
+
msg "build: cmake 'out-of-source' build"
MBEDTLS_ROOT_DIR="$PWD"
mkdir "$OUT_OF_SOURCE_DIR"
cd "$OUT_OF_SOURCE_DIR"
- cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR"
+ # Note: Explicitly generate files as these are turned off in releases
+ cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR"
make
msg "test: cmake 'out-of-source' build"
@@ -4775,9 +5895,14 @@
}
component_test_cmake_as_subdirectory () {
+ # Remove existing generated files so that we use the ones CMake
+ # generates
+ make neat
+
msg "build: cmake 'as-subdirectory' build"
cd programs/test/cmake_subproject
- cmake .
+ # Note: Explicitly generate files as these are turned off in releases
+ cmake -D GEN_FILES=ON .
make
./cmake_subproject
}
@@ -4786,6 +5911,10 @@
}
component_test_cmake_as_package () {
+ # Remove existing generated files so that we use the ones CMake
+ # generates
+ make neat
+
msg "build: cmake 'as-package' build"
cd programs/test/cmake_package
cmake .
@@ -4797,6 +5926,10 @@
}
component_test_cmake_as_package_install () {
+ # Remove existing generated files so that we use the ones CMake
+ # generates
+ make neat
+
msg "build: cmake 'as-installed-package' build"
cd programs/test/cmake_package_install
cmake .
@@ -4870,6 +6003,16 @@
}
+component_build_zeroize_checks () {
+ msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()"
+
+ scripts/config.py full
+
+ # Only compile - we're looking for sizeof-pointer-memaccess warnings
+ make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" $MAKE_THREADING_FLAGS
+}
+
+
component_test_zeroize () {
# Test that the function mbedtls_platform_zeroize() is not optimized away by
# different combinations of compilers and optimization flags by using an
@@ -4946,6 +6089,7 @@
python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
}
+
################################################################
#### Termination
################################################################
@@ -5052,7 +6196,9 @@
pre_print_configuration
pre_check_tools
cleanup
-pre_generate_files
+if in_mbedtls_repo; then
+ pre_generate_files
+fi
# Run the requested tests.
for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index f3a14a9..d3ea8c0 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -12,9 +12,36 @@
import re
import subprocess
import os
+import typing
import check_test_cases
+
+# `ComponentOutcomes` is a named tuple which is defined as:
+# ComponentOutcomes(
+# successes = {
+# "<suite_case>",
+# ...
+# },
+# failures = {
+# "<suite_case>",
+# ...
+# }
+# )
+# suite_case = "<suite>;<case>"
+ComponentOutcomes = typing.NamedTuple('ComponentOutcomes',
+ [('successes', typing.Set[str]),
+ ('failures', typing.Set[str])])
+
+# `Outcomes` is a representation of the outcomes file,
+# which defined as:
+# Outcomes = {
+# "<component>": ComponentOutcomes,
+# ...
+# }
+Outcomes = typing.Dict[str, ComponentOutcomes]
+
+
class Results:
"""Process analysis results."""
@@ -22,161 +49,171 @@
self.error_count = 0
self.warning_count = 0
- @staticmethod
- def log(fmt, *args, **kwargs):
- sys.stderr.write((fmt + '\n').format(*args, **kwargs))
+ def new_section(self, fmt, *args, **kwargs):
+ self._print_line('\n*** ' + fmt + ' ***\n', *args, **kwargs)
+
+ def info(self, fmt, *args, **kwargs):
+ self._print_line('Info: ' + fmt, *args, **kwargs)
def error(self, fmt, *args, **kwargs):
- self.log('Error: ' + fmt, *args, **kwargs)
self.error_count += 1
+ self._print_line('Error: ' + fmt, *args, **kwargs)
def warning(self, fmt, *args, **kwargs):
- self.log('Warning: ' + fmt, *args, **kwargs)
self.warning_count += 1
+ self._print_line('Warning: ' + fmt, *args, **kwargs)
-class TestCaseOutcomes:
- """The outcomes of one test case across many configurations."""
- # pylint: disable=too-few-public-methods
+ @staticmethod
+ def _print_line(fmt, *args, **kwargs):
+ sys.stderr.write((fmt + '\n').format(*args, **kwargs))
- def __init__(self):
- # Collect a list of witnesses of the test case succeeding or failing.
- # Currently we don't do anything with witnesses except count them.
- # The format of a witness is determined by the read_outcome_file
- # function; it's the platform and configuration joined by ';'.
- self.successes = []
- self.failures = []
-
- def hits(self):
- """Return the number of times a test case has been run.
-
- This includes passes and failures, but not skips.
- """
- return len(self.successes) + len(self.failures)
-
-def execute_reference_driver_tests(ref_component, driver_component, outcome_file):
+def execute_reference_driver_tests(results: Results, ref_component: str, driver_component: str, \
+ outcome_file: str) -> None:
"""Run the tests specified in ref_component and driver_component. Results
are stored in the output_file and they will be used for the following
coverage analysis"""
- # If the outcome file already exists, we assume that the user wants to
- # perform the comparison analysis again without repeating the tests.
- if os.path.exists(outcome_file):
- Results.log("Outcome file (" + outcome_file + ") already exists. " + \
- "Tests will be skipped.")
- return
+ results.new_section("Test {} and {}", ref_component, driver_component)
shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \
" " + ref_component + " " + driver_component
- Results.log("Running: " + shell_command)
+ results.info("Running: {}", shell_command)
ret_val = subprocess.run(shell_command.split(), check=False).returncode
if ret_val != 0:
- Results.log("Error: failed to run reference/driver components")
- sys.exit(ret_val)
+ results.error("failed to run reference/driver components")
-def analyze_coverage(results, outcomes):
+def analyze_coverage(results: Results, outcomes: Outcomes,
+ allow_list: typing.List[str], full_coverage: bool) -> None:
"""Check that all available test cases are executed at least once."""
available = check_test_cases.collect_available_test_cases()
- for key in available:
- hits = outcomes[key].hits() if key in outcomes else 0
- if hits == 0:
- # Make this a warning, not an error, as long as we haven't
- # fixed this branch to have full coverage of test cases.
- results.warning('Test case not executed: {}', key)
+ for suite_case in available:
+ hit = any(suite_case in comp_outcomes.successes or
+ suite_case in comp_outcomes.failures
+ for comp_outcomes in outcomes.values())
-def analyze_driver_vs_reference(outcomes, component_ref, component_driver,
- ignored_suites, ignored_test=None):
- """Check that all tests executed in the reference component are also
- executed in the corresponding driver component.
+ if not hit and suite_case not in allow_list:
+ if full_coverage:
+ results.error('Test case not executed: {}', suite_case)
+ else:
+ results.warning('Test case not executed: {}', suite_case)
+ elif hit and suite_case in allow_list:
+ # Test Case should be removed from the allow list.
+ if full_coverage:
+ results.error('Allow listed test case was executed: {}', suite_case)
+ else:
+ results.warning('Allow listed test case was executed: {}', suite_case)
+
+def name_matches_pattern(name: str, str_or_re) -> bool:
+ """Check if name matches a pattern, that may be a string or regex.
+ - If the pattern is a string, name must be equal to match.
+ - If the pattern is a regex, name must fully match.
+ """
+ # The CI's python is too old for re.Pattern
+ #if isinstance(str_or_re, re.Pattern):
+ if not isinstance(str_or_re, str):
+ return str_or_re.fullmatch(name) is not None
+ else:
+ return str_or_re == name
+
+def analyze_driver_vs_reference(results: Results, outcomes: Outcomes,
+ component_ref: str, component_driver: str,
+ ignored_suites: typing.List[str], ignored_tests=None) -> None:
+ """Check that all tests passing in the reference component are also
+ passing in the corresponding driver component.
Skip:
- full test suites provided in ignored_suites list
- only some specific test inside a test suite, for which the corresponding
output string is provided
"""
- available = check_test_cases.collect_available_test_cases()
- result = True
+ ref_outcomes = outcomes.get("component_" + component_ref)
+ driver_outcomes = outcomes.get("component_" + component_driver)
- for key in available:
- # Continue if test was not executed by any component
- hits = outcomes[key].hits() if key in outcomes else 0
- if hits == 0:
- continue
- # Skip ignored test suites
- full_test_suite = key.split(';')[0] # retrieve full test suite name
- test_string = key.split(';')[1] # retrieve the text string of this test
+ if ref_outcomes is None or driver_outcomes is None:
+ results.error("required components are missing: bad outcome file?")
+ return
+
+ if not ref_outcomes.successes:
+ results.error("no passing test in reference component: bad outcome file?")
+ return
+
+ for suite_case in ref_outcomes.successes:
+ # suite_case is like "test_suite_foo.bar;Description of test case"
+ (full_test_suite, test_string) = suite_case.split(';')
test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name
+
+ # Immediately skip fully-ignored test suites
if test_suite in ignored_suites or full_test_suite in ignored_suites:
continue
- if ((full_test_suite in ignored_test) and
- (test_string in ignored_test[full_test_suite])):
- continue
- # Search for tests that run in reference component and not in driver component
- driver_test_passed = False
- reference_test_passed = False
- for entry in outcomes[key].successes:
- if component_driver in entry:
- driver_test_passed = True
- if component_ref in entry:
- reference_test_passed = True
- if(reference_test_passed and not driver_test_passed):
- Results.log(key)
- result = False
- return result
-def analyze_outcomes(outcomes):
+ # For ignored test cases inside test suites, just remember and:
+ # don't issue an error if they're skipped with drivers,
+ # but issue an error if they're not (means we have a bad entry).
+ ignored = False
+ if full_test_suite in ignored_tests:
+ for str_or_re in ignored_tests[test_suite]:
+ if name_matches_pattern(test_string, str_or_re):
+ ignored = True
+
+ if not ignored and not suite_case in driver_outcomes.successes:
+ results.error("PASS -> SKIP/FAIL: {}", suite_case)
+ if ignored and suite_case in driver_outcomes.successes:
+ results.error("uselessly ignored: {}", suite_case)
+
+def analyze_outcomes(results: Results, outcomes: Outcomes, args) -> None:
"""Run all analyses on the given outcome collection."""
- results = Results()
- analyze_coverage(results, outcomes)
- return results
+ analyze_coverage(results, outcomes, args['allow_list'],
+ args['full_coverage'])
-def read_outcome_file(outcome_file):
+def read_outcome_file(outcome_file: str) -> Outcomes:
"""Parse an outcome file and return an outcome collection.
-
-An outcome collection is a dictionary mapping keys to TestCaseOutcomes objects.
-The keys are the test suite name and the test case description, separated
-by a semicolon.
-"""
+ """
outcomes = {}
with open(outcome_file, 'r', encoding='utf-8') as input_file:
for line in input_file:
- (platform, config, suite, case, result, _cause) = line.split(';')
- key = ';'.join([suite, case])
- setup = ';'.join([platform, config])
- if key not in outcomes:
- outcomes[key] = TestCaseOutcomes()
+ (_platform, component, suite, case, result, _cause) = line.split(';')
+ # Note that `component` is not unique. If a test case passes on Linux
+ # and fails on FreeBSD, it'll end up in both the successes set and
+ # the failures set.
+ suite_case = ';'.join([suite, case])
+ if component not in outcomes:
+ outcomes[component] = ComponentOutcomes(set(), set())
if result == 'PASS':
- outcomes[key].successes.append(setup)
+ outcomes[component].successes.add(suite_case)
elif result == 'FAIL':
- outcomes[key].failures.append(setup)
+ outcomes[component].failures.add(suite_case)
+
return outcomes
-def do_analyze_coverage(outcome_file, args):
+def do_analyze_coverage(results: Results, outcomes: Outcomes, args) -> None:
"""Perform coverage analysis."""
- del args # unused
- outcomes = read_outcome_file(outcome_file)
- Results.log("\n*** Analyze coverage ***\n")
- results = analyze_outcomes(outcomes)
- return results.error_count == 0
+ results.new_section("Analyze coverage")
+ analyze_outcomes(results, outcomes, args)
-def do_analyze_driver_vs_reference(outcome_file, args):
+def do_analyze_driver_vs_reference(results: Results, outcomes: Outcomes, args) -> None:
"""Perform driver vs reference analyze."""
- execute_reference_driver_tests(args['component_ref'], \
- args['component_driver'], outcome_file)
+ results.new_section("Analyze driver {} vs reference {}",
+ args['component_driver'], args['component_ref'])
ignored_suites = ['test_suite_' + x for x in args['ignored_suites']]
- outcomes = read_outcome_file(outcome_file)
- Results.log("\n*** Analyze driver {} vs reference {} ***\n".format(
- args['component_driver'], args['component_ref']))
- return analyze_driver_vs_reference(outcomes, args['component_ref'],
- args['component_driver'], ignored_suites,
- args['ignored_tests'])
+ analyze_driver_vs_reference(results, outcomes,
+ args['component_ref'], args['component_driver'],
+ ignored_suites, args['ignored_tests'])
# List of tasks with a function that can handle this task and additional arguments if required
-TASKS = {
+KNOWN_TASKS = {
'analyze_coverage': {
'test_function': do_analyze_coverage,
- 'args': {}
- },
+ 'args': {
+ 'allow_list': [
+ # Algorithm not supported yet
+ 'test_suite_psa_crypto_metadata;Asymmetric signature: pure EdDSA',
+ # Algorithm not supported yet
+ 'test_suite_psa_crypto_metadata;Cipher: XTS',
+ ],
+ 'full_coverage': False,
+ }
+ },
# There are 2 options to use analyze_driver_vs_reference_xxx locally:
# 1. Run tests and then analysis:
# - tests/scripts/all.sh --outcome-file "$PWD/out.csv" <component_ref> <component_driver>
@@ -191,8 +228,73 @@
'ignored_suites': [
'shax', 'mdx', # the software implementations that are being excluded
'md.psa', # purposefully depends on whether drivers are present
+ 'psa_crypto_low_hash.generated', # testing the builtins
],
'ignored_tests': {
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ }
+ }
+ },
+ 'analyze_driver_vs_reference_cipher_aead': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_cipher_aead',
+ 'component_driver': 'test_psa_crypto_config_accel_cipher_aead',
+ # Modules replaced by drivers.
+ 'ignored_suites': [
+ # low-level (block/stream) cipher modules
+ 'aes', 'aria', 'camellia', 'des', 'chacha20',
+ # AEAD modes
+ 'ccm', 'chachapoly', 'cmac', 'gcm',
+ # The Cipher abstraction layer
+ 'cipher',
+ ],
+ 'ignored_tests': {
+ # PEM decryption is not supported so far.
+ # The rest of PEM (write, unencrypted read) works though.
+ 'test_suite_pem': [
+ re.compile(r'PEM read .*(AES|DES|\bencrypt).*'),
+ ],
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # Following tests depend on AES_C/DES_C but are not about
+ # them really, just need to know some error code is there.
+ 'test_suite_error': [
+ 'Low and high error',
+ 'Single low error'
+ ],
+ # Similar to test_suite_error above.
+ 'test_suite_version': [
+ 'Check for MBEDTLS_AES_C when already present',
+ ],
+ # The en/decryption part of PKCS#12 is not supported so far.
+ # The rest of PKCS#12 (key derivation) works though.
+ 'test_suite_pkcs12': [
+ re.compile(r'PBE Encrypt, .*'),
+ re.compile(r'PBE Decrypt, .*'),
+ ],
+ # The en/decryption part of PKCS#5 is not supported so far.
+ # The rest of PKCS#5 (PBKDF2) works though.
+ 'test_suite_pkcs5': [
+ re.compile(r'PBES2 Encrypt, .*'),
+ re.compile(r'PBES2 Decrypt .*'),
+ ],
+ # Encrypted keys are not supported so far.
+ # pylint: disable=line-too-long
+ 'test_suite_pkparse': [
+ 'Key ASN1 (Encrypted key PKCS12, trailing garbage data)',
+ 'Key ASN1 (Encrypted key PKCS5, trailing garbage data)',
+ re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'),
+ ],
}
}
},
@@ -202,11 +304,19 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_ecp_light_only',
'component_driver': 'test_psa_crypto_config_accel_ecc_ecp_light_only',
'ignored_suites': [
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
+ # Modules replaced by drivers
+ 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # This test wants a legacy function that takes f_rng, p_rng
+ # arguments, and uses legacy ECDSA for that. The test is
+ # really about the wrapper around the PSA RNG, not ECDSA.
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
@@ -214,39 +324,15 @@
# so we must ignore disparities in the tests for which ECP_C
# is required.
'test_suite_ecp': [
- 'ECP check public-private #1 (OK)',
- 'ECP check public-private #2 (group none)',
- 'ECP check public-private #3 (group mismatch)',
- 'ECP check public-private #4 (Qx mismatch)',
- 'ECP check public-private #5 (Qy mismatch)',
- 'ECP check public-private #6 (wrong Qx)',
- 'ECP check public-private #7 (wrong Qy)',
- 'ECP gen keypair [#1]',
- 'ECP gen keypair [#2]',
- 'ECP gen keypair [#3]',
- 'ECP gen keypair wrapper',
- 'ECP point muladd secp256r1 #1',
- 'ECP point muladd secp256r1 #2',
- 'ECP point multiplication Curve25519 (element of order 2: origin) #3',
- 'ECP point multiplication Curve25519 (element of order 4: 1) #4',
- 'ECP point multiplication Curve25519 (element of order 8) #5',
- 'ECP point multiplication Curve25519 (normalized) #1',
- 'ECP point multiplication Curve25519 (not normalized) #2',
- 'ECP point multiplication rng fail Curve25519',
- 'ECP point multiplication rng fail secp256r1',
- 'ECP test vectors Curve25519',
- 'ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate)',
- 'ECP test vectors brainpoolP256r1 rfc 7027',
- 'ECP test vectors brainpoolP384r1 rfc 7027',
- 'ECP test vectors brainpoolP512r1 rfc 7027',
- 'ECP test vectors secp192k1',
- 'ECP test vectors secp192r1 rfc 5114',
- 'ECP test vectors secp224k1',
- 'ECP test vectors secp224r1 rfc 5114',
- 'ECP test vectors secp256k1',
- 'ECP test vectors secp256r1 rfc 5114',
- 'ECP test vectors secp384r1 rfc 5114',
- 'ECP test vectors secp521r1 rfc 5114',
+ re.compile(r'ECP check public-private .*'),
+ re.compile(r'ECP gen keypair .*'),
+ re.compile(r'ECP point muladd .*'),
+ re.compile(r'ECP point multiplication .*'),
+ re.compile(r'ECP test vectors .*'),
+ ],
+ 'test_suite_ssl': [
+ # This deprecated function is only present when ECP_C is On.
+ 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
}
}
@@ -257,32 +343,20 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_no_ecp_at_all',
'component_driver': 'test_psa_crypto_config_accel_ecc_no_ecp_at_all',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
'test_suite_pkparse': [
# When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
# is automatically enabled in build_info.h (backward compatibility)
@@ -290,22 +364,98 @@
# consequence compressed points are supported in the reference
# component but not in the accelerated one, so they should be skipped
# while checking driver's coverage.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
+ ],
+ # See ecp_light_only
+ 'test_suite_ssl': [
+ 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
+ ],
+ }
+ }
+ },
+ 'analyze_driver_vs_reference_ecc_no_bignum': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum',
+ 'component_driver': 'test_psa_crypto_config_accel_ecc_no_bignum',
+ 'ignored_suites': [
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
+ ],
+ 'ignored_tests': {
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # See ecp_light_only
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ # See no_ecp_at_all
+ 'test_suite_pkparse': [
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
+ ],
+ 'test_suite_asn1parse': [
+ 'INTEGER too large for mpi',
+ ],
+ 'test_suite_asn1write': [
+ re.compile(r'ASN.1 Write mpi.*'),
+ ],
+ 'test_suite_debug': [
+ re.compile(r'Debug print mbedtls_mpi.*'),
+ ],
+ # See ecp_light_only
+ 'test_suite_ssl': [
+ 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
+ ],
+ }
+ }
+ },
+ 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum',
+ 'component_driver': 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum',
+ 'ignored_suites': [
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
+ ],
+ 'ignored_tests': {
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # See ecp_light_only
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ # See no_ecp_at_all
+ 'test_suite_pkparse': [
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
+ ],
+ 'test_suite_asn1parse': [
+ 'INTEGER too large for mpi',
+ ],
+ 'test_suite_asn1write': [
+ re.compile(r'ASN.1 Write mpi.*'),
+ ],
+ 'test_suite_debug': [
+ re.compile(r'Debug print mbedtls_mpi.*'),
+ ],
+ # See ecp_light_only
+ 'test_suite_ssl': [
+ 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
}
}
@@ -316,50 +466,144 @@
'component_ref': 'test_psa_crypto_config_reference_ffdh',
'component_driver': 'test_psa_crypto_config_accel_ffdh',
'ignored_suites': ['dhm'],
- 'ignored_tests': {}
+ 'ignored_tests': {
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ }
}
},
+ 'analyze_driver_vs_reference_tfm_config': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_tfm_config',
+ 'component_driver': 'test_tfm_config_p256m_driver_accel_ec',
+ 'ignored_suites': [
+ # Modules replaced by drivers
+ 'asn1parse', 'asn1write',
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
+ ],
+ 'ignored_tests': {
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # See ecp_light_only
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ }
+ }
+ },
+ 'analyze_driver_vs_reference_rsa': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_rsa_crypto',
+ 'component_driver': 'test_psa_crypto_config_accel_rsa_crypto',
+ 'ignored_suites': [
+ # Modules replaced by drivers.
+ 'rsa', 'pkcs1_v15', 'pkcs1_v21',
+ # We temporarily don't care about PK stuff.
+ 'pk', 'pkwrite', 'pkparse'
+ ],
+ 'ignored_tests': {
+ 'test_suite_platform': [
+ # Incompatible with sanitizers (e.g. ASan). If the driver
+ # component uses a sanitizer but the reference component
+ # doesn't, we have a PASS vs SKIP mismatch.
+ 'Check mbedtls_calloc overallocation',
+ ],
+ # Following tests depend on RSA_C but are not about
+ # them really, just need to know some error code is there.
+ 'test_suite_error': [
+ 'Low and high error',
+ 'Single high error'
+ ],
+ # Constant time operations only used for PKCS1_V15
+ 'test_suite_constant_time': [
+ re.compile(r'mbedtls_ct_zeroize_if .*'),
+ re.compile(r'mbedtls_ct_memmove_left .*')
+ ],
+ }
+ }
+ }
}
def main():
+ main_results = Results()
+
try:
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument('outcomes', metavar='OUTCOMES.CSV',
help='Outcome file to analyze')
- parser.add_argument('task', default='all', nargs='?',
+ parser.add_argument('specified_tasks', default='all', nargs='?',
help='Analysis to be done. By default, run all tasks. '
'With one or more TASK, run only those. '
'TASK can be the name of a single task or '
'comma/space-separated list of tasks. ')
parser.add_argument('--list', action='store_true',
help='List all available tasks and exit.')
+ parser.add_argument('--require-full-coverage', action='store_true',
+ dest='full_coverage', help="Require all available "
+ "test cases to be executed and issue an error "
+ "otherwise. This flag is ignored if 'task' is "
+ "neither 'all' nor 'analyze_coverage'")
options = parser.parse_args()
if options.list:
- for task in TASKS:
- Results.log(task)
+ for task in KNOWN_TASKS:
+ print(task)
sys.exit(0)
- result = True
-
- if options.task == 'all':
- tasks = TASKS.keys()
+ if options.specified_tasks == 'all':
+ tasks_list = KNOWN_TASKS.keys()
else:
- tasks = re.split(r'[, ]+', options.task)
+ tasks_list = re.split(r'[, ]+', options.specified_tasks)
+ for task in tasks_list:
+ if task not in KNOWN_TASKS:
+ sys.stderr.write('invalid task: {}\n'.format(task))
+ sys.exit(2)
- for task in tasks:
- if task not in TASKS:
- Results.log('Error: invalid task: {}'.format(task))
- sys.exit(1)
+ KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage
- for task in TASKS:
- if task in tasks:
- if not TASKS[task]['test_function'](options.outcomes, TASKS[task]['args']):
- result = False
+ # If the outcome file exists, parse it once and share the result
+ # among tasks to improve performance.
+ # Otherwise, it will be generated by execute_reference_driver_tests.
+ if not os.path.exists(options.outcomes):
+ if len(tasks_list) > 1:
+ sys.stderr.write("mutiple tasks found, please provide a valid outcomes file.\n")
+ sys.exit(2)
- if result is False:
- sys.exit(1)
- Results.log("SUCCESS :-)")
+ task_name = tasks_list[0]
+ task = KNOWN_TASKS[task_name]
+ if task['test_function'] != do_analyze_driver_vs_reference: # pylint: disable=comparison-with-callable
+ sys.stderr.write("please provide valid outcomes file for {}.\n".format(task_name))
+ sys.exit(2)
+
+ execute_reference_driver_tests(main_results,
+ task['args']['component_ref'],
+ task['args']['component_driver'],
+ options.outcomes)
+
+ outcomes = read_outcome_file(options.outcomes)
+
+ for task in tasks_list:
+ test_function = KNOWN_TASKS[task]['test_function']
+ test_args = KNOWN_TASKS[task]['args']
+ test_function(main_results, outcomes, test_args)
+
+ main_results.info("Overall results: {} warnings and {} errors",
+ main_results.warning_count, main_results.error_count)
+
+ sys.exit(0 if (main_results.error_count == 0) else 1)
+
except Exception: # pylint: disable=broad-except
# Print the backtrace and exit explicitly with our chosen status.
traceback.print_exc()
diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py
index 5506e40..96b705a 100755
--- a/tests/scripts/audit-validity-dates.py
+++ b/tests/scripts/audit-validity-dates.py
@@ -1,19 +1,7 @@
#!/usr/bin/env python3
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
"""Audit validity date of X509 crt/crl/csr.
@@ -24,7 +12,6 @@
"""
import os
-import sys
import re
import typing
import argparse
@@ -43,6 +30,7 @@
import scripts_path # pylint: disable=unused-import
from mbedtls_dev import build_tree
+from mbedtls_dev import logging_util
def check_cryptography_version():
match = re.match(r'^[0-9]+', cryptography.__version__)
@@ -276,7 +264,7 @@
@staticmethod
def find_test_dir():
- """Get the relative path for the MbedTLS test directory."""
+ """Get the relative path for the Mbed TLS test directory."""
return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests')
@@ -393,38 +381,6 @@
loc))
-def configure_logger(logger: logging.Logger) -> None:
- """
- Configure the logging.Logger instance so that:
- - Format is set to "[%(levelname)s]: %(message)s".
- - loglevel >= WARNING are printed to stderr.
- - loglevel < WARNING are printed to stdout.
- """
- class MaxLevelFilter(logging.Filter):
- # pylint: disable=too-few-public-methods
- def __init__(self, max_level, name=''):
- super().__init__(name)
- self.max_level = max_level
-
- def filter(self, record: logging.LogRecord) -> bool:
- return record.levelno <= self.max_level
-
- log_formatter = logging.Formatter("[%(levelname)s]: %(message)s")
-
- # set loglevel >= WARNING to be printed to stderr
- stderr_hdlr = logging.StreamHandler(sys.stderr)
- stderr_hdlr.setLevel(logging.WARNING)
- stderr_hdlr.setFormatter(log_formatter)
-
- # set loglevel <= INFO to be printed to stdout
- stdout_hdlr = logging.StreamHandler(sys.stdout)
- stdout_hdlr.addFilter(MaxLevelFilter(logging.INFO))
- stdout_hdlr.setFormatter(log_formatter)
-
- logger.addHandler(stderr_hdlr)
- logger.addHandler(stdout_hdlr)
-
-
def main():
"""
Perform argument parsing.
@@ -457,7 +413,7 @@
# start main routine
# setup logger
logger = logging.getLogger()
- configure_logger(logger)
+ logging_util.configure_logger(logger)
logger.setLevel(logging.DEBUG if args.verbose else logging.ERROR)
td_auditor = TestDataAuditor(logger)
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 32be0ee..5261754 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -3,19 +3,7 @@
# basic-build-test.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
@@ -43,16 +31,13 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
: ${OPENSSL:="openssl"}
-: ${OPENSSL_LEGACY:="$OPENSSL"}
: ${GNUTLS_CLI:="gnutls-cli"}
: ${GNUTLS_SERV:="gnutls-serv"}
-: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
-: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
# Used to make ssl-opt.sh deterministic.
#
@@ -78,11 +63,8 @@
# Step 0 - print build environment info
OPENSSL="$OPENSSL" \
- OPENSSL_LEGACY="$OPENSSL_LEGACY" \
GNUTLS_CLI="$GNUTLS_CLI" \
GNUTLS_SERV="$GNUTLS_SERV" \
- GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
- GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \
scripts/output_env.sh
echo
@@ -124,9 +106,7 @@
sh compat.sh
echo
- echo '#### compat.sh: legacy (null)'
- OPENSSL="$OPENSSL_LEGACY" \
- GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
+ echo '#### compat.sh: null cipher'
sh compat.sh -e '^$' -f 'NULL'
echo
diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh
index 02cafb0..3aca3a1 100755
--- a/tests/scripts/basic-in-docker.sh
+++ b/tests/scripts/basic-in-docker.sh
@@ -18,19 +18,7 @@
# See docker_env.sh for prerequisites and other information.
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
source tests/scripts/docker_env.sh
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index 3ed7069..3199c2a 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -9,19 +9,7 @@
# items that are documented, but not marked as such by mistake.
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use warnings;
use strict;
@@ -68,7 +56,7 @@
# Check that the script is being run from the project's root directory.
for my $dir (@directories) {
if (! -d $dir) {
- die "This script must be run from the mbed TLS root directory";
+ die "This script must be run from the Mbed TLS root directory";
} else {
check_dir($dir)
}
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 4d6f930..3fe4e8c 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -1,19 +1,7 @@
#! /usr/bin/env sh
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
@@ -34,8 +22,20 @@
exit
fi
-if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+in_mbedtls_repo () {
+ test -d include -a -d library -a -d programs -a -d tests
+}
+
+in_tf_psa_crypto_repo () {
+ test -d include -a -d core -a -d drivers -a -d programs -a -d tests
+}
+
+if in_mbedtls_repo; then
+ library_dir='library'
+elif in_tf_psa_crypto_repo; then
+ library_dir='core'
+else
+ echo "Must be run from Mbed TLS root or TF-PSA-Crypto root" >&2
exit 1
fi
@@ -126,16 +126,21 @@
# - **/CMakeLists.txt (to (re)build them with cmake)
# - scripts/make_generated_files.bat (to generate them under Windows)
-check scripts/generate_errors.pl library/error.c
-check scripts/generate_query_config.pl programs/test/query_config.c
-check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.c
-check scripts/generate_features.pl library/version_features.c
-check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
-# generate_visualc_files enumerates source files (library/*.c). It doesn't
-# care about their content, but the files must exist. So it must run after
-# the step that creates or updates these files.
-check scripts/generate_visualc_files.pl visualc/VS2013
+# These checks are common to Mbed TLS and TF-PSA-Crypto
check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list)
check tests/scripts/generate_ecp_tests.py $(tests/scripts/generate_ecp_tests.py --list)
check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list)
+check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c
+
+# Additional checks for Mbed TLS only
+if in_mbedtls_repo; then
+ check scripts/generate_errors.pl library/error.c
+ check scripts/generate_query_config.pl programs/test/query_config.c
+ check scripts/generate_features.pl library/version_features.c
+ check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+ # generate_visualc_files enumerates source files (library/*.c). It doesn't
+ # care about their content, but the files must exist. So it must run after
+ # the step that creates or updates these files.
+ check scripts/generate_visualc_files.pl visualc/VS2013
+fi
diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
index 35319d3..51e8079 100755
--- a/tests/scripts/check-python-files.sh
+++ b/tests/scripts/check-python-files.sh
@@ -1,19 +1,7 @@
#! /usr/bin/env sh
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
# Purpose: check Python files for potential programming errors or maintenance
# hurdles. Run pylint to detect some potential mistakes and enforce PEP8
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index 352b55e..a93b825 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -1,19 +1,7 @@
#!/usr/bin/env python3
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
"""
This script checks the current state of the source code for minor issues,
@@ -22,10 +10,11 @@
Note: requires python 3, must be run from Mbed TLS root.
"""
-import os
import argparse
-import logging
import codecs
+import inspect
+import logging
+import os
import re
import subprocess
import sys
@@ -116,6 +105,7 @@
BINARY_FILE_PATH_RE_LIST = [
r'docs/.*\.pdf\Z',
+ r'docs/.*\.png\Z',
r'programs/fuzz/corpuses/[^.]+\Z',
r'tests/data_files/[^.]+\Z',
r'tests/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z',
@@ -162,24 +152,6 @@
return ext in ('.bat', '.dsp', '.dsw', '.sln', '.vcxproj')
-class PermissionIssueTracker(FileIssueTracker):
- """Track files with bad permissions.
-
- Files that are not executable scripts must not be executable."""
-
- heading = "Incorrect permissions:"
-
- # .py files can be either full scripts or modules, so they may or may
- # not be executable.
- suffix_exemptions = frozenset({".py"})
-
- def check_file_for_issue(self, filepath):
- is_executable = os.access(filepath, os.X_OK)
- should_be_executable = filepath.endswith((".sh", ".pl"))
- if is_executable != should_be_executable:
- self.files_with_issues[filepath] = None
-
-
class ShebangIssueTracker(FileIssueTracker):
"""Track files with a bad, missing or extraneous shebang line.
@@ -375,6 +347,100 @@
return False
+def this_location():
+ frame = inspect.currentframe()
+ assert frame is not None
+ info = inspect.getframeinfo(frame)
+ return os.path.basename(info.filename), info.lineno
+THIS_FILE_BASE_NAME, LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER = this_location()
+
+class LicenseIssueTracker(LineIssueTracker):
+ """Check copyright statements and license indications.
+
+ This class only checks that statements are correct if present. It does
+ not enforce the presence of statements in each file.
+ """
+
+ heading = "License issue:"
+
+ LICENSE_EXEMPTION_RE_LIST = [
+ # Third-party code, other than whitelisted third-party modules,
+ # may be under a different license.
+ r'3rdparty/(?!(p256-m)/.*)',
+ # Documentation explaining the license may have accidental
+ # false positives.
+ r'(ChangeLog|LICENSE|[-0-9A-Z_a-z]+\.md)\Z',
+ # Files imported from TF-M, and not used except in test builds,
+ # may be under a different license.
+ r'configs/crypto_config_profile_medium\.h\Z',
+ r'configs/tfm_mbedcrypto_config_profile_medium\.h\Z',
+ # Third-party file.
+ r'dco\.txt\Z',
+ ]
+ path_exemptions = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST +
+ LICENSE_EXEMPTION_RE_LIST))
+
+ COPYRIGHT_HOLDER = rb'The Mbed TLS Contributors'
+ # Catch "Copyright foo", "Copyright (C) foo", "Copyright © foo", etc.
+ COPYRIGHT_RE = re.compile(rb'.*\bcopyright\s+((?:\w|\s|[()]|[^ -~])*\w)', re.I)
+
+ SPDX_HEADER_KEY = b'SPDX-License-Identifier'
+ LICENSE_IDENTIFIER = b'Apache-2.0 OR GPL-2.0-or-later'
+ SPDX_RE = re.compile(br'.*?(' +
+ re.escape(SPDX_HEADER_KEY) +
+ br')(:\s*(.*?)\W*\Z|.*)', re.I)
+
+ LICENSE_MENTION_RE = re.compile(rb'.*(?:' + rb'|'.join([
+ rb'Apache License',
+ rb'General Public License',
+ ]) + rb')', re.I)
+
+ def __init__(self):
+ super().__init__()
+ # Record what problem was caused. We can't easily report it due to
+ # the structure of the script. To be fixed after
+ # https://github.com/Mbed-TLS/mbedtls/pull/2506
+ self.problem = None
+
+ def issue_with_line(self, line, filepath, line_number):
+ #pylint: disable=too-many-return-statements
+
+ # Use endswith() rather than the more correct os.path.basename()
+ # because experimentally, it makes a significant difference to
+ # the running time.
+ if filepath.endswith(THIS_FILE_BASE_NAME) and \
+ line_number > LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER:
+ # Avoid false positives from the code in this class.
+ # Also skip the rest of this file, which is highly unlikely to
+ # contain any problematic statements since we put those near the
+ # top of files.
+ return False
+
+ m = self.COPYRIGHT_RE.match(line)
+ if m and m.group(1) != self.COPYRIGHT_HOLDER:
+ self.problem = 'Invalid copyright line'
+ return True
+
+ m = self.SPDX_RE.match(line)
+ if m:
+ if m.group(1) != self.SPDX_HEADER_KEY:
+ self.problem = 'Misspelled ' + self.SPDX_HEADER_KEY.decode()
+ return True
+ if not m.group(3):
+ self.problem = 'Improperly formatted SPDX license identifier'
+ return True
+ if m.group(3) != self.LICENSE_IDENTIFIER:
+ self.problem = 'Wrong SPDX license identifier'
+ return True
+
+ m = self.LICENSE_MENTION_RE.match(line)
+ if m:
+ self.problem = 'Suspicious license mention'
+ return True
+
+ return False
+
+
class IntegrityChecker:
"""Sanity-check files under the current directory."""
@@ -386,7 +452,6 @@
self.logger = None
self.setup_logger(log_file)
self.issues_to_check = [
- PermissionIssueTracker(),
ShebangIssueTracker(),
EndOfFileNewlineIssueTracker(),
Utf8BomIssueTracker(),
@@ -396,6 +461,7 @@
TrailingWhitespaceIssueTracker(),
TabIssueTracker(),
MergeArtifactIssueTracker(),
+ LicenseIssueTracker(),
]
def setup_logger(self, log_file, level=logging.INFO):
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index e6a38ba..9e8ed21 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -1,19 +1,7 @@
#!/usr/bin/env python3
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
"""
This script confirms that the naming of all symbols and identifiers in Mbed TLS
@@ -284,7 +272,7 @@
"library/*.c",
"3rdparty/everest/library/everest.c",
"3rdparty/everest/library/x25519.c"
- ], ["library/psa_crypto_driver_wrappers.c"])
+ ], ["library/psa_crypto_driver_wrappers.h"])
symbols = self.parse_symbols()
# Remove identifier macros like mbedtls_printf or mbedtls_calloc
@@ -941,7 +929,7 @@
"This script confirms that the naming of all symbols and identifiers "
"in Mbed TLS are consistent with the house style and are also "
"self-consistent.\n\n"
- "Expected to be run from the MbedTLS root directory.")
+ "Expected to be run from the Mbed TLS root directory.")
)
parser.add_argument(
"-v", "--verbose",
diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py
index d84ed04..68e7e69 100755
--- a/tests/scripts/check_test_cases.py
+++ b/tests/scripts/check_test_cases.py
@@ -7,26 +7,16 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import argparse
import glob
import os
import re
+import subprocess
import sys
+
class Results:
"""Store file and line information about errors or warnings in test suites."""
@@ -96,20 +86,21 @@
data_file_name, line_number, line)
in_paragraph = True
- def walk_ssl_opt_sh(self, file_name):
- """Iterate over the test cases in ssl-opt.sh or a file with a similar format."""
+ def collect_from_script(self, file_name):
+ """Collect the test cases in a script by calling its listing test cases
+option"""
descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none
- with open(file_name, 'rb') as file_contents:
- for line_number, line in enumerate(file_contents, 1):
- # Assume that all run_test calls have the same simple form
- # with the test description entirely on the same line as the
- # function name.
- m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line)
- if not m:
- continue
- description = m.group(1)
- self.process_test_case(descriptions,
- file_name, line_number, description)
+ listed = subprocess.check_output(['sh', file_name, '--list-test-cases'])
+ # Assume test file is responsible for printing identical format of
+ # test case description between --list-test-cases and its OUTCOME.CSV
+ #
+ # idx indicates the number of test case since there is no line number
+ # in the script for each test case.
+ for idx, description in enumerate(listed.splitlines()):
+ self.process_test_case(descriptions,
+ file_name,
+ idx,
+ description.rstrip())
@staticmethod
def collect_test_directories():
@@ -130,12 +121,11 @@
for data_file_name in glob.glob(os.path.join(directory, 'suites',
'*.data')):
self.walk_test_suite(data_file_name)
- ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh')
- if os.path.exists(ssl_opt_sh):
- self.walk_ssl_opt_sh(ssl_opt_sh)
- for ssl_opt_file_name in glob.glob(os.path.join(directory, 'opt-testcases',
- '*.sh')):
- self.walk_ssl_opt_sh(ssl_opt_file_name)
+
+ for sh_file in ['ssl-opt.sh', 'compat.sh']:
+ sh_file = os.path.join(directory, sh_file)
+ if os.path.exists(sh_file):
+ self.collect_from_script(sh_file)
class TestDescriptions(TestDescriptionExplorer):
"""Collect the available test cases."""
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 5486a86..5fe26f1 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -1,21 +1,7 @@
#!/usr/bin/env python3
-# Copyright (c) 2022, Arm Limited, All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# This file is part of Mbed TLS (https://tls.mbed.org)
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
"""
Test Mbed TLS with a subset of algorithms.
@@ -161,6 +147,7 @@
log_command(['config.py', 'full'])
conf.adapt(config.full_adapter)
set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False)
+ set_config_option_value(conf, 'MBEDTLS_PSA_CRYPTO_CONFIG', colors, False)
if options.unset_use_psa:
set_config_option_value(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors, False)
@@ -261,16 +248,16 @@
'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
- 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
- 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
'MBEDTLS_LMS_C',
'MBEDTLS_LMS_PRIVATE'],
'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'],
'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
- 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
- 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
+ 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'],
'MBEDTLS_X509_RSASSA_PSS_SUPPORT': []
}
@@ -394,7 +381,7 @@
def __init__(self, options, conf):
"""Gather data about the library and establish a list of domains to test."""
- build_command = [options.make_command, 'CFLAGS=-Werror']
+ build_command = [options.make_command] + options.make_vars.split(' ') + ['CFLAGS=-Werror']
build_and_test = [build_command, [options.make_command, 'test']]
self.all_config_symbols = set(conf.settings.keys())
# Find hash modules by name.
@@ -539,6 +526,9 @@
parser.add_argument('--make-command', metavar='CMD',
help='Command to run instead of make (e.g. gmake)',
action='store', default='make')
+ parser.add_argument('--make-vars',
+ help='optional variable/value pairs to pass to make',
+ action='store', default='')
parser.add_argument('--unset-use-psa',
help='Unset MBEDTLS_USE_PSA_CRYPTO before any test',
action='store_true', dest='unset_use_psa')
diff --git a/tests/scripts/docker_env.sh b/tests/scripts/docker_env.sh
index 3dbc41d..cfc98df 100755
--- a/tests/scripts/docker_env.sh
+++ b/tests/scripts/docker_env.sh
@@ -27,19 +27,7 @@
# the Docker image.
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
# default values, can be overridden by the environment
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
index 2bc8dc9..b6a1d45 100755
--- a/tests/scripts/doxygen.sh
+++ b/tests/scripts/doxygen.sh
@@ -3,25 +3,13 @@
# Make sure the doxygen documentation builds without warnings
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
# Abort on errors (and uninitialised variables)
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl
index 2345b9e..ec5e5d8 100755
--- a/tests/scripts/gen_ctr_drbg.pl
+++ b/tests/scripts/gen_ctr_drbg.pl
@@ -5,19 +5,7 @@
# and concats nonce and personalization for initialization.
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use strict;
diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl
index 354e351..30d45c3 100755
--- a/tests/scripts/gen_gcm_decrypt.pl
+++ b/tests/scripts/gen_gcm_decrypt.pl
@@ -4,19 +4,7 @@
# Only first 3 of every set used for compile time saving
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use strict;
diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl
index 101456f..b4f0849 100755
--- a/tests/scripts/gen_gcm_encrypt.pl
+++ b/tests/scripts/gen_gcm_encrypt.pl
@@ -4,19 +4,7 @@
# Only first 3 of every set used for compile time saving
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use strict;
diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
index 609e558..fe2d3f5 100755
--- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl
+++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
@@ -1,19 +1,7 @@
#!/usr/bin/env perl
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use strict;
diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index a640b56..d4ef0f3 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -9,19 +9,7 @@
# such as 'test_suite_rsa.data'
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
# Abort on errors
set -e
@@ -41,7 +29,7 @@
if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ];
then :;
else
- echo " [!] Must be run from mbed TLS tests directory" >&2
+ echo " [!] Must be run from Mbed TLS tests directory" >&2
exit 1
fi
diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
index 6ee6ab3..8dbb6ed 100755
--- a/tests/scripts/generate_bignum_tests.py
+++ b/tests/scripts/generate_bignum_tests.py
@@ -40,19 +40,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import sys
diff --git a/tests/scripts/generate_ecp_tests.py b/tests/scripts/generate_ecp_tests.py
index abbfda5..df1e469 100755
--- a/tests/scripts/generate_ecp_tests.py
+++ b/tests/scripts/generate_ecp_tests.py
@@ -6,19 +6,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import sys
diff --git a/tests/scripts/generate_pkcs7_tests.py b/tests/scripts/generate_pkcs7_tests.py
index 0e73850..0e484b0 100755
--- a/tests/scripts/generate_pkcs7_tests.py
+++ b/tests/scripts/generate_pkcs7_tests.py
@@ -1,19 +1,7 @@
#!/usr/bin/env python3
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
"""
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 9934578..fd278f8 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -6,19 +6,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import enum
import re
@@ -26,151 +14,15 @@
from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional
import scripts_path # pylint: disable=unused-import
+from mbedtls_dev import crypto_data_tests
from mbedtls_dev import crypto_knowledge
-from mbedtls_dev import macro_collector
+from mbedtls_dev import macro_collector #pylint: disable=unused-import
+from mbedtls_dev import psa_information
from mbedtls_dev import psa_storage
from mbedtls_dev import test_case
from mbedtls_dev import test_data_generation
-def psa_want_symbol(name: str) -> str:
- """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
- if name.startswith('PSA_'):
- return name[:4] + 'WANT_' + name[4:]
- else:
- raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
-
-def finish_family_dependency(dep: str, bits: int) -> str:
- """Finish dep if it's a family dependency symbol prefix.
-
- A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
- qualified by the key size. If dep is such a symbol, finish it by adjusting
- the prefix and appending the key size. Other symbols are left unchanged.
- """
- return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
-
-def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
- """Finish any family dependency symbol prefixes.
-
- Apply `finish_family_dependency` to each element of `dependencies`.
- """
- return [finish_family_dependency(dep, bits) for dep in dependencies]
-
-SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
- 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
- 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
- 'PSA_ALG_ANY_HASH', # only in policies
- 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
- 'PSA_ALG_KEY_AGREEMENT', # chaining
- 'PSA_ALG_TRUNCATED_MAC', # modifier
-])
-def automatic_dependencies(*expressions: str) -> List[str]:
- """Infer dependencies of a test case by looking for PSA_xxx symbols.
-
- The arguments are strings which should be C expressions. Do not use
- string literals or comments as this function is not smart enough to
- skip them.
- """
- used = set()
- for expr in expressions:
- used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
- used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
- return sorted(psa_want_symbol(name) for name in used)
-
-# Define set of regular expressions and dependencies to optionally append
-# extra dependencies for test case.
-AES_128BIT_ONLY_DEP_REGEX = r'AES\s(192|256)'
-AES_128BIT_ONLY_DEP = ["!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"]
-
-DEPENDENCY_FROM_KEY = {
- AES_128BIT_ONLY_DEP_REGEX: AES_128BIT_ONLY_DEP
-}#type: Dict[str, List[str]]
-def generate_key_dependencies(description: str) -> List[str]:
- """Return additional dependencies based on pairs of REGEX and dependencies.
- """
- deps = []
- for regex, dep in DEPENDENCY_FROM_KEY.items():
- if re.search(regex, description):
- deps += dep
-
- return deps
-
-# A temporary hack: at the time of writing, not all dependency symbols
-# are implemented yet. Skip test cases for which the dependency symbols are
-# not available. Once all dependency symbols are available, this hack must
-# be removed so that a bug in the dependency symbols properly leads to a test
-# failure.
-def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
- return frozenset(symbol
- for line in open(filename)
- for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
-_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
-def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
- global _implemented_dependencies #pylint: disable=global-statement,invalid-name
- if _implemented_dependencies is None:
- _implemented_dependencies = \
- read_implemented_dependencies('include/psa/crypto_config.h')
- if not all((dep.lstrip('!') in _implemented_dependencies or
- not dep.lstrip('!').startswith('PSA_WANT'))
- for dep in dependencies):
- dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
-
-def tweak_key_pair_dependency(dep: str, usage: str):
- """
- This helper function add the proper suffix to PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
- symbols according to the required usage.
- """
- ret_list = list()
- if dep.endswith('KEY_PAIR'):
- if usage == "BASIC":
- # BASIC automatically includes IMPORT and EXPORT for test purposes (see
- # config_psa.h).
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_BASIC', dep))
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_IMPORT', dep))
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_EXPORT', dep))
- elif usage == "GENERATE":
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_GENERATE', dep))
- else:
- # No replacement to do in this case
- ret_list.append(dep)
- return ret_list
-
-def fix_key_pair_dependencies(dep_list: List[str], usage: str):
- new_list = [new_deps
- for dep in dep_list
- for new_deps in tweak_key_pair_dependency(dep, usage)]
-
- return new_list
-
-class Information:
- """Gather information about PSA constructors."""
-
- def __init__(self) -> None:
- self.constructors = self.read_psa_interface()
-
- @staticmethod
- def remove_unwanted_macros(
- constructors: macro_collector.PSAMacroEnumerator
- ) -> None:
- # Mbed TLS does not support finite-field DSA.
- # Don't attempt to generate any related test case.
- constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
- constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
-
- def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
- """Return the list of known key types, algorithms, etc."""
- constructors = macro_collector.InputsForTest()
- header_file_names = ['include/psa/crypto_values.h',
- 'include/psa/crypto_extra.h']
- test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
- for header_file_name in header_file_names:
- constructors.parse_header(header_file_name)
- for test_cases in test_suites:
- constructors.parse_test_cases(test_cases)
- self.remove_unwanted_macros(constructors)
- constructors.gather_arguments()
- return constructors
-
def test_case_for_key_type_not_supported(
verb: str, key_type: str, bits: int,
@@ -181,7 +33,7 @@
"""Return one test case exercising a key creation method
for an unsupported key type or size.
"""
- hack_dependencies_not_implemented(dependencies)
+ psa_information.hack_dependencies_not_implemented(dependencies)
tc = test_case.TestCase()
short_key_type = crypto_knowledge.short_expression(key_type)
adverb = 'not' if dependencies else 'never'
@@ -197,7 +49,7 @@
class KeyTypeNotSupported:
"""Generate test cases for when a key type is not supported."""
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
ALWAYS_SUPPORTED = frozenset([
@@ -224,20 +76,22 @@
# They would be skipped in all configurations, which is noise.
return
import_dependencies = [('!' if param is None else '') +
- psa_want_symbol(kt.name)]
+ psa_information.psa_want_symbol(kt.name)]
if kt.params is not None:
import_dependencies += [('!' if param == i else '') +
- psa_want_symbol(sym)
+ psa_information.psa_want_symbol(sym)
for i, sym in enumerate(kt.params)]
if kt.name.endswith('_PUBLIC_KEY'):
generate_dependencies = []
else:
- generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
- import_dependencies = fix_key_pair_dependencies(import_dependencies, 'BASIC')
+ generate_dependencies = \
+ psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE')
+ import_dependencies = \
+ psa_information.fix_key_pair_dependencies(import_dependencies, 'BASIC')
for bits in kt.sizes_to_test():
yield test_case_for_key_type_not_supported(
'import', kt.expression, bits,
- finish_family_dependencies(import_dependencies, bits),
+ psa_information.finish_family_dependencies(import_dependencies, bits),
test_case.hex_string(kt.key_material(bits)),
param_descr=param_descr,
)
@@ -251,7 +105,7 @@
if not kt.is_public():
yield test_case_for_key_type_not_supported(
'generate', kt.expression, bits,
- finish_family_dependencies(generate_dependencies, bits),
+ psa_information.finish_family_dependencies(generate_dependencies, bits),
str(bits),
param_descr=param_descr,
)
@@ -294,7 +148,7 @@
) -> test_case.TestCase:
"""Return one test case exercising a key generation.
"""
- hack_dependencies_not_implemented(dependencies)
+ psa_information.hack_dependencies_not_implemented(dependencies)
tc = test_case.TestCase()
short_key_type = crypto_knowledge.short_expression(key_type)
tc.set_description('PSA {} {}-bit'
@@ -308,7 +162,7 @@
class KeyGenerate:
"""Generate positive and negative (invalid argument) test cases for key generation."""
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
@@ -327,9 +181,9 @@
"""
result = 'PSA_SUCCESS'
- import_dependencies = [psa_want_symbol(kt.name)]
+ import_dependencies = [psa_information.psa_want_symbol(kt.name)]
if kt.params is not None:
- import_dependencies += [psa_want_symbol(sym)
+ import_dependencies += [psa_information.psa_want_symbol(sym)
for i, sym in enumerate(kt.params)]
if kt.name.endswith('_PUBLIC_KEY'):
# The library checks whether the key type is a public key generically,
@@ -338,7 +192,8 @@
generate_dependencies = []
result = 'PSA_ERROR_INVALID_ARGUMENT'
else:
- generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
+ generate_dependencies = \
+ psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE')
for bits in kt.sizes_to_test():
if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
@@ -347,7 +202,7 @@
test_dependencies = generate_dependencies
yield test_case_for_key_generation(
kt.expression, bits,
- finish_family_dependencies(test_dependencies, bits),
+ psa_information.finish_family_dependencies(test_dependencies, bits),
str(bits),
result
)
@@ -380,7 +235,7 @@
INCOMPATIBLE = 2
PUBLIC = 3
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
key_type_expressions = self.constructors.generate_expressions(
sorted(self.constructors.key_types)
@@ -417,8 +272,8 @@
pretty_alg,
pretty_reason,
' with ' + pretty_type if pretty_type else ''))
- dependencies = automatic_dependencies(alg.base_expression, key_type)
- dependencies = fix_key_pair_dependencies(dependencies, 'BASIC')
+ dependencies = psa_information.automatic_dependencies(alg.base_expression, key_type)
+ dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC')
for i, dep in enumerate(dependencies):
if dep in not_deps:
dependencies[i] = '!' + dep
@@ -445,7 +300,7 @@
"""Generate failure test cases for keyless operations with the specified algorithm."""
if alg.can_do(category):
# Compatible operation, unsupported algorithm
- for dep in automatic_dependencies(alg.base_expression):
+ for dep in psa_information.automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
not_deps=frozenset([dep]))
@@ -463,7 +318,7 @@
key_is_compatible = kt.can_do(alg)
if key_is_compatible and alg.can_do(category):
# Compatible key and operation, unsupported algorithm
- for dep in automatic_dependencies(alg.base_expression):
+ for dep in psa_information.automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
kt=kt, not_deps=frozenset([dep]))
@@ -569,7 +424,7 @@
class StorageFormat:
"""Storage format stability test cases."""
- def __init__(self, info: Information, version: int, forward: bool) -> None:
+ def __init__(self, info: psa_information.Information, version: int, forward: bool) -> None:
"""Prepare to generate test cases for storage format stability.
* `info`: information about the API. See the `Information` class.
@@ -636,13 +491,13 @@
verb = 'save' if self.forward else 'read'
tc = test_case.TestCase()
tc.set_description(verb + ' ' + key.description)
- dependencies = automatic_dependencies(
+ dependencies = psa_information.automatic_dependencies(
key.lifetime.string, key.type.string,
key.alg.string, key.alg2.string,
)
- dependencies = finish_family_dependencies(dependencies, key.bits)
- dependencies += generate_key_dependencies(key.description)
- dependencies = fix_key_pair_dependencies(dependencies, 'BASIC')
+ dependencies = psa_information.finish_family_dependencies(dependencies, key.bits)
+ dependencies += psa_information.generate_deps_from_description(key.description)
+ dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC')
tc.set_dependencies(dependencies)
tc.set_function('key_storage_' + verb)
if self.forward:
@@ -847,13 +702,13 @@
class StorageFormatForward(StorageFormat):
"""Storage format stability test cases for forward compatibility."""
- def __init__(self, info: Information, version: int) -> None:
+ def __init__(self, info: psa_information.Information, version: int) -> None:
super().__init__(info, version, True)
class StorageFormatV0(StorageFormat):
"""Storage format stability test cases for version 0 compatibility."""
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
super().__init__(info, 0, False)
def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
@@ -963,6 +818,7 @@
yield from super().generate_all_keys()
yield from self.all_keys_for_implicit_usage()
+
class PSATestGenerator(test_data_generation.TestGenerator):
"""Test generator subclass including PSA targets and info."""
# Note that targets whose names contain 'test_format' have their content
@@ -972,20 +828,23 @@
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(),
+ 'test_suite_psa_crypto_low_hash.generated':
+ lambda info: crypto_data_tests.HashPSALowLevel(info).all_test_cases(),
'test_suite_psa_crypto_op_fail.generated':
lambda info: OpFail(info).all_test_cases(),
'test_suite_psa_crypto_storage_format.current':
lambda info: StorageFormatForward(info, 0).all_test_cases(),
'test_suite_psa_crypto_storage_format.v0':
lambda info: StorageFormatV0(info).all_test_cases(),
- } #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]]
+ } #type: Dict[str, Callable[[psa_information.Information], Iterable[test_case.TestCase]]]
def __init__(self, options):
super().__init__(options)
- self.info = Information()
+ self.info = psa_information.Information()
def generate_target(self, name: str, *target_args) -> None:
super().generate_target(name, self.info)
+
if __name__ == '__main__':
test_data_generation.main(sys.argv[1:], __doc__, PSATestGenerator)
diff --git a/tests/scripts/generate_server9_bad_saltlen.py b/tests/scripts/generate_server9_bad_saltlen.py
new file mode 100755
index 0000000..9af4dd3
--- /dev/null
+++ b/tests/scripts/generate_server9_bad_saltlen.py
@@ -0,0 +1,87 @@
+#!/usr/bin/env python3
+"""Generate server9-bad-saltlen.crt
+
+Generate a certificate signed with RSA-PSS, with an incorrect salt length.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+import subprocess
+import argparse
+from asn1crypto import pem, x509, core #type: ignore #pylint: disable=import-error
+
+OPENSSL_RSA_PSS_CERT_COMMAND = r'''
+openssl x509 -req -CA {ca_name}.crt -CAkey {ca_name}.key -set_serial 24 {ca_password} \
+ {openssl_extfile} -days 3650 -outform DER -in {csr} \
+ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{anounce_saltlen} \
+ -sigopt rsa_mgf1_md:sha256
+'''
+SIG_OPT = \
+ r'-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{saltlen} -sigopt rsa_mgf1_md:sha256'
+OPENSSL_RSA_PSS_DGST_COMMAND = r'''openssl dgst -sign {ca_name}.key {ca_password} \
+ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{actual_saltlen} \
+ -sigopt rsa_mgf1_md:sha256'''
+
+
+def auto_int(x):
+ return int(x, 0)
+
+
+def build_argparser(parser):
+ """Build argument parser"""
+ parser.description = __doc__
+ parser.add_argument('--ca-name', type=str, required=True,
+ help='Basename of CA files')
+ parser.add_argument('--ca-password', type=str,
+ required=True, help='CA key file password')
+ parser.add_argument('--csr', type=str, required=True,
+ help='CSR file for generating certificate')
+ parser.add_argument('--openssl-extfile', type=str,
+ required=True, help='X905 v3 extension config file')
+ parser.add_argument('--anounce_saltlen', type=auto_int,
+ required=True, help='Announced salt length')
+ parser.add_argument('--actual_saltlen', type=auto_int,
+ required=True, help='Actual salt length')
+ parser.add_argument('--output', type=str, required=True)
+
+
+def main():
+ parser = argparse.ArgumentParser()
+ build_argparser(parser)
+ args = parser.parse_args()
+
+ return generate(**vars(args))
+
+def generate(**kwargs):
+ """Generate different salt length certificate file."""
+ ca_password = kwargs.get('ca_password', '')
+ if ca_password:
+ kwargs['ca_password'] = r'-passin "pass:{ca_password}"'.format(
+ **kwargs)
+ else:
+ kwargs['ca_password'] = ''
+ extfile = kwargs.get('openssl_extfile', '')
+ if extfile:
+ kwargs['openssl_extfile'] = '-extfile {openssl_extfile}'.format(
+ **kwargs)
+ else:
+ kwargs['openssl_extfile'] = ''
+
+ cmd = OPENSSL_RSA_PSS_CERT_COMMAND.format(**kwargs)
+ der_bytes = subprocess.check_output(cmd, shell=True)
+ target_certificate = x509.Certificate.load(der_bytes)
+
+ cmd = OPENSSL_RSA_PSS_DGST_COMMAND.format(**kwargs)
+ #pylint: disable=unexpected-keyword-arg
+ der_bytes = subprocess.check_output(cmd,
+ input=target_certificate['tbs_certificate'].dump(),
+ shell=True)
+
+ with open(kwargs.get('output'), 'wb') as f:
+ target_certificate['signature_value'] = core.OctetBitString(der_bytes)
+ f.write(pem.armor('CERTIFICATE', target_certificate.dump()))
+
+
+if __name__ == '__main__':
+ main()
diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py
index 4494917..a3bca7e 100755
--- a/tests/scripts/generate_test_cert_macros.py
+++ b/tests/scripts/generate_test_cert_macros.py
@@ -6,19 +6,7 @@
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import os
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 76806de..5f711bf 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -2,19 +2,7 @@
# Test suites code generator.
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
"""
This script is a key part of Mbed TLS test suites framework. For
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index 05d80a5..fdb264d 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -3,19 +3,7 @@
# generate_tls13_compat_tests.py
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
"""
Generate TLSv1.3 Compat test cases
@@ -536,19 +524,7 @@
# {filename}
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index 9b93080..4ccac23 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -10,19 +10,7 @@
# Usage: list-identifiers.sh [ -i | --internal ]
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -eu
diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index 6b41607..b648ce2 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -1,19 +1,7 @@
#!/usr/bin/env python3
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
"""
This script generates a file called identifiers that contains all Mbed TLS
diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py
index f685bab..6291d78 100755
--- a/tests/scripts/psa_collect_statuses.py
+++ b/tests/scripts/psa_collect_statuses.py
@@ -13,19 +13,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import argparse
import os
@@ -94,10 +82,15 @@
cwd='tests',
stdout=sys.stderr)
with open(os.devnull, 'w') as devnull:
- make_q_ret = subprocess.call(['make', '-q', 'lib', 'tests'],
- stdout=devnull, stderr=devnull)
+ build_command = ['make', '-q'] + options.make_vars.split(' ') + \
+ ['lib', 'tests']
+ make_q_ret = subprocess.call(build_command, stdout=devnull,
+ stderr=devnull)
+ print("blagh")
if make_q_ret != 0:
- subprocess.check_call(['make', 'RECORD_PSA_STATUS_COVERAGE_LOG=1'],
+ build_command = ['make'] + options.make_vars.split(' ') + \
+ ['RECORD_PSA_STATUS_COVERAGE_LOG=1']
+ subprocess.check_call(build_command,
stdout=sys.stderr)
rebuilt = True
subprocess.check_call(['make', 'test'],
@@ -124,6 +117,9 @@
help='Log file location (default: {})'.format(
DEFAULT_STATUS_LOG_FILE
))
+ parser.add_argument('--make-vars',
+ help='optional variable/value pairs to pass to make',
+ action='store', default='')
parser.add_argument('--psa-constant-names', metavar='PROGRAM',
default=DEFAULT_PSA_CONSTANT_NAMES,
help='Path to psa_constant_names (default: {})'.format(
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index 2a7dba5..3cdeff7 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -9,19 +9,7 @@
# Typical usage: scripts/recursion.pl library/*.c
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use warnings;
use strict;
diff --git a/tests/scripts/run-metatests.sh b/tests/scripts/run-metatests.sh
new file mode 100755
index 0000000..22a302c
--- /dev/null
+++ b/tests/scripts/run-metatests.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+help () {
+ cat <<EOF
+Usage: $0 [OPTION] [PLATFORM]...
+Run all the metatests whose platform matches any of the given PLATFORM.
+A PLATFORM can contain shell wildcards.
+
+Expected output: a lot of scary-looking error messages, since each
+metatest is expected to report a failure. The final line should be
+"Ran N metatests, all good."
+
+If something goes wrong: the final line should be
+"Ran N metatests, X unexpected successes". Look for "Unexpected success"
+in the logs above.
+
+ -l List the available metatests, don't run them.
+EOF
+}
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -e -u
+
+if [ -d programs ]; then
+ METATEST_PROGRAM=programs/test/metatest
+elif [ -d ../programs ]; then
+ METATEST_PROGRAM=../programs/test/metatest
+elif [ -d ../../programs ]; then
+ METATEST_PROGRAM=../../programs/test/metatest
+else
+ echo >&2 "$0: FATAL: programs/test/metatest not found"
+ exit 120
+fi
+
+LIST_ONLY=
+while getopts hl OPTLET; do
+ case $OPTLET in
+ h) help; exit;;
+ l) LIST_ONLY=1;;
+ \?) help >&2; exit 120;;
+ esac
+done
+shift $((OPTIND - 1))
+
+list_matches () {
+ while read name platform junk; do
+ for pattern in "$@"; do
+ case $platform in
+ $pattern) echo "$name"; break;;
+ esac
+ done
+ done
+}
+
+count=0
+errors=0
+run_metatest () {
+ ret=0
+ "$METATEST_PROGRAM" "$1" || ret=$?
+ if [ $ret -eq 0 ]; then
+ echo >&2 "$0: Unexpected success: $1"
+ errors=$((errors + 1))
+ fi
+ count=$((count + 1))
+}
+
+# Don't pipe the output of metatest so that if it fails, this script exits
+# immediately with a failure status.
+full_list=$("$METATEST_PROGRAM" list)
+matching_list=$(printf '%s\n' "$full_list" | list_matches "$@")
+
+if [ -n "$LIST_ONLY" ]; then
+ printf '%s\n' $matching_list
+ exit
+fi
+
+for name in $matching_list; do
+ run_metatest "$name"
+done
+
+if [ $errors -eq 0 ]; then
+ echo "Ran $count metatests, all good."
+ exit 0
+else
+ echo "Ran $count metatests, $errors unexpected successes."
+ exit 1
+fi
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index cedc0bf..e0ee3f5 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -3,19 +3,7 @@
# run-test-suites.pl
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
=head1 SYNOPSIS
diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py
new file mode 100755
index 0000000..6a63d23
--- /dev/null
+++ b/tests/scripts/run_demos.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+"""Run the Mbed TLS demo scripts.
+"""
+import argparse
+import glob
+import subprocess
+import sys
+
+def run_demo(demo, quiet=False):
+ """Run the specified demo script. Return True if it succeeds."""
+ args = {}
+ if quiet:
+ args['stdout'] = subprocess.DEVNULL
+ args['stderr'] = subprocess.DEVNULL
+ returncode = subprocess.call([demo], **args)
+ return returncode == 0
+
+def run_demos(demos, quiet=False):
+ """Run the specified demos and print summary information about failures.
+
+ Return True if all demos passed and False if a demo fails.
+ """
+ failures = []
+ for demo in demos:
+ if not quiet:
+ print('#### {} ####'.format(demo))
+ success = run_demo(demo, quiet=quiet)
+ if not success:
+ failures.append(demo)
+ if not quiet:
+ print('{}: FAIL'.format(demo))
+ if quiet:
+ print('{}: {}'.format(demo, 'PASS' if success else 'FAIL'))
+ else:
+ print('')
+ successes = len(demos) - len(failures)
+ print('{}/{} demos passed'.format(successes, len(demos)))
+ if failures and not quiet:
+ print('Failures:', *failures)
+ return not failures
+
+def run_all_demos(quiet=False):
+ """Run all the available demos.
+
+ Return True if all demos passed and False if a demo fails.
+ """
+ all_demos = glob.glob('programs/*/*_demo.sh')
+ if not all_demos:
+ # Keep the message on one line. pylint: disable=line-too-long
+ raise Exception('No demos found. run_demos needs to operate from the Mbed TLS toplevel directory.')
+ return run_demos(all_demos, quiet=quiet)
+
+def main():
+ parser = argparse.ArgumentParser(description=__doc__)
+ parser.add_argument('--quiet', '-q',
+ action='store_true',
+ help="suppress the output of demos")
+ options = parser.parse_args()
+ success = run_all_demos(quiet=options.quiet)
+ sys.exit(0 if success else 1)
+
+if __name__ == '__main__':
+ main()
diff --git a/tests/scripts/scripts_path.py b/tests/scripts/scripts_path.py
index 10bf6f8..5d83f29 100644
--- a/tests/scripts/scripts_path.py
+++ b/tests/scripts/scripts_path.py
@@ -6,19 +6,8 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
import os
import sys
diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py
index 7f4ebeb..f68dfcb 100755
--- a/tests/scripts/set_psa_test_dependencies.py
+++ b/tests/scripts/set_psa_test_dependencies.py
@@ -4,19 +4,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import os
import re
diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl
index 17f824e..9aff22d 100755
--- a/tests/scripts/tcp_client.pl
+++ b/tests/scripts/tcp_client.pl
@@ -6,19 +6,7 @@
# RESPONSE: regexp that must match the server's response
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
use warnings;
use strict;
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 15209b4..055023a 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -3,19 +3,7 @@
# test-ref-configs.pl
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
@@ -49,6 +37,9 @@
'config-symmetric-only.h' => {
'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
},
+ 'config-tfm.h' => {
+ 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
+ },
'config-thread.h' => {
'opt' => '-f ECJPAKE.*nolog',
'test_again_with_use_psa' => 1,
diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py
index e230e3c..e500b33 100755
--- a/tests/scripts/test_config_script.py
+++ b/tests/scripts/test_config_script.py
@@ -14,19 +14,8 @@
"""
## Copyright The Mbed TLS Contributors
-## SPDX-License-Identifier: Apache-2.0
+## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
##
-## Licensed under the Apache License, Version 2.0 (the "License"); you may
-## not use this file except in compliance with the License.
-## You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
import argparse
import glob
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index b32d184..abc46a7 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -2,19 +2,7 @@
# Unit test for generate_test_code.py
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
"""
Unit tests for generate_test_code.py
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 92db417..0d56ddf 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -1,34 +1,29 @@
#!/usr/bin/env python3
"""Run the PSA Crypto API compliance test suite.
Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
-then compile and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
-Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
-while unexpected failures AND successes are reported as errors,
-to help keep the list of known defects as up to date as possible.
+then compile and run the test suite. The clone is stored at <repository root>/psa-arch-tests.
+Known defects in either the test suite or mbedtls / TF-PSA-Crypto - identified by their test
+number - are ignored, while unexpected failures AND successes are reported as errors, to help
+keep the list of known defects as up to date as possible.
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+import argparse
import os
import re
import shutil
import subprocess
import sys
+from typing import List
-# PSA Compliance tests we expect to fail due to known defects in Mbed TLS (or the test suite)
+#pylint: disable=unused-import
+import scripts_path
+from mbedtls_dev import build_tree
+
+# PSA Compliance tests we expect to fail due to known defects in Mbed TLS /
+# TF-PSA-Crypto (or the test suite).
# The test numbers correspond to the numbers used by the console output of the test suite.
# Test number 2xx corresponds to the files in the folder
# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
@@ -39,7 +34,7 @@
}
# We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches
-# that allow it to build with MbedTLS 3, and fixes a couple of issues in the compliance test suite.
+# that allow it to build with Mbed TLS 3, and fixes a couple of issues in the compliance test suite.
# These fixes allow the tests numbered 216, 248 and 249 to complete successfully.
#
# Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag.
@@ -49,12 +44,28 @@
PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
PSA_ARCH_TESTS_REF = 'fix-pr-5736'
-#pylint: disable=too-many-branches,too-many-statements
-def main():
- mbedtls_dir = os.getcwd()
+#pylint: disable=too-many-branches,too-many-statements,too-many-locals
+def main(library_build_dir: str):
+ root_dir = os.getcwd()
- if not os.path.exists('library/libmbedcrypto.a'):
- subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a'])
+ in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir)
+
+ crypto_name = build_tree.crypto_library_filename(root_dir)
+ library_subdir = build_tree.crypto_core_directory(root_dir, relative=True)
+
+ crypto_lib_filename = (library_build_dir + '/' +
+ library_subdir + '/' +
+ 'lib' + crypto_name + '.a')
+
+ if not os.path.exists(crypto_lib_filename):
+ #pylint: disable=bad-continuation
+ subprocess.check_call([
+ 'cmake', '.',
+ '-GUnix Makefiles',
+ '-B' + library_build_dir
+ ])
+ subprocess.check_call(['cmake', '--build', library_build_dir,
+ '--target', crypto_name])
psa_arch_tests_dir = 'psa-arch-tests'
os.makedirs(psa_arch_tests_dir, exist_ok=True)
@@ -74,6 +85,9 @@
os.mkdir(build_dir)
os.chdir(build_dir)
+ extra_includes = (';{}/drivers/builtin/include'.format(root_dir)
+ if in_tf_psa_crypto_repo else '')
+
#pylint: disable=bad-continuation
subprocess.check_call([
'cmake', '..',
@@ -81,8 +95,9 @@
'-DTARGET=tgt_dev_apis_stdc',
'-DTOOLCHAIN=HOST_GCC',
'-DSUITE=CRYPTO',
- '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir),
- '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir)
+ '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(root_dir,
+ crypto_lib_filename),
+ ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(root_dir)
])
subprocess.check_call(['cmake', '--build', '.'])
@@ -95,8 +110,11 @@
)
test = -1
unexpected_successes = set(EXPECTED_FAILURES)
- expected_failures = []
- unexpected_failures = []
+ expected_failures = [] # type: List[int]
+ unexpected_failures = [] # type: List[int]
+ if proc.stdout is None:
+ return 1
+
for line in proc.stdout:
print(line, end='')
match = test_re.match(line)
@@ -136,7 +154,18 @@
print('SUCCESS')
return 0
finally:
- os.chdir(mbedtls_dir)
+ os.chdir(root_dir)
if __name__ == '__main__':
- sys.exit(main())
+ BUILD_DIR = 'out_of_source_build'
+
+ # pylint: disable=invalid-name
+ parser = argparse.ArgumentParser()
+ parser.add_argument('--build-dir', nargs=1,
+ help='path to Mbed TLS / TF-PSA-Crypto build directory')
+ args = parser.parse_args()
+
+ if args.build_dir is not None:
+ BUILD_DIR = args.build_dir[0]
+
+ sys.exit(main(BUILD_DIR))
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index e43a0ba..6883e27 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -8,19 +8,7 @@
"""
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
import argparse
from collections import namedtuple
diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
index 66c6304..57f771f 100644
--- a/tests/scripts/test_zeroize.gdb
+++ b/tests/scripts/test_zeroize.gdb
@@ -1,19 +1,7 @@
# test_zeroize.gdb
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index a8db4bb..90514fc 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -3,19 +3,7 @@
# translate_ciphers.py
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
"""
Translate standard ciphersuite names to GnuTLS, OpenSSL and Mbed TLS standards.
diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh
index 249b3f8..3daecf3 100755
--- a/tests/scripts/travis-log-failure.sh
+++ b/tests/scripts/travis-log-failure.sh
@@ -3,19 +3,7 @@
# travis-log-failure.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c
index aaf7587..c8df199 100644
--- a/tests/src/asn1_helpers.c
+++ b/tests/src/asn1_helpers.c
@@ -5,19 +5,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c
index efb2eca..c85e2ca 100644
--- a/tests/src/bignum_helpers.c
+++ b/tests/src/bignum_helpers.c
@@ -7,19 +7,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
@@ -86,6 +74,7 @@
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
+#if defined(MBEDTLS_ECP_WITH_MPI_UINT)
int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
const char *s,
mbedtls_mpi_mod_rep_selector int_rep)
@@ -122,6 +111,7 @@
mbedtls_free((mbedtls_mpi_uint *) N->p);
mbedtls_mpi_mod_modulus_free(N);
}
+#endif /* MBEDTLS_ECP_WITH_MPI_UINT */
int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s)
{
diff --git a/tests/src/certs.c b/tests/src/certs.c
index b834e4a..879f088 100644
--- a/tests/src/certs.c
+++ b/tests/src/certs.c
@@ -2,19 +2,7 @@
* X.509 test certificates
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "common.h"
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
index 8fb1982..76ec12a 100644
--- a/tests/src/drivers/hash.c
+++ b/tests/src/drivers/hash.c
@@ -2,19 +2,7 @@
* Test driver for hash entry points.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c
index 6334a43..01fc050 100644
--- a/tests/src/drivers/platform_builtin_keys.c
+++ b/tests/src/drivers/platform_builtin_keys.c
@@ -5,19 +5,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 8eb5547..314ce83 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -2,19 +2,7 @@
* Test driver for AEAD entry points.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
@@ -25,6 +13,8 @@
#include "test/drivers/aead.h"
+#include "mbedtls/constant_time.h"
+
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_aead.h"
#endif
@@ -431,7 +421,7 @@
if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) {
if (tag_length != check_tag_length ||
- mbedtls_psa_safer_memcmp(tag, check_tag, tag_length)
+ mbedtls_ct_memcmp(tag, check_tag, tag_length)
!= 0) {
mbedtls_test_driver_aead_hooks.driver_status =
PSA_ERROR_INVALID_SIGNATURE;
diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c
index cf0e90c..ff46387 100644
--- a/tests/src/drivers/test_driver_asymmetric_encryption.c
+++ b/tests/src/drivers/test_driver_asymmetric_encryption.c
@@ -2,19 +2,7 @@
* Test driver for asymmetric encryption.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
@@ -58,8 +46,7 @@
return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
}
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
@@ -100,8 +87,7 @@
return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
}
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
key_buffer, key_buffer_size,
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index 42e79c4..2bc751a 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -3,19 +3,7 @@
* Currently only supports multi-part operations using AES-CTR.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
@@ -53,6 +41,7 @@
size_t *output_length)
{
mbedtls_test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits_encrypt++;
if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
@@ -70,6 +59,9 @@
if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status;
}
+ if (mbedtls_test_driver_cipher_hooks.forced_status_encrypt != PSA_SUCCESS) {
+ return mbedtls_test_driver_cipher_hooks.forced_status_encrypt;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
@@ -220,10 +212,14 @@
size_t iv_length)
{
mbedtls_test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits_set_iv++;
if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_cipher_hooks.forced_status;
}
+ if (mbedtls_test_driver_cipher_hooks.forced_status_set_iv != PSA_SUCCESS) {
+ return mbedtls_test_driver_cipher_hooks.forced_status_set_iv;
+ }
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c
index 9cf82a3..8471959 100644
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ b/tests/src/drivers/test_driver_key_agreement.c
@@ -2,19 +2,7 @@
* Test driver for key agreement functions.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 19da47a..d522ebf 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -3,19 +3,7 @@
* Currently only supports generating and verifying ECC keys.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
@@ -541,6 +529,7 @@
uint8_t *data, size_t data_size, size_t *data_length)
{
++mbedtls_test_driver_key_management_hooks.hits;
+ ++mbedtls_test_driver_key_management_hooks.hits_export_public_key;
if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_key_management_hooks.forced_status;
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
index 96c1685..9f8120b 100644
--- a/tests/src/drivers/test_driver_mac.c
+++ b/tests/src/drivers/test_driver_mac.c
@@ -2,19 +2,7 @@
* Test driver for MAC entry points.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c
index 69bd4ff..a0b6c1c 100644
--- a/tests/src/drivers/test_driver_pake.c
+++ b/tests/src/drivers/test_driver_pake.c
@@ -2,19 +2,7 @@
* Test driver for MAC entry points.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
index c312477..00dd3e2 100644
--- a/tests/src/drivers/test_driver_signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -4,19 +4,7 @@
* only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1.
*/
/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
@@ -33,7 +21,6 @@
#include "test/drivers/signature.h"
#include "test/drivers/hash.h"
-#include "mbedtls/md.h"
#include "mbedtls/ecdsa.h"
#include "test/random.h"
diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c
index 89af7d3..c0bfde5 100644
--- a/tests/src/fake_external_rng_for_test.c
+++ b/tests/src/fake_external_rng_for_test.c
@@ -5,19 +5,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/fake_external_rng_for_test.h>
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index 7cac6e0..eb28919 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -1,18 +1,6 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/constant_flow.h>
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index cab96ab..e1ea2b5 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -5,19 +5,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
@@ -82,9 +70,20 @@
mbedtls_psa_get_stats(&stats);
+#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \
+ !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+ /* When AES_C is not defined and PSA does not have an external RNG,
+ * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key
+ * slot is used internally from PSA to hold the AES key and it should
+ * not be taken into account when evaluating remaining open slots. */
+ if (stats.volatile_slots > 1) {
+ return "A volatile slot has not been closed properly.";
+ }
+#else
if (stats.volatile_slots != 0) {
return "A volatile slot has not been closed properly.";
}
+#endif
if (stats.persistent_slots != 0) {
return "A persistent slot has not been closed properly.";
}
@@ -149,6 +148,17 @@
}
}
+uint64_t mbedtls_test_parse_binary_string(data_t *bin_string)
+{
+ uint64_t result = 0;
+ TEST_LE_U(bin_string->len, 8);
+ for (size_t i = 0; i < bin_string->len; i++) {
+ result = result << 8 | bin_string->x[i];
+ }
+exit:
+ return result; /* returns 0 if len > 8 */
+}
+
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
#include <mbedtls/entropy.h>
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index ef1d261..f8b36e1 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -4,19 +4,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
@@ -309,7 +297,7 @@
hash_alg = KNOWN_SUPPORTED_HASH_ALG;
alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
#else
- TEST_ASSERT(!"No hash algorithm for hash-and-sign testing");
+ TEST_FAIL("No hash algorithm for hash-and-sign testing");
#endif
}
@@ -437,8 +425,19 @@
PSA_ASSERT(psa_key_derivation_input_bytes(operation,
PSA_KEY_DERIVATION_INPUT_LABEL,
input2, input2_length));
+ } else if (PSA_ALG_IS_PBKDF2(alg)) {
+ PSA_ASSERT(psa_key_derivation_input_integer(operation,
+ PSA_KEY_DERIVATION_INPUT_COST,
+ 1U));
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ input2,
+ input2_length));
+ PSA_ASSERT(psa_key_derivation_input_key(operation,
+ PSA_KEY_DERIVATION_INPUT_PASSWORD,
+ key));
} else {
- TEST_ASSERT(!"Key derivation algorithm not supported");
+ TEST_FAIL("Key derivation algorithm not supported");
}
if (capacity != SIZE_MAX) {
@@ -798,7 +797,7 @@
PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
} else {
(void) exported;
- TEST_ASSERT(!"Sanity check not implemented for this key type");
+ TEST_FAIL("Sanity check not implemented for this key type");
}
#if defined(MBEDTLS_DES_C)
@@ -943,7 +942,7 @@
} else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
ok = exercise_key_agreement_key(key, usage, alg);
} else {
- TEST_ASSERT(!"No code to exercise this category of algorithm");
+ TEST_FAIL("No code to exercise this category of algorithm");
}
ok = ok && exercise_export_key(key, usage);
diff --git a/tests/src/random.c b/tests/src/random.c
index d20103c..d041f36 100644
--- a/tests/src/random.c
+++ b/tests/src/random.c
@@ -7,19 +7,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
diff --git a/tests/src/test_certs.h b/tests/src/test_certs.h
index 866d1e0..b313ea8 100644
--- a/tests/src/test_certs.h
+++ b/tests/src/test_certs.h
@@ -2,19 +2,7 @@
* X.509 test certificates
*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 701577a..d02d305 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -5,19 +5,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/ssl_helpers.h>
@@ -85,7 +73,7 @@
opts->renegotiate = 0;
opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
opts->srv_log_obj = NULL;
- opts->srv_log_obj = NULL;
+ opts->cli_log_obj = NULL;
opts->srv_log_fun = NULL;
opts->cli_log_fun = NULL;
opts->resize_buffers = 1;
@@ -1057,7 +1045,7 @@
MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C)
+ defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES)
int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
const unsigned char *iv,
size_t iv_len,
@@ -1105,8 +1093,125 @@
iv, iv_len, input, ilen, output, olen);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC &&
- MBEDTLS_AES_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC &&
+ MBEDTLS_SSL_HAVE_AES */
+
+static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type,
+ mbedtls_cipher_mode_t *cipher_mode,
+ size_t *key_bits, size_t *iv_len)
+{
+ switch (cipher_type) {
+ case MBEDTLS_CIPHER_AES_128_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 128;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_AES_256_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 256;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_ARIA_128_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 128;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_ARIA_256_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 256;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_128_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 128;
+ *iv_len = 16;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_256_CBC:
+ *cipher_mode = MBEDTLS_MODE_CBC;
+ *key_bits = 256;
+ *iv_len = 16;
+ break;
+
+ case MBEDTLS_CIPHER_AES_128_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 128;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_AES_192_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 192;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_AES_256_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_128_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 128;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_192_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 192;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_256_CCM:
+ *cipher_mode = MBEDTLS_MODE_CCM;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+
+ case MBEDTLS_CIPHER_AES_128_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 128;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_AES_192_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 192;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_AES_256_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_128_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 128;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_192_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 192;
+ *iv_len = 12;
+ break;
+ case MBEDTLS_CIPHER_CAMELLIA_256_GCM:
+ *cipher_mode = MBEDTLS_MODE_GCM;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+
+ case MBEDTLS_CIPHER_CHACHA20_POLY1305:
+ *cipher_mode = MBEDTLS_MODE_CHACHAPOLY;
+ *key_bits = 256;
+ *iv_len = 12;
+ break;
+
+ case MBEDTLS_CIPHER_NULL:
+ *cipher_mode = MBEDTLS_MODE_STREAM;
+ *key_bits = 0;
+ *iv_len = 0;
+ break;
+
+ default:
+ *cipher_mode = MBEDTLS_MODE_NONE;
+ *key_bits = 0;
+ *iv_len = 0;
+ }
+}
int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
@@ -1116,18 +1221,20 @@
size_t cid0_len,
size_t cid1_len)
{
- mbedtls_cipher_info_t const *cipher_info;
+ mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE;
+ size_t key_bits = 0;
int ret = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
- size_t key_bits;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#else
+ mbedtls_cipher_info_t const *cipher_info;
#endif
- size_t keylen, maclen, ivlen;
+ size_t keylen, maclen, ivlen = 0;
unsigned char *key0 = NULL, *key1 = NULL;
unsigned char *md0 = NULL, *md1 = NULL;
unsigned char iv_enc[16], iv_dec[16];
@@ -1144,15 +1251,11 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
maclen = 0;
-
- /* Pick cipher */
- cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
- CHK(cipher_info != NULL);
- CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
- CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
+ mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type,
+ &cipher_mode, &key_bits, &ivlen);
/* Pick keys */
- keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
+ keylen = key_bits / 8;
/* Allocate `keylen + 1` bytes to ensure that we get
* a non-NULL pointers from `mbedtls_calloc` even if
* `keylen == 0` in the case of the NULL cipher. */
@@ -1162,6 +1265,12 @@
memset(key1, 0x2, keylen);
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Pick cipher */
+ cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
+ CHK(cipher_info != NULL);
+ CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
+ CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
+
/* Setup cipher contexts */
CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0);
@@ -1169,7 +1278,7 @@
CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if (cipher_info->mode == MBEDTLS_MODE_CBC) {
+ if (cipher_mode == MBEDTLS_MODE_CBC) {
CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
MBEDTLS_PADDING_NONE) == 0);
CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
@@ -1197,12 +1306,12 @@
(keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
MBEDTLS_DECRYPT)
== 0);
-#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
/* Setup MAC contexts */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- if (cipher_info->mode == MBEDTLS_MODE_CBC ||
- cipher_info->mode == MBEDTLS_MODE_STREAM) {
+ if (cipher_mode == MBEDTLS_MODE_CBC ||
+ cipher_mode == MBEDTLS_MODE_STREAM) {
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id);
CHK(md_info != NULL);
@@ -1240,7 +1349,7 @@
md1, maclen,
&t_out->psa_mac_enc) == PSA_SUCCESS);
- if (cipher_info->mode == MBEDTLS_MODE_STREAM ||
+ if (cipher_mode == MBEDTLS_MODE_STREAM ||
etm == MBEDTLS_SSL_ETM_DISABLED) {
/* mbedtls_ct_hmac() requires the key to be exportable */
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT |
@@ -1279,7 +1388,6 @@
/* Pick IV's (regardless of whether they
* are being used by the transform). */
- ivlen = mbedtls_cipher_info_get_iv_size(cipher_info);
memset(iv_enc, 0x3, sizeof(iv_enc));
memset(iv_dec, 0x4, sizeof(iv_dec));
@@ -1300,7 +1408,7 @@
t_out->ivlen = ivlen;
t_in->ivlen = ivlen;
- switch (cipher_info->mode) {
+ switch (cipher_mode) {
case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM:
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1467,6 +1575,65 @@
return ret;
}
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
+ mbedtls_ssl_transform *transform_out)
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+#endif
+
+ /* Serialized version of record header for MAC purposes */
+ unsigned char add_data[13];
+ memcpy(add_data, record->ctr, 8);
+ add_data[8] = record->type;
+ add_data[9] = record->ver[0];
+ add_data[10] = record->ver[1];
+ add_data[11] = (record->data_len >> 8) & 0xff;
+ add_data[12] = (record->data_len >> 0) & 0xff;
+
+ /* MAC with additional data */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t sign_mac_length = 0;
+ TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
+ transform_out->psa_mac_enc,
+ transform_out->psa_mac_alg));
+ TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
+ TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
+ record->buf + record->data_offset,
+ record->data_len));
+ /* Use a temporary buffer for the MAC, because with the truncated HMAC
+ * extension, there might not be enough room in the record for the
+ * full-length MAC. */
+ unsigned char mac[PSA_HASH_MAX_SIZE];
+ TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
+ mac, sizeof(mac),
+ &sign_mac_length));
+#else
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
+ record->buf + record->data_offset,
+ record->data_len));
+ /* Use a temporary buffer for the MAC, because with the truncated HMAC
+ * extension, there might not be enough room in the record for the
+ * full-length MAC. */
+ unsigned char mac[MBEDTLS_MD_MAX_SIZE];
+ TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
+#endif
+ memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
+ record->data_len += transform_out->maclen;
+
+ return 0;
+
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_abort(&operation);
+#endif
+ return -1;
+}
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
int ticket_len,
const char *crt_file)
@@ -1563,6 +1730,7 @@
return 0;
}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session,
@@ -1580,16 +1748,20 @@
session->resumption_key_len = 32;
memset(session->resumption_key, 0x99, sizeof(session->resumption_key));
-#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ session->max_early_data_size = 0x87654321;
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
- session->start = mbedtls_time(NULL) - 42;
+ session->ticket_creation_time = mbedtls_ms_time() - 42;
}
#endif
#if defined(MBEDTLS_SSL_CLI_C)
if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
#if defined(MBEDTLS_HAVE_TIME)
- session->ticket_received = mbedtls_time(NULL) - 40;
+ session->ticket_reception_time = mbedtls_ms_time() - 40;
#endif
session->ticket_lifetime = 0xfedcba98;
@@ -1759,8 +1931,8 @@
break;
default:
- TEST_ASSERT(
- !"Version check not implemented for this protocol version");
+ TEST_FAIL(
+ "Version check not implemented for this protocol version");
}
return 1;
diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c
index ae6e590..5fbf65b 100644
--- a/tests/src/threading_helpers.c
+++ b/tests/src/threading_helpers.c
@@ -2,19 +2,7 @@
/*
* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include <test/helpers.h>
@@ -70,15 +58,15 @@
* indicate the exact location of the problematic call. To locate the error,
* use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error().
*/
-enum value_of_mutex_is_valid_field {
- /* Potential values for the is_valid field of mbedtls_threading_mutex_t.
+enum value_of_mutex_state_field {
+ /* Potential values for the state field of mbedtls_threading_mutex_t.
* Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for
* compatibility with threading_mutex_init_pthread() and
* threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero
* value. */
- MUTEX_FREED = 0, //!< Set by threading_mutex_free_pthread
- MUTEX_IDLE = 1, //!< Set by threading_mutex_init_pthread and by our unlock
- MUTEX_LOCKED = 2, //!< Set by our lock
+ MUTEX_FREED = 0, //! < Set by mbedtls_test_wrap_mutex_free
+ MUTEX_IDLE = 1, //! < Set by mbedtls_test_wrap_mutex_init and by mbedtls_test_wrap_mutex_unlock
+ MUTEX_LOCKED = 2, //! < Set by mbedtls_test_wrap_mutex_lock
};
typedef struct {
@@ -89,10 +77,30 @@
} mutex_functions_t;
static mutex_functions_t mutex_functions;
-/** The total number of calls to mbedtls_mutex_init(), minus the total number
- * of calls to mbedtls_mutex_free().
+/**
+ * The mutex used to guard live_mutexes below and access to the status variable
+ * in every mbedtls_threading_mutex_t.
+ * Note that we are not reporting any errors when locking and unlocking this
+ * mutex. This is for a couple of reasons:
*
- * Reset to 0 after each test case.
+ * 1. We have no real way of reporting any errors with this mutex - we cannot
+ * report it back to the caller, as the failure was not that of the mutex
+ * passed in. We could fail the test, but again this would indicate a problem
+ * with the test code that did not exist.
+ *
+ * 2. Any failure to lock is unlikely to be intermittent, and will thus not
+ * give false test results - the overall result would be to turn off the
+ * testing. This is not a situation that is likely to happen with normal
+ * testing and we still have TSan to fall back on should this happen.
+ */
+mbedtls_threading_mutex_t mbedtls_test_mutex_mutex;
+
+/**
+ * The total number of calls to mbedtls_mutex_init(), minus the total number
+ * of calls to mbedtls_mutex_free().
+ *
+ * Do not read or write without holding mbedtls_test_mutex_mutex (above). Reset
+ * to 0 after each test case.
*/
static int live_mutexes;
@@ -100,6 +108,7 @@
const char *msg)
{
(void) mutex;
+
if (mbedtls_test_info.mutex_usage_error == NULL) {
mbedtls_test_info.mutex_usage_error = msg;
}
@@ -113,76 +122,92 @@
static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex)
{
mutex_functions.init(mutex);
- if (mutex->is_valid) {
+
+ if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
+ mutex->state = MUTEX_IDLE;
++live_mutexes;
+
+ mutex_functions.unlock(&mbedtls_test_mutex_mutex);
}
}
static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex)
{
- switch (mutex->is_valid) {
- case MUTEX_FREED:
- mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
- break;
- case MUTEX_IDLE:
- /* Do nothing. The underlying free function will reset is_valid
- * to 0. */
- break;
- case MUTEX_LOCKED:
- mbedtls_test_mutex_usage_error(mutex, "free without unlock");
- break;
- default:
- mbedtls_test_mutex_usage_error(mutex, "corrupted state");
- break;
- }
- if (mutex->is_valid) {
- --live_mutexes;
+ if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
+
+ switch (mutex->state) {
+ case MUTEX_FREED:
+ mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
+ break;
+ case MUTEX_IDLE:
+ mutex->state = MUTEX_FREED;
+ --live_mutexes;
+ break;
+ case MUTEX_LOCKED:
+ mbedtls_test_mutex_usage_error(mutex, "free without unlock");
+ break;
+ default:
+ mbedtls_test_mutex_usage_error(mutex, "corrupted state");
+ break;
+ }
+
+ mutex_functions.unlock(&mbedtls_test_mutex_mutex);
}
mutex_functions.free(mutex);
}
static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex)
{
+ /* Lock the passed in mutex first, so that the only way to change the state
+ * is to hold the passed in and internal mutex - otherwise we create a race
+ * condition. */
int ret = mutex_functions.lock(mutex);
- switch (mutex->is_valid) {
- case MUTEX_FREED:
- mbedtls_test_mutex_usage_error(mutex, "lock without init");
- break;
- case MUTEX_IDLE:
- if (ret == 0) {
- mutex->is_valid = 2;
- }
- break;
- case MUTEX_LOCKED:
- mbedtls_test_mutex_usage_error(mutex, "double lock");
- break;
- default:
- mbedtls_test_mutex_usage_error(mutex, "corrupted state");
- break;
+ if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
+ switch (mutex->state) {
+ case MUTEX_FREED:
+ mbedtls_test_mutex_usage_error(mutex, "lock without init");
+ break;
+ case MUTEX_IDLE:
+ if (ret == 0) {
+ mutex->state = MUTEX_LOCKED;
+ }
+ break;
+ case MUTEX_LOCKED:
+ mbedtls_test_mutex_usage_error(mutex, "double lock");
+ break;
+ default:
+ mbedtls_test_mutex_usage_error(mutex, "corrupted state");
+ break;
+ }
+
+ mutex_functions.unlock(&mbedtls_test_mutex_mutex);
}
return ret;
}
static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex)
{
- int ret = mutex_functions.unlock(mutex);
- switch (mutex->is_valid) {
- case MUTEX_FREED:
- mbedtls_test_mutex_usage_error(mutex, "unlock without init");
- break;
- case MUTEX_IDLE:
- mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
- break;
- case MUTEX_LOCKED:
- if (ret == 0) {
- mutex->is_valid = MUTEX_IDLE;
- }
- break;
- default:
- mbedtls_test_mutex_usage_error(mutex, "corrupted state");
- break;
+ /* Lock the internal mutex first and change state, so that the only way to
+ * change the state is to hold the passed in and internal mutex - otherwise
+ * we create a race condition. */
+ if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
+ switch (mutex->state) {
+ case MUTEX_FREED:
+ mbedtls_test_mutex_usage_error(mutex, "unlock without init");
+ break;
+ case MUTEX_IDLE:
+ mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
+ break;
+ case MUTEX_LOCKED:
+ mutex->state = MUTEX_IDLE;
+ break;
+ default:
+ mbedtls_test_mutex_usage_error(mutex, "corrupted state");
+ break;
+ }
+ mutex_functions.unlock(&mbedtls_test_mutex_mutex);
}
- return ret;
+ return mutex_functions.unlock(mutex);
}
void mbedtls_test_mutex_usage_init(void)
@@ -195,6 +220,8 @@
mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free;
mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock;
mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock;
+
+ mutex_functions.init(&mbedtls_test_mutex_mutex);
}
void mbedtls_test_mutex_usage_check(void)
@@ -219,4 +246,14 @@
mbedtls_test_info.mutex_usage_error = NULL;
}
+void mbedtls_test_mutex_usage_end(void)
+{
+ mbedtls_mutex_init = mutex_functions.init;
+ mbedtls_mutex_free = mutex_functions.free;
+ mbedtls_mutex_lock = mutex_functions.lock;
+ mbedtls_mutex_unlock = mutex_functions.unlock;
+
+ mutex_functions.free(&mbedtls_test_mutex_mutex);
+}
+
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
diff --git a/tests/ssl-opt-in-docker.sh b/tests/ssl-opt-in-docker.sh
index 159be4c..c0c85fc 100755
--- a/tests/ssl-opt-in-docker.sh
+++ b/tests/ssl-opt-in-docker.sh
@@ -22,19 +22,7 @@
# - ssl-opt.sh for notes about invocation of that script.
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
source tests/scripts/docker_env.sh
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6113eeb..4762285 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -3,19 +3,7 @@
# ssl-opt.sh
#
# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Purpose
#
@@ -72,6 +60,7 @@
: ${MBEDTLS_TEST_OUTCOME_FILE=}
: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"}
: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
+: ${EARLY_DATA_INPUT:=data_files/tls13_early_data.txt}
O_SRV="$OPENSSL s_server -www -cert data_files/server5.crt -key data_files/server5.key"
O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client"
@@ -81,14 +70,6 @@
# alternative versions of OpenSSL and GnuTLS (no default path)
-if [ -n "${OPENSSL_LEGACY:-}" ]; then
- O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key"
- O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client"
-else
- O_LEGACY_SRV=false
- O_LEGACY_CLI=false
-fi
-
if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key"
@@ -130,7 +111,9 @@
EXCLUDE='^$'
SHOW_TEST_NUMBER=0
+LIST_TESTS=0
RUN_TEST_NUMBER=''
+RUN_TEST_SUITE=''
PRESERVE_LOGS=0
@@ -149,11 +132,14 @@
printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
printf " -s|--show-numbers\tShow test numbers in front of test names\n"
printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
+ printf " --list-test-cases\tList all potential test cases (No Execution)\n"
printf " --outcome-file\tFile where test outcomes are written\n"
printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n"
printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n"
printf " --seed \tInteger seed value to use for this test run\n"
+ printf " --test-suite\tOnly matching test suites are executed\n"
+ printf " \t(comma-separated, e.g. 'ssl-opt,tls13-compat')\n\n"
}
get_options() {
@@ -174,6 +160,9 @@
-s|--show-numbers)
SHOW_TEST_NUMBER=1
;;
+ -l|--list-test-cases)
+ LIST_TESTS=1
+ ;;
-p|--preserve-logs)
PRESERVE_LOGS=1
;;
@@ -189,6 +178,9 @@
--seed)
shift; SEED="$1"
;;
+ --test-suite)
+ shift; RUN_TEST_SUITE="$1"
+ ;;
-h|--help)
print_usage
exit 0
@@ -203,11 +195,18 @@
done
}
+get_options "$@"
+
# Read boolean configuration options from mbedtls_config.h for easy and quick
# testing. Skip non-boolean options (with something other than spaces
# and a comment after "#define SYMBOL"). The variable contains a
# space-separated list of symbols.
-CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )"
+if [ "$LIST_TESTS" -eq 0 ];then
+ CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )"
+else
+ P_QUERY=":"
+ CONFIGS_ENABLED=""
+fi
# Skip next test; use this macro to skip tests which are legitimate
# in theory and expected to be re-introduced at some point, but
# aren't expected to succeed at the moment due to problems outside
@@ -241,28 +240,28 @@
}
requires_all_configs_enabled() {
- if ! $P_QUERY -all $*
+ if ! $P_QUERY -all $* 2>&1 > /dev/null
then
SKIP_NEXT="YES"
fi
}
requires_all_configs_disabled() {
- if $P_QUERY -any $*
+ if $P_QUERY -any $* 2>&1 > /dev/null
then
SKIP_NEXT="YES"
fi
}
requires_any_configs_enabled() {
- if ! $P_QUERY -any $*
+ if ! $P_QUERY -any $* 2>&1 > /dev/null
then
SKIP_NEXT="YES"
fi
}
requires_any_configs_disabled() {
- if $P_QUERY -all $*
+ if $P_QUERY -all $* 2>&1 > /dev/null
then
SKIP_NEXT="YES"
fi
@@ -303,7 +302,12 @@
#
# Note that if the configuration is not defined or is defined to nothing,
# the output of this function will be an empty string.
- ${P_SRV} "query_config=${1}"
+ if [ "$LIST_TESTS" -eq 0 ];then
+ ${P_SRV} "query_config=${1}"
+ else
+ echo "1"
+ fi
+
}
requires_config_value_at_least() {
@@ -354,9 +358,18 @@
# Space-separated list of ciphersuites supported by this build of
# Mbed TLS.
-P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
- grep 'TLS-\|TLS1-3' |
- tr -s ' \n' ' ')"
+P_CIPHERSUITES=""
+if [ "$LIST_TESTS" -eq 0 ]; then
+ P_CIPHERSUITES=" $($P_CLI help_ciphersuites 2>/dev/null |
+ grep 'TLS-\|TLS1-3' |
+ tr -s ' \n' ' ')"
+
+ if [ -z "${P_CIPHERSUITES# }" ]; then
+ echo >&2 "$0: fatal error: no cipher suites found!"
+ exit 125
+ fi
+fi
+
requires_ciphersuite_enabled() {
case $P_CIPHERSUITES in
*" $1 "*) :;;
@@ -364,6 +377,34 @@
esac
}
+requires_cipher_enabled() {
+ KEY_TYPE=$1
+ MODE=${2:-}
+ if is_config_enabled MBEDTLS_USE_PSA_CRYPTO; then
+ case "$KEY_TYPE" in
+ CHACHA20)
+ requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305
+ requires_config_enabled PSA_WANT_KEY_TYPE_CHACHA20
+ ;;
+ *)
+ requires_config_enabled PSA_WANT_ALG_${MODE}
+ requires_config_enabled PSA_WANT_KEY_TYPE_${KEY_TYPE}
+ ;;
+ esac
+ else
+ case "$KEY_TYPE" in
+ CHACHA20)
+ requires_config_enabled MBEDTLS_CHACHA20_C
+ requires_config_enabled MBEDTLS_CHACHAPOLY_C
+ ;;
+ *)
+ requires_config_enabled MBEDTLS_${MODE}_C
+ requires_config_enabled MBEDTLS_${KEY_TYPE}_C
+ ;;
+ esac
+ fi
+}
+
# Automatically detect required features based on command line parameters.
# Parameters are:
# - $1 = command line (call to a TLS client or server program)
@@ -435,6 +476,13 @@
;;
esac
+ case "$CMD_LINE" in
+ *server2*|\
+ *server7*)
+ # server2 and server7 certificates use RSA encryption
+ requires_config_enabled "MBEDTLS_RSA_C"
+ esac
+
unset tmp
}
@@ -637,20 +685,6 @@
fi
}
-# skip next test if OpenSSL-legacy isn't available
-requires_openssl_legacy() {
- if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then
- if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then
- OPENSSL_LEGACY_AVAILABLE="YES"
- else
- OPENSSL_LEGACY_AVAILABLE="NO"
- fi
- fi
- if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then
- SKIP_NEXT="YES"
- fi
-}
-
requires_openssl_next() {
if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
@@ -821,19 +855,20 @@
fi
}
-# Calculate the input & output maximum content lengths set in the config
MAX_CONTENT_LEN=16384
MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" )
MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" )
+if [ "$LIST_TESTS" -eq 0 ];then
+ # Calculate the input & output maximum content lengths set in the config
-# Calculate the maximum content length that fits both
-if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
- MAX_CONTENT_LEN="$MAX_IN_LEN"
+ # Calculate the maximum content length that fits both
+ if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
+ MAX_CONTENT_LEN="$MAX_IN_LEN"
+ fi
+ if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
+ MAX_CONTENT_LEN="$MAX_OUT_LEN"
+ fi
fi
-if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
- MAX_CONTENT_LEN="$MAX_OUT_LEN"
-fi
-
# skip the next test if the SSL output buffer is less than 16KB
requires_full_size_output_buffer() {
if [ "$MAX_OUT_LEN" -ne 16384 ]; then
@@ -875,6 +910,7 @@
fi
LINE="$LINE$1"
+
printf "%s " "$LINE"
LEN=$(( 72 - `echo "$LINE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done
@@ -1520,7 +1556,7 @@
# $1 and $2 contain the server and client command lines, respectively.
#
# Note: this function only provides some guess about TLS version by simply
-# looking at the server/client command lines. Even thought this works
+# looking at the server/client command lines. Even though this works
# for the sake of tests' filtering (especially in conjunction with the
# detect_required_features() function), it does NOT guarantee that the
# result is accurate. It does not check other conditions, such as:
@@ -1592,6 +1628,18 @@
return
fi
+ if [ "$LIST_TESTS" -gt 0 ]; then
+ printf "%s\n" "$NAME"
+ return
+ fi
+
+ # Use ssl-opt as default test suite name. Also see record_outcome function
+ if is_excluded_test_suite "${TEST_SUITE_NAME:-ssl-opt}"; then
+ # Do not skip next test and skip current test.
+ SKIP_NEXT="NO"
+ return
+ fi
+
print_name "$NAME"
# Do we only run numbered tests?
@@ -1628,13 +1676,18 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
fi
- # If the client or server requires certain features that can be detected
- # from their command-line arguments, check that they're enabled.
- TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD")
-
- # Check if we are trying to use an external tool wich does not support ECDH
+ # Check if we are trying to use an external tool which does not support ECDH
EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD")
+ # Guess the TLS version which is going to be used
+ if [ "$EXT_WO_ECDH" = "no" ]; then
+ TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD")
+ else
+ TLS_VERSION="TLS12"
+ fi
+
+ # If the client or server requires certain features that can be detected
+ # from their command-line arguments, check whether they're enabled.
detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@"
detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@"
@@ -1784,8 +1837,6 @@
# MAIN
#
-get_options "$@"
-
# Make the outcome file path relative to the original directory, not
# to .../tests
case "$MBEDTLS_TEST_OUTCOME_FILE" in
@@ -1836,114 +1887,127 @@
}
fi
-# sanity checks, avoid an avalanche of errors
-P_SRV_BIN="${P_SRV%%[ ]*}"
-P_CLI_BIN="${P_CLI%%[ ]*}"
-P_PXY_BIN="${P_PXY%%[ ]*}"
-if [ ! -x "$P_SRV_BIN" ]; then
- echo "Command '$P_SRV_BIN' is not an executable file"
- exit 1
-fi
-if [ ! -x "$P_CLI_BIN" ]; then
- echo "Command '$P_CLI_BIN' is not an executable file"
- exit 1
-fi
-if [ ! -x "$P_PXY_BIN" ]; then
- echo "Command '$P_PXY_BIN' is not an executable file"
- exit 1
-fi
-if [ "$MEMCHECK" -gt 0 ]; then
- if which valgrind >/dev/null 2>&1; then :; else
- echo "Memcheck not possible. Valgrind not found"
+# Filter tests according to TEST_SUITE_NAME
+is_excluded_test_suite () {
+ if [ -n "$RUN_TEST_SUITE" ]
+ then
+ case ",$RUN_TEST_SUITE," in
+ *",$1,"*) false;;
+ *) true;;
+ esac
+ else
+ false
+ fi
+
+}
+
+
+if [ "$LIST_TESTS" -eq 0 ];then
+
+ # sanity checks, avoid an avalanche of errors
+ P_SRV_BIN="${P_SRV%%[ ]*}"
+ P_CLI_BIN="${P_CLI%%[ ]*}"
+ P_PXY_BIN="${P_PXY%%[ ]*}"
+ if [ ! -x "$P_SRV_BIN" ]; then
+ echo "Command '$P_SRV_BIN' is not an executable file"
exit 1
fi
+ if [ ! -x "$P_CLI_BIN" ]; then
+ echo "Command '$P_CLI_BIN' is not an executable file"
+ exit 1
+ fi
+ if [ ! -x "$P_PXY_BIN" ]; then
+ echo "Command '$P_PXY_BIN' is not an executable file"
+ exit 1
+ fi
+ if [ "$MEMCHECK" -gt 0 ]; then
+ if which valgrind >/dev/null 2>&1; then :; else
+ echo "Memcheck not possible. Valgrind not found"
+ exit 1
+ fi
+ fi
+ if which $OPENSSL >/dev/null 2>&1; then :; else
+ echo "Command '$OPENSSL' not found"
+ exit 1
+ fi
+
+ # used by watchdog
+ MAIN_PID="$$"
+
+ # We use somewhat arbitrary delays for tests:
+ # - how long do we wait for the server to start (when lsof not available)?
+ # - how long do we allow for the client to finish?
+ # (not to check performance, just to avoid waiting indefinitely)
+ # Things are slower with valgrind, so give extra time here.
+ #
+ # Note: without lsof, there is a trade-off between the running time of this
+ # script and the risk of spurious errors because we didn't wait long enough.
+ # The watchdog delay on the other hand doesn't affect normal running time of
+ # the script, only the case where a client or server gets stuck.
+ if [ "$MEMCHECK" -gt 0 ]; then
+ START_DELAY=6
+ DOG_DELAY=60
+ else
+ START_DELAY=2
+ DOG_DELAY=20
+ fi
+
+ # some particular tests need more time:
+ # - for the client, we multiply the usual watchdog limit by a factor
+ # - for the server, we sleep for a number of seconds after the client exits
+ # see client_need_more_time() and server_needs_more_time()
+ CLI_DELAY_FACTOR=1
+ SRV_DELAY_SECONDS=0
+
+ # fix commands to use this port, force IPv4 while at it
+ # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
+ # Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
+ # machines that will resolve to ::1, and we don't want ipv6 here.
+ P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
+ P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
+ P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
+ O_SRV="$O_SRV -accept $SRV_PORT"
+ O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
+ G_SRV="$G_SRV -p $SRV_PORT"
+ G_CLI="$G_CLI -p +SRV_PORT"
+
+ # Newer versions of OpenSSL have a syntax to enable all "ciphers", even
+ # low-security ones. This covers not just cipher suites but also protocol
+ # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
+ # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
+ # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
+ # a way to discover it from -help, so check the openssl version.
+ case $($OPENSSL version) in
+ "OpenSSL 0"*|"OpenSSL 1.0"*) :;;
+ *)
+ O_CLI="$O_CLI -cipher ALL@SECLEVEL=0"
+ O_SRV="$O_SRV -cipher ALL@SECLEVEL=0"
+ ;;
+ esac
+
+ if [ -n "${OPENSSL_NEXT:-}" ]; then
+ O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
+ O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT"
+ O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT"
+ O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
+ O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT"
+ fi
+
+ if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
+ G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
+ G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT"
+ fi
+
+ if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
+ G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
+ G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost"
+ fi
+
+ # Allow SHA-1, because many of our test certificates use it
+ P_SRV="$P_SRV allow_sha1=1"
+ P_CLI="$P_CLI allow_sha1=1"
+
fi
-if which $OPENSSL >/dev/null 2>&1; then :; else
- echo "Command '$OPENSSL' not found"
- exit 1
-fi
-
-# used by watchdog
-MAIN_PID="$$"
-
-# We use somewhat arbitrary delays for tests:
-# - how long do we wait for the server to start (when lsof not available)?
-# - how long do we allow for the client to finish?
-# (not to check performance, just to avoid waiting indefinitely)
-# Things are slower with valgrind, so give extra time here.
-#
-# Note: without lsof, there is a trade-off between the running time of this
-# script and the risk of spurious errors because we didn't wait long enough.
-# The watchdog delay on the other hand doesn't affect normal running time of
-# the script, only the case where a client or server gets stuck.
-if [ "$MEMCHECK" -gt 0 ]; then
- START_DELAY=6
- DOG_DELAY=60
-else
- START_DELAY=2
- DOG_DELAY=20
-fi
-
-# some particular tests need more time:
-# - for the client, we multiply the usual watchdog limit by a factor
-# - for the server, we sleep for a number of seconds after the client exits
-# see client_need_more_time() and server_needs_more_time()
-CLI_DELAY_FACTOR=1
-SRV_DELAY_SECONDS=0
-
-# fix commands to use this port, force IPv4 while at it
-# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
-# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
-# machines that will resolve to ::1, and we don't want ipv6 here.
-P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
-P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
-P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
-O_SRV="$O_SRV -accept $SRV_PORT"
-O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
-G_SRV="$G_SRV -p $SRV_PORT"
-G_CLI="$G_CLI -p +SRV_PORT"
-
-if [ -n "${OPENSSL_LEGACY:-}" ]; then
- O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
- O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT"
-fi
-
-# Newer versions of OpenSSL have a syntax to enable all "ciphers", even
-# low-security ones. This covers not just cipher suites but also protocol
-# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
-# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
-# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
-# a way to discover it from -help, so check the openssl version.
-case $($OPENSSL version) in
- "OpenSSL 0"*|"OpenSSL 1.0"*) :;;
- *)
- O_CLI="$O_CLI -cipher ALL@SECLEVEL=0"
- O_SRV="$O_SRV -cipher ALL@SECLEVEL=0"
- ;;
-esac
-
-if [ -n "${OPENSSL_NEXT:-}" ]; then
- O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
- O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT"
- O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT"
- O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
- O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT"
-fi
-
-if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
- G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
- G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT"
-fi
-
-if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
- G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
- G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost"
-fi
-
-# Allow SHA-1, because many of our test certificates use it
-P_SRV="$P_SRV allow_sha1=1"
-P_CLI="$P_CLI allow_sha1=1"
-
# Also pick a unique name for intermediate files
SRV_OUT="srv_out.$$"
CLI_OUT="cli_out.$$"
@@ -1961,7 +2025,8 @@
# - the expected parameters are selected
requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
requires_hash_alg SHA_512 # "signature_algorithm ext: 6"
-requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
+requires_any_configs_enabled "MBEDTLS_ECP_DP_CURVE25519_ENABLED \
+ PSA_WANT_ECC_MONTGOMERY_255"
run_test "Default, TLS 1.2" \
"$P_SRV debug_level=3" \
"$P_CLI force_version=tls12" \
@@ -2062,6 +2127,11 @@
-c "Key size is 128"
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_MD_CAN_MD5
+# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
+# module does not support PSA dispatching so we need builtin support.
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_AES_C
requires_hash_alg SHA_256
run_test "TLS: password protected client key" \
"$P_SRV force_version=tls12 auth_mode=required" \
@@ -2069,6 +2139,11 @@
0
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_MD_CAN_MD5
+# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
+# module does not support PSA dispatching so we need builtin support.
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_AES_C
requires_hash_alg SHA_256
run_test "TLS: password protected server key" \
"$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
@@ -2077,6 +2152,11 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_MD_CAN_MD5
+# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
+# module does not support PSA dispatching so we need builtin support.
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_AES_C
requires_hash_alg SHA_256
run_test "TLS: password protected server key, two certificates" \
"$P_SRV force_version=tls12\
@@ -2261,7 +2341,6 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_hash_alg SHA_256
-requires_config_enabled MBEDTLS_CCM_C
run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key key_opaque_algs=ecdh,none \
@@ -2315,7 +2394,6 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_hash_alg SHA_384
-requires_config_enabled MBEDTLS_CCM_C
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
@@ -2495,7 +2573,6 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_384
-requires_config_enabled MBEDTLS_GCM_C
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
@@ -2586,32 +2663,32 @@
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
-requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_521
run_test_psa_force_curve "secp521r1"
-requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_512
run_test_psa_force_curve "brainpoolP512r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_384
run_test_psa_force_curve "secp384r1"
-requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_384
run_test_psa_force_curve "brainpoolP384r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test_psa_force_curve "secp256r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_K1_256
run_test_psa_force_curve "secp256k1"
-requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256
run_test_psa_force_curve "brainpoolP256r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_224
run_test_psa_force_curve "secp224r1"
## SECP224K1 is buggy via the PSA API
## (https://github.com/Mbed-TLS/mbedtls/issues/3541),
## so it is disabled in PSA even when it's enabled in Mbed TLS.
## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but
## dependencies on PSA symbols in ssl-opt.sh are not implemented yet.
-#requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#requires_config_enabled PSA_WANT_ECC_SECP_K1_224
#run_test_psa_force_curve "secp224k1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_192
run_test_psa_force_curve "secp192r1"
-requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_K1_192
run_test_psa_force_curve "secp192k1"
# Test current time in ServerHello
@@ -2632,7 +2709,8 @@
-U "IV used"
# Test for correctness of sent single supported algorithm
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \
+ PSA_WANT_ECC_SECP_R1_256"
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C
@@ -2647,7 +2725,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \
+ PSA_WANT_ECC_SECP_R1_256"
requires_hash_alg SHA_256
run_test "Single supported algorithm sending: openssl client" \
"$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
@@ -3803,6 +3882,7 @@
-s "session successfully restored from ticket" \
-s "a session has been resumed"
+requires_cipher_enabled "AES" "GCM"
run_test "Session resume using tickets: AES-128-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3817,6 +3897,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "AES" "GCM"
run_test "Session resume using tickets: AES-192-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3831,6 +3912,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "AES" "CCM"
run_test "Session resume using tickets: AES-128-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3845,6 +3927,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "AES" "CCM"
run_test "Session resume using tickets: AES-192-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3859,6 +3942,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "AES" "CCM"
run_test "Session resume using tickets: AES-256-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3873,6 +3957,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "CAMELLIA" "CCM"
run_test "Session resume using tickets: CAMELLIA-128-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3887,6 +3972,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "CAMELLIA" "CCM"
run_test "Session resume using tickets: CAMELLIA-192-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3901,6 +3987,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "CAMELLIA" "CCM"
run_test "Session resume using tickets: CAMELLIA-256-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3915,6 +4002,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "ARIA" "GCM"
run_test "Session resume using tickets: ARIA-128-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3929,6 +4017,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "ARIA" "GCM"
run_test "Session resume using tickets: ARIA-192-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3943,6 +4032,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "ARIA" "GCM"
run_test "Session resume using tickets: ARIA-256-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3957,6 +4047,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "ARIA" "CCM"
run_test "Session resume using tickets: ARIA-128-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3971,6 +4062,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "ARIA" "CCM"
run_test "Session resume using tickets: ARIA-192-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3985,6 +4077,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "ARIA" "CCM"
run_test "Session resume using tickets: ARIA-256-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3999,6 +4092,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_cipher_enabled "CHACHA20"
run_test "Session resume using tickets: CHACHA20-POLY1305" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -9027,8 +9121,6 @@
# Tests for ECC extensions (rfc 4492)
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
run_test "Force a non ECC ciphersuite in the client side" \
@@ -9040,8 +9132,6 @@
-S "found supported elliptic curves extension" \
-S "found supported point formats extension"
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
run_test "Force a non ECC ciphersuite in the server side" \
@@ -9051,8 +9141,6 @@
-C "found supported_point_formats extension" \
-S "server hello, supported_point_formats extension"
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_hash_alg SHA_256
run_test "Force an ECC ciphersuite in the client side" \
"$P_SRV debug_level=3" \
@@ -9063,8 +9151,6 @@
-s "found supported elliptic curves extension" \
-s "found supported point formats extension"
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_hash_alg SHA_256
run_test "Force an ECC ciphersuite in the server side" \
"$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
@@ -9589,8 +9675,6 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=512)" \
-p "$P_PXY mtu=512" \
@@ -9619,8 +9703,6 @@
not_with_valgrind
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
-p "$P_PXY mtu=508" \
@@ -9642,8 +9724,6 @@
only_with_valgrind
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
-p "$P_PXY mtu=508" \
@@ -9694,8 +9774,6 @@
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
-p "$P_PXY mtu=512" \
@@ -9743,8 +9821,6 @@
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
-p "$P_PXY mtu=512" \
@@ -9778,8 +9854,6 @@
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
-p "$P_PXY mtu=1450" \
@@ -9807,7 +9881,6 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_CHACHAPOLY_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
-p "$P_PXY mtu=512" \
@@ -9821,7 +9894,7 @@
crt_file=data_files/server8_int-ca2.crt \
key_file=data_files/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
- force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
hs_timeout=10000-60000 \
mtu=512" \
0 \
@@ -9837,8 +9910,6 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
-p "$P_PXY mtu=512" \
@@ -9868,8 +9939,6 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CCM_C
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
-p "$P_PXY mtu=1024" \
@@ -9899,8 +9968,6 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
@@ -9931,8 +9998,6 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
-p "$P_PXY mtu=1024" \
@@ -9958,8 +10023,6 @@
# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
client_needs_more_time 2
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU + 3d" \
@@ -9981,8 +10044,6 @@
# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_AES_C
-requires_config_enabled MBEDTLS_GCM_C
client_needs_more_time 2
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
@@ -11293,8 +11354,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_ciphersuite_enabled TLS1-3-CHACHA20-POLY1305-SHA256
-requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255"
+requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256"
run_test "TLS 1.3: Default" \
"$P_SRV allow_sha1=0 debug_level=3 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \
"$P_CLI allow_sha1=0" \
@@ -13386,17 +13447,21 @@
requires_max_content_len 16384
run_tests_memory_after_hanshake
-# Final report
+if [ "$LIST_TESTS" -eq 0 ]; then
-echo "------------------------------------------------------------------------"
+ # Final report
-if [ $FAILS = 0 ]; then
- printf "PASSED"
-else
- printf "FAILED"
+ echo "------------------------------------------------------------------------"
+
+ if [ $FAILS = 0 ]; then
+ printf "PASSED"
+ else
+ printf "FAILED"
+ fi
+ PASSES=$(( $TESTS - $FAILS ))
+ echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
+
fi
-PASSES=$(( $TESTS - $FAILS ))
-echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
if [ $FAILS -gt 255 ]; then
# Clamp at 255 as caller gets exit code & 0xFF
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 06f391f..cc28697 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -432,6 +432,50 @@
fflush(outcome_file);
}
+#if defined(__unix__) || \
+ (defined(__APPLE__) && defined(__MACH__))
+#define MBEDTLS_HAVE_CHDIR
+#endif
+
+#if defined(MBEDTLS_HAVE_CHDIR)
+/** Try chdir to the directory containing argv0.
+ *
+ * Failures are silent.
+ */
+static void try_chdir_if_supported(const char *argv0)
+{
+ /* We might want to allow backslash as well, for Windows. But then we also
+ * need to consider chdir() vs _chdir(), and different conventions
+ * regarding paths in argv[0] (naively enabling this code with
+ * backslash support on Windows leads to chdir into the wrong directory
+ * on the CI). */
+ const char *slash = strrchr(argv0, '/');
+ if (slash == NULL) {
+ return;
+ }
+ size_t path_size = slash - argv0 + 1;
+ char *path = mbedtls_calloc(1, path_size);
+ if (path == NULL) {
+ return;
+ }
+ memcpy(path, argv0, path_size - 1);
+ path[path_size - 1] = 0;
+ int ret = chdir(path);
+ if (ret != 0) {
+ mbedtls_fprintf(stderr, "%s: note: chdir(\"%s\") failed.\n",
+ __func__, path);
+ }
+ mbedtls_free(path);
+}
+#else /* MBEDTLS_HAVE_CHDIR */
+/* No chdir() or no support for parsing argv[0] on this platform. */
+static void try_chdir_if_supported(const char *argv0)
+{
+ (void) argv0;
+ return;
+}
+#endif /* MBEDTLS_HAVE_CHDIR */
+
/**
* \brief Desktop implementation of execute_tests().
* Parses command line and executes tests from
@@ -728,6 +772,10 @@
mbedtls_fprintf(stdout, " (%u / %u tests (%u skipped))\n",
total_tests - total_errors, total_tests, total_skipped);
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_end();
+#endif
+
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
#if defined(MBEDTLS_MEMORY_DEBUG)
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 6c8d98e..ef1898b 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -237,6 +237,21 @@
#endif
#endif
+ /* Try changing to the directory containing the executable, if
+ * using the default data file. This allows running the executable
+ * from another directory (e.g. the project root) and still access
+ * the .datax file as well as data files used by test cases
+ * (typically from tests/data_files).
+ *
+ * Note that we do this before the platform setup (which may access
+ * files such as a random seed). We also do this before accessing
+ * test-specific files such as the outcome file, which is arguably
+ * not desirable and should be fixed later.
+ */
+ if (argc == 1) {
+ try_chdir_if_supported(argv[0]);
+ }
+
int ret = mbedtls_test_platform_setup();
if (ret != 0) {
mbedtls_fprintf(stderr,
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index d495b49..2ca3f7f 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -6,6 +6,7 @@
* master, enc and dec must be AES context objects. They don't need to
* be initialized, and are left freed.
*/
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
static int test_copy(const data_t *key,
mbedtls_aes_context *master,
mbedtls_aes_context *enc,
@@ -55,6 +56,7 @@
* with alternative implementations. */
return 0;
}
+#endif
/* END_HEADER */
@@ -86,7 +88,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
void aes_decrypt_ecb(data_t *key_str, data_t *src_str,
data_t *dst, int setkey_result)
{
@@ -523,7 +525,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
void aes_ecb_copy_context(data_t *key)
{
/* We test context copying multiple times, with different alignments
diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function
index eefbaa5..842101f 100644
--- a/tests/suites/test_suite_alignment.function
+++ b/tests/suites/test_suite_alignment.function
@@ -121,7 +121,7 @@
r = MBEDTLS_BSWAP64(input);
break;
default:
- TEST_ASSERT(!"size must be 16, 32 or 64");
+ TEST_FAIL("size must be 16, 32 or 64");
}
TEST_EQUAL(r, expected);
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 579dddf..f1748d1 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -86,7 +86,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
void aria_decrypt_ecb(data_t *key_str, data_t *src_str,
data_t *expected_output, int setkey_result)
{
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index a7330d0..469b971 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -316,7 +316,7 @@
buf_complete[data_len + 2] = (unsigned char) (expected_params_len >> 8);
buf_complete[data_len + 3] = (unsigned char) (expected_params_len);
} else {
- TEST_ASSERT(!"Bad test data: invalid length of ASN.1 element");
+ TEST_FAIL("Bad test data: invalid length of ASN.1 element");
}
unsigned char *p = buf_complete;
TEST_EQUAL(mbedtls_asn1_get_alg(&p, end_complete,
diff --git a/tests/suites/test_suite_base64.data b/tests/suites/test_suite_base64.data
index 5556668..3999e73 100644
--- a/tests/suites/test_suite_base64.data
+++ b/tests/suites/test_suite_base64.data
@@ -1,27 +1,3 @@
-mask_of_range empty (1..0)
-mask_of_range:1:0
-
-mask_of_range empty (255..0)
-mask_of_range:255:0
-
-mask_of_range empty (42..7)
-mask_of_range:42:7
-
-mask_of_range 0..0
-mask_of_range:0:0
-
-mask_of_range 42..42
-mask_of_range:42:42
-
-mask_of_range 255..255
-mask_of_range:255:255
-
-mask_of_range 0..255
-mask_of_range:0:255
-
-mask_of_range 'A'..'Z'
-mask_of_range:65:90
-
enc_char (all digits)
enc_chars:
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index ce6bd42..e351ad8 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/base64.h"
+#include "base64_internal.h"
#include "constant_time_internal.h"
-#include "constant_time_invasive.h"
#include <test/constant_flow.h>
#if defined(MBEDTLS_TEST_HOOKS)
@@ -17,26 +17,6 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
-void mask_of_range(int low_arg, int high_arg)
-{
- unsigned char low = low_arg, high = high_arg;
- unsigned c;
- for (c = 0; c <= 0xff; c++) {
- mbedtls_test_set_step(c);
- TEST_CF_SECRET(&c, sizeof(c));
- unsigned char m = mbedtls_ct_uchar_mask_of_range(low, high, c);
- TEST_CF_PUBLIC(&c, sizeof(c));
- TEST_CF_PUBLIC(&m, sizeof(m));
- if (low <= c && c <= high) {
- TEST_EQUAL(m, 0xff);
- } else {
- TEST_EQUAL(m, 0);
- }
- }
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
void enc_chars()
{
for (unsigned value = 0; value < 64; value++) {
diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index 7f858e5..c90f1bb 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -438,7 +438,7 @@
TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err);
if (input_err == 0) {
- TEST_ASSERT(ret == input_uret);
+ TEST_EQUAL(ret, input_uret);
}
exit:
@@ -834,7 +834,7 @@
} else if (strcmp(result_comparison, "!=") == 0) {
TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0);
} else {
- TEST_ASSERT("unknown operator" == 0);
+ TEST_FAIL("unknown operator");
}
exit:
diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function
index 3ede6b2..db84d62 100644
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@@ -358,7 +358,7 @@
TEST_CF_SECRET(Y, X_limbs * sizeof(mbedtls_mpi_uint));
ret = mbedtls_mpi_core_lt_ct(X, Y, X_limbs);
- TEST_EQUAL(ret, exp_ret);
+ TEST_EQUAL(!!ret, exp_ret);
exit:
mbedtls_free(X);
@@ -384,25 +384,25 @@
TEST_CF_SECRET(A, A_limbs * sizeof(*A));
- TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(0, A, A_limbs), 1);
- TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(A[0], A, A_limbs), 1);
+ TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(0, A, A_limbs), 1);
+ TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(A[0], A, A_limbs), 1);
if (is_large) {
- TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(A[0] + 1,
- A, A_limbs), 1);
- TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1,
- A, A_limbs), 1);
- TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1),
- A, A_limbs), 1);
+ TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(A[0] + 1,
+ A, A_limbs), 1);
+ TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1,
+ A, A_limbs), 1);
+ TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1),
+ A, A_limbs), 1);
} else {
- TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi(A[0] + 1,
- A, A_limbs),
+ TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi(A[0] + 1,
+ A, A_limbs),
A[0] + 1 <= A[0]);
- TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1,
- A, A_limbs),
+ TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1) >> 1,
+ A, A_limbs),
(mbedtls_mpi_uint) (-1) >> 1 <= A[0]);
- TEST_EQUAL(mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1),
- A, A_limbs),
+ TEST_EQUAL(!!mbedtls_mpi_core_uint_le_mpi((mbedtls_mpi_uint) (-1),
+ A, A_limbs),
(mbedtls_mpi_uint) (-1) <= A[0]);
}
@@ -447,7 +447,7 @@
TEST_CF_SECRET(X, bytes);
TEST_CF_SECRET(Y, bytes);
- mbedtls_mpi_core_cond_assign(X, Y, copy_limbs, 1);
+ mbedtls_mpi_core_cond_assign(X, Y, copy_limbs, mbedtls_ct_bool(1));
TEST_CF_PUBLIC(X, bytes);
TEST_CF_PUBLIC(Y, bytes);
@@ -515,7 +515,7 @@
TEST_CF_SECRET(X, bytes);
TEST_CF_SECRET(Y, bytes);
- mbedtls_mpi_core_cond_swap(X, Y, copy_limbs, 1);
+ mbedtls_mpi_core_cond_swap(X, Y, copy_limbs, mbedtls_ct_bool(1));
TEST_CF_PUBLIC(X, bytes);
TEST_CF_PUBLIC(Y, bytes);
diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function
index 7015284..9d0fe93 100644
--- a/tests/suites/test_suite_bignum_mod.function
+++ b/tests/suites/test_suite_bignum_mod.function
@@ -35,7 +35,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_BIGNUM_C
+ * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_ECP_WITH_MPI_UINT
* END_DEPENDENCIES
*/
@@ -737,5 +737,6 @@
mbedtls_free(R);
mbedtls_free(R_COPY);
mbedtls_free(obuf);
+ mbedtls_free(ref_buf);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function
index 6b953f5..f7f8a59 100644
--- a/tests/suites/test_suite_bignum_mod_raw.function
+++ b/tests/suites/test_suite_bignum_mod_raw.function
@@ -11,7 +11,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_BIGNUM_C
+ * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_ECP_WITH_MPI_UINT
* END_DEPENDENCIES
*/
diff --git a/tests/suites/test_suite_bignum_random.function b/tests/suites/test_suite_bignum_random.function
index 9ea773c..b43b1e7 100644
--- a/tests/suites/test_suite_bignum_random.function
+++ b/tests/suites/test_suite_bignum_random.function
@@ -134,7 +134,7 @@
if (expected_ret == 0) {
TEST_EQUAL(0, mbedtls_mpi_core_lt_ct(result, lower_bound, limbs));
- TEST_EQUAL(1, mbedtls_mpi_core_lt_ct(result, upper_bound, limbs));
+ TEST_ASSERT(0 != mbedtls_mpi_core_lt_ct(result, upper_bound, limbs));
}
exit:
@@ -192,7 +192,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_WITH_MPI_UINT */
void mpi_mod_random_values(int min, char *max_hex, int rep)
{
/* Same RNG as in mpi_core_random_basic */
@@ -403,7 +403,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_WITH_MPI_UINT */
void mpi_mod_random_validation(int min, char *bound_hex,
int result_limbs_delta,
int expected_ret)
@@ -429,8 +429,7 @@
* size as the modulus, otherwise it's a mistake in the test data. */
TEST_EQUAL(result_limbs, N.limbs);
/* Sanity check: check that the result is in range */
- TEST_EQUAL(mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs),
- 1);
+ TEST_ASSERT(0 != mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs));
/* Check result >= min (changes result) */
TEST_EQUAL(mbedtls_mpi_core_sub_int(result_digits, result_digits, min,
result_limbs),
@@ -444,8 +443,7 @@
mbedtls_test_rnd_std_rand, NULL),
expected_ret);
if (expected_ret == 0) {
- TEST_EQUAL(mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs),
- 1);
+ TEST_ASSERT(0 != mbedtls_mpi_core_lt_ct(result_digits, N.p, N.limbs));
TEST_EQUAL(mbedtls_mpi_core_sub_int(result_digits, result.p, min,
result_limbs),
0);
diff --git a/tests/suites/test_suite_block_cipher.data b/tests/suites/test_suite_block_cipher.data
new file mode 100644
index 0000000..097b567
--- /dev/null
+++ b/tests/suites/test_suite_block_cipher.data
@@ -0,0 +1,255 @@
+Invalid input
+invalid:
+
+AES-128-ECB Encrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e"
+
+AES-128-ECB Encrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"9798c4640bad75c7c3227db910174e72":"a9a1631bf4996954ebc093957b234589"
+
+AES-128-ECB Encrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"96ab5c2ff612d9dfaae8c31f30c42168":"ff4f8391a6a40ca5b25d23bedd44a597"
+
+AES-128-ECB Encrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"e0000000000000000000000000000000":"00000000000000000000000000000000":"72a1da770f5d7ac4c9ef94d822affd97"
+
+AES-128-ECB Encrypt NIST KAT #5
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"f0000000000000000000000000000000":"00000000000000000000000000000000":"970014d634e2b7650777e8e84d03ccd8"
+
+AES-128-ECB Encrypt NIST KAT #6
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"f8000000000000000000000000000000":"00000000000000000000000000000000":"f17e79aed0db7e279e955b5f493875a7"
+
+AES-128-ECB Encrypt NIST KAT #7
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffff0000000000000000000":"00000000000000000000000000000000":"7b90785125505fad59b13c186dd66ce3"
+
+AES-128-ECB Encrypt NIST KAT #8
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffff8000000000000000000":"00000000000000000000000000000000":"8b527a6aebdaec9eaef8eda2cb7783e5"
+
+AES-128-ECB Encrypt NIST KAT #9
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffc000000000000000000":"00000000000000000000000000000000":"43fdaf53ebbc9880c228617d6a9b548b"
+
+AES-128-ECB Encrypt NIST KAT #10
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffc000":"00000000000000000000000000000000":"70c46bb30692be657f7eaa93ebad9897"
+
+AES-128-ECB Encrypt NIST KAT #11
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a"
+
+AES-128-ECB Encrypt NIST KAT #12
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffffffffffffffffff000":"00000000000000000000000000000000":"1dbf57877b7b17385c85d0b54851e371"
+
+AES-128-ECB Encrypt NIST KAT #13
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a"
+
+AES-128-ECB Encrypt NIST KAT #14
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"ffffffffffffffe00000000000000000":"d451b8d6e1e1a0ebb155fbbf6e7b7dc3"
+
+AES-128-ECB Encrypt NIST KAT #15
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"fffffffffffffff00000000000000000":"6898d4f42fa7ba6a10ac05e87b9f2080"
+
+AES-128-ECB Encrypt NIST KAT #16
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"ffffffffffffffffffffffffe0000000":"082eb8be35f442fb52668e16a591d1d6"
+
+AES-128-ECB Encrypt NIST KAT #17
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"fffffffffffffffffffffffff0000000":"e656f9ecf5fe27ec3e4a73d00c282fb3"
+
+AES-128-ECB Encrypt NIST KAT #18
+depends_on:MBEDTLS_AES_C
+test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"fffffffffffffffffffffffff8000000":"2ca8209d63274cd9a29bb74bcd77683a"
+
+AES-192-ECB Encrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"156f07767a85a4312321f63968338a01"
+
+AES-192-ECB Encrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffffc0000000000":"15eec9ebf42b9ca76897d2cd6c5a12e2"
+
+AES-192-ECB Encrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffffe0000000000":"db0d3a6fdcc13f915e2b302ceeb70fd8"
+
+AES-192-ECB Encrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"51719783d3185a535bd75adc65071ce1":"4f354592ff7c8847d2d0870ca9481b7c"
+
+AES-192-ECB Encrypt NIST KAT #5
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"26aa49dcfe7629a8901a69a9914e6dfd":"d5e08bf9a182e857cf40b3a36ee248cc"
+
+AES-192-ECB Encrypt NIST KAT #6
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"941a4773058224e1ef66d10e0a6ee782":"067cd9d3749207791841562507fa9626"
+
+AES-192-ECB Encrypt NIST KAT #7
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"d2926527e0aa9f37b45e2ec2ade5853ef807576104c7ace3":"00000000000000000000000000000000":"dd619e1cf204446112e0af2b9afa8f8c"
+
+AES-192-ECB Encrypt NIST KAT #8
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"982215f4e173dfa0fcffe5d3da41c4812c7bcc8ed3540f93":"00000000000000000000000000000000":"d4f0aae13c8fe9339fbf9e69ed0ad74d"
+
+AES-192-ECB Encrypt NIST KAT #9
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"98c6b8e01e379fbd14e61af6af891596583565f2a27d59e9":"00000000000000000000000000000000":"19c80ec4a6deb7e5ed1033dda933498f"
+
+AES-192-ECB Encrypt NIST KAT #10
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffffffffffffffff800000000000000000000":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3"
+
+AES-192-ECB Encrypt NIST KAT #11
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffffffffffffffffc00000000000000000000":"00000000000000000000000000000000":"9d6bdc8f4ce5feb0f3bed2e4b9a9bb0b"
+
+AES-192-ECB Encrypt NIST KAT #12
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffffffffffffffffe00000000000000000000":"00000000000000000000000000000000":"fd5548bcf3f42565f7efa94562528d46"
+
+AES-256-ECB Encrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd"
+
+AES-256-ECB Encrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"984ca75f4ee8d706f46c2d98c0bf4a45f5b00d791c2dfeb191b5ed8e420fd627":"00000000000000000000000000000000":"4307456a9e67813b452e15fa8fffe398"
+
+AES-256-ECB Encrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"b43d08a447ac8609baadae4ff12918b9f68fc1653f1269222f123981ded7a92f":"00000000000000000000000000000000":"4663446607354989477a5c6f0f007ef4"
+
+AES-256-ECB Encrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"0b24af36193ce4665f2825d7b4749c98":"a9ff75bd7cf6613d3731c77c3b6d0c04"
+
+AES-256-ECB Encrypt NIST KAT #5
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"761c1fe41a18acf20d241650611d90f1":"623a52fcea5d443e48d9181ab32c7421"
+
+AES-256-ECB Encrypt NIST KAT #6
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"8a560769d605868ad80d819bdba03771":"38f2c7ae10612415d27ca190d27da8b4"
+
+AES-256-ECB Encrypt NIST KAT #7
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"ffffff80000000000000000000000000":"36aff0ef7bf3280772cf4cac80a0d2b2"
+
+AES-256-ECB Encrypt NIST KAT #8
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"ffffffc0000000000000000000000000":"1f8eedea0f62a1406d58cfc3ecea72cf"
+
+AES-256-ECB Encrypt NIST KAT #9
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"ffffffe0000000000000000000000000":"abf4154a3375a1d3e6b1d454438f95a6"
+
+AES-256-ECB Encrypt NIST KAT #10
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5"
+
+AES-256-ECB Encrypt NIST KAT #11
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffffffffffc000000000000000000000000000":"00000000000000000000000000000000":"b4da5df4becb5462e03a0ed00d295629"
+
+AES-256-ECB Encrypt NIST KAT #12
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffffffffffe000000000000000000000000000":"00000000000000000000000000000000":"dcf4e129136c1a4b7a0f38935cc34b2b"
+
+ARIA-128-ECB Encrypt - RFC 5794
+depends_on:MBEDTLS_ARIA_C
+test_vec:MBEDTLS_CIPHER_ID_ARIA:"000102030405060708090a0b0c0d0e0f":"00112233445566778899aabbccddeeff":"d718fbd6ab644c739da95f3be6451778"
+
+ARIA-192-ECB Encrypt - RFC 5794
+depends_on:MBEDTLS_ARIA_C
+test_vec:MBEDTLS_CIPHER_ID_ARIA:"000102030405060708090a0b0c0d0e0f1011121314151617":"00112233445566778899aabbccddeeff":"26449c1805dbe7aa25a468ce263a9e79"
+
+ARIA-256-ECB Encrypt - RFC 5794
+depends_on:MBEDTLS_ARIA_C
+test_vec:MBEDTLS_CIPHER_ID_ARIA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"00112233445566778899aabbccddeeff":"f92bd7c79fb72e2f2b8f80c1972d24fc"
+
+Camellia-128-ECB Encrypt RFC3713 #1
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba9876543210":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43"
+
+Camellia-192-ECB Encrypt RFC3713 #1
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba98765432100011223344556677":"0123456789abcdeffedcba9876543210":"b4993401b3e996f84ee5cee7d79b09b9"
+
+Camellia-256-ECB Encrypt RFC3713 #1
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff":"0123456789abcdeffedcba9876543210":"9acc237dff16d76c20ef7c919e3a7509"
+
+Camellia-128-ECB Encrypt Perl EVP #1 [#1]
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F":"00112233445566778899AABBCCDDEEFF":"77CF412067AF8270613529149919546F"
+
+Camellia-192-ECB Encrypt Perl EVP #1 [#1]
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F1011121314151617":"00112233445566778899AABBCCDDEEFF":"B22F3C36B72D31329EEE8ADDC2906C68"
+
+Camellia-256-ECB Encrypt Perl EVP #1 [#1]
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"00112233445566778899AABBCCDDEEFF":"2EDF1F3418D53B88841FC8985FB1ECF2"
+
+Camellia-128-ECB Encrypt Perl EVP #1 [#2]
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"6BC1BEE22E409F96E93D7E117393172A":"432FC5DCD628115B7C388D770B270C96"
+
+Camellia-128-ECB Encrypt Perl EVP #2
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"0BE1F14023782A22E8384C5ABB7FAB2B"
+
+Camellia-128-ECB Encrypt Perl EVP #3
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"30C81C46A35CE411E5FBC1191A0A52EF":"A0A1ABCD1893AB6FE0FE5B65DF5F8636"
+
+Camellia-128-ECB Encrypt Perl EVP #4
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"F69F2445DF4F9B17AD2B417BE66C3710":"E61925E0D5DFAA9BB29F815B3076E51A"
+
+Camellia-192-ECB Encrypt Perl EVP #1 [#2]
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"6BC1BEE22E409F96E93D7E117393172A":"CCCC6C4E138B45848514D48D0D3439D3"
+
+Camellia-192-ECB Encrypt Perl EVP #2
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"5713C62C14B2EC0F8393B6AFD6F5785A"
+
+Camellia-192-ECB Encrypt Perl EVP #3
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"30C81C46A35CE411E5FBC1191A0A52EF":"B40ED2B60EB54D09D030CF511FEEF366"
+
+Camellia-192-ECB Encrypt Perl EVP #4
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"F69F2445DF4F9B17AD2B417BE66C3710":"909DBD95799096748CB27357E73E1D26"
+
+Camellia-256-ECB Encrypt Perl EVP #1 [#2]
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"6BC1BEE22E409F96E93D7E117393172A":"BEFD219B112FA00098919CD101C9CCFA"
+
+Camellia-256-ECB Encrypt Perl EVP #2
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"C91D3A8F1AEA08A9386CF4B66C0169EA"
+
+Camellia-256-ECB Encrypt Perl EVP #3
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"30C81C46A35CE411E5FBC1191A0A52EF":"A623D711DC5F25A51BB8A80D56397D28"
+
+Camellia-256-ECB Encrypt Perl EVP #4
+depends_on:MBEDTLS_CAMELLIA_C
+test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"F69F2445DF4F9B17AD2B417BE66C3710":"7960109FB6DC42947FCFE59EA3C5EB6B"
+
diff --git a/tests/suites/test_suite_block_cipher.function b/tests/suites/test_suite_block_cipher.function
new file mode 100644
index 0000000..239568c
--- /dev/null
+++ b/tests/suites/test_suite_block_cipher.function
@@ -0,0 +1,94 @@
+/* BEGIN_HEADER */
+#include "block_cipher_internal.h"
+
+#define BLOCK_SIZE 16
+
+#if defined(MBEDTLS_AES_C)
+#define VALID_CIPHER_ID MBEDTLS_CIPHER_ID_AES
+#define BADKEY_ERROR MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+#elif defined(MBEDTLS_ARIA_C)
+#define VALID_CIPHER_ID MBEDTLS_CIPHER_ID_ARIA
+#define BADKEY_ERROR MBEDTLS_ERR_ARIA_BAD_INPUT_DATA
+#elif defined(MBEDTLS_CAMELLIA_C)
+#define VALID_CIPHER_ID MBEDTLS_CIPHER_ID_CAMELLIA
+#define BADKEY_ERROR MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
+#else
+#undef VALID_CIPHER_ID
+#endif
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_BLOCK_CIPHER_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:VALID_CIPHER_ID */
+void invalid()
+{
+ /* That size is valid for a key or an input/output block. */
+ unsigned char buf[16] = { 0 };
+
+ mbedtls_block_cipher_context_t ctx;
+
+ mbedtls_block_cipher_init(&ctx);
+
+ /* Bad parameters to setup */
+ TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_block_cipher_setup(&ctx, MBEDTLS_CIPHER_ID_NONE));
+ TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_block_cipher_setup(&ctx, MBEDTLS_CIPHER_ID_DES));
+
+ /* setkey() before successful setup() */
+ TEST_EQUAL(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT,
+ mbedtls_block_cipher_setkey(&ctx, buf, 128));
+
+ /* encrypt() before successful setup() */
+ TEST_EQUAL(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT,
+ mbedtls_block_cipher_encrypt(&ctx, buf, buf));
+
+ /* free() before successful setup()
+ * No return value to check, but shouldn't cause memory errors. */
+ mbedtls_block_cipher_free(&ctx);
+
+ /* Now properly setup the context */
+ mbedtls_block_cipher_init(&ctx);
+ TEST_EQUAL(0, mbedtls_block_cipher_setup(&ctx, VALID_CIPHER_ID));
+
+ /* Bad parameters to setkey() */
+ TEST_EQUAL(BADKEY_ERROR,
+ mbedtls_block_cipher_setkey(&ctx, buf, 42));
+
+exit:
+ mbedtls_block_cipher_free(&ctx);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void test_vec(int cipher_id_arg, data_t *key, data_t *input, data_t *outref)
+{
+ mbedtls_block_cipher_context_t ctx;
+ mbedtls_cipher_id_t cipher_id = cipher_id_arg;
+ unsigned char output[BLOCK_SIZE];
+
+ mbedtls_block_cipher_init(&ctx);
+
+ memset(output, 0x00, sizeof(output));
+
+ TEST_EQUAL(0, mbedtls_block_cipher_setup(&ctx, cipher_id));
+ TEST_EQUAL(0, mbedtls_block_cipher_setkey(&ctx, key->x, 8 * key->len));
+
+ /* Encrypt with input != output */
+ TEST_EQUAL(0, mbedtls_block_cipher_encrypt(&ctx, input->x, output));
+ ASSERT_COMPARE(output, BLOCK_SIZE, outref->x, outref->len);
+
+ /* Encrypt with input == output.
+ * (Also, encrypting again ensures the previous call to encrypt()
+ * did not change the state of the context.) */
+ memcpy(output, input->x, BLOCK_SIZE);
+ TEST_EQUAL(0, mbedtls_block_cipher_encrypt(&ctx, output, output));
+ ASSERT_COMPARE(output, BLOCK_SIZE, outref->x, outref->len);
+
+exit:
+ mbedtls_block_cipher_free(&ctx);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 1cef97a..6930679 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -67,7 +67,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
void camellia_decrypt_ecb(data_t *key_str, data_t *src_str,
data_t *dst, int setkey_result)
{
diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index 134970f..99a662b 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -8,63 +8,63 @@
AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 1 byte with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_PKCS7
AES-128 CBC - Encrypt and decrypt 0 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
@@ -251,15 +251,15 @@
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_NONE
AES-128 CBC - Encrypt and decrypt 16 bytes with no padding
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_NONE
AES-128 CBC - Encrypt and decrypt 32 bytes with no padding
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_NONE
AES-128 CBC - Encrypt and decrypt 48 bytes with no padding
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_NONE
AES-128 CBC - Try encrypting 1 bytes with no padding
@@ -1272,107 +1272,107 @@
AES-192 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:0:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:0:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 1 byte with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:1:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:1:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:2:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:2:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:7:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:7:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:8:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:8:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:9:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:9:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:15:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:15:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:16:-1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:16:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:17:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:17:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:31:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:31:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:32:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:32:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:33:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:33:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:47:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:47:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:48:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:48:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:49:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:49:MBEDTLS_PADDING_PKCS7
AES-192 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0
AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16
AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16
AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16
AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16
AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16
AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16
AES-192 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6:-1:16:0:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0
AES-192 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:-1:16:16:0:32
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32
AES-256 CBC - Decrypt empty buffer
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
@@ -1380,107 +1380,107 @@
AES-256 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:0:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:0:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 1 byte with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:1:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:1:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:2:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:2:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:7:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:7:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:8:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:8:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:9:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:9:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:15:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:15:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:16:-1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:16:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:17:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:17:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:31:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:31:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:32:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:32:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:33:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:33:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:47:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:47:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:48:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:48:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:49:-1
+enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:49:MBEDTLS_PADDING_PKCS7
AES-256 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0
AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16
AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16
AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16
AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16
AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16
AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16
AES-256 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6:-1:16:0:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0
AES-256 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16:-1:16:16:0:32
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32
AES Decrypt test vector #0
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
@@ -1595,47 +1595,47 @@
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"fffffffffffffffffffffffff8000000":"2ca8209d63274cd9a29bb74bcd77683a":0
AES-128-ECB Decrypt NIST KAT #1
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0
AES-128-ECB Decrypt NIST KAT #2
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"a81738252621dd180a34f3455b4baa2f":"ff800000000000000000000000000000":0
AES-128-ECB Decrypt NIST KAT #3
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"77e2b508db7fd89234caf7939ee5621a":"ffc00000000000000000000000000000":0
AES-128-ECB Decrypt NIST KAT #4
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"dc43be40be0e53712f7e2bf5ca707209":"6a118a874519e64e9963798a503f1d35":0
AES-128-ECB Decrypt NIST KAT #5
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"92beedab1895a94faa69b632e5cc47ce":"cb9fceec81286ca3e989bd979b0cb284":0
AES-128-ECB Decrypt NIST KAT #6
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"459264f4798f6a78bacb89c15ed3d601":"b26aeb1874e47ca8358ff22378f09144":0
AES-128-ECB Decrypt NIST KAT #7
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0
AES-128-ECB Decrypt NIST KAT #8
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"71b5c08a1993e1362e4d0ce9b22b78d5":"c2dabd117f8a3ecabfbb11d12194d9d0":"00000000000000000000000000000000":0
AES-128-ECB Decrypt NIST KAT #9
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"e234cdca2606b81f29408d5f6da21206":"fff60a4740086b3b9c56195b98d91a7b":"00000000000000000000000000000000":0
AES-128-ECB Decrypt NIST KAT #10
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff0000000000000000":"84be19e053635f09f2665e7bae85b42d":"00000000000000000000000000000000":0
AES-128-ECB Decrypt NIST KAT #11
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0
AES-192-ECB Encrypt NIST KAT #1
@@ -1687,51 +1687,51 @@
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffe00000000000000000000":"00000000000000000000000000000000":"fd5548bcf3f42565f7efa94562528d46":0
AES-192-ECB Decrypt NIST KAT #1
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0
AES-192-ECB Decrypt NIST KAT #2
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff800000000000000":"1b9f5fbd5e8a4264c0a85b80409afa5e":"00000000000000000000000000000000":0
AES-192-ECB Decrypt NIST KAT #3
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffc00000000000000":"30dab809f85a917fe924733f424ac589":"00000000000000000000000000000000":0
AES-192-ECB Decrypt NIST KAT #4
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0
AES-192-ECB Decrypt NIST KAT #5
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"b0ab0a6a818baef2d11fa33eac947284fb7d748cfb75e570":"d2eafd86f63b109b91f5dbb3a3fb7e13":"00000000000000000000000000000000":0
AES-192-ECB Decrypt NIST KAT #6
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ee053aa011c8b428cdcc3636313c54d6a03cac01c71579d6":"9b9fdd1c5975655f539998b306a324af":"00000000000000000000000000000000":0
AES-192-ECB Decrypt NIST KAT #7
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0
AES-192-ECB Decrypt NIST KAT #8
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"c9b8135ff1b5adc413dfd053b21bd96d":"9c2d8842e5f48f57648205d39a239af1":0
AES-192-ECB Decrypt NIST KAT #9
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"4a3650c3371ce2eb35e389a171427440":"bff52510095f518ecca60af4205444bb":0
AES-192-ECB Decrypt NIST KAT #10
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0
AES-192-ECB Decrypt NIST KAT #11
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"a6cae46fb6fadfe7a2c302a34242817b":"ffffffffffffffffffffe00000000000":0
AES-192-ECB Decrypt NIST KAT #12
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"026a7024d6a902e0b3ffccbaa910cc3f":"fffffffffffffffffffff00000000000":0
AES-256-ECB Encrypt NIST KAT #1
@@ -1783,51 +1783,51 @@
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffe000000000000000000000000000":"00000000000000000000000000000000":"dcf4e129136c1a4b7a0f38935cc34b2b":0
AES-256-ECB Decrypt NIST KAT #1
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0
AES-256-ECB Decrypt NIST KAT #2
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff80000000000000000":"6168b00ba7859e0970ecfd757efecf7c":"00000000000000000000000000000000":0
AES-256-ECB Decrypt NIST KAT #3
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffffc0000000000000000":"d1415447866230d28bb1ea18a4cdfd02":"00000000000000000000000000000000":0
AES-256-ECB Decrypt NIST KAT #4
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0
AES-256-ECB Decrypt NIST KAT #5
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"797f8b3d176dac5b7e34a2d539c4ef367a16f8635f6264737591c5c07bf57a3e":"a74289fe73a4c123ca189ea1e1b49ad5":"00000000000000000000000000000000":0
AES-256-ECB Decrypt NIST KAT #6
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"6838d40caf927749c13f0329d331f448e202c73ef52c5f73a37ca635d4c47707":"b91d4ea4488644b56cf0812fa7fcf5fc":"00000000000000000000000000000000":0
AES-256-ECB Decrypt NIST KAT #7
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0
AES-256-ECB Decrypt NIST KAT #8
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"38f2c7ae10612415d27ca190d27da8b4":"8a560769d605868ad80d819bdba03771":0
AES-256-ECB Decrypt NIST KAT #9
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"1bc704f1bce135ceb810341b216d7abe":"91fbef2d15a97816060bee1feaa49afe":0
AES-256-ECB Decrypt NIST KAT #10
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0
AES-256-ECB Decrypt NIST KAT #11
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"0a6bdc6d4c1e6280301fd8e97ddbe601":"c0000000000000000000000000000000":0
AES-256-ECB Decrypt NIST KAT #12
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0
AES-128-ECB crypt Encrypt NIST KAT #1
@@ -1843,15 +1843,15 @@
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a":0:0
AES-128-ECB crypt Decrypt NIST KAT #1
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0:0
AES-128-ECB crypt Decrypt NIST KAT #2
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0:0
AES-128-ECB crypt Decrypt NIST KAT #3
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0:0
AES-192-ECB crypt Encrypt NIST KAT #1
@@ -1871,19 +1871,19 @@
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffff800000000000000000000":"":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3":0:0
AES-192-ECB crypt Decrypt NIST KAT #1
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0:0
AES-192-ECB crypt Decrypt NIST KAT #2
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0:0
AES-192-ECB crypt Decrypt NIST KAT #3
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:0
AES-192-ECB crypt Decrypt NIST KAT #4
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0:0
AES-256-ECB crypt Encrypt NIST KAT #1
@@ -1903,19 +1903,19 @@
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5":0:0
AES-256-ECB crypt Decrypt NIST KAT #1
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0:0
AES-256-ECB crypt Decrypt NIST KAT #2
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0:0
AES-256-ECB crypt Decrypt NIST KAT #3
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0:0
AES-256-ECB crypt Decrypt NIST KAT #4
-depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:0
AES-128-CBC crypt Encrypt NIST KAT #1
@@ -2127,19 +2127,19 @@
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1
AES-128-ECB crypt Decrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1
AES-128-ECB crypt Decrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1
AES-128-ECB crypt Decrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1
AES-128-ECB crypt Decrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1
AES-192-ECB crypt Encrypt NIST KAT #1 PSA
@@ -2159,19 +2159,19 @@
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1
AES-192-ECB crypt Decrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1
AES-192-ECB crypt Decrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1
AES-192-ECB crypt Decrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1
AES-192-ECB crypt Decrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1
AES-256-ECB crypt Encrypt NIST KAT #1 PSA
@@ -2191,19 +2191,19 @@
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1
AES-256-ECB crypt Decrypt NIST KAT #1 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1
AES-256-ECB crypt Decrypt NIST KAT #2 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1
AES-256-ECB crypt Decrypt NIST KAT #3 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1
AES-256-ECB crypt Decrypt NIST KAT #4 PSA
-depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15
@@ -2257,3 +2257,15 @@
Cipher Corner Case behaviours
depends_on:MBEDTLS_AES_C
cipher_special_behaviours:
+
+Check set padding - 128 bit key
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+check_set_padding:MBEDTLS_CIPHER_AES_128_CBC
+
+Check set padding - 192 bit key
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+check_set_padding:MBEDTLS_CIPHER_AES_192_CBC
+
+Check set padding - 256 bit key
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+check_set_padding:MBEDTLS_CIPHER_AES_256_CBC
diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data
index 3f011e8..be1dfb2 100644
--- a/tests/suites/test_suite_cipher.aria.data
+++ b/tests/suites/test_suite_cipher.aria.data
@@ -337,3 +337,15 @@
ARIA-256-CCM*-NO-TAG crypt Decrypt
depends_on:MBEDTLS_ARIA_C:MBEDTLS_CCM_C
test_vec_crypt:MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"5fdd984a6aa77c1d9a204c08f28172c4b4528bee27c41f":0:0
+
+Check set padding - 128 bit key
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC
+check_set_padding:MBEDTLS_CIPHER_ARIA_128_CBC
+
+Check set padding - 192 bit key
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC
+check_set_padding:MBEDTLS_CIPHER_ARIA_192_CBC
+
+Check set padding - 256 bit key
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC
+check_set_padding:MBEDTLS_CIPHER_ARIA_256_CBC
diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data
index df4ebcc..18a09ca 100644
--- a/tests/suites/test_suite_cipher.camellia.data
+++ b/tests/suites/test_suite_cipher.camellia.data
@@ -8,63 +8,63 @@
CAMELLIA Encrypt and decrypt 0 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 1 byte [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 2 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 7 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 8 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 9 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 15 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 16 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 17 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 31 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 32 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_PKCS7
-CAMELLIA Encrypt and decrypt 32 bytes [#2]
+CAMELLIA Encrypt and decrypt 33 bytes [#2]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 47 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 48 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 49 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 0 bytes with one and zeros padding
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
@@ -251,15 +251,15 @@
enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_NONE
CAMELLIA Encrypt and decrypt 16 bytes with no padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_NONE
CAMELLIA Encrypt and decrypt 32 bytes with no padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_NONE
CAMELLIA Encrypt and decrypt 48 bytes with no padding
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_NONE
CAMELLIA Try encrypting 1 bytes with no padding
@@ -308,47 +308,47 @@
CAMELLIA Encrypt and decrypt 0 bytes in multiple parts [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#2]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#3]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6:-1:16:0:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0
CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16:-1:16:16:0:32
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32
CAMELLIA Encrypt and decrypt 0 bytes [#2]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
@@ -560,211 +560,211 @@
CAMELLIA Encrypt and decrypt 0 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:0:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:0:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 1 byte [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:1:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:1:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 2 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:2:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:2:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 7 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:7:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:7:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 8 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:8:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:8:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 9 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:9:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:9:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 15 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:15:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:15:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 16 bytes [#4]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:16:-1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:16:MBEDTLS_PADDING_NONE
CAMELLIA Encrypt and decrypt 17 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:17:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:17:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 31 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:31:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:31:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 32 bytes [#7]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:32:-1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:32:MBEDTLS_PADDING_NONE
-CAMELLIA Encrypt and decrypt 32 bytes [#8]
+CAMELLIA Encrypt and decrypt 33 bytes [#8]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:33:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:33:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 47 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:47:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:47:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 48 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:48:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:48:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 49 bytes [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:49:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:49:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 0 bytes in multiple parts [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#10]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#11]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#12]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6:-1:16:0:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0
CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 [#4]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16:-1:16:16:0:32
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32
CAMELLIA Encrypt and decrypt 0 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:0:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:0:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 1 byte [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:1:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:1:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 2 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:2:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:2:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 7 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:7:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:7:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 8 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:8:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:8:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 9 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:9:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:9:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 15 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:15:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:15:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 16 bytes [#5]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:16:-1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:16:MBEDTLS_PADDING_NONE
CAMELLIA Encrypt and decrypt 17 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:17:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:17:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 31 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:31:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:31:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 32 bytes [#9]
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:32:-1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:32:MBEDTLS_PADDING_NONE
-CAMELLIA Encrypt and decrypt 32 bytes [#10]
+CAMELLIA Encrypt and decrypt 33 bytes [#10]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:33:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:33:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 47 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:47:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:47:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 48 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:48:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:48:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 49 bytes [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:49:-1
+enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:49:MBEDTLS_PADDING_PKCS7
CAMELLIA Encrypt and decrypt 0 bytes in multiple parts [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#13]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#14]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6:-1:16:0:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 [#15]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:-1:16:0:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0
CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 [#5]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:-1:16:16:0:32
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32
CAMELLIA-128 CCM*-NO-TAG - Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
@@ -1101,3 +1101,15 @@
CAMELLIA-256-CCM*-NO-TAG crypt Decrypt
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
test_vec_crypt:MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG:MBEDTLS_DECRYPT:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"933f749801d0e1262cd101831defd8366ab2a22e7c03cd":0:0
+
+Check set padding - 128 bit key
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
+check_set_padding:MBEDTLS_CIPHER_CAMELLIA_128_CBC
+
+Check set padding - 192 bit key
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
+check_set_padding:MBEDTLS_CIPHER_CAMELLIA_192_CBC
+
+Check set padding - 256 bit key
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC
+check_set_padding:MBEDTLS_CIPHER_CAMELLIA_256_CBC
diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data
index 77f7515..066ea35 100644
--- a/tests/suites/test_suite_cipher.des.data
+++ b/tests/suites/test_suite_cipher.des.data
@@ -12,63 +12,63 @@
DES Encrypt and decrypt 0 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 1 byte
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 2 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 7 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 8 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 9 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 15 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 16 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 17 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 31 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 32 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_PKCS7
-DES Encrypt and decrypt 32 bytes [#2]
+DES Encrypt and decrypt 33 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 47 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 48 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 49 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:MBEDTLS_PADDING_PKCS7
DES Encrypt and decrypt 0 bytes with one and zeros padding
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
@@ -312,255 +312,267 @@
DES Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
DES Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
DES Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0
DES Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0:-1:16:0:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0:MBEDTLS_PADDING_PKCS7:16:0:8:8
DES Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16
DES Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16
DES Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1:-1:8:8:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1:MBEDTLS_PADDING_PKCS7:8:8:8:8
DES Encrypt and decrypt 22 bytes in multiple parts 1 [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7:-1:8:8:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7:MBEDTLS_PADDING_PKCS7:8:8:8:8
DES Encrypt and decrypt 22 bytes in multiple parts 1 [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6:-1:16:0:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6:MBEDTLS_PADDING_PKCS7:16:0:8:8
DES Encrypt and decrypt 22 bytes in multiple parts 1 [#3]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6:-1:16:0:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0
DES Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16:-1:16:16:8:24
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16:MBEDTLS_PADDING_PKCS7:16:16:8:24
DES Encrypt and decrypt 0 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:0:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:0:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 1 byte [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:1:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:1:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 2 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:2:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:2:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 7 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:7:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:7:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 8 bytes [#1]
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:8:-1
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:8:MBEDTLS_PADDING_NONE
DES3 Encrypt and decrypt 9 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:9:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:9:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 15 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:15:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:15:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 16 bytes [#1]
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:16:-1
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:16:MBEDTLS_PADDING_NONE
DES3 Encrypt and decrypt 17 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:17:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:17:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 31 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:31:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:31:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 32 bytes [#1]
-depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:32:-1
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:32:MBEDTLS_PADDING_NONE
-DES3 Encrypt and decrypt 32 bytes [#2]
+DES3 Encrypt and decrypt 33 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:33:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:33:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 47 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:47:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:47:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 48 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:48:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:48:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 49 bytes [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:49:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:49:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 0 bytes in multiple parts [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
DES3 Encrypt and decrypt 1 bytes in multiple parts 1 [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
DES3 Encrypt and decrypt 1 bytes in multiple parts 2 [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0
DES3 Encrypt and decrypt 16 bytes in multiple parts 1 [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0:-1:16:0:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0:MBEDTLS_PADDING_PKCS7:16:0:8:8
DES3 Encrypt and decrypt 16 bytes in multiple parts 2 [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16
DES3 Encrypt and decrypt 16 bytes in multiple parts 3 [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16
DES3 Encrypt and decrypt 16 bytes in multiple parts 4 [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1:-1:8:8:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1:MBEDTLS_PADDING_PKCS7:8:8:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7:-1:8:8:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7:MBEDTLS_PADDING_PKCS7:8:8:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6:-1:16:0:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6:MBEDTLS_PADDING_PKCS7:16:0:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#3]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6:-1:16:0:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0
DES3 Encrypt and decrypt 32 bytes in multiple parts 1 [#1]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16:-1:16:16:8:24
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16:MBEDTLS_PADDING_PKCS7:16:16:8:24
DES3 Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:0:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:0:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 1 byte [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:1:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:1:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 2 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:2:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:2:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 7 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:7:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:7:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 8 bytes [#2]
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:8:MBEDTLS_PADDING_NONE
+
+DES3 Encrypt and decrypt 8 bytes (PKCS7 padding) [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:8:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:8:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 9 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:9:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:9:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 15 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:15:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:15:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 16 bytes [#2]
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:16:MBEDTLS_PADDING_NONE
+
+DES3 Encrypt and decrypt 16 bytes (PKCS7 padding) [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:16:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:16:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 17 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:17:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:17:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 31 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:31:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:31:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 32 bytes [#3]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:32:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:32:MBEDTLS_PADDING_PKCS7
-DES3 Encrypt and decrypt 32 bytes [#4]
+DES3 Encrypt and decrypt 32 bytes (PKCS7 padding) [#3]
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:32:MBEDTLS_PADDING_NONE
+
+DES3 Encrypt and decrypt 33 bytes [#4]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:33:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:33:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 47 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:47:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:47:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 48 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:48:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:48:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 49 bytes [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:49:-1
+enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:49:MBEDTLS_PADDING_PKCS7
DES3 Encrypt and decrypt 0 bytes in multiple parts [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
DES3 Encrypt and decrypt 1 bytes in multiple parts 1 [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
DES3 Encrypt and decrypt 1 bytes in multiple parts 2 [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1:-1:0:0:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0
DES3 Encrypt and decrypt 16 bytes in multiple parts 1 [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0:-1:16:0:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0:MBEDTLS_PADDING_PKCS7:16:0:8:8
DES3 Encrypt and decrypt 16 bytes in multiple parts 2 [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16
DES3 Encrypt and decrypt 16 bytes in multiple parts 3 [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15:-1:0:16:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16
DES3 Encrypt and decrypt 16 bytes in multiple parts 4 [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1:-1:8:8:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1:MBEDTLS_PADDING_PKCS7:8:8:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#4]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7:-1:8:8:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7:MBEDTLS_PADDING_PKCS7:8:8:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#5]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6:-1:16:0:8:8
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6:MBEDTLS_PADDING_PKCS7:16:0:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1 [#6]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6:-1:16:0:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0
DES3 Encrypt and decrypt 32 bytes in multiple parts 1 [#2]
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16:-1:16:16:8:24
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16:MBEDTLS_PADDING_PKCS7:16:16:8:24
DES ECB Encrypt test vector (OpenSSL) #1
depends_on:MBEDTLS_DES_C
@@ -601,3 +613,11 @@
DES3-EDE ECB Decrypt test vector (OpenSSL) #2
depends_on:MBEDTLS_DES_C
test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"199E9D6DF39AA816":"FFFFFFFFFFFFFFFF":0
+
+Check set padding - DES
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+check_set_padding:MBEDTLS_CIPHER_DES_EDE_CBC
+
+Check set padding - Triple DES
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+check_set_padding:MBEDTLS_CIPHER_DES_EDE3_CBC
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 40907ad..aca4150 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -6,7 +6,7 @@
#include "mbedtls/gcm.h"
#endif
-#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
+#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA) || defined(MBEDTLS_NIST_KW_C)
#define MBEDTLS_CIPHER_AUTH_CRYPT
#endif
@@ -63,6 +63,9 @@
key_bitlen == 192 ||
key_bitlen == 256);
}
+ TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8);
+ TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH);
+ TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH);
if (strstr(info->name, "-ECB") != NULL) {
TEST_ASSERT(iv_size == 0);
@@ -82,7 +85,7 @@
return 0;
}
-#if defined(MBEDTLS_CIPHER_AUTH_CRYPT)
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
/* Helper for resetting key/direction
*
* The documentation doesn't explicitly say whether calling
@@ -170,8 +173,8 @@
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int valid_size = sizeof(valid_buffer);
int valid_bitlen = valid_size * 8;
- const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
- *(mbedtls_cipher_list()));
+ const int *cipher_list = mbedtls_cipher_list();
+ const mbedtls_cipher_info_t *valid_info;
size_t size_t_var;
(void) valid_mode; /* In some configurations this is unused */
@@ -179,6 +182,10 @@
mbedtls_cipher_init(&valid_ctx);
mbedtls_cipher_init(&invalid_ctx);
+ /* Ensure that there is at least 1 supported cipher, otherwise exit gracefully */
+ TEST_ASSUME(*cipher_list != 0);
+ valid_info = mbedtls_cipher_info_from_type(*cipher_list);
+
TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0);
/* mbedtls_cipher_setup() */
@@ -598,6 +605,13 @@
TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ if (ctx_dec.cipher_info->mode == MBEDTLS_MODE_CBC) {
+ TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec,
+ MBEDTLS_PADDING_PKCS7));
+ }
+#endif
+
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
int expected = (cipher_info->mode == MBEDTLS_MODE_GCM ||
cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ?
@@ -832,7 +846,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */
void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
data_t *ad, data_t *cipher, data_t *tag,
char *result, data_t *clear, int use_psa)
@@ -1195,3 +1209,46 @@
mbedtls_cipher_free(&ctx_enc);
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
+void check_set_padding(int cipher_id)
+{
+ mbedtls_cipher_context_t ctx;
+ unsigned char *key = NULL;
+ unsigned char iv[16] = { 0 };
+ unsigned char input[16] = { 0 };
+ unsigned char output[32] = { 0 };
+ size_t outlen = 0;
+ const mbedtls_cipher_info_t *cipher_info;
+ size_t keylen = 0;
+
+ mbedtls_cipher_init(&ctx);
+
+ cipher_info = mbedtls_cipher_info_from_type(cipher_id);
+
+ if (cipher_info->mode != MBEDTLS_MODE_CBC) {
+ TEST_FAIL("Cipher mode must be CBC");
+ }
+
+ keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info);
+ TEST_CALLOC(key, keylen/8);
+ memset(key, 0, keylen/8);
+
+ TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info));
+
+ TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen,
+ MBEDTLS_ENCRYPT));
+
+ TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input,
+ sizeof(input), output, &outlen));
+
+ TEST_EQUAL(0, mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE));
+ TEST_EQUAL(0, mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input,
+ sizeof(input), output, &outlen));
+
+exit:
+ mbedtls_cipher_free(&ctx);
+ mbedtls_free(key);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data
index 282c4a9..03c799f 100644
--- a/tests/suites/test_suite_cmac.data
+++ b/tests/suites/test_suite_cmac.data
@@ -29,9 +29,29 @@
depends_on:MBEDTLS_AES_C
mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
-CMAC init #7 Camellia: wrong cipher
+CMAC init Camellia-128: wrong cipher
depends_on:MBEDTLS_CAMELLIA_C
-mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_128_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+CMAC init Camellia-192: wrong cipher
+depends_on:MBEDTLS_CAMELLIA_C
+mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:192:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+CMAC init Camellia-256: wrong cipher
+depends_on:MBEDTLS_CAMELLIA_C
+mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_256_ECB:256:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+CMAC init #8 ARIA-128: wrong cipher
+depends_on:MBEDTLS_ARIA_C
+mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_128_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+CMAC init #8 ARIA-192: wrong cipher
+depends_on:MBEDTLS_ARIA_C
+mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_192_ECB:192:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+CMAC init #8 ARIA-256: wrong cipher
+depends_on:MBEDTLS_ARIA_C
+mbedtls_cmac_setkey:MBEDTLS_CIPHER_ARIA_256_ECB:256:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC Single Blocks #1 - Empty block, no updates
depends_on:MBEDTLS_AES_C
diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function
index 9624e8f..2d7bcd1 100644
--- a/tests/suites/test_suite_cmac.function
+++ b/tests/suites/test_suite_cmac.function
@@ -20,9 +20,9 @@
{
mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info;
- unsigned char test_key[MBEDTLS_CIPHER_BLKSIZE_MAX];
- unsigned char test_data[MBEDTLS_CIPHER_BLKSIZE_MAX];
- unsigned char test_output[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char test_key[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
+ unsigned char test_data[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
+ unsigned char test_output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
mbedtls_cipher_init(&ctx);
@@ -111,6 +111,12 @@
TEST_ASSERT((cipher_info = mbedtls_cipher_info_from_type(cipher_type))
!= NULL);
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+ TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info),
+ MBEDTLS_CIPHER_BLKSIZE_MAX);
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+ TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info),
+ MBEDTLS_CMAC_MAX_BLOCK_SIZE);
memset(buf, 0x2A, sizeof(buf));
TEST_ASSERT((result == mbedtls_cipher_cmac(cipher_info, key, key_size,
@@ -129,7 +135,7 @@
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
- unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/* Convert the test parameters to binary data */
@@ -208,7 +214,7 @@
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
- unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/* Convert the test parameters to binary data */
diff --git a/tests/suites/test_suite_common.function b/tests/suites/test_suite_common.function
index a583e46..5c5700c 100644
--- a/tests/suites/test_suite_common.function
+++ b/tests/suites/test_suite_common.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include "../library/common.h"
+#include "common.h"
void fill_arrays(unsigned char *a, unsigned char *b, unsigned char *r1, unsigned char *r2, size_t n)
{
diff --git a/tests/suites/test_suite_constant_time.data b/tests/suites/test_suite_constant_time.data
index 91a25fa..111fef6 100644
--- a/tests/suites/test_suite_constant_time.data
+++ b/tests/suites/test_suite_constant_time.data
@@ -1,14 +1,14 @@
# these are the numbers we'd get with an empty plaintext and truncated HMAC
Constant-flow memcpy from offset: small
-ssl_cf_memcpy_offset:0:5:10
+mbedtls_ct_memcpy_offset:0:5:10
# we could get this with 255-bytes plaintext and untruncated SHA-256
Constant-flow memcpy from offset: medium
-ssl_cf_memcpy_offset:0:255:32
+mbedtls_ct_memcpy_offset:0:255:32
# we could get this with 255-bytes plaintext and untruncated SHA-384
Constant-flow memcpy from offset: large
-ssl_cf_memcpy_offset:100:339:48
+mbedtls_ct_memcpy_offset:100:339:48
mbedtls_ct_memcmp NULL
mbedtls_ct_memcmp_null
@@ -91,47 +91,776 @@
mbedtls_ct_memcmp len 17 offset 3
mbedtls_ct_memcmp:-1:17:3
-mbedtls_ct_memcpy_if_eq len 1 offset 0
-mbedtls_ct_memcpy_if_eq:1:1:0
+mbedtls_ct_memcmp_single_bit_diff
+mbedtls_ct_memcmp_single_bit_diff:
-mbedtls_ct_memcpy_if_eq len 1 offset 1
-mbedtls_ct_memcpy_if_eq:1:1:1
+mbedtls_ct_memcpy_if len 1 offset 0
+mbedtls_ct_memcpy_if:1:1:0
-mbedtls_ct_memcpy_if_eq len 4 offset 0
-mbedtls_ct_memcpy_if_eq:1:1:0
+mbedtls_ct_memcpy_if len 1 offset 1
+mbedtls_ct_memcpy_if:1:1:1
-mbedtls_ct_memcpy_if_eq len 4 offset 1
-mbedtls_ct_memcpy_if_eq:1:1:1
+mbedtls_ct_memcpy_if len 4 offset 0
+mbedtls_ct_memcpy_if:1:1:0
-mbedtls_ct_memcpy_if_eq len 4 offset 2
-mbedtls_ct_memcpy_if_eq:1:1:2
+mbedtls_ct_memcpy_if len 4 offset 1
+mbedtls_ct_memcpy_if:1:1:1
-mbedtls_ct_memcpy_if_eq len 4 offset 3
-mbedtls_ct_memcpy_if_eq:1:1:3
+mbedtls_ct_memcpy_if len 4 offset 2
+mbedtls_ct_memcpy_if:1:1:2
-mbedtls_ct_memcpy_if_eq len 15 offset 0
-mbedtls_ct_memcpy_if_eq:1:15:0
+mbedtls_ct_memcpy_if len 4 offset 3
+mbedtls_ct_memcpy_if:1:1:3
-mbedtls_ct_memcpy_if_eq len 15 offset 1
-mbedtls_ct_memcpy_if_eq:1:15:1
+mbedtls_ct_memcpy_if len 15 offset 0
+mbedtls_ct_memcpy_if:1:15:0
-mbedtls_ct_memcpy_if_eq len 16 offset 0
-mbedtls_ct_memcpy_if_eq:1:16:0
+mbedtls_ct_memcpy_if len 15 offset 1
+mbedtls_ct_memcpy_if:1:15:1
-mbedtls_ct_memcpy_if_eq len 16 offset 1
-mbedtls_ct_memcpy_if_eq:1:16:1
+mbedtls_ct_memcpy_if len 16 offset 0
+mbedtls_ct_memcpy_if:1:16:0
-mbedtls_ct_memcpy_if_eq len 17 offset 0
-mbedtls_ct_memcpy_if_eq:1:17:0
+mbedtls_ct_memcpy_if len 16 offset 1
+mbedtls_ct_memcpy_if:1:16:1
-mbedtls_ct_memcpy_if_eq len 17 offset 1
-mbedtls_ct_memcpy_if_eq:1:17:1
+mbedtls_ct_memcpy_if len 17 offset 0
+mbedtls_ct_memcpy_if:1:17:0
-mbedtls_ct_memcpy_if_eq len 0 not eq
-mbedtls_ct_memcpy_if_eq:0:17:0
+mbedtls_ct_memcpy_if len 17 offset 1
+mbedtls_ct_memcpy_if:1:17:1
-mbedtls_ct_memcpy_if_eq len 5 offset 1 not eq
-mbedtls_ct_memcpy_if_eq:0:5:1
+mbedtls_ct_memcpy_if len 0 not eq
+mbedtls_ct_memcpy_if:0:17:0
-mbedtls_ct_memcpy_if_eq len 17 offset 3 not eq
-mbedtls_ct_memcpy_if_eq:0:17:3
+mbedtls_ct_memcpy_if len 5 offset 1 not eq
+mbedtls_ct_memcpy_if:0:5:1
+
+mbedtls_ct_memcpy_if len 17 offset 3 not eq
+mbedtls_ct_memcpy_if:0:17:3
+
+mbedtls_ct_bool 0
+mbedtls_ct_bool:"0x0"
+
+mbedtls_ct_bool 1
+mbedtls_ct_bool:"0x1"
+
+mbedtls_ct_bool 4
+mbedtls_ct_bool:"0x4"
+
+mbedtls_ct_bool 0xfffffff
+mbedtls_ct_bool:"0xfffffff"
+
+mbedtls_ct_bool 0x7fffffff
+mbedtls_ct_bool:"0x7fffffff"
+
+mbedtls_ct_bool 0xfffffffe
+mbedtls_ct_bool:"0xfffffffe"
+
+mbedtls_ct_bool 0xffffffff
+mbedtls_ct_bool:"0xffffffff"
+
+mbedtls_ct_bool 0x0fffffffffffffff
+mbedtls_ct_bool:"0x0fffffffffffffff"
+
+mbedtls_ct_bool 0x7fffffffffffffff
+mbedtls_ct_bool:"0x7fffffffffffffff"
+
+mbedtls_ct_bool 0xffffffffffffffff
+mbedtls_ct_bool:"0xffffffffffffffff"
+
+mbedtls_ct_bool_xxx 0x0 0x0
+mbedtls_ct_bool_xxx:"0x0":"0x0"
+
+mbedtls_ct_bool_xxx 0x0 0x1
+mbedtls_ct_bool_xxx:"0x0":"0x1"
+
+mbedtls_ct_bool_xxx 0x0 0x7fffffff
+mbedtls_ct_bool_xxx:"0x0":"0x7fffffff"
+
+mbedtls_ct_bool_xxx 0x0 0xffffffff
+mbedtls_ct_bool_xxx:"0x0":"0xffffffff"
+
+mbedtls_ct_bool_xxx 0x0 0x7fffffffffffffff
+mbedtls_ct_bool_xxx:"0x0":"0x7fffffffffffffff"
+
+mbedtls_ct_bool_xxx 0x0 0xffffffffffffffff
+mbedtls_ct_bool_xxx:"0x0":"0xffffffffffffffff"
+
+mbedtls_ct_bool_xxx 0x1 0x0
+mbedtls_ct_bool_xxx:"0x1":"0x0"
+
+mbedtls_ct_bool_xxx 0x1 0x1
+mbedtls_ct_bool_xxx:"0x1":"0x1"
+
+mbedtls_ct_bool_xxx 0x1 0x7fffffff
+mbedtls_ct_bool_xxx:"0x1":"0x7fffffff"
+
+mbedtls_ct_bool_xxx 0x1 0xffffffff
+mbedtls_ct_bool_xxx:"0x1":"0xffffffff"
+
+mbedtls_ct_bool_xxx 0x1 0x7fffffffffffffff
+mbedtls_ct_bool_xxx:"0x1":"0x7fffffffffffffff"
+
+mbedtls_ct_bool_xxx 0x1 0xffffffffffffffff
+mbedtls_ct_bool_xxx:"0x1":"0xffffffffffffffff"
+
+mbedtls_ct_bool_xxx 0x7fffffff 0x0
+mbedtls_ct_bool_xxx:"0x7fffffff":"0x0"
+
+mbedtls_ct_bool_xxx 0x7fffffff 0x1
+mbedtls_ct_bool_xxx:"0x7fffffff":"0x1"
+
+mbedtls_ct_bool_xxx 0x7fffffff 0x7fffffff
+mbedtls_ct_bool_xxx:"0x7fffffff":"0x7fffffff"
+
+mbedtls_ct_bool_xxx 0x7fffffff 0xffffffff
+mbedtls_ct_bool_xxx:"0x7fffffff":"0xffffffff"
+
+mbedtls_ct_bool_xxx 0x7fffffff 0x7fffffffffffffff
+mbedtls_ct_bool_xxx:"0x7fffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_bool_xxx 0x7fffffff 0xffffffffffffffff
+mbedtls_ct_bool_xxx:"0x7fffffff":"0xffffffffffffffff"
+
+mbedtls_ct_bool_xxx 0xffffffff 0x0
+mbedtls_ct_bool_xxx:"0xffffffff":"0x0"
+
+mbedtls_ct_bool_xxx 0xffffffff 0x1
+mbedtls_ct_bool_xxx:"0xffffffff":"0x1"
+
+mbedtls_ct_bool_xxx 0xffffffff 0x7fffffff
+mbedtls_ct_bool_xxx:"0xffffffff":"0x7fffffff"
+
+mbedtls_ct_bool_xxx 0xffffffff 0xffffffff
+mbedtls_ct_bool_xxx:"0xffffffff":"0xffffffff"
+
+mbedtls_ct_bool_xxx 0xffffffff 0x7fffffffffffffff
+mbedtls_ct_bool_xxx:"0xffffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_bool_xxx 0xffffffff 0xffffffffffffffff
+mbedtls_ct_bool_xxx:"0xffffffff":"0xffffffffffffffff"
+
+mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x0
+mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x0"
+
+mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x1
+mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x1"
+
+mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x7fffffff
+mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x7fffffff"
+
+mbedtls_ct_bool_xxx 0x7fffffffffffffff 0xffffffff
+mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0xffffffff"
+
+mbedtls_ct_bool_xxx 0x7fffffffffffffff 0x7fffffffffffffff
+mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_bool_xxx 0x7fffffffffffffff 0xffffffffffffffff
+mbedtls_ct_bool_xxx:"0x7fffffffffffffff":"0xffffffffffffffff"
+
+mbedtls_ct_bool_xxx 0xffffffffffffffff 0x0
+mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x0"
+
+mbedtls_ct_bool_xxx 0xffffffffffffffff 0x1
+mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x1"
+
+mbedtls_ct_bool_xxx 0xffffffffffffffff 0x7fffffff
+mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x7fffffff"
+
+mbedtls_ct_bool_xxx 0xffffffffffffffff 0xffffffff
+mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0xffffffff"
+
+mbedtls_ct_bool_xxx 0xffffffffffffffff 0x7fffffffffffffff
+mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_bool_xxx 0xffffffffffffffff 0xffffffffffffffff
+mbedtls_ct_bool_xxx:"0xffffffffffffffff":"0xffffffffffffffff"
+
+mbedtls_ct_bool_xxx 138 256
+mbedtls_ct_bool_xxx:"138":"256"
+
+mbedtls_ct_bool_xxx 256 138
+mbedtls_ct_bool_xxx:"256":"138"
+
+mbedtls_ct_bool_xxx 6 6
+mbedtls_ct_bool_xxx:"0x6":"0x6"
+
+mbedtls_ct_uchar_in_range_if 0 0 0
+mbedtls_ct_uchar_in_range_if:0:0:0
+
+mbedtls_ct_uchar_in_range_if 0 0 100
+mbedtls_ct_uchar_in_range_if:0:0:100
+
+mbedtls_ct_uchar_in_range_if 0 0 255
+mbedtls_ct_uchar_in_range_if:0:0:255
+
+mbedtls_ct_uchar_in_range_if 0 65 0
+mbedtls_ct_uchar_in_range_if:0:65:0
+
+mbedtls_ct_uchar_in_range_if 0 65 100
+mbedtls_ct_uchar_in_range_if:0:65:100
+
+mbedtls_ct_uchar_in_range_if 0 65 255
+mbedtls_ct_uchar_in_range_if:0:65:255
+
+mbedtls_ct_uchar_in_range_if 0 90 0
+mbedtls_ct_uchar_in_range_if:0:90:0
+
+mbedtls_ct_uchar_in_range_if 0 90 100
+mbedtls_ct_uchar_in_range_if:0:90:100
+
+mbedtls_ct_uchar_in_range_if 0 90 255
+mbedtls_ct_uchar_in_range_if:0:90:255
+
+mbedtls_ct_uchar_in_range_if 0 255 0
+mbedtls_ct_uchar_in_range_if:0:255:0
+
+mbedtls_ct_uchar_in_range_if 0 255 100
+mbedtls_ct_uchar_in_range_if:0:255:100
+
+mbedtls_ct_uchar_in_range_if 0 255 255
+mbedtls_ct_uchar_in_range_if:0:255:255
+
+mbedtls_ct_uchar_in_range_if 65 0 0
+mbedtls_ct_uchar_in_range_if:65:0:0
+
+mbedtls_ct_uchar_in_range_if 65 0 100
+mbedtls_ct_uchar_in_range_if:65:0:100
+
+mbedtls_ct_uchar_in_range_if 65 0 255
+mbedtls_ct_uchar_in_range_if:65:0:255
+
+mbedtls_ct_uchar_in_range_if 65 65 0
+mbedtls_ct_uchar_in_range_if:65:65:0
+
+mbedtls_ct_uchar_in_range_if 65 65 100
+mbedtls_ct_uchar_in_range_if:65:65:100
+
+mbedtls_ct_uchar_in_range_if 65 65 255
+mbedtls_ct_uchar_in_range_if:65:65:255
+
+mbedtls_ct_uchar_in_range_if 65 90 0
+mbedtls_ct_uchar_in_range_if:65:90:0
+
+mbedtls_ct_uchar_in_range_if 65 90 100
+mbedtls_ct_uchar_in_range_if:65:90:100
+
+mbedtls_ct_uchar_in_range_if 65 90 255
+mbedtls_ct_uchar_in_range_if:65:90:255
+
+mbedtls_ct_uchar_in_range_if 65 255 0
+mbedtls_ct_uchar_in_range_if:65:255:0
+
+mbedtls_ct_uchar_in_range_if 65 255 100
+mbedtls_ct_uchar_in_range_if:65:255:100
+
+mbedtls_ct_uchar_in_range_if 65 255 255
+mbedtls_ct_uchar_in_range_if:65:255:255
+
+mbedtls_ct_uchar_in_range_if 90 0 0
+mbedtls_ct_uchar_in_range_if:90:0:0
+
+mbedtls_ct_uchar_in_range_if 90 0 100
+mbedtls_ct_uchar_in_range_if:90:0:100
+
+mbedtls_ct_uchar_in_range_if 90 0 255
+mbedtls_ct_uchar_in_range_if:90:0:255
+
+mbedtls_ct_uchar_in_range_if 90 65 0
+mbedtls_ct_uchar_in_range_if:90:65:0
+
+mbedtls_ct_uchar_in_range_if 90 65 100
+mbedtls_ct_uchar_in_range_if:90:65:100
+
+mbedtls_ct_uchar_in_range_if 90 65 255
+mbedtls_ct_uchar_in_range_if:90:65:255
+
+mbedtls_ct_uchar_in_range_if 90 90 0
+mbedtls_ct_uchar_in_range_if:90:90:0
+
+mbedtls_ct_uchar_in_range_if 90 90 100
+mbedtls_ct_uchar_in_range_if:90:90:100
+
+mbedtls_ct_uchar_in_range_if 90 90 255
+mbedtls_ct_uchar_in_range_if:90:90:255
+
+mbedtls_ct_uchar_in_range_if 90 255 0
+mbedtls_ct_uchar_in_range_if:90:255:0
+
+mbedtls_ct_uchar_in_range_if 90 255 100
+mbedtls_ct_uchar_in_range_if:90:255:100
+
+mbedtls_ct_uchar_in_range_if 90 255 255
+mbedtls_ct_uchar_in_range_if:90:255:255
+
+mbedtls_ct_uchar_in_range_if 255 0 0
+mbedtls_ct_uchar_in_range_if:255:0:0
+
+mbedtls_ct_uchar_in_range_if 255 0 100
+mbedtls_ct_uchar_in_range_if:255:0:100
+
+mbedtls_ct_uchar_in_range_if 255 0 255
+mbedtls_ct_uchar_in_range_if:255:0:255
+
+mbedtls_ct_uchar_in_range_if 255 65 0
+mbedtls_ct_uchar_in_range_if:255:65:0
+
+mbedtls_ct_uchar_in_range_if 255 65 100
+mbedtls_ct_uchar_in_range_if:255:65:100
+
+mbedtls_ct_uchar_in_range_if 255 65 255
+mbedtls_ct_uchar_in_range_if:255:65:255
+
+mbedtls_ct_uchar_in_range_if 255 90 0
+mbedtls_ct_uchar_in_range_if:255:90:0
+
+mbedtls_ct_uchar_in_range_if 255 90 100
+mbedtls_ct_uchar_in_range_if:255:90:100
+
+mbedtls_ct_uchar_in_range_if 255 90 255
+mbedtls_ct_uchar_in_range_if:255:90:255
+
+mbedtls_ct_uchar_in_range_if 255 255 0
+mbedtls_ct_uchar_in_range_if:255:255:0
+
+mbedtls_ct_uchar_in_range_if 255 255 100
+mbedtls_ct_uchar_in_range_if:255:255:100
+
+mbedtls_ct_uchar_in_range_if 255 255 255
+mbedtls_ct_uchar_in_range_if:255:255:255
+
+mbedtls_ct_if 0x0 0x0 0x0
+mbedtls_ct_if:"0x0":"0x0":"0x0"
+
+mbedtls_ct_if 0x0 0x0 0x1
+mbedtls_ct_if:"0x0":"0x0":"0x1"
+
+mbedtls_ct_if 0x0 0x0 0x7fffffff
+mbedtls_ct_if:"0x0":"0x0":"0x7fffffff"
+
+mbedtls_ct_if 0x0 0x0 0xffffffff
+mbedtls_ct_if:"0x0":"0x0":"0xffffffff"
+
+mbedtls_ct_if 0x0 0x0 0x7fffffffffffffff
+mbedtls_ct_if:"0x0":"0x0":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0x0 0x0 0xffffffffffffffff
+mbedtls_ct_if:"0x0":"0x0":"0xffffffffffffffff"
+
+mbedtls_ct_if 0x0 0x1 0x0
+mbedtls_ct_if:"0x0":"0x1":"0x0"
+
+mbedtls_ct_if 0x0 0x1 0x1
+mbedtls_ct_if:"0x0":"0x1":"0x1"
+
+mbedtls_ct_if 0x0 0x1 0x7fffffff
+mbedtls_ct_if:"0x0":"0x1":"0x7fffffff"
+
+mbedtls_ct_if 0x0 0x1 0xffffffff
+mbedtls_ct_if:"0x0":"0x1":"0xffffffff"
+
+mbedtls_ct_if 0x0 0x1 0x7fffffffffffffff
+mbedtls_ct_if:"0x0":"0x1":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0x0 0x1 0xffffffffffffffff
+mbedtls_ct_if:"0x0":"0x1":"0xffffffffffffffff"
+
+mbedtls_ct_if 0x0 0x7fffffff 0x0
+mbedtls_ct_if:"0x0":"0x7fffffff":"0x0"
+
+mbedtls_ct_if 0x0 0x7fffffff 0x1
+mbedtls_ct_if:"0x0":"0x7fffffff":"0x1"
+
+mbedtls_ct_if 0x0 0x7fffffff 0x7fffffff
+mbedtls_ct_if:"0x0":"0x7fffffff":"0x7fffffff"
+
+mbedtls_ct_if 0x0 0x7fffffff 0xffffffff
+mbedtls_ct_if:"0x0":"0x7fffffff":"0xffffffff"
+
+mbedtls_ct_if 0x0 0x7fffffff 0x7fffffffffffffff
+mbedtls_ct_if:"0x0":"0x7fffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0x0 0x7fffffff 0xffffffffffffffff
+mbedtls_ct_if:"0x0":"0x7fffffff":"0xffffffffffffffff"
+
+mbedtls_ct_if 0x0 0xffffffff 0x0
+mbedtls_ct_if:"0x0":"0xffffffff":"0x0"
+
+mbedtls_ct_if 0x0 0xffffffff 0x1
+mbedtls_ct_if:"0x0":"0xffffffff":"0x1"
+
+mbedtls_ct_if 0x0 0xffffffff 0x7fffffff
+mbedtls_ct_if:"0x0":"0xffffffff":"0x7fffffff"
+
+mbedtls_ct_if 0x0 0xffffffff 0xffffffff
+mbedtls_ct_if:"0x0":"0xffffffff":"0xffffffff"
+
+mbedtls_ct_if 0x0 0xffffffff 0x7fffffffffffffff
+mbedtls_ct_if:"0x0":"0xffffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0x0 0xffffffff 0xffffffffffffffff
+mbedtls_ct_if:"0x0":"0xffffffff":"0xffffffffffffffff"
+
+mbedtls_ct_if 0x0 0x7fffffffffffffff 0x0
+mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x0"
+
+mbedtls_ct_if 0x0 0x7fffffffffffffff 0x1
+mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x1"
+
+mbedtls_ct_if 0x0 0x7fffffffffffffff 0x7fffffff
+mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x7fffffff"
+
+mbedtls_ct_if 0x0 0x7fffffffffffffff 0xffffffff
+mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0xffffffff"
+
+mbedtls_ct_if 0x0 0x7fffffffffffffff 0x7fffffffffffffff
+mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0x0 0x7fffffffffffffff 0xffffffffffffffff
+mbedtls_ct_if:"0x0":"0x7fffffffffffffff":"0xffffffffffffffff"
+
+mbedtls_ct_if 0x0 0xffffffffffffffff 0x0
+mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x0"
+
+mbedtls_ct_if 0x0 0xffffffffffffffff 0x1
+mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x1"
+
+mbedtls_ct_if 0x0 0xffffffffffffffff 0x7fffffff
+mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x7fffffff"
+
+mbedtls_ct_if 0x0 0xffffffffffffffff 0xffffffff
+mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0xffffffff"
+
+mbedtls_ct_if 0x0 0xffffffffffffffff 0x7fffffffffffffff
+mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0x0 0xffffffffffffffff 0xffffffffffffffff
+mbedtls_ct_if:"0x0":"0xffffffffffffffff":"0xffffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x0 0x0
+mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x0"
+
+mbedtls_ct_if 0xffffffffffffffff 0x0 0x1
+mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x1"
+
+mbedtls_ct_if 0xffffffffffffffff 0x0 0x7fffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x7fffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x0 0xffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0xffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x0 0x7fffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x0 0xffffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x0":"0xffffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x1 0x0
+mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x0"
+
+mbedtls_ct_if 0xffffffffffffffff 0x1 0x1
+mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x1"
+
+mbedtls_ct_if 0xffffffffffffffff 0x1 0x7fffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x7fffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x1 0xffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0xffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x1 0x7fffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x1 0xffffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x1":"0xffffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x0
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x0"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x1
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x1"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x7fffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x7fffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0xffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0xffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0x7fffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffff 0xffffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffff":"0xffffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x0
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x0"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x1
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x1"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x7fffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x7fffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0xffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0xffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0x7fffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffff 0xffffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffff":"0xffffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x0
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x0"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x1
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x1"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x7fffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x7fffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0xffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0xffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0x7fffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0x7fffffffffffffff 0xffffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0x7fffffffffffffff":"0xffffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x0
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x0"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x1
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x1"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x7fffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x7fffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0xffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0xffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0x7fffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0x7fffffffffffffff"
+
+mbedtls_ct_if 0xffffffffffffffff 0xffffffffffffffff 0xffffffffffffffff
+mbedtls_ct_if:"0xffffffffffffffff":"0xffffffffffffffff":"0xffffffffffffffff"
+
+mbedtls_ct_error_if 0 0 0
+mbedtls_ct_error_if:0:0:0
+
+mbedtls_ct_error_if 0 0 -1
+mbedtls_ct_error_if:0:0:-1
+
+mbedtls_ct_error_if 0 0 -32766
+mbedtls_ct_error_if:0:0:-32766
+
+mbedtls_ct_error_if 0 0 -32767
+mbedtls_ct_error_if:0:0:-32767
+
+mbedtls_ct_error_if 0 -1 0
+mbedtls_ct_error_if:0:-1:0
+
+mbedtls_ct_error_if 0 -1 -1
+mbedtls_ct_error_if:0:-1:-1
+
+mbedtls_ct_error_if 0 -1 -32766
+mbedtls_ct_error_if:0:-1:-32766
+
+mbedtls_ct_error_if 0 -1 -32767
+mbedtls_ct_error_if:0:-1:-32767
+
+mbedtls_ct_error_if 0 -32766 0
+mbedtls_ct_error_if:0:-32766:0
+
+mbedtls_ct_error_if 0 -32766 -1
+mbedtls_ct_error_if:0:-32766:-1
+
+mbedtls_ct_error_if 0 -32766 -32766
+mbedtls_ct_error_if:0:-32766:-32766
+
+mbedtls_ct_error_if 0 -32766 -32767
+mbedtls_ct_error_if:0:-32766:-32767
+
+mbedtls_ct_error_if 0 -32767 0
+mbedtls_ct_error_if:0:-32767:0
+
+mbedtls_ct_error_if 0 -32767 -1
+mbedtls_ct_error_if:0:-32767:-1
+
+mbedtls_ct_error_if 0 -32767 -32766
+mbedtls_ct_error_if:0:-32767:-32766
+
+mbedtls_ct_error_if 0 -32767 -32767
+mbedtls_ct_error_if:0:-32767:-32767
+
+mbedtls_ct_error_if 1 0 0
+mbedtls_ct_error_if:1:0:0
+
+mbedtls_ct_error_if 1 0 -1
+mbedtls_ct_error_if:1:0:-1
+
+mbedtls_ct_error_if 1 0 -32766
+mbedtls_ct_error_if:1:0:-32766
+
+mbedtls_ct_error_if 1 0 -32767
+mbedtls_ct_error_if:1:0:-32767
+
+mbedtls_ct_error_if 1 -1 0
+mbedtls_ct_error_if:1:-1:0
+
+mbedtls_ct_error_if 1 -1 -1
+mbedtls_ct_error_if:1:-1:-1
+
+mbedtls_ct_error_if 1 -1 -32766
+mbedtls_ct_error_if:1:-1:-32766
+
+mbedtls_ct_error_if 1 -1 -32767
+mbedtls_ct_error_if:1:-1:-32767
+
+mbedtls_ct_error_if 1 -32766 0
+mbedtls_ct_error_if:1:-32766:0
+
+mbedtls_ct_error_if 1 -32766 -1
+mbedtls_ct_error_if:1:-32766:-1
+
+mbedtls_ct_error_if 1 -32766 -32766
+mbedtls_ct_error_if:1:-32766:-32766
+
+mbedtls_ct_error_if 1 -32766 -32767
+mbedtls_ct_error_if:1:-32766:-32767
+
+mbedtls_ct_error_if 1 -32767 0
+mbedtls_ct_error_if:1:-32767:0
+
+mbedtls_ct_error_if 1 -32767 -1
+mbedtls_ct_error_if:1:-32767:-1
+
+mbedtls_ct_error_if 1 -32767 -32766
+mbedtls_ct_error_if:1:-32767:-32766
+
+mbedtls_ct_error_if 1 -32767 -32767
+mbedtls_ct_error_if:1:-32767:-32767
+
+mbedtls_ct_zeroize_if 0x0 0
+mbedtls_ct_zeroize_if:"0x0":0
+
+mbedtls_ct_zeroize_if 0x0 1
+mbedtls_ct_zeroize_if:"0x0":1
+
+mbedtls_ct_zeroize_if 0x0 1024
+mbedtls_ct_zeroize_if:"0x0":1024
+
+mbedtls_ct_zeroize_if 0xffffffffffffffff 0
+mbedtls_ct_zeroize_if:"0xffffffffffffffff":0
+
+mbedtls_ct_zeroize_if 0xffffffffffffffff 1
+mbedtls_ct_zeroize_if:"0xffffffffffffffff":1
+
+mbedtls_ct_zeroize_if 0xffffffffffffffff 4
+mbedtls_ct_zeroize_if:"0xffffffffffffffff":4
+
+mbedtls_ct_zeroize_if 0xffffffffffffffff 5
+mbedtls_ct_zeroize_if:"0xffffffffffffffff":5
+
+mbedtls_ct_zeroize_if 0xffffffffffffffff 7
+mbedtls_ct_zeroize_if:"0xffffffffffffffff":7
+
+mbedtls_ct_zeroize_if 0xffffffffffffffff 8
+mbedtls_ct_zeroize_if:"0xffffffffffffffff":8
+
+mbedtls_ct_zeroize_if 0xffffffffffffffff 9
+mbedtls_ct_zeroize_if:"0xffffffffffffffff":9
+
+mbedtls_ct_zeroize_if 0xffffffffffffffff 1024
+mbedtls_ct_zeroize_if:"0xffffffffffffffff":1024
+
+mbedtls_ct_memmove_left 0 0
+mbedtls_ct_memmove_left:0:0
+
+mbedtls_ct_memmove_left 1 0
+mbedtls_ct_memmove_left:1:0
+
+mbedtls_ct_memmove_left 1 1
+mbedtls_ct_memmove_left:1:1
+
+mbedtls_ct_memmove_left 16 0
+mbedtls_ct_memmove_left:16:0
+
+mbedtls_ct_memmove_left 16 1
+mbedtls_ct_memmove_left:16:1
+
+mbedtls_ct_memmove_left 16 4
+mbedtls_ct_memmove_left:16:4
+
+mbedtls_ct_memmove_left 16 15
+mbedtls_ct_memmove_left:16:15
+
+mbedtls_ct_memmove_left 16 16
+mbedtls_ct_memmove_left:16:16
+
+mbedtls_ct_memcmp_partial -1 0 0 0
+mbedtls_ct_memcmp_partial:-1:0:0:0
+
+mbedtls_ct_memcmp_partial 0 1 0 0
+mbedtls_ct_memcmp_partial:0:1:0:0
+
+mbedtls_ct_memcmp_partial 0 1 1 0
+mbedtls_ct_memcmp_partial:0:1:1:0
+
+mbedtls_ct_memcmp_partial 0 1 0 1
+mbedtls_ct_memcmp_partial:0:1:0:1
+
+mbedtls_ct_memcmp_partial -1 1 0 0
+mbedtls_ct_memcmp_partial:-1:1:0:0
+
+mbedtls_ct_memcmp_partial 0 2 0 1
+mbedtls_ct_memcmp_partial:0:2:0:1
+
+mbedtls_ct_memcmp_partial 0 2 1 0
+mbedtls_ct_memcmp_partial:0:2:1:0
+
+mbedtls_ct_memcmp_partial 0 16 4 4
+mbedtls_ct_memcmp_partial:0:16:4:4
+
+mbedtls_ct_memcmp_partial 2 16 4 4
+mbedtls_ct_memcmp_partial:2:16:4:4
+
+mbedtls_ct_memcmp_partial 3 16 4 4
+mbedtls_ct_memcmp_partial:3:16:4:4
+
+mbedtls_ct_memcmp_partial 4 16 4 4
+mbedtls_ct_memcmp_partial:4:16:4:4
+
+mbedtls_ct_memcmp_partial 7 16 4 4
+mbedtls_ct_memcmp_partial:7:16:4:4
+
+mbedtls_ct_memcmp_partial 11 16 4 4
+mbedtls_ct_memcmp_partial:11:16:4:4
+
+mbedtls_ct_memcmp_partial 12 16 4 4
+mbedtls_ct_memcmp_partial:12:16:4:4
+
+mbedtls_ct_memcmp_partial 15 16 4 4
+mbedtls_ct_memcmp_partial:15:16:4:4
+
+mbedtls_ct_memcmp_partial 15 16 4 0
+mbedtls_ct_memcmp_partial:15:16:4:0
+
+mbedtls_ct_memcmp_partial 15 16 0 4
+mbedtls_ct_memcmp_partial:15:16:0:4
+
+mbedtls_ct_memcmp_partial 0 16 0 0
+mbedtls_ct_memcmp_partial:0:16:0:0
+
+mbedtls_ct_memcmp_partial 15 16 0 0
+mbedtls_ct_memcmp_partial:15:16:0:0
+
+mbedtls_ct_memcmp_partial -1 16 0 0
+mbedtls_ct_memcmp_partial:-1:16:0:0
+
+mbedtls_ct_memcmp_partial -1 16 12 4
+mbedtls_ct_memcmp_partial:-1:16:12:4
+
+mbedtls_ct_memcmp_partial -1 16 8 8
+mbedtls_ct_memcmp_partial:-1:16:8:8
diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function
index bd0eec5..3127365 100644
--- a/tests/suites/test_suite_constant_time.function
+++ b/tests/suites/test_suite_constant_time.function
@@ -8,9 +8,15 @@
* under MSan or Valgrind will detect a non-constant-time implementation.
*/
+#include <stdio.h>
+
+#include <limits.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <mbedtls/bignum.h>
#include <mbedtls/constant_time.h>
#include <constant_time_internal.h>
-#include <constant_time_invasive.h>
#include <test/constant_flow.h>
/* END_HEADER */
@@ -26,15 +32,220 @@
/* END_CASE */
/* BEGIN_CASE */
+void mbedtls_ct_bool(char *input)
+{
+ mbedtls_ct_uint_t v = (mbedtls_ct_uint_t) strtoull(input, NULL, 16);
+ TEST_ASSERT(errno == 0);
+
+ mbedtls_ct_condition_t expected = (v != 0) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_CF_SECRET(&v, sizeof(v));
+ TEST_EQUAL(mbedtls_ct_bool(v), expected);
+ TEST_CF_PUBLIC(&v, sizeof(v));
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ct_bool_xxx(char *x_str, char *y_str)
+{
+ mbedtls_ct_uint_t x = strtoull(x_str, NULL, 0);
+ mbedtls_ct_uint_t y = strtoull(y_str, NULL, 0);
+
+ mbedtls_ct_uint_t x1 = x;
+ mbedtls_ct_uint_t y1 = y;
+
+ TEST_CF_SECRET(&x, sizeof(x));
+ TEST_CF_SECRET(&y, sizeof(y));
+
+ mbedtls_ct_condition_t expected = x1 ? MBEDTLS_CT_FALSE : MBEDTLS_CT_TRUE;
+ TEST_EQUAL(mbedtls_ct_bool_not(mbedtls_ct_bool(x)), expected);
+
+ expected = x1 != y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_EQUAL(mbedtls_ct_uint_ne(x, y), expected);
+
+ expected = x1 == y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_EQUAL(mbedtls_ct_uint_eq(x, y), expected);
+
+ expected = x1 > y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_EQUAL(mbedtls_ct_uint_gt(x, y), expected);
+
+ expected = x1 < y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_EQUAL(mbedtls_ct_uint_lt(x, y), expected);
+
+ expected = x1 >= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_EQUAL(mbedtls_ct_uint_ge(x, y), expected);
+
+ expected = x1 <= y1 ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_EQUAL(mbedtls_ct_uint_le(x, y), expected);
+
+ expected = (!!x1) != (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_EQUAL(mbedtls_ct_bool_ne(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected);
+
+ expected = (!!x1) && (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_EQUAL(mbedtls_ct_bool_and(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected);
+
+ expected = (!!x1) || (!!y1) ? MBEDTLS_CT_TRUE : MBEDTLS_CT_FALSE;
+ TEST_EQUAL(mbedtls_ct_bool_or(mbedtls_ct_bool(x), mbedtls_ct_bool(y)), expected);
+
+ TEST_CF_PUBLIC(&x, sizeof(x));
+ TEST_CF_PUBLIC(&y, sizeof(y));
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_BASE64_C */
+void mbedtls_ct_uchar_in_range_if(int li, int hi, int ti)
+{
+ unsigned char l = li, h = hi, t = ti;
+
+ for (unsigned x = 0; x <= 255; x++) {
+ unsigned char expected = (x >= l) && (x <= h) ? t : 0;
+
+ TEST_CF_SECRET(&x, sizeof(x));
+ TEST_CF_SECRET(&l, sizeof(l));
+ TEST_CF_SECRET(&h, sizeof(h));
+ TEST_CF_SECRET(&t, sizeof(t));
+
+ TEST_EQUAL(mbedtls_ct_uchar_in_range_if(l, h, (unsigned char) x, t), expected);
+
+ TEST_CF_PUBLIC(&x, sizeof(x));
+ TEST_CF_PUBLIC(&l, sizeof(l));
+ TEST_CF_PUBLIC(&h, sizeof(h));
+ TEST_CF_PUBLIC(&t, sizeof(t));
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ct_error_if(int cond, int t, int f)
+{
+ mbedtls_ct_condition_t c = mbedtls_ct_bool(cond);
+
+ int expected = c ? t : f;
+ int expected0 = c ? t : 0;
+
+ TEST_CF_SECRET(&c, sizeof(c));
+ TEST_CF_SECRET(&t, sizeof(t));
+ TEST_CF_SECRET(&f, sizeof(f));
+
+ TEST_EQUAL(mbedtls_ct_error_if(c, t, f), expected);
+ TEST_EQUAL(mbedtls_ct_error_if_else_0(c, t), expected0);
+
+ TEST_CF_PUBLIC(&c, sizeof(c));
+ TEST_CF_PUBLIC(&t, sizeof(t));
+ TEST_CF_PUBLIC(&f, sizeof(f));
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ct_if(char *c_str, char *t_str, char *f_str)
+{
+ mbedtls_ct_condition_t c = mbedtls_ct_bool(strtoull(c_str, NULL, 16));
+ mbedtls_ct_uint_t t = (mbedtls_ct_uint_t) strtoull(t_str, NULL, 16);
+ mbedtls_ct_uint_t f = (mbedtls_ct_uint_t) strtoull(f_str, NULL, 16);
+
+ mbedtls_ct_uint_t expected = c ? t : f;
+ mbedtls_ct_uint_t expected0 = c ? t : 0;
+
+ TEST_CF_SECRET(&c, sizeof(c));
+ TEST_CF_SECRET(&t, sizeof(t));
+ TEST_CF_SECRET(&f, sizeof(f));
+
+ TEST_EQUAL(mbedtls_ct_if(c, t, f), expected);
+ TEST_EQUAL(mbedtls_ct_size_if(c, t, f), (size_t) expected);
+ TEST_EQUAL(mbedtls_ct_uint_if(c, t, f), (unsigned) expected);
+ TEST_EQUAL(mbedtls_ct_bool_if(c, mbedtls_ct_bool(t), mbedtls_ct_bool(f)),
+ mbedtls_ct_bool(expected));
+#if defined(MBEDTLS_BIGNUM_C)
+ TEST_EQUAL(mbedtls_ct_mpi_uint_if(c, t, f), (mbedtls_mpi_uint) expected);
+#endif
+
+ TEST_EQUAL(mbedtls_ct_uint_if_else_0(c, t), (unsigned) expected0);
+ TEST_EQUAL(mbedtls_ct_size_if_else_0(c, (size_t) t), (size_t) expected0);
+ TEST_EQUAL(mbedtls_ct_bool_if_else_0(c, mbedtls_ct_bool(t)), mbedtls_ct_bool(expected0));
+#if defined(MBEDTLS_BIGNUM_C)
+ TEST_EQUAL(mbedtls_ct_mpi_uint_if_else_0(c, t), (mbedtls_mpi_uint) expected0);
+#endif
+
+ TEST_CF_PUBLIC(&c, sizeof(c));
+ TEST_CF_PUBLIC(&t, sizeof(t));
+ TEST_CF_PUBLIC(&f, sizeof(f));
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:!MBEDTLS_RSA_ALT */
+void mbedtls_ct_zeroize_if(char *c_str, int len)
+{
+ uint8_t *buf = NULL;
+ mbedtls_ct_condition_t c = mbedtls_ct_bool(strtoull(c_str, NULL, 16));
+
+ TEST_CALLOC(buf, len);
+ for (size_t i = 0; i < (size_t) len; i++) {
+ buf[i] = 1;
+ }
+
+ TEST_CF_SECRET(&c, sizeof(c));
+ TEST_CF_SECRET(buf, len);
+ mbedtls_ct_zeroize_if(c, buf, len);
+ TEST_CF_PUBLIC(&c, sizeof(c));
+ TEST_CF_PUBLIC(buf, len);
+
+ for (size_t i = 0; i < (size_t) len; i++) {
+ TEST_EQUAL(buf[i], c != 0 ? 0 : 1);
+ }
+exit:
+ mbedtls_free(buf);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ct_memcmp_single_bit_diff()
+{
+ uint8_t *a = NULL, *b = NULL;
+ size_t size = 32;
+ TEST_CALLOC(a, size);
+ TEST_CALLOC(b, size);
+
+ TEST_CF_SECRET(a, size);
+ TEST_CF_SECRET(b, size);
+ int result = mbedtls_ct_memcmp(a, b, size);
+ TEST_CF_PUBLIC(a, size);
+ TEST_CF_PUBLIC(b, size);
+ TEST_CF_PUBLIC(&result, sizeof(result));
+
+ TEST_EQUAL(result, 0);
+
+ for (size_t offset = 0; offset < size; offset++) {
+ for (size_t bit_offset = 0; bit_offset < 8; bit_offset++) {
+ /* Set a single bit to be different at given offset, to test that we
+ detect single-bit differences */
+ a[offset] = 1 << bit_offset;
+
+ TEST_CF_SECRET(a, size);
+ TEST_CF_SECRET(b, size);
+ result = mbedtls_ct_memcmp(a, b, size);
+ TEST_CF_PUBLIC(a, size);
+ TEST_CF_PUBLIC(b, size);
+ TEST_CF_PUBLIC(&result, sizeof(result));
+
+ TEST_ASSERT(result != 0);
+
+ a[offset] = 0;
+ }
+ }
+
+
+exit:
+ mbedtls_free(a);
+ mbedtls_free(b);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void mbedtls_ct_memcmp(int same, int size, int offset)
{
uint8_t *a = NULL, *b = NULL;
TEST_CALLOC(a, size + offset);
TEST_CALLOC(b, size + offset);
- TEST_CF_SECRET(a + offset, size);
- TEST_CF_SECRET(b + offset, size);
-
/* Construct data that matches, if same == -1, otherwise
* same gives the number of bytes (after the initial offset)
* that will match; after that it will differ.
@@ -49,9 +260,15 @@
}
int reference = memcmp(a + offset, b + offset, size);
+
+ TEST_CF_SECRET(a, size + offset);
+ TEST_CF_SECRET(b, size + offset);
+
int actual = mbedtls_ct_memcmp(a + offset, b + offset, size);
- TEST_CF_PUBLIC(a + offset, size);
- TEST_CF_PUBLIC(b + offset, size);
+
+ TEST_CF_PUBLIC(a, size + offset);
+ TEST_CF_PUBLIC(b, size + offset);
+ TEST_CF_PUBLIC(&actual, sizeof(actual));
if (same == -1 || same >= size) {
TEST_ASSERT(reference == 0);
@@ -66,59 +283,188 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset)
+/* BEGIN_CASE depends_on:MBEDTLS_NIST_KW_C */
+
+/**
+ * Generate two arrays of the given size, and test mbedtls_ct_memcmp_partial
+ * over them. The arrays will be identical, except that one byte may be specified
+ * to be different.
+ *
+ * \p diff Index of byte that differs (if out of range, the arrays will match).
+ * \p size Size of arrays to compare
+ * \p skip_head Leading bytes to skip, as per mbedtls_ct_memcmp_partial
+ * \p skip_tail Trailing bytes to skip, as per mbedtls_ct_memcmp_partial
+ */
+void mbedtls_ct_memcmp_partial(int diff, int size, int skip_head, int skip_tail)
{
- uint8_t *src = NULL, *result = NULL, *expected = NULL;
+ uint8_t *a = NULL, *b = NULL;
+
+ TEST_CALLOC_NONNULL(a, size);
+ TEST_CALLOC_NONNULL(b, size);
+
+ TEST_ASSERT((skip_head + skip_tail) <= size);
+
+ /* Construct data that matches, except for specified byte (if in range). */
+ for (int i = 0; i < size; i++) {
+ a[i] = i & 0xff;
+ b[i] = a[i];
+ if (i == diff) {
+ // modify the specified byte
+ b[i] ^= 1;
+ }
+ }
+
+ int reference = memcmp(a + skip_head, b + skip_head, size - skip_head - skip_tail);
+
+ TEST_CF_SECRET(a, size);
+ TEST_CF_SECRET(b, size);
+
+ int actual = mbedtls_ct_memcmp_partial(a, b, size, skip_head, skip_tail);
+
+ TEST_CF_PUBLIC(a, size);
+ TEST_CF_PUBLIC(b, size);
+ TEST_CF_PUBLIC(&actual, sizeof(actual));
+
+ TEST_EQUAL(!!reference, !!actual);
+exit:
+ mbedtls_free(a);
+ mbedtls_free(b);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ct_memcpy_if(int eq, int size, int offset)
+{
+ uint8_t *src = NULL, *src2 = NULL, *result = NULL, *expected = NULL;
TEST_CALLOC(src, size + offset);
+ TEST_CALLOC(src2, size + offset);
TEST_CALLOC(result, size + offset);
TEST_CALLOC(expected, size + offset);
+ /* Apply offset to result only */
for (int i = 0; i < size + offset; i++) {
- src[i] = 1;
- result[i] = 0xff;
+ src[i] = 1;
+ result[i] = 0xff;
expected[i] = eq ? 1 : 0xff;
}
- int one, secret_eq;
- TEST_CF_SECRET(&one, sizeof(one));
- TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
- one = 1;
- secret_eq = eq;
+ int secret_eq = eq;
+ TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
+ TEST_CF_SECRET(src, size + offset);
+ TEST_CF_SECRET(result, size + offset);
- mbedtls_ct_memcpy_if_eq(result + offset, src, size, secret_eq, one);
+ mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), result + offset, src, NULL, size);
- TEST_CF_PUBLIC(&one, sizeof(one));
TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
+ TEST_CF_PUBLIC(src, size + offset);
+ TEST_CF_PUBLIC(result, size + offset);
TEST_MEMORY_COMPARE(expected, size, result + offset, size);
+
+ /* Apply offset to src only */
for (int i = 0; i < size + offset; i++) {
src[i] = 1;
result[i] = 0xff;
expected[i] = eq ? 1 : 0xff;
}
- TEST_CF_SECRET(&one, sizeof(one));
- TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
- one = 1;
- secret_eq = eq;
+ TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
+ TEST_CF_SECRET(src, size + offset);
+ TEST_CF_SECRET(result, size + offset);
- mbedtls_ct_memcpy_if_eq(result, src + offset, size, secret_eq, one);
+ mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), result, src + offset, NULL, size);
- TEST_CF_PUBLIC(&one, sizeof(one));
TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
+ TEST_CF_PUBLIC(src, size + offset);
+ TEST_CF_PUBLIC(result, size + offset);
TEST_MEMORY_COMPARE(expected, size, result, size);
+
+
+ /* Apply offset to src and src2 */
+ for (int i = 0; i < size + offset; i++) {
+ src[i] = 1;
+ src2[i] = 2;
+ result[i] = 0xff;
+ expected[i] = eq ? 1 : 2;
+ }
+
+ TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
+ TEST_CF_SECRET(src, size + offset);
+ TEST_CF_SECRET(src2, size + offset);
+ TEST_CF_SECRET(result, size + offset);
+
+ mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), result, src + offset, src2 + offset, size);
+
+ TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
+ TEST_CF_PUBLIC(src, size + offset);
+ TEST_CF_SECRET(src2, size + offset);
+ TEST_CF_PUBLIC(result, size + offset);
+
+ TEST_MEMORY_COMPARE(expected, size, result, size);
+
+
+ /* result == src == dest */
+ for (int i = 0; i < size + offset; i++) {
+ src[i] = 2;
+ expected[i] = 2;
+ }
+
+ TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
+ TEST_CF_SECRET(src, size + offset);
+ TEST_CF_SECRET(result, size + offset);
+
+ mbedtls_ct_memcpy_if(mbedtls_ct_bool(secret_eq), src + offset, src + offset, src + offset,
+ size);
+
+ TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
+ TEST_CF_PUBLIC(src, size + offset);
+ TEST_CF_PUBLIC(result, size + offset);
+
+ TEST_MEMORY_COMPARE(expected, size, src + offset, size);
exit:
mbedtls_free(src);
+ mbedtls_free(src2);
mbedtls_free(result);
mbedtls_free(expected);
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
-void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len)
+/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:!MBEDTLS_RSA_ALT */
+void mbedtls_ct_memmove_left(int len, int offset)
+{
+ size_t l = (size_t) len;
+ size_t o = (size_t) offset;
+
+ uint8_t *buf = NULL, *buf_expected = NULL;
+ TEST_CALLOC(buf, l);
+ TEST_CALLOC(buf_expected, l);
+
+ for (size_t i = 0; i < l; i++) {
+ buf[i] = (uint8_t) i;
+ buf_expected[i] = buf[i];
+ }
+
+ TEST_CF_SECRET(&o, sizeof(o));
+ TEST_CF_SECRET(buf, l);
+ mbedtls_ct_memmove_left(buf, l, o);
+ TEST_CF_PUBLIC(&o, sizeof(o));
+ TEST_CF_PUBLIC(buf, l);
+
+ if (l > 0) {
+ memmove(buf_expected, buf_expected + o, l - o);
+ memset(buf_expected + (l - o), 0, o);
+ TEST_ASSERT(memcmp(buf, buf_expected, l) == 0);
+ }
+exit:
+ mbedtls_free(buf);
+ mbedtls_free(buf_expected);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ct_memcpy_offset(int offset_min, int offset_max, int len)
{
unsigned char *dst = NULL;
unsigned char *src = NULL;
@@ -135,9 +481,12 @@
mbedtls_test_set_step((int) secret);
TEST_CF_SECRET(&secret, sizeof(secret));
+ TEST_CF_SECRET(src, len);
+ TEST_CF_SECRET(dst, len);
mbedtls_ct_memcpy_offset(dst, src, secret,
offset_min, offset_max, len);
TEST_CF_PUBLIC(&secret, sizeof(secret));
+ TEST_CF_PUBLIC(src, len);
TEST_CF_PUBLIC(dst, len);
TEST_MEMORY_COMPARE(dst, len, src + secret, len);
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
index d7bbe04..9d9aa3c 100644
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -4,11 +4,12 @@
#include <mbedtls/md.h>
#include <constant_time_internal.h>
#include "md_psa.h"
+#include <ssl_misc.h>
#include <test/constant_flow.h>
/* END_HEADER */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
void ssl_cf_hmac(int hash)
{
/*
diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data
index a72d8af..028a07f 100644
--- a/tests/suites/test_suite_ctr_drbg.data
+++ b/tests/suites/test_suite_ctr_drbg.data
@@ -1096,5 +1096,12 @@
CTR_DRBG Special Behaviours
ctr_drbg_special_behaviours:
+CTR_DRBG Threads: no reseed
+ctr_drbg_threads:"1fafa98bc83d95e10f2d5ed339a553e1":0:5
+
+CTR_DRBG Threads: reseed
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1:5
+
CTR_DRBG self test
ctr_drbg_selftest:
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 7d81608..1f0a072 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -3,6 +3,10 @@
#include "mbedtls/ctr_drbg.h"
#include "string.h"
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#include "mbedtls/threading.h"
+#endif
+
/* Modes for ctr_drbg_validate */
enum reseed_mode {
RESEED_NEVER, /* never reseed */
@@ -31,15 +35,13 @@
data_t *result)
{
mbedtls_ctr_drbg_context ctx;
+ mbedtls_ctr_drbg_init(&ctx);
unsigned char buf[64];
size_t entropy_chunk_len = (size_t) entropy_len_arg;
-
TEST_ASSERT(entropy_chunk_len <= sizeof(buf));
test_offset_idx = 0;
- mbedtls_ctr_drbg_init(&ctx);
-
test_max_idx = entropy->len;
/* CTR_DRBG_Instantiate(entropy[:entropy->len], nonce, perso, <ignored>)
@@ -92,6 +94,19 @@
mbedtls_ctr_drbg_free(&ctx);
}
+static const int thread_random_reps = 10;
+void *thread_random_function(void *ctx)
+{
+ unsigned char out[16];
+ memset(out, 0, sizeof(out));
+
+ for (int i = 0; i < thread_random_reps; i++) {
+ TEST_EQUAL(mbedtls_ctr_drbg_random((mbedtls_ctr_drbg_context *) ctx, out, sizeof(out)), 0);
+ }
+
+exit:
+ return NULL;
+}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -139,10 +154,12 @@
data_t *result_string)
{
data_t empty = { 0, 0 };
+ AES_PSA_INIT();
ctr_drbg_validate_internal(RESEED_NEVER, add_init,
entropy->len, entropy,
&empty, add1, add2,
result_string);
+ AES_PSA_DONE();
goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
@@ -153,10 +170,12 @@
data_t *result_string)
{
data_t empty = { 0, 0 };
+ AES_PSA_INIT();
ctr_drbg_validate_internal(RESEED_ALWAYS, add_init,
entropy->len / 3, entropy,
&empty, add1, add2,
result_string);
+ AES_PSA_DONE();
goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
@@ -166,10 +185,12 @@
data_t *add1, data_t *add_reseed,
data_t *add2, data_t *result_string)
{
+ AES_PSA_INIT();
ctr_drbg_validate_internal(RESEED_SECOND, add_init,
entropy->len / 2, entropy,
add_reseed, add1, add2,
result_string);
+ AES_PSA_DONE();
goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
@@ -179,10 +200,12 @@
data_t *add1, data_t *add_reseed,
data_t *add2, data_t *result_string)
{
+ AES_PSA_INIT();
ctr_drbg_validate_internal(RESEED_FIRST, add_init,
entropy->len / 2, entropy,
add_reseed, add1, add2,
result_string);
+ AES_PSA_DONE();
goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
@@ -198,6 +221,8 @@
size_t byte_strength = expected_bit_strength / 8;
mbedtls_ctr_drbg_init(&ctx);
+
+ AES_PSA_INIT();
test_offset_idx = 0;
test_max_idx = sizeof(entropy);
memset(entropy, 0, sizeof(entropy));
@@ -216,6 +241,7 @@
exit:
mbedtls_ctr_drbg_free(&ctx);
+ AES_PSA_DONE();
}
/* END_CASE */
@@ -230,6 +256,9 @@
size_t expected_idx = 0;
mbedtls_ctr_drbg_init(&ctx);
+
+ AES_PSA_INIT();
+
test_offset_idx = 0;
test_max_idx = sizeof(entropy);
memset(entropy, 0, sizeof(entropy));
@@ -309,6 +338,80 @@
exit:
mbedtls_ctr_drbg_free(&ctx);
+ AES_PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count)
+{
+ size_t thread_count = (size_t) arg_thread_count;
+ pthread_t *threads = NULL;
+
+ unsigned char out[16];
+ unsigned char *entropy = NULL;
+
+ const size_t n_random_calls = thread_count * thread_random_reps + 1;
+
+ /* Based on the size of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA512. */
+ const size_t entropy_len = 48;
+
+ AES_PSA_INIT();
+
+ TEST_CALLOC(threads, sizeof(pthread_t) * thread_count);
+ memset(out, 0, sizeof(out));
+
+ mbedtls_ctr_drbg_context ctx;
+ mbedtls_ctr_drbg_init(&ctx);
+
+ test_offset_idx = 0;
+
+ /* Need to do this, otherwise if we are forced into using SHA256 for
+ * whaever reason, output will differ. */
+ mbedtls_ctr_drbg_set_entropy_len(&ctx, entropy_len);
+
+ if (reseed == 0) {
+ mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_OFF);
+ mbedtls_ctr_drbg_set_reseed_interval(&ctx, n_random_calls + 1);
+
+ TEST_CALLOC(entropy, entropy_len + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN);
+ test_max_idx = entropy_len + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN;
+ } else {
+ const size_t entropy_size = ((n_random_calls + 1) * entropy_len)
+ + MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN;
+
+ mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON);
+
+ TEST_CALLOC(entropy, entropy_size);
+ test_max_idx = entropy_size;
+ }
+
+ TEST_EQUAL(
+ mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_entropy_func, entropy, NULL, 0),
+ 0);
+
+ for (size_t i = 0; i < thread_count; i++) {
+ TEST_EQUAL(
+ pthread_create(&threads[i], NULL,
+ thread_random_function, (void *) &ctx),
+ 0);
+ }
+
+ for (size_t i = 0; i < thread_count; i++) {
+ TEST_EQUAL(pthread_join(threads[i], NULL), 0);
+ }
+
+ /* Take a last output for comparing and thus verifying the DRBG state */
+ TEST_EQUAL(mbedtls_ctr_drbg_random(&ctx, out, sizeof(out)), 0);
+
+ TEST_MEMORY_COMPARE(out, sizeof(out), expected_result->x, expected_result->len);
+
+exit:
+ mbedtls_ctr_drbg_free(&ctx);
+ mbedtls_free(entropy);
+ mbedtls_free(threads);
+
+ AES_PSA_DONE();
}
/* END_CASE */
@@ -319,6 +422,8 @@
mbedtls_ctr_drbg_init(&ctx);
+ AES_PSA_INIT();
+
TEST_ASSERT(mbedtls_ctr_drbg_seed(&ctx, mbedtls_test_rnd_std_rand,
NULL, NULL, 0) == 0);
TEST_ASSERT(mbedtls_ctr_drbg_write_seed_file(&ctx, path) == ret);
@@ -326,12 +431,15 @@
exit:
mbedtls_ctr_drbg_free(&ctx);
+ AES_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void ctr_drbg_selftest()
{
+ AES_PSA_INIT();
TEST_ASSERT(mbedtls_ctr_drbg_self_test(1) == 0);
+ AES_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index 20890c4..512a04a 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -63,5 +63,5 @@
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 16f5f8c..5751624 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -166,7 +166,7 @@
* MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may
* change in the future. A factor 2 is a minimum safety margin.
*
- * For reference, with mbed TLS 2.4 and default settings, for P-256:
+ * For reference, with Mbed TLS 2.4 and default settings, for P-256:
* - Random point mult: ~3250M
* - Cold base point mult: ~3300M
* - Hot base point mult: ~1100M
@@ -1324,8 +1324,8 @@
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP521R1:
- limbs = BITS_TO_LIMBS(522) * 2;
- curve_bits = 522;
+ limbs = BITS_TO_LIMBS(521) * 2;
+ curve_bits = 521;
curve_func = &mbedtls_ecp_mod_p521_raw;
break;
#endif
@@ -1377,8 +1377,8 @@
TEST_EQUAL((*curve_func)(X, limbs_X), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
+ TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits);
TEST_MEMORY_COMPARE(X, bytes, res, bytes);
exit:
@@ -1622,7 +1622,7 @@
TEST_EQUAL(0, mbedtls_mpi_mod_random(&rX, 1, &m,
mbedtls_test_rnd_std_rand, NULL));
- TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == 1);
+ TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == MBEDTLS_CT_TRUE);
exit:
mbedtls_mpi_mod_modulus_free(&m);
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 617c875..ed9f3ac 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -102,6 +102,7 @@
if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) !=
MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ fclose(f);
return -1;
}
@@ -124,6 +125,7 @@
if (fread(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) !=
MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ fclose(f);
return -1;
}
@@ -166,11 +168,10 @@
void entropy_seed_file(char *path, int ret)
{
mbedtls_entropy_context ctx;
+ mbedtls_entropy_init(&ctx);
MD_PSA_INIT();
- mbedtls_entropy_init(&ctx);
-
TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, path) == ret);
TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, path) == ret);
@@ -184,11 +185,10 @@
void entropy_write_base_seed_file(int ret)
{
mbedtls_entropy_context ctx;
+ mbedtls_entropy_init(&ctx);
MD_PSA_INIT();
- mbedtls_entropy_init(&ctx);
-
TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret);
TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret);
@@ -249,10 +249,10 @@
unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE + 10] = { 0 };
size_t i, j;
- MD_PSA_INIT();
-
mbedtls_entropy_init(&ctx);
+ MD_PSA_INIT();
+
/*
* See comments in mbedtls_entropy_self_test()
*/
@@ -286,10 +286,10 @@
unsigned char buf[16];
entropy_dummy_context dummy = { DUMMY_FAIL, 0, 0 };
- MD_PSA_INIT();
-
mbedtls_entropy_init(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
&dummy, 16,
MBEDTLS_ENTROPY_SOURCE_WEAK)
@@ -324,11 +324,11 @@
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
int ret;
- MD_PSA_INIT();
-
mbedtls_entropy_init(&ctx);
entropy_clear_sources(&ctx);
+ MD_PSA_INIT();
+
/* Set strong source that reaches its threshold immediately and
* a weak source whose threshold is a test parameter. */
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
@@ -374,11 +374,11 @@
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
int ret;
- MD_PSA_INIT();
-
mbedtls_entropy_init(&ctx);
entropy_clear_sources(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
&dummy1, threshold,
strength1) == 0);
@@ -473,8 +473,6 @@
unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
- MD_PSA_INIT();
-
memset(entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
memset(empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
@@ -488,6 +486,8 @@
mbedtls_entropy_init(&ctx);
entropy_clear_sources(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, mbedtls_nv_seed_poll, NULL,
MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG) == 0);
diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data
index 9b39e9f..fb9b5ef 100644
--- a/tests/suites/test_suite_md.data
+++ b/tests/suites/test_suite_md.data
@@ -37,19 +37,19 @@
md_info:MBEDTLS_MD_SHA512:"SHA512":64
Information on SHA3-224
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
md_info:MBEDTLS_MD_SHA3_224:"SHA3-224":28
Information on SHA3-256
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
md_info:MBEDTLS_MD_SHA3_256:"SHA3-256":32
Information on SHA3-384
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
md_info:MBEDTLS_MD_SHA3_384:"SHA3-384":48
Information on SHA3-512
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
md_info:MBEDTLS_MD_SHA3_512:"SHA3-512":64
generic mbedtls_md5 Test vector RFC1321 #1
@@ -113,19 +113,19 @@
md_text:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
generic mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 8
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
md_hex:MBEDTLS_MD_SHA3_224:"01":"488286d9d32716e5881ea1ee51f36d3660d70f0db03b3f612ce9eda4"
generic mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 8
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
md_hex:MBEDTLS_MD_SHA3_256:"e9":"f0d04dd1e6cfc29a4460d521796852f25d9ef8d28b44ee91ff5b759d72c1e6d6"
generic mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 8
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
md_hex:MBEDTLS_MD_SHA3_384:"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7"
generic mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 8
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
md_hex:MBEDTLS_MD_SHA3_512:"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1"
generic HMAC-MD5 Hash File OpenSSL test #1
@@ -261,19 +261,19 @@
md_text_multi:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
generic multi step mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 48
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
md_hex_multi:MBEDTLS_MD_SHA3_224:"e7183e4d89c9":"650618f3b945c07de85b8478d69609647d5e2a432c6b15fbb3db91e4"
generic multi step mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 48
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
md_hex_multi:MBEDTLS_MD_SHA3_256:"e6fd42037f80":"2294f8d3834f24aa9037c431f8c233a66a57b23fa3de10530bbb6911f6e1850f"
generic multi step mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 48
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
md_hex_multi:MBEDTLS_MD_SHA3_384:"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28"
generic multi step mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 48
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
md_hex_multi:MBEDTLS_MD_SHA3_512:"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef"
generic multi step HMAC-MD5 Hash File OpenSSL test #1
@@ -525,67 +525,67 @@
mbedtls_md_hmac:MBEDTLS_MD_SHA512:48:"8ab783d5acf32efa0d9c0a21abce955e96630d89":"17371e013dce839963d54418e97be4bd9fa3cb2a368a5220f5aa1b8aaddfa3bdefc91afe7c717244fd2fb640f5cb9d9bf3e25f7f0c8bc758883b89dcdce6d749d9672fed222277ece3e84b3ec01b96f70c125fcb3cbee6d19b8ef0873f915f173bdb05d81629ba187cc8ac1934b2f75952fb7616ae6bd812946df694bd2763af":"9ac7ca8d1aefc166b046e4cf7602ebe181a0e5055474bff5b342106731da0d7e48e4d87bc0a6f05871574289a1b099f8"
HMAC-SHA3-224: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04"
HMAC-SHA3-224: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"d8b733bcf66c644a12323d564e24dcf3fc75f231f3b67968359100c7"
HMAC-SHA3-224: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59"
HMAC-SHA3-224: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:14:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"8569c54cbb00a9b78ff1b391b0e5"
HMAC-SHA3-256: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205"
HMAC-SHA3-256: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"68b94e2e538a9be4103bebb5aa016d47961d4d1aa906061313b557f8af2c3faa"
HMAC-SHA3-256: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258"
HMAC-SHA3-256: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:16:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"c8dc7148d8c1423aa549105dafdf9cad"
HMAC-SHA3-384: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"d588a3c51f3f2d906e8298c1199aa8ff6296218127f6b38a90b6afe2c5617725bc99987f79b22a557b6520db710b7f42"
HMAC-SHA3-384: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061626364656667":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"a27d24b592e8c8cbf6d4ce6fc5bf62d8fc98bf2d486640d9eb8099e24047837f5f3bffbe92dcce90b4ed5b1e7e44fa90"
HMAC-SHA3-384: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac"
HMAC-SHA3-384: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:24:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"25f4bf53606e91af79d24a4bb1fd6aecd44414a30c8ebb0a"
HMAC-SHA3-512: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4efd629d6c71bf86162658f29943b1c308ce27cdfa6db0d9c3ce81763f9cbce5f7ebe9868031db1a8f8eb7b6b95e5c5e3f657a8996c86a2f6527e307f0213196"
HMAC-SHA3-512: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f4041424344454647":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"544e257ea2a3e5ea19a590e6a24b724ce6327757723fe2751b75bf007d80f6b360744bf1b7a88ea585f9765b47911976d3191cf83c039f5ffab0d29cc9d9b6da"
HMAC-SHA3-512: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915"
HMAC-SHA3-512: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"7bb06d859257b25ce73ca700df34c5cbef5c898bac91029e0b27975d4e526a08"
generic multi step HMAC-SHA-1 Test Vector FIPS-198a #1
@@ -733,67 +733,67 @@
md_hmac_multi:MBEDTLS_MD_SHA512:48:"8ab783d5acf32efa0d9c0a21abce955e96630d89":"17371e013dce839963d54418e97be4bd9fa3cb2a368a5220f5aa1b8aaddfa3bdefc91afe7c717244fd2fb640f5cb9d9bf3e25f7f0c8bc758883b89dcdce6d749d9672fed222277ece3e84b3ec01b96f70c125fcb3cbee6d19b8ef0873f915f173bdb05d81629ba187cc8ac1934b2f75952fb7616ae6bd812946df694bd2763af":"9ac7ca8d1aefc166b046e4cf7602ebe181a0e5055474bff5b342106731da0d7e48e4d87bc0a6f05871574289a1b099f8"
HMAC-SHA3-224 multi-step: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
md_hmac_multi:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04"
HMAC-SHA3-224 multi-step: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
md_hmac_multi:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"d8b733bcf66c644a12323d564e24dcf3fc75f231f3b67968359100c7"
HMAC-SHA3-224 multi-step: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
md_hmac_multi:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59"
HMAC-SHA3-224 multi-step: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
md_hmac_multi:MBEDTLS_MD_SHA3_224:14:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"8569c54cbb00a9b78ff1b391b0e5"
HMAC-SHA3-256 multi-step: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
md_hmac_multi:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205"
HMAC-SHA3-256 multi-step: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
md_hmac_multi:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"68b94e2e538a9be4103bebb5aa016d47961d4d1aa906061313b557f8af2c3faa"
HMAC-SHA3-256 multi-step: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
md_hmac_multi:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258"
HMAC-SHA3-256 multi-step: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
md_hmac_multi:MBEDTLS_MD_SHA3_256:16:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"c8dc7148d8c1423aa549105dafdf9cad"
HMAC-SHA3-384 multi-step: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
md_hmac_multi:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"d588a3c51f3f2d906e8298c1199aa8ff6296218127f6b38a90b6afe2c5617725bc99987f79b22a557b6520db710b7f42"
HMAC-SHA3-384 multi-step: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
md_hmac_multi:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061626364656667":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"a27d24b592e8c8cbf6d4ce6fc5bf62d8fc98bf2d486640d9eb8099e24047837f5f3bffbe92dcce90b4ed5b1e7e44fa90"
HMAC-SHA3-384 multi-step: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
md_hmac_multi:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac"
HMAC-SHA3-384 multi-step: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
md_hmac_multi:MBEDTLS_MD_SHA3_384:24:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"25f4bf53606e91af79d24a4bb1fd6aecd44414a30c8ebb0a"
HMAC-SHA3-512 multi-step: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4efd629d6c71bf86162658f29943b1c308ce27cdfa6db0d9c3ce81763f9cbce5f7ebe9868031db1a8f8eb7b6b95e5c5e3f657a8996c86a2f6527e307f0213196"
HMAC-SHA3-512 multi-step: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f4041424344454647":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"544e257ea2a3e5ea19a590e6a24b724ce6327757723fe2751b75bf007d80f6b360744bf1b7a88ea585f9765b47911976d3191cf83c039f5ffab0d29cc9d9b6da"
HMAC-SHA3-512 multi-step: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915"
HMAC-SHA3-512 multi-step: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
md_hmac_multi:MBEDTLS_MD_SHA3_512:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"7bb06d859257b25ce73ca700df34c5cbef5c898bac91029e0b27975d4e526a08"
generic SHA-1 Test Vector NIST CAVS #1
@@ -929,67 +929,67 @@
md_hex:MBEDTLS_MD_SHA512:"":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
generic SHA3-224 Hash file #1
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
mbedtls_md_file:MBEDTLS_MD_SHA3_224:"data_files/hash_file_1":"320f1a9257d442178d90fda8987743a5e7bb5ed0b18bc7d66ee3633e"
generic SHA3-224 Hash file #2
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
mbedtls_md_file:MBEDTLS_MD_SHA3_224:"data_files/hash_file_2":"db06a96306b43677f0e3592a0fe1d276141fa7458b7be93197550442"
generic SHA3-224 Hash file #3
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
mbedtls_md_file:MBEDTLS_MD_SHA3_224:"data_files/hash_file_3":"0d125fdd48b0e322ca845402fbecb827053c9f324c58933be2e474a0"
generic SHA3-224 Hash file #4
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_224
mbedtls_md_file:MBEDTLS_MD_SHA3_224:"data_files/hash_file_4":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7"
generic SHA3-256 Hash file #1
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
mbedtls_md_file:MBEDTLS_MD_SHA3_256:"data_files/hash_file_1":"f429826659dd9f313e6226ced5c841fe1b0e9dd16554392b694fa3000f1ae1e2"
generic SHA3-256 Hash file #2
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
mbedtls_md_file:MBEDTLS_MD_SHA3_256:"data_files/hash_file_2":"3aed2fda8604dbec5a67710b4d4c89a90745e10ee633649e53e75c7e25d30152"
generic SHA3-256 Hash file #3
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
mbedtls_md_file:MBEDTLS_MD_SHA3_256:"data_files/hash_file_3":"c4b6492fd1c475c5e560545a2573b0efcd02d54ef4f63c9d8158dd87bed99d85"
generic SHA3-256 Hash file #4
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_256
mbedtls_md_file:MBEDTLS_MD_SHA3_256:"data_files/hash_file_4":"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a"
generic SHA3-384 Hash file #1
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
mbedtls_md_file:MBEDTLS_MD_SHA3_384:"data_files/hash_file_1":"06ab3677496658d3faad937f3f7887b3e925b480190544c612e76b88c5d21b4ca12691f27b8ef569d601925915cdf2a6"
generic SHA3-384 Hash file #2
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
mbedtls_md_file:MBEDTLS_MD_SHA3_384:"data_files/hash_file_2":"b5efc40db7af544bf3fb8c782f2db478dbb81aa83d2ef0e8bbdcf06371de7cc984aac5539c4c9244c1e6ebbb85e23983"
generic SHA3-384 Hash file #3
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
mbedtls_md_file:MBEDTLS_MD_SHA3_384:"data_files/hash_file_3":"0f08dc09cb39240e09b01e7f3ee3ce6b893bf393f52d2ac87083cef7d3a469fa99763e58b25306b0a2381d9bbdaa802f"
generic SHA3-384 Hash file #4
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_384
mbedtls_md_file:MBEDTLS_MD_SHA3_384:"data_files/hash_file_4":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004"
generic SHA3-512 Hash file #1
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_1":"7d43cbb75218110d7fcc227b6977e6f3b855184c646b679055897cba0cd445ec968430231866801c4f0993f8735cf46bc4858868423d31ca283a6f1ecf25c580"
generic SHA3-512 Hash file #2
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_2":"212bd00cfc7f3a5b73b5b4772dd83562826207eba30ab00be2c886aef3841ef66eb25097091bfacb6d45dd4557489f91836c04c4f0d96e32ae96fb006d4b2ad6"
generic SHA3-512 Hash file #3
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_3":"a78a0266820e36f6fb26a0c8deb0b24108e209cc217852ed073904bc44ec586c5704c0a56de57f9906b8ced380fee6ac2bd432a93de7f39b23ed0aabdd7ae813"
generic SHA3-512 Hash file #4
-depends_on:MBEDTLS_SHA3_C
+depends_on:MBEDTLS_MD_CAN_SHA3_512
mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_4":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26"
generic SHA-512 Test Vector NIST CAVS #2
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index fadb362..866ff58 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -2,6 +2,9 @@
#include "mbedtls/md.h"
#include "md_psa.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/asn1.h"
+
#define MD_PSA(md, psa) \
TEST_EQUAL(mbedtls_md_psa_alg_from_type(md), psa); \
TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa), md);
@@ -33,6 +36,24 @@
TEST_EQUAL(0, mbedtls_md_starts(&ctx));
TEST_EQUAL(0, mbedtls_md_finish(&ctx, out));
mbedtls_md_free(&ctx);
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+ /* Ensure that we can convert to and from a psa_algorithm_t */
+ psa_algorithm_t p = mbedtls_md_psa_alg_from_type(*md_type_ptr);
+ TEST_ASSERT(p != PSA_ALG_NONE);
+ TEST_EQUAL(*md_type_ptr, mbedtls_md_type_from_psa_alg(p));
+#endif
+
+#if defined(MBEDTLS_OID_C)
+ mbedtls_asn1_buf asn1;
+ /* Check that we have an OID definition */
+ TEST_EQUAL(mbedtls_oid_get_oid_by_md((mbedtls_md_type_t) *md_type_ptr,
+ (const char **) &asn1.p, &asn1.len), 0);
+ /* Check that this OID definition maps back to the correct mbedtls_md_type_t */
+ mbedtls_md_type_t m;
+ TEST_EQUAL(mbedtls_oid_get_md_alg(&asn1, &m), 0);
+ TEST_EQUAL(m, *md_type_ptr);
+#endif
}
exit:
@@ -406,7 +427,6 @@
void md_psa_dynamic_dispatch(int md_type, int pre_psa_ret, int post_psa_engine)
{
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
- TEST_ASSERT(md_info != NULL);
mbedtls_md_context_t ctx1, ctx2;
/* Intentionally no PSA init here! (Will be done later.) */
@@ -414,6 +434,8 @@
mbedtls_md_init(&ctx1);
mbedtls_md_init(&ctx2);
+ TEST_ASSERT(md_info != NULL);
+
/* Before PSA crypto init */
TEST_EQUAL(pre_psa_ret, mbedtls_md_setup(&ctx1, md_info, 0));
TEST_EQUAL(pre_psa_ret, mbedtls_md_setup(&ctx2, md_info, 0));
diff --git a/tests/suites/test_suite_md.psa.data b/tests/suites/test_suite_md.psa.data
index 5266f18..3ae787c 100644
--- a/tests/suites/test_suite_md.psa.data
+++ b/tests/suites/test_suite_md.psa.data
@@ -85,3 +85,51 @@
PSA dispatch SHA512 legacy+driver
depends_on:MBEDTLS_SHA512_C:MBEDTLS_MD_SHA512_VIA_PSA
md_psa_dynamic_dispatch:MBEDTLS_MD_SHA512:0:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-224 legacy only
+depends_on:MBEDTLS_SHA3_C:!MBEDTLS_MD_SHA3_224_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:0:MBEDTLS_MD_ENGINE_LEGACY
+
+PSA dispatch SHA3-224 driver only
+depends_on:!MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_224_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-224 legacy+driver
+depends_on:MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_224_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:0:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-256 legacy only
+depends_on:MBEDTLS_SHA3_C:!MBEDTLS_MD_SHA3_256_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:0:MBEDTLS_MD_ENGINE_LEGACY
+
+PSA dispatch SHA3-256 driver only
+depends_on:!MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_256_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-256 legacy+driver
+depends_on:MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_256_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:0:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-384 legacy only
+depends_on:MBEDTLS_SHA3_C:!MBEDTLS_MD_SHA3_384_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:0:MBEDTLS_MD_ENGINE_LEGACY
+
+PSA dispatch SHA3-384 driver only
+depends_on:!MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_384_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-384 legacy+driver
+depends_on:MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_384_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:0:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-512 legacy only
+depends_on:MBEDTLS_SHA3_C:!MBEDTLS_MD_SHA3_512_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:0:MBEDTLS_MD_ENGINE_LEGACY
+
+PSA dispatch SHA3-512 driver only
+depends_on:!MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_512_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-512 legacy+driver
+depends_on:MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_512_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:0:MBEDTLS_MD_ENGINE_PSA
diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function
index 0b8434b..6751136 100644
--- a/tests/suites/test_suite_mps.function
+++ b/tests/suites/test_suite_mps.function
@@ -65,6 +65,8 @@
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0);
TEST_ASSERT(paused == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -119,6 +121,8 @@
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -170,6 +174,8 @@
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -217,6 +223,8 @@
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -250,6 +258,8 @@
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -297,6 +307,7 @@
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, &tmp_len) == 0);
TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 50, 50);
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -333,6 +344,7 @@
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -458,6 +470,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -562,6 +576,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -623,6 +639,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_DATA_LEFT);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -795,6 +813,7 @@
break;
}
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -951,6 +970,7 @@
}
}
+exit:
/* Cleanup */
mbedtls_mps_reader_free(&rd);
mbedtls_free(incoming);
@@ -1103,6 +1123,7 @@
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
}
+exit:
/* Wrapup */
mbedtls_mps_reader_free(&rd);
}
@@ -1136,6 +1157,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
index 00f6e0b..f8f1d43 100644
--- a/tests/suites/test_suite_oid.data
+++ b/tests/suites/test_suite_oid.data
@@ -82,6 +82,22 @@
depends_on:MBEDTLS_MD_CAN_SHA512
oid_get_md_alg_id:"608648016503040203":MBEDTLS_MD_SHA512
+OID hash id - id-sha3-224
+depends_on:MBEDTLS_MD_CAN_SHA3_224
+oid_get_md_alg_id:"608648016503040207":MBEDTLS_MD_SHA3_224
+
+OID hash id - id-sha3-256
+depends_on:MBEDTLS_MD_CAN_SHA3_256
+oid_get_md_alg_id:"608648016503040208":MBEDTLS_MD_SHA3_256
+
+OID hash id - id-sha3-384
+depends_on:MBEDTLS_MD_CAN_SHA3_384
+oid_get_md_alg_id:"608648016503040209":MBEDTLS_MD_SHA3_384
+
+OID hash id - id-sha3-512
+depends_on:MBEDTLS_MD_CAN_SHA3_512
+oid_get_md_alg_id:"60864801650304020a":MBEDTLS_MD_SHA3_512
+
OID hash id - id-ripemd160
depends_on:MBEDTLS_MD_CAN_RIPEMD160
oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160
@@ -185,3 +201,43 @@
OID from numeric string - OID with overflowing subidentifier
oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+mbedtls_oid_get_md_hmac - RIPEMD160
+depends_on:MBEDTLS_MD_CAN_RIPEMD160
+mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160
+
+mbedtls_oid_get_md_hmac - SHA1
+depends_on:MBEDTLS_MD_CAN_SHA1
+mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1
+
+mbedtls_oid_get_md_hmac - SHA224
+depends_on:MBEDTLS_MD_CAN_SHA224
+mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224
+
+mbedtls_oid_get_md_hmac - SHA256
+depends_on:MBEDTLS_MD_CAN_SHA256
+mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256
+
+mbedtls_oid_get_md_hmac - SHA384
+depends_on:MBEDTLS_MD_CAN_SHA384
+mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384
+
+mbedtls_oid_get_md_hmac - SHA512
+depends_on:MBEDTLS_MD_CAN_SHA512
+mbedtls_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512
+
+mbedtls_oid_get_md_hmac - SHA3_224
+depends_on:MBEDTLS_MD_CAN_SHA3_224
+mbedtls_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224
+
+mbedtls_oid_get_md_hmac - SHA3_256
+depends_on:MBEDTLS_MD_CAN_SHA3_256
+mbedtls_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256
+
+mbedtls_oid_get_md_hmac - SHA3_384
+depends_on:MBEDTLS_MD_CAN_SHA3_384
+mbedtls_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384
+
+mbedtls_oid_get_md_hmac - SHA3_512
+depends_on:MBEDTLS_MD_CAN_SHA3_512
+mbedtls_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 3adc6af..337f843 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -97,6 +97,29 @@
/* END_CASE */
/* BEGIN_CASE */
+void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id)
+{
+ mbedtls_asn1_buf md_oid = { 0, 0, NULL };
+ int ret;
+ mbedtls_md_type_t md_id = 0;
+
+ md_oid.tag = MBEDTLS_ASN1_OID;
+ md_oid.p = oid->x;
+ md_oid.len = oid->len;
+
+ ret = mbedtls_oid_get_md_hmac(&md_oid, &md_id);
+
+ if (exp_md_id < 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ TEST_ASSERT(md_id == 0);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id);
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str)
{
char buf[256];
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 84802da..af1e20c 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -13,39 +13,39 @@
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA"
PK utils: ECKEY SECP192R1
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC"
PK utils: ECKEY_DH SECP192R1
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"
PK utils: ECKEY_DH Curve25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"
PK utils: ECKEY_DH Curve448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"
PK utils: ECDSA SECP192R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP192R1
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:192:24:"ECDSA"
PK utils: ECDSA SECP256R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:256:32:"ECDSA"
PK utils: ECDSA SECP384R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:384:48:"ECDSA"
PK utils: ECDSA SECP521R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP521R1
pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA"
PK PSA utilities: ECDSA setup/free, info functions, unsupported operations
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_psa_utils:0
PK PSA utilities: RSA setup/free, info functions, unsupported operations
@@ -53,95 +53,95 @@
pk_psa_utils:1
PK can do ext: ECDSA(ANY)/NONE, invalid check STREAM_CIPHER
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: ECDSA(ANY)/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: ECDSA(ANY)/NONE, invalid check RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: ECDSA(ANY)/NONE, invalid check RSA_PSS(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: ECDSA(ANY)/NONE, invalid check ECDH
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: ECDSA(ANY)/NONE, check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDSA(SHA256)/NONE, check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: ECDSA(SHA1)/NONE, invalid check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_1):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: ECDH/NONE, invalid check STREAM_CIPHER
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_DERIVE:0
PK can do ext: ECDH/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
PK can do ext: ECDH/NONE, invalid check RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:0
PK can do ext: ECDH/NONE, invalid check RSA_PSS(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
PK can do ext: ECDH/NONE, invalid check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
PK can do ext: ECDH/NONE, check ECDH
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
PK can do ext: ECDH/ECDSA(ANY), check ECDH+SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDH+DERIVE
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
PK can do ext: ECDH/ECDSA(ANY), check ECDH+DERIVE|SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage
@@ -289,11 +289,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDH
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256)
@@ -321,83 +321,83 @@
pk_rsa_verify_test_vec:"9f294f0c7b32da6221a3ef83654322038e8968fa":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED
ECDSA verify test vector #1 (good)
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP192R1
pk_ec_test_vec:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:"046FDD3028FA94A863CD4F78DBFF8B3AA561FC6D9CCBBCA88E0AE6FA437F5415F957542D0717FF8B84562DAE99872EF841":"546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00":"30350218185B2A7FB5CD9C9A8488B119B68B47D6EC833509CE9FA1FF021900FB7D259A744A2348BD45D241A39DC915B81CC2084100FA24":0
ECDSA verify test vector #2 (bad)
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP192R1
pk_ec_test_vec:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:"046FDD3028FA94A863CD4F78DBFF8B3AA561FC6D9CCBBCA88E0AE6FA437F5415F957542D0717FF8B84562DAE99872EF841":"546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00":"30350218185B2A7FB5CD9C9A8488B119B68B47D6EC833509CE9FA1FF021900FB7D259A744A2348BD45D241A39DC915B81CC2084100FA25":MBEDTLS_ERR_ECP_VERIFY_FAILED
EC(DSA) verify test vector #1 (good)
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP192R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:"046FDD3028FA94A863CD4F78DBFF8B3AA561FC6D9CCBBCA88E0AE6FA437F5415F957542D0717FF8B84562DAE99872EF841":"546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00":"30350218185B2A7FB5CD9C9A8488B119B68B47D6EC833509CE9FA1FF021900FB7D259A744A2348BD45D241A39DC915B81CC2084100FA24":0
EC(DSA) verify test vector #2 (bad)
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP192R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:"046FDD3028FA94A863CD4F78DBFF8B3AA561FC6D9CCBBCA88E0AE6FA437F5415F957542D0717FF8B84562DAE99872EF841":"546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00":"30350218185B2A7FB5CD9C9A8488B119B68B47D6EC833509CE9FA1FF021900FB7D259A744A2348BD45D241A39DC915B81CC2084100FA25":MBEDTLS_ERR_ECP_VERIFY_FAILED
EC(DSA) verify test vector: good, bitlen(r) = 256
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"3046022100faecc085c6c5362b91ff1fd6dd77da80bc071bee9ff1ac0ef9509c017f13267c022100a7d0b908c938d3dd6c6a9cdc5b0a4a4ee455c519c1ff6cda959806b7e7461ba0":0
EC(DSA) verify test vector: good, bitlen(r) = 255
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30450220639f36215b2ff09bb2beb871e122de74c8d5e29ce8a105aa2b95661f42803e72022100becd8f81b2c186f9d5d2c92378d7b9452ce6de231b0c8d17bac2d8537d2331fd":0
EC(DSA) verify test vector: good, bitlen(r) = 248
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30450220009109f967f9082abc9c46e5ea07936529b82023a1a49b872c046f430983db2602210085f0b1960d61f8d75109b5b7ff991d3171320d2ab547104f864048455a965090":0
EC(DSA) verify test vector: good, bitlen(r) = 247
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"3044021f461786833b50247b07194da6cedbd3caefbcd19c73b6283ccff5097cd0d73b022100d85d20b0b8c3b596eb1cdb0381e681fa0a8bccde4e89c139020af3b0f88e099c":0
EC(DSA) verify test vector: good, bitlen(s) = 256
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30450220639f36215b2ff09bb2beb871e122de74c8d5e29ce8a105aa2b95661f42803e72022100becd8f81b2c186f9d5d2c92378d7b9452ce6de231b0c8d17bac2d8537d2331fd":0
EC(DSA) verify test vector: good, bitlen(s) = 255
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"304402206ae26950c606d08fe5e1682efdccfb3a7213ca46bd523ffd20c4213fe1400d3402207612106ada7055926167650b257da7f4c42c190b8aa9e3b680f8751fe90c63a5":0
EC(DSA) verify test vector: good, bitlen(s) = 248
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"3045022100fd4d718ab483827492e10b89745fad100d2dd257102b99aff179ee596a569f1f022000a1b777e32a8b4909763b615b805e59194e6196eb05719287a36eb5f17aa485":0
EC(DSA) verify test vector: good, bitlen(s) = 247
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30430220685a6994daa6a14e4411b5267edc2a00beee907f2dddd956b2a5a1df791c15f8021f675db4538c000c734489ac737fddd5a739c5a23cd6c6eceea70c286ca4fac9":0
ECDSA sign-verify: SECP192R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0
ECDSA sign-verify: SECP256R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0
ECDSA sign-verify: SECP384R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0
ECDSA sign-verify: SECP521R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0
ECDSA sign-verify: BP256R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP256R1
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0
ECDSA sign-verify: BP512R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP512R1
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0
EC(DSA) sign-verify: SECP192R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0
EC_DH (no) sign-verify: SECP192R1
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA sign-verify
@@ -525,11 +525,11 @@
pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED
Check pair #1 (EC, OK)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
Check pair #2 (EC, bad)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Check pair #3 (RSA, OK)
@@ -541,7 +541,7 @@
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
Check pair #5 (RSA vs EC)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA hash_len overflow (size_t vs unsigned int)
@@ -549,134 +549,134 @@
pk_rsa_overflow:
ECDSA restartable sign/verify: ECDSA, max_ops=0 (disabled)
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0
ECDSA restartable sign/verify: ECKEY, max_ops=0 (disabled)
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0
ECDSA restartable sign/verify: ECDSA, max_ops=1
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000
ECDSA restartable sign/verify: ECKEY, max_ops=1
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000
ECDSA restartable sign/verify: ECDSA, max_ops=10000
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0
ECDSA restartable sign/verify: ECKEY, max_ops=10000
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0
ECDSA restartable sign/verify: ECDSA, max_ops=250
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64
ECDSA restartable sign/verify: ECKEY, max_ops=250
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64
PSA wrapped sign: SECP256R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256
PSA wrapped sign: SECP384R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1
pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384
PSA wrapped sign: SECP521R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1
pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521
PSA wrapped sign: SECP192K1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192K1
pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192
## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336
# PSA wrapped sign: SECP224K1
-# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP224K1
# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224
PSA wrapped sign: SECP256K1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256K1
pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256
PSA wrapped sign: BP256R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP256R1
pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256
PSA wrapped sign: BP384R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP384R1
pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384
PSA wrapped sign: BP512R1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP512R1
pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512
PSA wrapped sign: RSA PKCS1 v1.5
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C
pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024
-PK Sign ext:RSA2048,PK_RSA,MD_SHA256
+PK sign ext: RSA2048, PK_RSA, MD_SHA256
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
-pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
+pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
-PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
+PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA256
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
-pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
+pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
-PK Sign ext:RSA2048,PK_RSA,MD_SHA384
+PK sign ext: RSA2048, PK_RSA, MD_SHA384
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
-pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
+pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
-PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
+PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA384
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
-pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
+pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
-PK Sign ext:RSA2048,PK_RSA,MD_SHA512
+PK sign ext: RSA2048, PK_RSA, MD_SHA512
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
-pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
+pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
-PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
+PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
-pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
+pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
-PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256
+PK sign ext: SECP256R1, PK_ECDSA, MD_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
+pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256
-PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384
-pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384
+PK sign ext: SECP384R1, PK_ECDSA, MD_SHA384
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA384
+pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384
-PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA512
-pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512
+PK sign ext: SECP521R1, PK_ECDSA, MD_SHA512
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1:MBEDTLS_MD_CAN_SHA512
+pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512
-PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA256
+PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA256
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
-PK wrapped Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
+PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA256
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
-PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA384
+PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA384
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
-PK wrapped Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
+PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA384
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
-PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA512
+PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA512
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
-PK wrapped Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
+PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 881429c..226598c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -24,6 +24,17 @@
#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS
#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8)
+/* MBEDTLS_TEST_PK_PSA_SIGN is enabled when:
+ * - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature.
+ * - The build has built-in ECC and ECDSA signature.
+ */
+#if (defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \
+ ((defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)) || \
+ defined(MBEDTLS_PK_CAN_ECDSA_SIGN))) || \
+ (defined(MBEDTLS_ECP_C) && defined(MBEDTLS_PK_CAN_ECDSA_SIGN))
+#define MBEDTLS_TEST_PK_PSA_SIGN
+#endif
+
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
{
@@ -73,25 +84,25 @@
/** Generate a key of the desired type.
*
- * \param pk The PK object to fill. It must have been initialized
- * with mbedtls_pk_setup().
- * \param parameter - For RSA keys, the key size in bits.
- * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx).
+ * \param pk The PK object to fill. It must have been initialized
+ * with mbedtls_pk_setup().
+ * \param curve_or_keybits - For RSA keys, the key size in bits.
+ * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx).
*
- * \return The status from the underlying type-specific key
- * generation function.
- * \return -1 if the key type is not recognized.
+ * \return The status from the underlying type-specific key
+ * generation function.
+ * \return -1 if the key type is not recognized.
*/
-static int pk_genkey(mbedtls_pk_context *pk, int parameter)
+static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
{
- ((void) pk);
- (void) parameter;
+ (void) pk;
+ (void) curve_or_keybits;
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
return mbedtls_rsa_gen_key(mbedtls_pk_rsa(*pk),
mbedtls_test_rnd_std_rand, NULL,
- parameter, 3);
+ curve_or_keybits, 3);
}
#endif
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
@@ -101,7 +112,7 @@
int ret;
#if defined(MBEDTLS_ECP_C)
- ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, parameter);
+ ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits);
if (ret != 0) {
return ret;
}
@@ -112,7 +123,7 @@
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- ret = pk_genkey_ec(pk, parameter);
+ ret = pk_genkey_ec(pk, curve_or_keybits);
if (ret != 0) {
return ret;
}
@@ -308,7 +319,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */
void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg,
- int key_alg2, int parameter, int alg_check, int usage_check,
+ int key_alg2, int curve_or_keybits, int alg_check, int usage_check,
int result)
{
mbedtls_pk_context pk;
@@ -325,7 +336,7 @@
psa_set_key_enrollment_algorithm(&attributes, key_alg2);
}
psa_set_key_type(&attributes, key_type);
- psa_set_key_bits(&attributes, parameter);
+ psa_set_key_bits(&attributes, curve_or_keybits);
PSA_ASSERT(psa_generate_key(&attributes, &key));
@@ -339,7 +350,7 @@
} else {
TEST_EQUAL(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(key_type)), 0);
- TEST_EQUAL(pk_genkey(&pk, parameter), 0);
+ TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0);
TEST_EQUAL(mbedtls_pk_get_type(&pk), key_type);
}
@@ -396,6 +407,16 @@
buf, buf_size, &buf_size,
NULL, NULL,
NULL));
+ TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_NONE,
+ NULL, buf_size,
+ buf, buf_size, &buf_size,
+ NULL, NULL));
+ TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_SHA256,
+ NULL, 0,
+ buf, buf_size, &buf_size,
+ NULL, NULL));
exit:
mbedtls_pk_free(&ctx);
USE_PSA_DONE();
@@ -432,14 +453,6 @@
NULL) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- TEST_ASSERT(mbedtls_pk_sign_restartable(&pk,
- MBEDTLS_MD_NONE,
- NULL, 0,
- buf, sizeof(buf), &len,
- mbedtls_test_rnd_std_rand, NULL,
- NULL) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA);
-
TEST_ASSERT(mbedtls_pk_sign(&pk,
MBEDTLS_MD_NONE,
NULL, 0,
@@ -447,6 +460,13 @@
mbedtls_test_rnd_std_rand, NULL) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+ TEST_ASSERT(mbedtls_pk_sign_ext(MBEDTLS_PK_NONE, &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, sizeof(buf), &len,
+ mbedtls_test_rnd_std_rand, NULL) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+
TEST_ASSERT(mbedtls_pk_verify_restartable(&pk,
MBEDTLS_MD_NONE,
NULL, 0,
@@ -525,7 +545,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void pk_utils(int type, int parameter, int bitlen, int len, char *name)
+void pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name)
{
mbedtls_pk_context pk;
@@ -533,7 +553,7 @@
USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
- TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
+ TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0);
TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type);
TEST_ASSERT(mbedtls_pk_can_do(&pk, type));
@@ -837,7 +857,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256 */
-void pk_sign_verify(int type, int parameter, int sign_ret, int verify_ret)
+void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret)
{
mbedtls_pk_context pk;
size_t sig_len;
@@ -863,7 +883,7 @@
memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
- TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
+ TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0);
TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256,
hash, hash_len,
@@ -1164,22 +1184,31 @@
memset(hash, 0x2a, sizeof(hash));
memset(sig, 0, sizeof(sig));
- TEST_ASSERT(mbedtls_pk_setup(&pk,
- mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
+ TEST_EQUAL(mbedtls_pk_setup(&pk,
+ mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0);
#if defined(MBEDTLS_PKCS1_V21)
- TEST_ASSERT(mbedtls_pk_verify_ext(MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
- MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_pk_verify_ext(MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
+ MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len),
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
#endif /* MBEDTLS_PKCS1_V21 */
- TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, hash, hash_len,
- sig, sig_len) == MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, hash, hash_len,
+ sig, sig_len),
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len,
- sig, sizeof(sig), &sig_len,
- mbedtls_test_rnd_std_rand, NULL)
- == MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+#if defined(MBEDTLS_PKCS1_V21)
+ TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk,
+ MBEDTLS_MD_NONE, hash, hash_len,
+ sig, sizeof(sig), &sig_len,
+ mbedtls_test_rnd_std_rand, NULL),
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+#endif /* MBEDTLS_PKCS1_V21 */
+
+ TEST_EQUAL(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len,
+ sig, sizeof(sig), &sig_len,
+ mbedtls_test_rnd_std_rand, NULL),
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA);
exit:
mbedtls_pk_free(&pk);
@@ -1274,9 +1303,8 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO */
-void pk_psa_sign(int parameter_arg,
- int psa_type_arg, int expected_bits_arg)
+/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */
+void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
{
mbedtls_pk_context pk;
unsigned char hash[32];
@@ -1289,8 +1317,6 @@
int ret;
mbedtls_svc_key_id_t key_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t expected_type = psa_type_arg;
- size_t expected_bits = expected_bits_arg;
/*
* This tests making signatures with a wrapped PSA key:
@@ -1304,19 +1330,19 @@
USE_PSA_INIT();
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
- if (PSA_KEY_TYPE_IS_RSA(psa_type_arg)) {
+ if (PSA_KEY_TYPE_IS_RSA(psa_type)) {
/* Create legacy RSA public/private key in PK context. */
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
TEST_ASSERT(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk),
mbedtls_test_rnd_std_rand, NULL,
- parameter_arg, 3) == 0);
+ curve_or_keybits, 3) == 0);
alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256);
} else
#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
- if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type_arg)) {
- mbedtls_ecp_group_id grpid = parameter_arg;
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) {
+ mbedtls_ecp_group_id grpid = curve_or_keybits;
/* Create legacy EC public/private key in PK context. */
TEST_ASSERT(mbedtls_pk_setup(&pk,
@@ -1327,7 +1353,7 @@
} else
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
{
- (void) parameter_arg;
+ (void) curve_or_keybits;
TEST_ASSUME(!"Opaque PK key not supported in this configuration");
}
@@ -1355,8 +1381,8 @@
PSA_ALG_NONE) == 0);
PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
- TEST_EQUAL(psa_get_key_type(&attributes), expected_type);
- TEST_EQUAL(psa_get_key_bits(&attributes), expected_bits);
+ TEST_EQUAL(psa_get_key_type(&attributes), (psa_key_type_t) psa_type);
+ TEST_EQUAL(psa_get_key_bits(&attributes), (size_t) expected_bits);
TEST_EQUAL(psa_get_key_lifetime(&attributes),
PSA_KEY_LIFETIME_VOLATILE);
@@ -1367,7 +1393,7 @@
hash, sizeof(hash), sig, sizeof(sig), &sig_len,
NULL, NULL) == 0);
/* Only opaque EC keys support verification. */
- if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type_arg)) {
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) {
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
hash, sizeof(hash), sig, sig_len) == 0);
}
@@ -1409,7 +1435,7 @@
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0);
TEST_EQUAL(mbedtls_ecp_group_load(
&(mbedtls_pk_ec_rw(pk)->grp),
- (mbedtls_ecp_group_id) parameter_arg), 0);
+ (mbedtls_ecp_group_id) curve_or_keybits), 0);
TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp),
&(mbedtls_pk_ec_rw(pk)->Q),
pkey_legacy_start, klen_legacy), 0);
@@ -1429,14 +1455,13 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */
-void pk_psa_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg)
+/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
+void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg)
{
- /* See the description of pk_genkey() for the description of the `parameter` argument. */
mbedtls_pk_context pk;
size_t sig_len;
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
- unsigned char hash[PSA_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
size_t hash_len = mbedtls_md_get_size_from_type(md_alg);
void const *options = NULL;
mbedtls_pk_rsassa_pss_options rsassa_pss_options;
@@ -1444,16 +1469,15 @@
memset(sig, 0, sizeof(sig));
mbedtls_pk_init(&pk);
- PSA_INIT();
+ MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_pk_setup(&pk,
- mbedtls_pk_info_from_type(pk_type)) == 0);
+ TEST_EQUAL(mbedtls_pk_setup(&pk,
+ mbedtls_pk_info_from_type(pk_type)), 0);
+ TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0);
- TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
-
- TEST_ASSERT(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len,
- sig, sizeof(sig), &sig_len,
- mbedtls_test_rnd_std_rand, NULL) == 0);
+ TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len,
+ sig, sizeof(sig), &sig_len,
+ mbedtls_test_rnd_std_rand, NULL), 0);
if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) {
rsassa_pss_options.mgf1_hash_id = md_alg;
@@ -1461,18 +1485,17 @@
rsassa_pss_options.expected_salt_len = hash_len;
options = (const void *) &rsassa_pss_options;
}
- TEST_ASSERT(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg,
- hash, hash_len, sig, sig_len) == 0);
+ TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg,
+ hash, hash_len, sig, sig_len), 0);
exit:
mbedtls_pk_free(&pk);
- PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_USE_PSA_CRYPTO */
-void pk_psa_wrap_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg)
+void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg)
{
- /* See the description of mbedtls_rsa_gen_key() for the description of the `parameter` argument. */
mbedtls_pk_context pk;
size_t sig_len, pkey_len;
mbedtls_svc_key_id_t key_id;
@@ -1496,7 +1519,7 @@
mbedtls_pk_info_from_type(pk_type)), 0);
TEST_EQUAL(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk),
mbedtls_test_rnd_std_rand, NULL,
- parameter, 3), 0);
+ key_bits, 3), 0);
/* Export underlying public key for re-importing in a legacy context. */
ret = mbedtls_pk_write_pubkey_der(&pk, pkey, sizeof(pkey));
diff --git a/tests/suites/test_suite_pkcs12.data b/tests/suites/test_suite_pkcs12.data
index d8e41fe..64c9991 100644
--- a/tests/suites/test_suite_pkcs12.data
+++ b/tests/suites/test_suite_pkcs12.data
@@ -1,4 +1,4 @@
-PKCS#12 derive key : MD5: Zero length password and hash
+PKCS#12 derive key: MD5: Zero length password and hash
depends_on:MBEDTLS_MD_CAN_MD5
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"":USE_GIVEN_INPUT:"":USE_GIVEN_INPUT:3:"6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b6afdcbd5ebf943272134f1c3de2dc11b":0
@@ -33,3 +33,39 @@
PKCS#12 derive key: MD5: Valid password and salt
depends_on:MBEDTLS_MD_CAN_MD5
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"46559deeee036836ab1b633ec620178d4c70eacf42f72a2ad7360c812efa09ca3d7567b489a109050345c2dc6a262995":0
+
+PBE Encrypt, pad = 7 (OK)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAAAA":16:0:"5F2C15056A36F3A78856E9E662DD27CB"
+
+PBE Encrypt, pad = 8 (OK)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":16:0:"5F2C15056A36F3A70F70A3D4EC4004A8"
+
+PBE Encrypt, pad = 8 (Invalid output size)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":15:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"5F2C15056A36F3A70F70A3D4EC4004A8"
+
+PBE Encrypt, pad = 8 (PKCS7 padding disabled)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":0:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:""
+
+PBE Decrypt, pad = 7 (OK)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A78856E9E662DD27CB":16:0:"AAAAAAAAAAAAAAAAAA"
+
+PBE Decrypt, pad = 8 (Invalid output size)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A70F70A3D4EC4004A8":15:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"AAAAAAAAAAAAAAAA"
+
+PBE Decrypt, pad = 8 (OK)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A70F70A3D4EC4004A8":16:0:"AAAAAAAAAAAAAAAA"
+
+PBE Decrypt, (Invalid padding & PKCS7 padding disabled)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A79F2B90F1428110E2":16:0:"AAAAAAAAAAAAAAAAAA07070707070708"
+
+PBE Decrypt, (Invalid padding & PKCS7 padding enabled)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A79F2B90F1428110E2":16:MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH:"AAAAAAAAAAAAAAAAAA07070707070708"
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index 2c93c13..1d0c287 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -68,3 +68,114 @@
MD_PSA_DONE();
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret, data_t *ref_out)
+{
+ int my_ret;
+ mbedtls_asn1_buf pbe_params;
+ unsigned char *my_out = NULL;
+ mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher;
+ mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
+
+ MD_PSA_INIT();
+
+ TEST_CALLOC(my_out, outsize);
+
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
+
+#if defined(MBEDTLS_TEST_DEPRECATED)
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
+ }
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
+
+ my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+exit:
+ mbedtls_free(my_out);
+ MD_PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret, data_t *ref_out)
+{
+ int my_ret;
+ mbedtls_asn1_buf pbe_params;
+ unsigned char *my_out = NULL;
+ mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher;
+ mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
+
+ MD_PSA_INIT();
+
+ TEST_CALLOC(my_out, outsize);
+
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
+
+#if defined(MBEDTLS_TEST_DEPRECATED)
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
+ }
+
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
+
+ my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+exit:
+ mbedtls_free(my_out);
+ MD_PSA_DONE();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index 06d620a..f3ea553 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -106,109 +106,141 @@
depends_on:MBEDTLS_MD_CAN_SHA512
pbkdf2_hmac:MBEDTLS_MD_SHA512:"7061737300776f7264":"7361006c74":4096:16:"9d9e9c4cd21fe4be24d5b8244c759665"
+PBES2 Encrypt, pad=6 (OK)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":144:0:"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7"
+
+PBES2 Encrypt, pad=8 (OK)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55":136:0:"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC2262AD99FBD6C3B0AB"
+
+PBES2 Encrypt, pad=8 (Invalid output size)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":151:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22D8D337E00CB5D1B5B76BE4AE393414050646A102DEF61A9F"
+
+PBES2 Encrypt, pad=6 (PKCS7 padding disabled)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:""
+
+PBES2 Encrypt, pad=8 (PKCS7 padding disabled)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:""
+
PBES2 Decrypt (OK)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF"
+
+PBES2 Decrypt (Invalid output size)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":143:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+
+PBES2 Decrypt (Invalid padding & PKCS7 padding disabled)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607"
+
+PBES2 Decrypt (Invalid padding & PKCS7 padding enabled)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607"
PBES2 Decrypt (bad params tag)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_SEQUENCE:"":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad KDF AlgId: not a sequence)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"31":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"31":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad KDF AlgId: overlong)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"3001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (KDF != PBKDF2)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300B06092A864886F70D01050D":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300B06092A864886F70D01050D":"":"":0:MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad PBKDF2 params: not a sequence)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params: overlong)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params salt: overlong)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad PBKDF2 params iter: not an int)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params iter: overlong)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (OK, PBKDF2 params explicit keylen)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF"
PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF"
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":0:MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad, PBKDF2 params extra data)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:""
PBES2 Decrypt (bad enc_scheme_alg: not a sequence)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad enc_scheme_alg: overlong)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad enc_scheme_alg: unknown oid)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":0:MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad enc_scheme_alg params: not an octet string)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
PBES2 Decrypt (bad enc_scheme_alg params: overlong)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
PBES2 Decrypt (bad password)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad iter value)
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PKCS#5 Selftest
pkcs5_selftest:
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 9f99586..2b0b0c1 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/pkcs5.h"
+#include "mbedtls/cipher.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -27,12 +28,64 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
-void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw,
- data_t *data, int ref_ret, data_t *ref_out)
+void pbes2_encrypt(int params_tag, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret,
+ data_t *ref_out)
{
int my_ret;
mbedtls_asn1_buf params;
unsigned char *my_out = NULL;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
+ MD_PSA_INIT();
+
+ params.tag = params_tag;
+ params.p = params_hex->x;
+ params.len = params_hex->len;
+
+ ASSERT_ALLOC(my_out, outsize);
+
+#if defined(MBEDTLS_TEST_DEPRECATED)
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_ENCRYPT,
+ pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
+ }
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ my_ret = mbedtls_pkcs5_pbes2_ext(¶ms, MBEDTLS_PKCS5_ENCRYPT,
+ pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+exit:
+ mbedtls_free(my_out);
+ MD_PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+void pbes2_decrypt(int params_tag, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret,
+ data_t *ref_out)
+{
+ int my_ret;
+ mbedtls_asn1_buf params;
+ unsigned char *my_out = NULL;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
MD_PSA_INIT();
@@ -40,15 +93,30 @@
params.p = params_hex->x;
params.len = params_hex->len;
- my_out = mbedtls_test_zero_alloc(ref_out->len);
+ ASSERT_ALLOC(my_out, outsize);
- my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_DECRYPT,
- pw->x, pw->len, data->x, data->len, my_out);
- TEST_ASSERT(my_ret == ref_ret);
-
- if (ref_ret == 0) {
- TEST_ASSERT(memcmp(my_out, ref_out->x, ref_out->len) == 0);
+#if defined(MBEDTLS_TEST_DEPRECATED)
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_DECRYPT,
+ pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
}
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ my_ret = mbedtls_pkcs5_pbes2_ext(¶ms, MBEDTLS_PKCS5_DECRYPT,
+ pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
exit:
mbedtls_free(my_out);
diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function
index a0da1d7..65384a8 100644
--- a/tests/suites/test_suite_pkcs7.function
+++ b/tests/suites/test_suite_pkcs7.function
@@ -78,6 +78,8 @@
MD_OR_USE_PSA_INIT();
+ mbedtls_pkcs7_init(&pkcs7);
+
/* crt_files are space seprated list */
for (i = 0; i < strlen(crt_files); i++) {
if (crt_files[i] == ' ') {
@@ -100,7 +102,6 @@
i = k;
}
- mbedtls_pkcs7_init(&pkcs7);
for (i = 0; i < n_crts; i++) {
TEST_CALLOC(crts[i], 1);
mbedtls_x509_crt_init(crts[i]);
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 8e272bd..7173511 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -1,77 +1,77 @@
Parse RSA Key #1 (No password when required)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #2 (Correct password)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0
Parse RSA Key #3 (Wrong password)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #4 (DES Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_des.pem":"testkey":0
Parse RSA Key #5 (3DES Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_3des.pem":"testkey":0
Parse RSA Key #6 (AES-128 Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_aes128.pem":"testkey":0
Parse RSA Key #7 (AES-192 Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_aes192.pem":"testkey":0
Parse RSA Key #8 (AES-256 Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_aes256.pem":"testkey":0
Parse RSA Key #9 (2048-bit, DES Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_des.pem":"testkey":0
Parse RSA Key #10 (2048-bit, 3DES Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_3des.pem":"testkey":0
Parse RSA Key #11 (2048-bit, AES-128 Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_aes128.pem":"testkey":0
Parse RSA Key #12 (2048-bit, AES-192 Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_aes192.pem":"testkey":0
Parse RSA Key #13 (2048-bit, AES-256 Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0
Parse RSA Key #14 (4096-bit, DES Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_des.pem":"testkey":0
Parse RSA Key #15 (4096-bit, 3DES Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_3des.pem":"testkey":0
Parse RSA Key #16 (4096-bit, AES-128 Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0
Parse RSA Key #17 (4096-bit, AES-192 Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0
Parse RSA Key #18 (4096-bit, AES-256 Encrypted)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0
Parse RSA Key #19 (PKCS#8 wrapped)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C
pk_parse_keyfile_rsa:"data_files/format_gen.key":"":0
Parse RSA Key #20 (PKCS#8 encrypted SHA1-3DES)
@@ -905,11 +905,11 @@
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0
Parse Public EC Key #1 (RFC 5480, DER)
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP192R1
pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0
Parse Public EC Key #2 (RFC 5480, PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP192R1
pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0
Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)
@@ -917,7 +917,7 @@
pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0
Parse Public EC Key #3 (RFC 5480, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP224R1
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
# Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and
@@ -927,7 +927,7 @@
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
Parse Public EC Key #4 (RFC 5480, secp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)
@@ -935,7 +935,7 @@
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0
Parse Public EC Key #5 (RFC 5480, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP384R1
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)
@@ -943,7 +943,7 @@
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0
Parse Public EC Key #6 (RFC 5480, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP521R1
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0
Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)
@@ -951,7 +951,7 @@
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0
Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP256R1
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0
Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)
@@ -959,7 +959,7 @@
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0
Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP384R1
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0
Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)
@@ -967,7 +967,7 @@
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0
Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP512R1
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)
@@ -975,27 +975,27 @@
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0
Parse Public EC Key #10 (RFC 8410, DER, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0
Parse Public EC Key #11 (RFC 8410, DER, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0
Parse Public EC Key #12 (RFC 8410, PEM, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0
Parse Public EC Key #13 (RFC 8410, PEM, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0
Parse EC Key #1 (SEC1 DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
Parse EC Key #2 (SEC1 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP192R1
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)
@@ -1003,43 +1003,43 @@
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0
Parse EC Key #3 (SEC1 PEM encrypted)
-depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
+depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
Parse EC Key #4 (PKCS8 DER)
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP192R1
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
Parse EC Key #4a (PKCS8 DER, no public key)
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
Parse EC Key #4c (PKCS8 DER, with parameters)
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_SECP256R1
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
Parse EC Key #5 (PKCS8 PEM)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP192R1
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
Parse EC Key #5a (PKCS8 PEM, no public key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
Parse EC Key #5b (PKCS8 PEM, no public key, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
Parse EC Key #5c (PKCS8 PEM, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
Parse EC Key #8 (SEC1 PEM, secp224r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP224R1
pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)
@@ -1047,7 +1047,7 @@
pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0
Parse EC Key #9 (SEC1 PEM, secp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1
pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)
@@ -1055,7 +1055,7 @@
pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0
Parse EC Key #10 (SEC1 PEM, secp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP384R1
pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)
@@ -1063,7 +1063,7 @@
pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0
Parse EC Key #11 (SEC1 PEM, secp521r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP521R1
pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)
@@ -1071,7 +1071,7 @@
pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0
Parse EC Key #12 (SEC1 PEM, bp256r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP256R1
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0
Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)
@@ -1079,7 +1079,7 @@
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0
Parse EC Key #13 (SEC1 PEM, bp384r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP384R1
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0
Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)
@@ -1087,7 +1087,7 @@
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0
Parse EC Key #14 (SEC1 PEM, bp512r1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_BP512R1
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)
@@ -1099,19 +1099,19 @@
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Parse EC Key #16 (RFC 8410, DER, X25519)
-depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0
Parse EC Key #17 (RFC 8410, DER, X448)
-depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_CURVE448
pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0
Parse EC Key #18 (RFC 8410, PEM, X25519)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0
Parse EC Key #19 (RFC 8410, PEM, X448)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_CURVE448
pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0
Key ASN1 (No data)
@@ -1197,31 +1197,39 @@
pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with NULL private key)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier)
pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+Key ASN1 (Encrypted key PKCS5, trailing garbage data)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C
+pk_parse_key_encrypted:"307C304006092A864886F70D01050D3033301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC3949100438AD100BAC552FD0AE70BECAFA60F5E519B6180C77E8DB0B9ECC6F23FEDD30AB9BDCA2AF9F97BC470FC3A82DCA2364E22642DE0AF9275A82CB":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+Key ASN1 (Encrypted key PKCS12, trailing garbage data)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C
+pk_parse_key_encrypted:"3058301C060A2A864886F70D010C0103300E0409CCCCCCCCCCCCCCCCCC02010A04380A8CAF39C4FA001884D0583B323C5E70942444FBE1F650B92F8ADF4AD7BD5049B4748F53A2531139EBF253FE01E8FC925C82C759C944B4D0":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
# From RFC8410 Appendix A but made into version 0
OneAsymmetricKey X25519, doesn't match masking requirements #1
-depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_fix_montgomery:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"
# Full inverse of the expected x25519 pattern:
@@ -1230,7 +1238,7 @@
# - 2nd MSb to 0
# Note: Montgomery keys are written in Little endian format.
OneAsymmetricKey X25519, doesn't match masking requirements #2
-depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_CURVE25519
pk_parse_fix_montgomery:"302e020100300506032b656e04220420ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbf":"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f"
# Full inverse of the expected x448 pattern:
@@ -1238,5 +1246,5 @@
# - MSb to 0
# Note: Montgomery keys are written in Little endian format.
OneAsymmetricKey X448, doesn't match masking requirements #3
-depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_ECP_HAVE_CURVE448
pk_parse_fix_montgomery:"3046020100300506032b656f043a0438ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f":"3046020100300506032b656f043a0438fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 7947d3c..d416b87 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -5,10 +5,15 @@
#include "mbedtls/ecp.h"
#include "mbedtls/psa_util.h"
#include "pk_internal.h"
+
+#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
+#define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der
+#endif
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_BIGNUM_C
+ * depends_on:MBEDTLS_PK_PARSE_C
* END_DEPENDENCIES
*/
@@ -29,13 +34,13 @@
res = mbedtls_pk_parse_keyfile(&ctx, key_file, pwd,
mbedtls_test_rnd_std_rand, NULL);
- TEST_ASSERT(res == result);
+ TEST_EQUAL(res, result);
if (res == 0) {
mbedtls_rsa_context *rsa;
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
rsa = mbedtls_pk_rsa(ctx);
- TEST_ASSERT(mbedtls_rsa_check_privkey(rsa) == 0);
+ TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0);
}
exit:
@@ -56,13 +61,13 @@
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
- TEST_ASSERT(res == result);
+ TEST_EQUAL(res, result);
if (res == 0) {
mbedtls_rsa_context *rsa;
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
rsa = mbedtls_pk_rsa(ctx);
- TEST_ASSERT(mbedtls_rsa_check_pubkey(rsa) == 0);
+ TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0);
}
exit:
@@ -78,11 +83,11 @@
int res;
mbedtls_pk_init(&ctx);
- USE_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
- TEST_ASSERT(res == result);
+ TEST_EQUAL(res, result);
if (res == 0) {
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
@@ -93,13 +98,13 @@
#else
const mbedtls_ecp_keypair *eckey;
eckey = mbedtls_pk_ec_ro(ctx);
- TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0);
+ TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0);
#endif
}
exit:
mbedtls_pk_free(&ctx);
- USE_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -110,18 +115,18 @@
int res;
mbedtls_pk_init(&ctx);
- USE_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
res = mbedtls_pk_parse_keyfile(&ctx, key_file, password,
mbedtls_test_rnd_std_rand, NULL);
- TEST_ASSERT(res == result);
+ TEST_EQUAL(res, result);
if (res == 0) {
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx);
- TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0);
+ TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0);
#else
/* PSA keys are already checked on import so nothing to do here. */
#endif
@@ -129,7 +134,7 @@
exit:
mbedtls_pk_free(&ctx);
- USE_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -150,6 +155,24 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der */
+void pk_parse_key_encrypted(data_t *buf, data_t *pass, int result)
+{
+ mbedtls_pk_context pk;
+
+ mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
+
+ TEST_EQUAL(mbedtls_pk_parse_key_pkcs8_encrypted_der(&pk, buf->x, buf->len,
+ pass->x, pass->len,
+ mbedtls_test_rnd_std_rand,
+ NULL), result);
+exit:
+ mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_WRITE_C */
void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output)
{
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index 4256a88..d58226e 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -15,43 +15,43 @@
pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER
Public key write check EC 192 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP192R1
pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM
Public key write check EC 192 bits (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER
Public key write check EC 521 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP521R1
pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM
Public key write check EC 521 bits (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1
pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER
Public key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_BP512R1
pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM
Public key write check EC Brainpool 512 bits (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER
Public key write check EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE25519
pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM
Public key write check EC X25519 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER
Public key write check EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE448
pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM
Public key write check EC X448 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER
Private key write check RSA
@@ -71,59 +71,59 @@
pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER
Private key write check EC 192 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP192R1
pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM
Private key write check EC 192 bits (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER
Private key write check EC 256 bits (top bit set)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP256R1
pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM
Private key write check EC 256 bits (top bit set) (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1
pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER
Private key write check EC 521 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP521R1
pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM
Private key write check EC 521 bits (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1
pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER
Private key write check EC 521 bits (top byte is 0)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP521R1
pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM
Private key write check EC 521 bits (top byte is 0) (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1
pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER
Private key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_BP512R1
pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM
Private key write check EC Brainpool 512 bits (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER
Private key write check EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE25519
pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM
Private key write check EC X25519 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER
Private key write check EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_CURVE448
pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM
Private key write check EC X448 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER
Derive public key RSA
@@ -135,21 +135,21 @@
pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der"
Derive public key EC 192 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der"
Derive public key EC 521 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1
pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der"
Derive public key EC Brainpool 512 bits
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_BP512R1
pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der"
Derive public key EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE25519
pk_write_public_from_private:"data_files/ec_x25519_prv.der":"data_files/ec_x25519_pub.der"
Derive public key EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_CURVE448
pk_write_public_from_private:"data_files/ec_x448_prv.der":"data_files/ec_x448_pub.der"
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index e1be52e..733909e 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -68,6 +68,7 @@
static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
{
mbedtls_pk_context key;
+ mbedtls_pk_init(&key);
unsigned char *buf = NULL;
unsigned char *check_buf = NULL;
unsigned char *start_buf;
@@ -78,9 +79,6 @@
USE_PSA_INIT();
- mbedtls_pk_init(&key);
- USE_PSA_INIT();
-
/* Note: if mbedtls_pk_load_file() successfully reads the file, then
it also allocates check_buf, which should be freed on exit */
TEST_EQUAL(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len), 0);
@@ -144,7 +142,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
+ * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_FS_IO
* END_DEPENDENCIES
*/
@@ -194,7 +192,7 @@
pub_key_raw, pub_key_len);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- mbedtls_platform_zeroize(derived_key_raw, sizeof(derived_key_raw));
+ mbedtls_platform_zeroize(derived_key_raw, derived_key_len);
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id,
PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT,
diff --git a/tests/suites/test_suite_platform.data b/tests/suites/test_suite_platform.data
index 4276b8f..653d254 100644
--- a/tests/suites/test_suite_platform.data
+++ b/tests/suites/test_suite_platform.data
@@ -4,3 +4,12 @@
Time: get seconds
time_get_seconds:
+
+Check mbedtls_calloc overallocation
+# This test case exercises an integer overflow in calloc. Under Asan, with
+# a modern Clang, this triggers an ASan/MSan/TSan complaint. The complaint
+# can be avoided with e.g. ASAN_OPTIONS=allocator_may_return_null=1,
+# but this has to be set in the environment before the program starts,
+# and could hide other errors.
+depends_on:!MBEDTLS_TEST_HAVE_ASAN:!MBEDTLS_TEST_HAVE_MSAN:!MBEDTLS_TEST_HAVE_TSAN
+check_mbedtls_calloc_overallocation:SIZE_MAX/2:SIZE_MAX/2
diff --git a/tests/suites/test_suite_platform.function b/tests/suites/test_suite_platform.function
index 61681b8..c65d011 100644
--- a/tests/suites/test_suite_platform.function
+++ b/tests/suites/test_suite_platform.function
@@ -120,3 +120,17 @@
goto exit;
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void check_mbedtls_calloc_overallocation(intmax_t num, intmax_t size)
+{
+ unsigned char *buf;
+ buf = mbedtls_calloc((size_t) num, (size_t) size);
+ /* Dummy usage of the pointer to prevent optimizing it */
+ mbedtls_printf("calloc pointer : %p\n", buf);
+ TEST_ASSERT(buf == NULL);
+
+exit:
+ mbedtls_free(buf);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index e03bac8..1bd8b65 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -225,19 +225,19 @@
import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1
PSA import RSA public key: 1022-bit (not supported)
-depends_on:MBEDTLS_RSA_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
import_with_data:"30818802818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd134450230203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED
PSA import RSA keypair: 1022-bit (not supported)
-depends_on:MBEDTLS_RSA_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
import_with_data:"3082025802010002818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd1344502302030100010281800ad9700e01e8bf68ff4c90c4465dfa13fea0e76295d817349ccb257d382acf89b3d7b31e18606af4ac92baf3710426fe0b54225ddfa527c31218b3346e03a9cae5395a780ade880b996f4061fad65689393fc8e77f46a4c1a29b0450cdaaef0710e523cd1028abe1653d23f0d5ec805a629bdf1fc4c1c00737760e1714f6b7f102407d5e545484b546bd61972b446a04af0cf17b126a8872b977da5035ca82dd0e4fef1381a6480f60db07628348602f86ba89a271563d9a3fb613b9b39703498f9902407017641093065eed178ff848b5f8a2b502a187511db28549ea7646f3e7b3ea171f4c34c0ecf0566adc4d172c057be077a45fcf8019a36a4588c4de3b8c0a631b02407cc7fccbbae2eb2be80c9c8615b7dfbbd4469907ec13b44274cacd1f69ad38679b2021352e18106131327e54f5579893e6160714bd6fdfe60c30136e45595c51024055250f779f96f94873db82a808c24325e847b6b8212cd81e9ba118a8715ab2f8b96773b310c8477c88b76e609c11cb22569408d4afa4f836b57b85ac09e661fd02400e5fc5df9614c95d77e9bc2df63d48e7a08a0034174f0f745eef4413ee36d929f194557e6990e148b7438e949a41e92bc9d9136c3e6563904151a578a2f4fc1b":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED
PSA import RSA public key: 1023-bit (not supported)
-depends_on:MBEDTLS_RSA_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
import_with_data:"3081880281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED
PSA import RSA keypair: 1023-bit (not supported)
-depends_on:MBEDTLS_RSA_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
import_with_data:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED
PSA import/export EC secp224r1 key pair: good
@@ -765,11 +765,11 @@
import_large_key:PSA_KEY_TYPE_RAW_DATA:8192:PSA_ERROR_NOT_SUPPORTED
PSA import RSA key pair: maximum size exceeded
-depends_on:MBEDTLS_RSA_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:1:PSA_ERROR_NOT_SUPPORTED
PSA import RSA public key: maximum size exceeded
-depends_on:MBEDTLS_RSA_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED
PSA key policy: AES ECB
@@ -2205,7 +2205,7 @@
cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_SUCCESS
PSA cipher setup: bad algorithm (unknown cipher algorithm)
-depends_on:MBEDTLS_AES_C
+depends_on:PSA_WANT_KEY_TYPE_AES
cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CATEGORY_CIPHER:PSA_ERROR_NOT_SUPPORTED
PSA cipher setup: bad algorithm (not a cipher algorithm)
@@ -2213,12 +2213,12 @@
cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_INVALID_ARGUMENT
PSA cipher setup: invalid key type, CTR
-depends_on:MBEDTLS_CIPHER_MODE_CTR
+depends_on:PSA_WANT_ALG_CTR
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
cipher_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED
PSA cipher setup: incompatible key ChaCha20 for CTR
-depends_on:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_CIPHER_MODE_CTR
+depends_on:PSA_WANT_KEY_TYPE_CHACHA20:PSA_WANT_ALG_CTR
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
cipher_setup:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f10111213141516171819202122232425":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED
@@ -2267,15 +2267,15 @@
cipher_encrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric encrypt: AES-ECB, 0 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":""
PSA symmetric encrypt: AES-ECB, 16 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97"
PSA symmetric encrypt: AES-ECB, 32 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1"
PSA symmetric encrypt: 2-key 3DES-ECB, 8 bytes, good
@@ -2411,7 +2411,7 @@
cipher_decrypt_fail:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: AES-ECB, input too short (15 bytes)
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
@@ -2419,19 +2419,19 @@
cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: CCM*-no-tag, input too short (15 bytes)
-depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: AES-ECB, 0 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":""
PSA symmetric decrypt: AES-ECB, 16 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f"
PSA symmetric decrypt: AES-ECB, 32 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97"
PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good
@@ -2487,15 +2487,15 @@
cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":"fb6d7b60e9e67669b607a9b94a606bdca678d44f0ebf24cbd623efd69cc2bdc0f615ac19d0366a8d00e3d6728f5ee01d61d74ab77edc17a7621f2268eea12e656e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74a35be6b40b8eedf2785e42874d":"546865205246432037353339207465737420766563746f72207573657320636f756e7465723d312c2062757420505341207573657320636f756e7465723d302e4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS
PSA symmetric decrypt multipart: AES-ECB, 16 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS
PSA symmetric decrypt multipart: AES-ECB, 32 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":32:32:0:"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS
PSA symmetric decrypt multipart: AES-CBC-nopad, 16 bytes, good
@@ -2519,7 +2519,7 @@
cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS
PSA symmetric decrypt multipart: AES-ECB, input too short (15 bytes)
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":0:0:0:"63cecc46a382414d5fa7d2b7938743":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt multipart: AES-CBC-nopad, input too short (5 bytes)
@@ -2551,7 +2551,7 @@
cipher_decrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":10:10:14:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":PSA_SUCCESS
PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good
@@ -2663,15 +2663,15 @@
cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
PSA symmetric decryption multipart: AES-ECB, 16+16 bytes
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS
PSA symmetric decryption multipart: AES-ECB, 11+21 bytes
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":11:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS
PSA symmetric decryption multipart: AES-ECB, 28+4 bytes
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":28:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes
@@ -2735,7 +2735,7 @@
cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
PSA symmetric encrypt/decrypt multipart: AES-ECB, 16 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
cipher_verify_output_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16
PSA symmetric encrypt/decrypt multipart: AES-CBC-nopad, 16 bytes, good
@@ -2805,7 +2805,7 @@
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_SUCCESS
PSA AEAD encrypt/decrypt: DES-CCM not supported
-depends_on:MBEDTLS_DES_C:MBEDTLS_CCM_C
+depends_on:PSA_WANT_KEY_TYPE_DES:PSA_WANT_ALG_CCM
aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_ERROR_NOT_SUPPORTED
PSA AEAD encrypt: AES-CCM, 23 bytes
@@ -3201,7 +3201,7 @@
aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD encrypt/decrypt: invalid algorithm (CTR)
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
@@ -4645,15 +4645,15 @@
verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
PSA verify hash: deterministic ECDSA SECP256R1 SHA-256
-depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
PSA verify hash: deterministic ECDSA SECP256R1 SHA-384
-depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384
verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"dbf3b9a150a2ec12ec4b16ff7d37be2fe354a357cb267af4296ccfda3acca2d796989f63eb192e4c43a7ff0d0b7f493b1334dfb3c32375351debcdd532f41e13"
PSA verify hash: deterministic ECDSA SECP384R1 SHA-256
-depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_384
verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"bed412df472eef873fb0839f91a6867d1c6824d4c5781d4b851faa43c7df904d99dbdd28c0d2fd3a4a006e89d34993a120aff166deb4974e96449a7ffe93c66726ad9443b14b87330c86bdde3faff5fd1cbfdc9afe46f8090376f9664cb116b4"
PSA vrfy hash int: ECDSA SECP256R1, good
@@ -4665,15 +4665,15 @@
verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash: det ECDSA SECP256R1 SHA-256
-depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash: det ECDSA SECP256R1 SHA-384
-depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384
verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"dbf3b9a150a2ec12ec4b16ff7d37be2fe354a357cb267af4296ccfda3acca2d796989f63eb192e4c43a7ff0d0b7f493b1334dfb3c32375351debcdd532f41e13":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash: det ECDSA SECP384R1 SHA-256
-depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_384
verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"bed412df472eef873fb0839f91a6867d1c6824d4c5781d4b851faa43c7df904d99dbdd28c0d2fd3a4a006e89d34993a120aff166deb4974e96449a7ffe93c66726ad9443b14b87330c86bdde3faff5fd1cbfdc9afe46f8090376f9664cb116b4":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
@@ -4813,7 +4813,7 @@
sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":72:PSA_ERROR_INVALID_ARGUMENT
PSA sign message: deterministic ECDSA not supported
-depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_384
sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":96:PSA_ERROR_NOT_SUPPORTED
PSA sign message: ECDSA without hash
@@ -5543,6 +5543,82 @@
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
derive_input_invalid_cost:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_VENDOR_PBKDF2_MAX_ITERATIONS+1ULL
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, direct output
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, key output
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, DERIVE key as password, key output
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt missing
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password missing
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt and password before cost
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password before cost
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password bad key type
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_RAW_DATA:"706173737764":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, direct output
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct empty password, direct output
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, key output
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, DERIVE key as salt
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"73616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate cost step
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate salt step
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"6c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject secret step
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject label step
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject seed step
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject zero input cost
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"00":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_input_invalid_cost:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_VENDOR_PBKDF2_MAX_ITERATIONS+1ULL
+
PSA key derivation over capacity: HKDF
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256)
@@ -6301,10 +6377,22 @@
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"56fa6aa75548099dcc37d7f03425e0c3":"":0:1:0
-PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt in two step
+PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=2+2
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"6c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0
+PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=0+4
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0
+
+PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=4+0
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0
+
+PSA key derivation: PBKDF2-HMAC(SHA-256), salt=0+0
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"b03ada2451aa1084ce14cf51c93eeea9d2bd435db3f93a70031b2de39fdef45d2ccb1fe2078e79773c148311d3e6ec5dec9da7f30d78584ec21c94de839671b2":"":0:1:0
+
PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, password as key, derive key
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:1
@@ -6315,7 +6403,7 @@
PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, password as bytes, derive key
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"":"":0:0:1
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:0:1
PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #1, salt before cost
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1
@@ -6325,6 +6413,64 @@
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"0c60c80f961f0e71f3a9b524af6012062fe037a6":"00":0:1:0
+#The following test vectors were generated by a python script. Details can be found in the commit message.
+#The input cost, salt and password are the same as PBKDF2-HMAC test vectors
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1, 20+0
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1, 10+10
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e2777":"7606a315876ec71227de":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1, 0+20
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"":"1b72f6419173a06e27777606a315876ec71227de":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 2
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"02":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"160597e28021fb3dd9cf088b007b688360fed438":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 3
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"38ba9795fe87e47d519eacb77e82e35daa795870":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 4
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726450415353574f524470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":25:"25e7c43283d2e98cb6d9537a783e93153a45595a876779e00d":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 5
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"3d2828c5a437d781e7733ca353c40579":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 6
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f524d9ecbf864eb814a46cda50ad5ec4c0dc03578c6c5fb4a3f9880deb5cab537e4":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, empty direct password
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"db00f3996d041b415eb273362d8c8c83":"":0:0:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, 16 byte password
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"c4c112c6e1e3b8757640603dec78825f":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, salt in two step
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"6c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as key, derive key
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:1
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as bytes
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:0:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as bytes, derive key
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:0:1
+
PSA key derivation: ECJPAKE to PMS, no input
depends_on:PSA_WANT_ALG_SHA_256
derive_ecjpake_to_pms:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT
@@ -6434,8 +6580,57 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+# Input cost is set to 1U for testing purposes.
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise AES128-CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise AES256-CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise 2-key 3DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise 3-key 3DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, exercise HMAC-SHA-256
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise AES128-CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise AES256-CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise 2-key 3DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise 3-key 3DES-CBC
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_DES
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise HMAC-SHA-256
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_HMAC
+derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256)
+
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA
-depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY
PSA key derivation: HKDF-SHA-256 -> ECC curve25519, exercise ECDH
@@ -6458,6 +6653,22 @@
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41
+PSA key derivation: PBKDF2-HMAC-SHA-256, derive key export, 16+32
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key_export:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":16:32
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, derive key export, 1+41
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key_export:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":1:41
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, derive key export, 16+32
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key_export:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":16:32
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, derive key export, 1+41
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key_export:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":1:41
+
PSA key derivation: HKDF-SHA-256 -> AES-128
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:"3cb25f25faacd57a90434f64d0362f2a"
@@ -6467,11 +6678,11 @@
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5c0"
PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"46a5850b60ba10b0fd8e0feb8790e2819d46ea26fede564ff6dea94ef1945660"
PSA key derivation: HKDF-SHA-256 -> raw (same input as secp256r1+redraw)
@@ -6479,17 +6690,17 @@
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_RAW_DATA:256:"ffffffff55f60cea989fe02543c81b28aff09b5b51fdc43f91fe5c2511b0b9d9"
PSA key derivation: HKDF-SHA-256 -> ECC secp384r1
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_384
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993c"
# For secp521r1, the leading byte of the representation of the private key can
# be either 0 or 1. Have one test case where it's 0 and one where it's 1.
PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_521
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"00b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993b89b9b65683d60f0106d28fff039d0b6f3409"
PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_521
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fa":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"01122f37d10965c8455ecbd2bc73d5da5347d0ce772e54305d528295a64ffb7c567f5042e2d7e5803b407c08d1e110adcefc35564035d706582f723a2f76a32260da"
# For Curve25519, test a few different outputs to exercise masking (last byte of input_2 variation).
@@ -6550,6 +6761,22 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_MONTGOMERY_448
derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"cc9d06c33cec5b3d08221a7228050e6919150a43592ae710162c97c0a2855b25c373305784895a1c48ca511ee42fc50c3f67d419569007ea"
+PSA key derivation: PBKDF2-HMAC-SHA-256 -> AES-128
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
+derive_key_type:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:"55ac046e56e3089fec1691c22544b605"
+
+PSA key derivation: PBKDF2-HMAC-SHA-256 -> AES-256
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+derive_key_type:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc"
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128-> AES-128
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:"28e288c6345bb5ecf7ca70274208a3ba"
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128-> AES-256
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f52"
+
PSA key derivation: invalid type (0)
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0
@@ -6585,7 +6812,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6600,7 +6827,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6615,7 +6842,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6630,7 +6857,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6645,7 +6872,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6660,7 +6887,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6675,7 +6902,7 @@
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):0:PSA_ERROR_INVALID_ARGUMENT:0
PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):7:PSA_ERROR_INVALID_ARGUMENT:0
@@ -6699,7 +6926,6 @@
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):7:PSA_ERROR_NOT_SUPPORTED:0
-
PSA key derivation: raw data, 8 bits
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0
@@ -6708,6 +6934,56 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT:0
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid type (0)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid length PSA_KEY_TYPE_RAW_DATA (0)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid length PSA_KEY_TYPE_RAW_DATA (7 bits)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, raw data, 8 bits
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0
+
+PSA key derivation: PBKDF2-HMAC-SHA-256, invalid length (9 bits)
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid type (0)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid length PSA_KEY_TYPE_RAW_DATA (0)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid length PSA_KEY_TYPE_RAW_DATA (7 bits)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, raw data, 8 bits
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid length (9 bits)
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT:0
+
# This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes
# and not expected to be raised any time soon) is less than the maximum
# output from HKDF-SHA512 (255*64 = 16320 bytes).
@@ -6719,6 +6995,14 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0
+PSA key derivation: PBKDF2-HMAC-SHA-256, key too large
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, key too large
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0
+
PSA key agreement setup: ECDH + HKDF-SHA-256: good
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256
key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
@@ -7058,7 +7342,7 @@
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
PSA generate key: RSA, e=2
-generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
+generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"02":PSA_ERROR_INVALID_ARGUMENT
PSA generate key: FFDH, 2048 bits, good
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
@@ -7085,15 +7369,15 @@
generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0
PSA import persistent key: raw data, 8 bits
-depends_on:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
PSA import persistent key: AES, 128 bits, exportable
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY
PSA import persistent key: AES, 128 bits, non-exportable
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY
PSA generate persistent key: raw data, 8 bits, exportable
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 01f20af..4c08a90 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -296,17 +296,6 @@
#define INPUT_INTEGER 0x10000 /* Out of range of psa_key_type_t */
-uint64_t parse_binary_string(data_t *bin_string)
-{
- uint64_t result = 0;
- TEST_LE_U(bin_string->len, 8);
- for (size_t i = 0; i < bin_string->len; i++) {
- result = result << 8 | bin_string->x[i];
- }
-exit:
- return result; /* returns 0 if len > 8 */
-}
-
/* An overapproximation of the amount of storage needed for a key of the
* given type and with the given content. The API doesn't make it easy
* to find a good value for the size. The current implementation doesn't
@@ -1366,7 +1355,21 @@
psa_set_key_bits(&attributes, attr_bits);
status = psa_import_key(&attributes, data->x, data->len, &key);
- TEST_EQUAL(status, expected_status);
+ /* When expecting INVALID_ARGUMENT, also accept NOT_SUPPORTED.
+ *
+ * This can happen with a type supported only by a driver:
+ * - the driver sees the invalid data (for example wrong size) and thinks
+ * "well perhaps this is a key size I don't support" so it returns
+ * NOT_SUPPORTED which is correct at this point;
+ * - we fallback to built-ins, which don't support this type, so return
+ * NOT_SUPPORTED which again is correct at this point.
+ */
+ if (expected_status == PSA_ERROR_INVALID_ARGUMENT &&
+ status == PSA_ERROR_NOT_SUPPORTED) {
+ ; // OK
+ } else {
+ TEST_EQUAL(status, expected_status);
+ }
if (status != PSA_SUCCESS) {
goto exit;
}
@@ -7636,8 +7639,7 @@
* no reliance on external buffers. */
psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
- input_buffer = mbedtls_calloc(1, input_data->len);
- TEST_ASSERT(input_buffer != NULL);
+ TEST_CALLOC(input_buffer, input_data->len);
memcpy(input_buffer, input_data->x, input_data->len);
@@ -7654,8 +7656,7 @@
PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
- input_buffer = mbedtls_calloc(1, input_data->len);
- TEST_ASSERT(input_buffer != NULL);
+ TEST_CALLOC(input_buffer, input_data->len);
memcpy(input_buffer, input_data->x, input_data->len);
@@ -7680,6 +7681,7 @@
psa_destroy_key(key);
mbedtls_free(signature);
+ mbedtls_free(input_buffer);
PSA_DONE();
}
/* END_CASE */
@@ -8474,7 +8476,7 @@
void parse_binary_string_test(data_t *input, int output)
{
uint64_t value;
- value = parse_binary_string(input);
+ value = mbedtls_test_parse_binary_string(input);
TEST_EQUAL(value, output);
}
/* END_CASE */
@@ -8540,7 +8542,7 @@
if (key_types[i] == INPUT_INTEGER) {
TEST_EQUAL(psa_key_derivation_input_integer(
&operation, steps[i],
- parse_binary_string(inputs[i])),
+ mbedtls_test_parse_binary_string(inputs[i])),
expected_statuses[i]);
} else {
TEST_EQUAL(psa_key_derivation_input_bytes(
@@ -8740,7 +8742,7 @@
case PSA_KEY_DERIVATION_INPUT_COST:
TEST_EQUAL(psa_key_derivation_input_integer(
&operation, steps[i],
- parse_binary_string(inputs[i])),
+ mbedtls_test_parse_binary_string(inputs[i])),
statuses[i]);
if (statuses[i] != PSA_SUCCESS) {
goto exit;
@@ -8784,7 +8786,7 @@
}
break;
default:
- TEST_ASSERT(!"default case not supported");
+ TEST_FAIL("default case not supported");
break;
}
break;
@@ -8834,7 +8836,7 @@
key_agreement_peer_key->len), statuses[i]);
break;
default:
- TEST_ASSERT(!"default case not supported");
+ TEST_FAIL("default case not supported");
break;
}
@@ -9686,14 +9688,24 @@
PSA_ASSERT(psa_get_key_attributes(key, &attributes));
TEST_EQUAL(psa_get_key_type(&attributes), type);
TEST_EQUAL(psa_get_key_bits(&attributes), bits);
- PSA_ASSERT(psa_get_key_domain_parameters(&attributes,
- e_read_buffer, e_read_size,
- &e_read_length));
+ psa_status_t status = psa_get_key_domain_parameters(&attributes,
+ e_read_buffer, e_read_size,
+ &e_read_length);
+
+
+#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
if (is_default_public_exponent) {
TEST_EQUAL(e_read_length, 0);
} else {
+ TEST_EQUAL(status, PSA_SUCCESS);
TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len);
}
+#else
+ (void) is_default_public_exponent;
+ TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED);
+#endif
/* Do something with the key according to its type and permitted usage. */
if (!mbedtls_test_psa_exercise_key(key, usage, alg)) {
@@ -9764,7 +9776,7 @@
unsigned char *first_export = NULL;
unsigned char *second_export = NULL;
size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits);
- size_t first_exported_length;
+ size_t first_exported_length = 0;
size_t second_exported_length;
if (usage_flags & PSA_KEY_USAGE_EXPORT) {
@@ -9826,7 +9838,7 @@
break;
default:
- TEST_ASSERT(!"generation_method not implemented in test");
+ TEST_FAIL("generation_method not implemented in test");
break;
}
psa_reset_key_attributes(&attributes);
diff --git a/tests/suites/test_suite_psa_crypto.pbkdf2.data b/tests/suites/test_suite_psa_crypto.pbkdf2.data
new file mode 100644
index 0000000..3b8e7e0
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto.pbkdf2.data
@@ -0,0 +1,16 @@
+PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #4
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"eefe3d61cd4da4e4e9945b3d6ba2158c2634e984":"":0:1:0
+
+PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #2
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"013880":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4e61436c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"50617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"4ddcd8f60b98be21830cee5ef22701f9641a4418d04c0414aeff08876b34ab56a1d425a1225833549adb841b51c9b3176a272bdebba1d078478f62b397f33c8d":"":0:1:0
+
+# For PBKDF2_AES_CMAC_PRF_128 the output for the test vectors was generated using a python script. Refer commit message for details.
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, inputs from RFC6070 #4
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"c19b71d2daf483abc9e04fbc78928b4204398d1e":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, inputs from RFC7914 #2
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"013880":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4e61436c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"50617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"3298e89bc3560e61b59aef2c104f93380b5fa26e2e011cb5ac5895fcd5a3bd5a92e617d7cae020fa2c6ef895182d9ffa0cc8f9c22778beb02856127719d95570":"":0:1:0
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 54558f0..37c15ee 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -15,35 +15,35 @@
sign_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS
sign_hash transparent driver: in driver RSA PKCS#1 v1.5, raw
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS
sign_hash transparent driver: fallback RSA PKCS#1 v1.5, raw
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS
sign_hash transparent driver: error RSA PKCS#1 v1.5, raw
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_ERROR_GENERIC_ERROR
sign_hash transparent driver: fake RSA PKCS#1 v1.5, raw
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":1:PSA_SUCCESS
sign_hash transparent driver: in driver RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS
sign_hash transparent driver: fallback RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS
sign_hash transparent driver: error RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR
sign_hash transparent driver: fake RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS
verify_hash transparent driver: in driver ECDSA SECP256R1 SHA-256
@@ -71,27 +71,27 @@
verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR
verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 raw
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS
verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 raw
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS
verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 raw
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_ERROR_GENERIC_ERROR
verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR
verify_hash transparent driver: in driver Public Key RSA PKCS#1 v1.5 SHA-256
@@ -99,35 +99,35 @@
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
verify_hash transparent driver: fallback Public Key RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
verify_hash transparent driver: error Public Key RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR
verify_hash transparent driver: in driver Public Key RSA-1024 PSS SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS
verify_hash transparent driver: fallback Public Key RSA-1024 PSS SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS
verify_hash transparent driver: error Public Key RSA-1024 PSS SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_ERROR_GENERIC_ERROR
verify_hash transparent driver: in driver Public Key RSA-1024 PSS-any-salt SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS
verify_hash transparent driver: fallback Public Key RSA-1024 PSS-any-salt SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS
verify_hash transparent driver: error Public Key RSA-1024 PSS-any-salt SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_ERROR_GENERIC_ERROR
sign_message transparent driver: calculate in driver ECDSA SECP256R1 SHA-256
@@ -147,19 +147,19 @@
sign_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS
sign_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS
sign_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS
sign_message transparent driver: error RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR
sign_message transparent driver: fake RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS
verify_message transparent driver: calculate in driver ECDSA SECP256R1 SHA-256
@@ -187,51 +187,51 @@
verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR
verify_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
verify_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
verify_message transparent driver: error RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR
verify_message transparent driver: calculate in driver Public Key RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
verify_message transparent driver: fallback Public Key RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS
verify_message transparent driver: error Public Key RSA PKCS#1 v1.5 SHA-256
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR
verify_message transparent driver: calculate in driver Public Key RSA PSS SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_SUCCESS
verify_message transparent driver: fallback Public Key RSA PSS SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_SUCCESS
verify_message transparent driver: error Public Key RSA PSS SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_ERROR_GENERIC_ERROR
verify_message transparent driver: calculate in driver Public Key RSA PSS-any-salt SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_SUCCESS
verify_message transparent driver: fallback Public Key RSA PSS-any-salt SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_SUCCESS
verify_message transparent driver: error Public Key RSA PSS-any-salt SHA-256
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_ERROR_GENERIC_ERROR
generate_ec_key through transparent driver: fake
@@ -340,11 +340,11 @@
cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric encrypt multipart: AES-CTR, 16 bytes, fallback
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA symmetric encrypt multipart: AES-CTR, 15 bytes, fallback
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA symmetric encrypt multipart: AES-CTR, 16 bytes, fake
@@ -372,7 +372,7 @@
cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decrypt multipart: AES-CTR, 16 bytes, fallback
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA symmetric decrypt multipart: AES-CTR, 16 bytes, fake
@@ -460,7 +460,7 @@
aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_SUCCESS
PSA AEAD encrypt: AES-CCM, 24 bytes, fallback
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CCM
aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_ERROR_NOT_SUPPORTED
PSA AEAD encrypt: AES-CCM, 24 bytes, INSUFFICIENT_MEMORY
@@ -472,7 +472,7 @@
aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_SUCCESS
PSA AEAD encrypt, AES-GCM, 128 bytes #1, fallback
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM
aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED
PSA AEAD encrypt, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY
@@ -484,7 +484,7 @@
aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
PSA AEAD decrypt: AES-CCM, 39 bytes, fallback
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CCM
aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_ERROR_NOT_SUPPORTED
PSA AEAD decrypt: AES-CCM, 39 bytes, INSUFFICIENT_MEMORY
@@ -496,7 +496,7 @@
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
PSA AEAD decrypt, AES-GCM, 144 bytes #1, fallback
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED
PSA AEAD decrypt, AES-GCM, 144 bytes #1, INSUFFICIENT_MEMORY
@@ -536,7 +536,7 @@
mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS
PSA MAC sign, fallback: CMAC-AES-128
-depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED
PSA MAC sign, driver reports error: CMAC-AES-128
@@ -576,7 +576,7 @@
mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS
PSA MAC verify, fallback: CMAC-AES-128
-depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED
PSA MAC verify, driver reports error: CMAC-AES-128
@@ -802,7 +802,7 @@
aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_SUCCESS:PSA_SUCCESS
PSA AEAD encrypt setup, AES-GCM, 128 bytes #1, fallback
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM
aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA AEAD encrypt setup, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY
@@ -814,7 +814,7 @@
aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS:PSA_SUCCESS
PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, fallback
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM
aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, insufficient memory
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 98a7662..032fa47 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -466,7 +466,7 @@
TEST_EQUAL(buf[0], 0x00);
/* The rest is too hard to check */
} else {
- TEST_ASSERT(!"Encryption result sanity check not implemented for RSA algorithm");
+ TEST_FAIL("Encryption result sanity check not implemented for RSA algorithm");
}
#endif /* MBEDTLS_BIGNUM_C */
@@ -845,10 +845,10 @@
psa_set_key_bits(&attributes, 0);
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
- mbedtls_test_driver_key_management_hooks.forced_status = force_status;
-
PSA_ASSERT(psa_crypto_init());
+ mbedtls_test_driver_key_management_hooks.hits = 0;
+ mbedtls_test_driver_key_management_hooks.forced_status = force_status;
actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key);
TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1);
TEST_EQUAL(actual_status, expected_status);
@@ -906,6 +906,7 @@
}
mbedtls_test_driver_key_management_hooks.hits = 0;
+ mbedtls_test_driver_key_management_hooks.hits_export_public_key = 0;
mbedtls_test_driver_key_management_hooks.forced_status = force_status;
if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) {
@@ -923,7 +924,7 @@
if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) &&
!PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) {
- TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_export_public_key, 1);
}
if (actual_status == PSA_SUCCESS) {
@@ -1059,9 +1060,11 @@
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits_encrypt = 0;
PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1,
output1_buffer_size, &output1_length));
- TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
@@ -1161,6 +1164,7 @@
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
+ mbedtls_test_driver_cipher_hooks.hits = 0;
PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
@@ -1289,6 +1293,7 @@
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
+ mbedtls_test_driver_cipher_hooks.hits = 0;
PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
mbedtls_test_driver_cipher_hooks.hits = 0;
@@ -1414,6 +1419,7 @@
mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
}
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output,
output_buffer_size, &output_length);
TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
@@ -1468,23 +1474,26 @@
* First test that if we don't force a driver error, encryption is
* successful, then force driver error.
*/
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits_encrypt = 0;
status = psa_cipher_encrypt(
key, alg, input->x, input->len,
output, output_buffer_size, &function_output_length);
- TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1);
TEST_EQUAL(status, PSA_SUCCESS);
mbedtls_test_driver_cipher_hooks.hits = 0;
- mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status_encrypt = PSA_ERROR_GENERIC_ERROR;
/* Set the output buffer in a given state. */
for (size_t i = 0; i < output_buffer_size; i++) {
output[i] = 0xa5;
}
+ mbedtls_test_driver_cipher_hooks.hits_encrypt = 0;
status = psa_cipher_encrypt(
key, alg, input->x, input->len,
output, output_buffer_size, &function_output_length);
- TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1);
TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR);
/*
* Check that the output buffer is still in the same state.
@@ -1545,17 +1554,18 @@
TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1);
TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
mbedtls_test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits_set_iv = 0;
- mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_ERROR_GENERIC_ERROR;
/* Set the output buffer in a given state. */
for (size_t i = 0; i < 16; i++) {
output[i] = 0xa5;
}
status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length);
- /* When generating the IV fails, it should call abort too */
- TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2);
- TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status);
+ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_set_iv, 1);
+ TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status_set_iv);
+ mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_SUCCESS;
/*
* Check that the output buffer is still in the same state.
* This will fail if the output buffer is used by the core to pass the IV
@@ -2755,7 +2765,7 @@
{
(void) modulus;
(void) private_exponent;
- TEST_ASSERT(!"Encryption sanity checks not implemented for this key type");
+ TEST_FAIL("Encryption sanity checks not implemented for this key type");
}
}
}
diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data
index 9f51339..0a5f876 100644
--- a/tests/suites/test_suite_psa_crypto_hash.data
+++ b/tests/suites/test_suite_psa_crypto_hash.data
@@ -158,6 +158,70 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_finish:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9"
+PSA hash finish: SHA3-224 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_finish:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7"
+
+PSA hash finish: SHA3-256 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_finish:PSA_ALG_SHA3_256:"":"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a"
+
+PSA hash finish: SHA3-384 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_finish:PSA_ALG_SHA3_384:"":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004"
+
+PSA hash finish: SHA3-512 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_finish:PSA_ALG_SHA3_512:"":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26"
+
+PSA hash finish: SHA3-224 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_finish:PSA_ALG_SHA3_224:"616263":"e642824c3f8cf24ad09234ee7d3c766fc9a3a5168d0c94ad73b46fdf"
+
+PSA hash finish: SHA3-256 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_finish:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532"
+
+PSA hash finish: SHA3-384 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_finish:PSA_ALG_SHA3_384:"616263":"ec01498288516fc926459f58e2c6ad8df9b473cb0fc08c2596da7cf0e49be4b298d88cea927ac7f539f1edf228376d25"
+
+PSA hash finish: SHA3-512 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_finish:PSA_ALG_SHA3_512:"616263":"b751850b1a57168a5693cd924b6b096e08f621827444f70d884f5d0240d2712e10e116e9192af3c91a7ec57647e3934057340b4cf408d5a56592f8274eec53f0"
+
+PSA hash finish: SHA3-224 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_finish:PSA_ALG_SHA3_224:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33"
+
+PSA hash finish: SHA3-256 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_finish:PSA_ALG_SHA3_256:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376"
+
+PSA hash finish: SHA3-384 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_finish:PSA_ALG_SHA3_384:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22"
+
+PSA hash finish: SHA3-512 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_finish:PSA_ALG_SHA3_512:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e"
+
+PSA hash finish: SHA3-224 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_finish:PSA_ALG_SHA3_224:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc"
+
+PSA hash finish: SHA3-256 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_finish:PSA_ALG_SHA3_256:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18"
+
+PSA hash finish: SHA3-384 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_finish:PSA_ALG_SHA3_384:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7"
+
+PSA hash finish: SHA3-512 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_finish:PSA_ALG_SHA3_512:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185"
+
PSA hash finish: MD5 Test vector RFC1321 #1
depends_on:PSA_WANT_ALG_MD5
hash_finish:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e"
@@ -246,6 +310,22 @@
depends_on:PSA_WANT_ALG_RIPEMD160
hash_verify:PSA_ALG_RIPEMD160:"bd":"5089265ee5d9af75d12dbf7ea2f27dbdee435b37"
+PSA hash verify: SHA3-224
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_verify:PSA_ALG_SHA3_224:"bd":"79bd1a58a357d1a0ac15b43400bc396d17bdc6d3d90369f16f650b25"
+
+PSA hash verify: SHA3-256
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_verify:PSA_ALG_SHA3_256:"bd":"b389fa0f45f21196cc2736e8de396497a2414be31e7a500a499918b8cf3257b2"
+
+PSA hash verify: SHA3-384
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_verify:PSA_ALG_SHA3_384:"bd":"5a337b67965736040c5b1f2d4df7f9ca76cf01866c7d64ed8dd812b97995da9b14ef07f9c4d9190888e4b15c4df2203d"
+
+PSA hash verify: SHA3-512
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_verify:PSA_ALG_SHA3_512:"bd":"72bacd82495cb72a44523cda462f0f02c9f33b6312e24e44f5c40deed2bbc37854b606cb2f62cce6a394b4157d8e6e89b22682380dc129dddd402693ffa98a6c"
+
PSA hash multi part: SHA-1 Test Vector NIST CAVS #1
depends_on:PSA_WANT_ALG_SHA_1
hash_multi_part:PSA_ALG_SHA_1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709"
@@ -465,3 +545,126 @@
PSA hash multi part: RIPEMD160 Test vector from paper #8
depends_on:PSA_WANT_ALG_RIPEMD160
hash_multi_part:PSA_ALG_RIPEMD160:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
+
+PSA hash multi part: SHA3-224 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_multi_part:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7"
+
+PSA hash multi part: SHA3-256 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_multi_part:PSA_ALG_SHA3_256:"":"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a"
+
+PSA hash multi part: SHA3-384 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_multi_part:PSA_ALG_SHA3_384:"":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004"
+
+PSA hash multi part: SHA3-512 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_multi_part:PSA_ALG_SHA3_512:"":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26"
+
+PSA hash multi part: SHA3-224 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_multi_part:PSA_ALG_SHA3_224:"616263":"e642824c3f8cf24ad09234ee7d3c766fc9a3a5168d0c94ad73b46fdf"
+
+PSA hash multi part: SHA3-256 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_multi_part:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532"
+
+PSA hash multi part: SHA3-384 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_multi_part:PSA_ALG_SHA3_384:"616263":"ec01498288516fc926459f58e2c6ad8df9b473cb0fc08c2596da7cf0e49be4b298d88cea927ac7f539f1edf228376d25"
+
+PSA hash multi part: SHA3-512 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_multi_part:PSA_ALG_SHA3_512:"616263":"b751850b1a57168a5693cd924b6b096e08f621827444f70d884f5d0240d2712e10e116e9192af3c91a7ec57647e3934057340b4cf408d5a56592f8274eec53f0"
+
+PSA hash multi part: SHA3-224 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_multi_part:PSA_ALG_SHA3_224:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33"
+
+PSA hash multi part: SHA3-256 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_multi_part:PSA_ALG_SHA3_256:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376"
+
+PSA hash multi part: SHA3-384 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_multi_part:PSA_ALG_SHA3_384:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22"
+
+PSA hash multi part: SHA3-512 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_multi_part:PSA_ALG_SHA3_512:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e"
+
+PSA hash multi part: SHA3-224 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_multi_part:PSA_ALG_SHA3_224:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc"
+
+PSA hash multi part: SHA3-256 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_multi_part:PSA_ALG_SHA3_256:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18"
+
+PSA hash multi part: SHA3-384 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_multi_part:PSA_ALG_SHA3_384:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7"
+
+PSA hash multi part: SHA3-512 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_multi_part:PSA_ALG_SHA3_512:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185"
+
+# HMAC test vectors generated in python with e.g.
+# import hmac; hmac.new(bytes([0xaa]*32), b'abc', 'SHA3-224').hexdigest()
+
+PSA HMAC SHA3-224
+depends_on:PSA_WANT_ALG_SHA3_224
+hmac:PSA_ALG_SHA3_224:"abc":"bf0905154ad610b6a3d6d0b9a1c692494e987337d956624a066d7a1f"
+
+PSA HMAC SHA3-256
+depends_on:PSA_WANT_ALG_SHA3_256
+hmac:PSA_ALG_SHA3_256:"abc":"a986419a162b6d4731a8e96e44a2c6e784d50137907b457c9fb77c62705dc4d9"
+
+PSA HMAC SHA3-384
+depends_on:PSA_WANT_ALG_SHA3_384
+hmac:PSA_ALG_SHA3_384:"abc":"87b864ee25f8bfebd516eddd7cdd400d3c368a09e4b1fabaee5636da8a9c876c3f802c366537663910f2e6c5a8426381"
+
+PSA HMAC SHA3-512
+depends_on:PSA_WANT_ALG_SHA3_512
+hmac:PSA_ALG_SHA3_512:"abc":"2cef45b6950e41a70bc85cb431b2161d47c9e2932187fa15d80e3b7af1da38aa8fe823a72efd7e536e5236a5b0798418d8c8f08b0de5fc262867bb3752b6482d"
+
+PSA HMAC SHA-1
+depends_on:PSA_WANT_ALG_SHA_1
+hmac:PSA_ALG_SHA_1:"abc":"0b3a7f96afea3e14a0835f7c9468a24649f85596"
+
+PSA HMAC SHA-224
+depends_on:PSA_WANT_ALG_SHA_224
+hmac:PSA_ALG_SHA_224:"abc":"249c405cef8bcd3ceeafdb9a933179739fb9b1d7f174df4667ec82f3"
+
+PSA HMAC SHA-256
+depends_on:PSA_WANT_ALG_SHA_256
+hmac:PSA_ALG_SHA_256:"abc":"b89a1b878289c739595104da55b6f7a8afec3e0757fc166080dc267c09c46841"
+
+PSA HMAC SHA-384
+depends_on:PSA_WANT_ALG_SHA_384
+hmac:PSA_ALG_SHA_384:"abc":"25a8b55c884bc38286305f76332631726498f5586280b88bc6179cd00c6878fb7d1bb3ee1643fcd2fb02b95823ff1af2"
+
+PSA HMAC SHA-512
+depends_on:PSA_WANT_ALG_SHA_512
+hmac:PSA_ALG_SHA_512:"abc":"d6e5eebb5cf27f5b686fefc416ee8c431bb10770216aa3c6ba13897ef3fc040b98abc53b95039f2c50622473f958af64a3cae1afbea8ffffa8d35ca24f31e222"
+
+PSA HMAC RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
+hmac:PSA_ALG_RIPEMD160:"abc":"114a5cf4637f57c044472e1a0b87cce9137190b2"
+
+PSA HMAC MD5
+depends_on:PSA_WANT_ALG_MD5
+hmac:PSA_ALG_MD5:"abc":"39677b12b80118927387aa4a65d16a5e"
+
+PSA HMAC input length 0
+depends_on:PSA_WANT_ALG_SHA_256
+hmac:PSA_ALG_SHA_256:"":"63210aee265762634fa3db8c1aa920dcd07d31ec297309580394a21412f83372"
+
+PSA HMAC input length 1
+depends_on:PSA_WANT_ALG_SHA_256
+hmac:PSA_ALG_SHA_256:"x":"f61c11d66441e3c0b9902a8491caa2da5a0d0d95ef0fc61d8a3b5ea5e0416f5c"
+
+PSA HMAC input length 2890
+depends_on:PSA_WANT_ALG_SHA_256
+hmac:PSA_ALG_SHA_256:"0123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999":"dd2e08786029097be5f634fda74a7e20e3e1638e71282892c4fd21d9a71ae418"
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index 0405c1d..20167fd 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -1,6 +1,7 @@
/* BEGIN_HEADER */
#include <stdint.h>
+#include "psa/crypto.h"
/* END_HEADER */
@@ -35,6 +36,52 @@
/* END_CASE */
/* BEGIN_CASE */
+void hmac(int alg_arg, char *input, data_t *expected_mac)
+{
+ psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg);
+
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
+ const uint8_t key_data[] = { // 32 bytes of 0xaa
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ };
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT(psa_crypto_init());
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+ PSA_ASSERT(psa_import_key(&attributes, key_data, sizeof(key_data), &key));
+
+ uint8_t mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
+ size_t mac_length = 0;
+
+ size_t input_len = strlen(input);
+ PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, input_len, mac, sizeof(mac),
+ &mac_length));
+
+ // manual comparison against expected MAC
+ ASSERT_COMPARE(expected_mac->x, expected_mac->len, mac, mac_length);
+
+ // use psa_mac_verify to compare to expected MAC
+ PSA_ASSERT(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x,
+ expected_mac->len));
+
+ // corrupt the MAC and check that psa_mac_verify fails
+ expected_mac->x[0] ^= 0x7f;
+ TEST_EQUAL(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x,
+ expected_mac->len), PSA_ERROR_INVALID_SIGNATURE);
+
+ PSA_ASSERT(psa_destroy_key(key));
+exit:
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void hash_verify(int alg_arg, data_t *input, data_t *expected_hash)
{
psa_algorithm_t alg = alg_arg;
diff --git a/tests/suites/test_suite_psa_crypto_low_hash.function b/tests/suites/test_suite_psa_crypto_low_hash.function
new file mode 100644
index 0000000..6dabcef
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_low_hash.function
@@ -0,0 +1,209 @@
+/* BEGIN_HEADER */
+/*
+ * Test suite for the PSA hash built-in driver
+ *
+ * This test suite exercises some aspects of the built-in PSA driver for
+ * hash algorithms (psa_crypto_hash.c). This code is mostly tested via
+ * the application interface (above the PSA API layer) and via tests of
+ * individual hash modules. The goal of this test suite is to ensure that
+ * the driver dispatch layer behaves correctly even when not invoked via
+ * the API layer, but directly from another driver.
+ *
+ * This test suite is currently incomplete. It focuses on non-regression
+ * tests for past bugs or near misses.
+ */
+
+#include <psa_crypto_hash.h>
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_BUILTIN_HASH
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void hash_valid_one_shot(int alg_arg, data_t *input,
+ data_t *expected)
+{
+ psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = expected->len;
+ size_t length = SIZE_MAX;
+
+ /* Nominal case */
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* Larger output buffer */
+ output_size = expected->len + 1;
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* We don't test with a smaller output buffer because this isn't
+ * guaranteed to work: the core must pass a sufficiently large
+ * output buffer to the driver. */
+
+exit:
+ mbedtls_free(output);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_valid_multipart(int alg_arg,
+ data_t *input1, data_t *expected1,
+ data_t *input2, data_t *expected2)
+{
+ psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = expected1->len;
+ size_t length = SIZE_MAX;
+ mbedtls_psa_hash_operation_t operation0; // original
+ memset(&operation0, 0, sizeof(operation0));
+ mbedtls_psa_hash_operation_t clone_start; // cloned after setup
+ memset(&clone_start, 0, sizeof(clone_start));
+ mbedtls_psa_hash_operation_t clone_middle; // cloned between updates
+ memset(&clone_middle, 0, sizeof(clone_middle));
+ mbedtls_psa_hash_operation_t clone_end; // cloned before finish
+ memset(&clone_end, 0, sizeof(clone_end));
+ mbedtls_psa_hash_operation_t clone_more; // cloned before finish
+ memset(&clone_more, 0, sizeof(clone_more));
+
+ /* Nominal case with two update calls */
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_setup(&operation0, alg),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_start),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_update(&operation0, input1->x, input1->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_middle),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_update(&operation0, input2->x, input2->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_end),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&operation0,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+
+ /* Nominal case with an operation cloned after setup */
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_update(&clone_start, input1->x, input1->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_start,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected1->x, expected1->len, output, length);
+
+ /* Nominal case with an operation cloned between updates */
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_update(&clone_middle, input2->x, input2->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_middle,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+
+ /* Nominal case with an operation cloned before finish */
+ TEST_EQUAL(mbedtls_psa_hash_clone(&clone_end, &clone_more),
+ PSA_SUCCESS);
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* Larger output buffer */
+ TEST_EQUAL(mbedtls_psa_hash_clone(&clone_more, &clone_end),
+ PSA_SUCCESS);
+ output_size = expected2->len + 1;
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* We don't test with a smaller output buffer because this isn't
+ * guaranteed to work: the core must pass a sufficiently large
+ * output buffer to the driver. */
+
+ /* Nominal case again after an error in a cloned operation */
+ output_size = expected2->len;
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_more,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+exit:
+ mbedtls_free(output);
+ mbedtls_psa_hash_abort(&operation0);
+ mbedtls_psa_hash_abort(&clone_start);
+ mbedtls_psa_hash_abort(&clone_middle);
+ mbedtls_psa_hash_abort(&clone_end);
+ mbedtls_psa_hash_abort(&clone_more);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_empty(int alg_arg, data_t *expected)
+{
+ psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = expected->len;
+ size_t length = SIZE_MAX;
+ mbedtls_psa_hash_operation_t operation;
+ memset(&operation, 0, sizeof(operation));
+
+ ASSERT_ALLOC(output, output_size);
+
+ /* One-shot */
+ TEST_EQUAL(mbedtls_psa_hash_compute(alg, NULL, 0,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+
+ /* Multipart, no update */
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_setup(&operation, alg),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&operation,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+
+ /* Multipart, one update */
+ memset(output, 0, output_size);
+ memset(&operation, 0, sizeof(operation));
+ TEST_EQUAL(mbedtls_psa_hash_setup(&operation, alg),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_update(&operation, NULL, 0),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&operation,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+
+exit:
+ mbedtls_free(output);
+ mbedtls_psa_hash_abort(&operation);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index fef0bab..4a25036 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -26,6 +26,22 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_algorithm:PSA_ALG_SHA_512:64
+Hash: SHA-3 SHA3-224
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_algorithm:PSA_ALG_SHA3_224:28
+
+Hash: SHA-3 SHA3-256
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_algorithm:PSA_ALG_SHA3_256:32
+
+Hash: SHA-3 SHA3-384
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_algorithm:PSA_ALG_SHA3_384:48
+
+Hash: SHA-3 SHA3-512
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_algorithm:PSA_ALG_SHA3_512:64
+
MAC: HMAC-MD5
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5
hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):16:64
@@ -55,19 +71,19 @@
hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128
MAC: CBC_MAC-AES-128
-depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_CIPHER_C
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES
mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128
MAC: CBC_MAC-AES-192
-depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_CIPHER_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192
MAC: CBC_MAC-AES-256
-depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_CIPHER_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256
MAC: CBC_MAC-3DES
-depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_DES:MBEDTLS_CIPHER_C
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_DES
mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192
MAC: CMAC-AES-128
@@ -91,31 +107,31 @@
cipher_algorithm:PSA_ALG_STREAM_CIPHER:ALG_IS_STREAM_CIPHER
Cipher: CTR
-depends_on:PSA_WANT_ALG_CTR:MBEDTLS_CIPHER_C
+depends_on:PSA_WANT_ALG_CTR
cipher_algorithm:PSA_ALG_CTR:ALG_IS_STREAM_CIPHER
Cipher: CFB
-depends_on:PSA_WANT_ALG_CFB:MBEDTLS_CIPHER_C
+depends_on:PSA_WANT_ALG_CFB
cipher_algorithm:PSA_ALG_CFB:ALG_IS_STREAM_CIPHER
Cipher: OFB
-depends_on:PSA_WANT_ALG_OFB:MBEDTLS_CIPHER_C
+depends_on:PSA_WANT_ALG_OFB
cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER
Cipher: ECB-nopad
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:MBEDTLS_CIPHER_C
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING
cipher_algorithm:PSA_ALG_ECB_NO_PADDING:0
Cipher: CBC-nopad
-depends_on:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_CIPHER_C
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING
cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0
Cipher: CBC-PKCS#7
-depends_on:PSA_WANT_ALG_CBC_PKCS7:MBEDTLS_CIPHER_C
+depends_on:PSA_WANT_ALG_CBC_PKCS7
cipher_algorithm:PSA_ALG_CBC_PKCS7:0
Cipher: XTS
-depends_on:PSA_WANT_ALG_XTS:MBEDTLS_CIPHER_C
+depends_on:PSA_WANT_ALG_XTS
cipher_algorithm:PSA_ALG_XTS:0
Cipher: CCM*
diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function
index 96c1195..fed2c41 100644
--- a/tests/suites/test_suite_psa_crypto_pake.function
+++ b/tests/suites/test_suite_psa_crypto_pake.function
@@ -44,7 +44,7 @@
ERR_INJECT_EXTRA_INPUT,
ERR_INJECT_EXTRA_OUTPUT_AT_END,
ERR_INJECT_EXTRA_INPUT_AT_END,
- /* erros issued from the .data file */
+ /* errors issued from the .data file */
ERR_IN_SETUP,
ERR_IN_SET_USER,
ERR_IN_SET_PEER,
@@ -59,9 +59,11 @@
PAKE_ROUND_TWO
} pake_round_t;
+#if defined(PSA_WANT_ALG_JPAKE)
/* The only two JPAKE user/peer identifiers supported for the time being. */
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
+#endif
/*
* Inject an error on the specified buffer ONLY it this is the correct stage.
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data
index 3a35505..133e726 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.data
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.data
@@ -42,87 +42,87 @@
save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED
Persistent key destroy
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
Persistent key destroy after restart
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
persistent_key_destroy:17:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
Persistent key import (RSA)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS
Persistent key import with restart (RSA)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS
Persistent key import (RSA) invalid key id (VENDOR_MIN)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
persistent_key_import:256:PSA_KEY_ID_VENDOR_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT
Persistent key import (RSA) invalid key id (VOLATILE_MIN)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
persistent_key_import:256:PSA_KEY_ID_VOLATILE_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT
Persistent key import (RSA) invalid key id (VENDOR_MAX)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
persistent_key_import:256:PSA_KEY_ID_VENDOR_MAX:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT
Persistent key import garbage data, should fail
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT
import/export persistent raw key: 1 byte
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0
import/export persistent key RSA public key: good, 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:0
import/export persistent key RSA keypair: good, 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:0
import/export persistent raw key file not exist: 1 byte
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:1
import/export persistent key RSA public key file not exist: 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:1
import/export persistent key RSA keypair file not exist: 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:1
import/export-persistent symmetric key: 16 bytes
-depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_AES
import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0:0
import/export persistent raw key with restart: 1 byte
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:0
import/export persistent key RSA public key with restart: good, 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:0
import/export persistent key RSA keypair with restart: good, 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:0
import/export persistent raw key file not exist with restart: 1 byte
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:1
import/export persistent key RSA public key file not exist with restart: 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:1
import/export persistent key RSA keypair file not exist with restart: 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:1
import/export-persistent symmetric key with restart: 16 bytes
-depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C
+depends_on:PSA_WANT_KEY_TYPE_AES
import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:1:0
Destroy invalid id: 0
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index a48114f..c4e4c7d 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -17,8 +17,6 @@
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"
-#include "mbedtls/md.h"
-
#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH (sizeof(PSA_KEY_STORAGE_MAGIC_HEADER))
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index 979db59..8e96984 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -1297,7 +1297,7 @@
mbedtls_svc_key_id_t returned_id;
mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_attributes_t drv_attributes;
+ psa_key_attributes_t drv_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
size_t signature_length;
@@ -1328,7 +1328,7 @@
key_management.p_export_public = ram_export_public;
break;
default:
- TEST_ASSERT(!"unsupported flow (should be SIGN_IN_xxx)");
+ TEST_FAIL("unsupported flow (should be SIGN_IN_xxx)");
break;
}
asymmetric.p_verify = ram_verify;
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index a8fe46f..8564d35 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -142,7 +142,6 @@
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
{
- psa_key_handle_t handle;
mbedtls_svc_key_id_t key_with_invalid_owner =
mbedtls_svc_key_id_make(owner_id + 1,
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key));
@@ -150,8 +149,8 @@
TEST_ASSERT(mbedtls_key_owner_id_equal(
owner_id,
MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key)));
- TEST_EQUAL(psa_open_key(key_with_invalid_owner, &handle),
- PSA_ERROR_DOES_NOT_EXIST);
+ TEST_EQUAL(psa_get_key_attributes(key_with_invalid_owner, &attributes),
+ PSA_ERROR_INVALID_HANDLE);
}
#endif
@@ -747,19 +746,12 @@
* MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) is a volatile
* key identifier as the imported key is a volatile key. Volatile
* key identifiers are in the range from PSA_KEY_ID_VOLATILE_MIN
- * to PSA_KEY_ID_VOLATILE_MAX included. Thus pick a key identifier
- * in the range from PSA_KEY_ID_VOLATILE_MIN to
- * PSA_KEY_ID_VOLATILE_MAX different from
- * MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) to build an
- * unopened and thus invalid identifier.
+ * to PSA_KEY_ID_VOLATILE_MAX included. It is very unlikely that
+ * all IDs are used up to the last one, so pick
+ * PSA_KEY_ID_VOLATILE_MAX to build an unopened and thus invalid
+ * identifier.
*/
-
- if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(valid_handle) ==
- PSA_KEY_ID_VOLATILE_MIN) {
- key_id = PSA_KEY_ID_VOLATILE_MIN + 1;
- } else {
- key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(valid_handle) - 1;
- }
+ key_id = PSA_KEY_ID_VOLATILE_MAX;
invalid_handle =
mbedtls_svc_key_id_make(0, key_id);
@@ -775,7 +767,7 @@
mbedtls_svc_key_id_make(0, PSA_KEY_ID_VENDOR_MAX + 1);
break;
default:
- TEST_ASSERT(!"unknown handle construction");
+ TEST_FAIL("unknown handle construction");
}
/* Attempt to use the invalid handle. */
@@ -939,11 +931,16 @@
mbedtls_svc_key_id_t persistent_key2 = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t *keys = NULL;
+ mbedtls_psa_stats_t psa_key_slots_stats;
+ size_t available_key_slots = 0;
TEST_ASSERT(MBEDTLS_PSA_KEY_SLOT_COUNT >= 1);
- TEST_CALLOC(keys, MBEDTLS_PSA_KEY_SLOT_COUNT);
PSA_ASSERT(psa_crypto_init());
+ mbedtls_psa_get_stats(&psa_key_slots_stats);
+ available_key_slots = psa_key_slots_stats.empty_slots;
+
+ TEST_CALLOC(keys, available_key_slots);
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY);
@@ -962,10 +959,10 @@
TEST_ASSERT(mbedtls_svc_key_id_equal(returned_key_id, persistent_key));
/*
- * Create MBEDTLS_PSA_KEY_SLOT_COUNT volatile keys
+ * Create the maximum available number of volatile keys
*/
psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
- for (i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++) {
+ for (i = 0; i < available_key_slots; i++) {
PSA_ASSERT(psa_import_key(&attributes,
(uint8_t *) &i, sizeof(i),
&keys[i]));
@@ -984,12 +981,12 @@
* Check we can export the volatile key created last and that it has the
* expected value. Then, destroy it.
*/
- PSA_ASSERT(psa_export_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1],
+ PSA_ASSERT(psa_export_key(keys[available_key_slots - 1],
exported, sizeof(exported),
&exported_length));
- i = MBEDTLS_PSA_KEY_SLOT_COUNT - 1;
+ i = available_key_slots - 1;
TEST_MEMORY_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i));
- PSA_ASSERT(psa_destroy_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1]));
+ PSA_ASSERT(psa_destroy_key(keys[available_key_slots - 1]));
/*
* Check that we can now access the persistent key again.
@@ -1012,7 +1009,7 @@
* Check we can export the remaining volatile keys and that they have the
* expected values.
*/
- for (i = 0; i < (MBEDTLS_PSA_KEY_SLOT_COUNT - 1); i++) {
+ for (i = 0; i < (available_key_slots - 1); i++) {
PSA_ASSERT(psa_export_key(keys[i],
exported, sizeof(exported),
&exported_length));
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function
index 116f4cd..bb1e2c6 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -82,77 +82,6 @@
(void) alg;
return 0;
}
-
-/* Whether the algorithm is implemented as a builtin, i.e. not accelerated,
- * and calls mbedtls_md() functions that require the hash algorithm to
- * also be built-in. */
-static int is_builtin_calling_md(psa_algorithm_t alg)
-{
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- if (PSA_ALG_IS_RSA_PSS(alg))
-#if defined(MBEDTLS_MD_C)
- { return 1; }
-#else
- { return 0; }
-#endif
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
- if (PSA_ALG_IS_RSA_OAEP(alg))
-#if defined(MBEDTLS_MD_C)
- { return 1; }
-#else
- { return 0; }
-#endif
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
- return 1;
- }
-#endif
- (void) alg;
- return 0;
-}
-
-static int has_builtin_hash(psa_algorithm_t alg)
-{
-#if !defined(MBEDTLS_MD5_C)
- if (alg == PSA_ALG_MD5) {
- return 0;
- }
-#endif
-#if !defined(MBEDTLS_RIPEMD160_C)
- if (alg == PSA_ALG_RIPEMD160) {
- return 0;
- }
-#endif
-#if !defined(MBEDTLS_SHA1_C)
- if (alg == PSA_ALG_SHA_1) {
- return 0;
- }
-#endif
-#if !defined(MBEDTLS_SHA224_C)
- if (alg == PSA_ALG_SHA_224) {
- return 0;
- }
-#endif
-#if !defined(MBEDTLS_SHA256_C)
- if (alg == PSA_ALG_SHA_256) {
- return 0;
- }
-#endif
-#if !defined(MBEDTLS_SHA384_C)
- if (alg == PSA_ALG_SHA_384) {
- return 0;
- }
-#endif
-#if !defined(MBEDTLS_SHA512_C)
- if (alg == PSA_ALG_SHA_512) {
- return 0;
- }
-#endif
- (void) alg;
- return 1;
-}
#endif
/* Mbed TLS doesn't support certain combinations of key type and algorithm
@@ -193,24 +122,11 @@
return 0;
}
#endif
+
if (is_accelerated_rsa(alg) &&
(hash_alg == PSA_ALG_RIPEMD160 || hash_alg == PSA_ALG_SHA_384)) {
return 0;
}
-#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
- if (PSA_ALG_IS_RSA_OAEP(alg) &&
- (hash_alg == PSA_ALG_RIPEMD160 || hash_alg == PSA_ALG_SHA_384)) {
- return 0;
- }
-#endif
-
- /* The built-in implementation of asymmetric algorithms that use a
- * hash internally only dispatch to the internal md module, not to
- * PSA. Until this is supported, don't try to actually perform
- * operations when the operation is built-in and the hash isn't. */
- if (is_builtin_calling_md(alg) && !has_builtin_hash(hash_alg)) {
- return 0;
- }
#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 */
(void) key_type;
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index cb11f18..0f66c79 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -10,7 +10,7 @@
* before changing how test data is constructed or validated.
*/
-#include "../library/psa_crypto_its.h"
+#include "psa_crypto_its.h"
#include "test/psa_helpers.h"
diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function
index 58cddb7..155b8e7 100644
--- a/tests/suites/test_suite_random.function
+++ b/tests/suites/test_suite_random.function
@@ -26,7 +26,12 @@
unsigned char output1[OUTPUT_SIZE];
unsigned char output2[OUTPUT_SIZE];
+#if defined(MBEDTLS_AES_C)
MD_PSA_INIT();
+#else
+ USE_PSA_INIT();
+#endif
+
/* First round */
mbedtls_entropy_init(&entropy);
@@ -56,7 +61,11 @@
exit:
mbedtls_ctr_drbg_free(&drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_AES_C)
MD_PSA_DONE();
+#else
+ USE_PSA_DONE();
+#endif
}
/* END_CASE */
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index c02853b..629e281 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -176,9 +176,12 @@
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
-
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
+
+ TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
+
+ TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0);
exit:
@@ -275,14 +278,14 @@
case 32: type1 = MBEDTLS_SHA3_256; break;
case 48: type1 = MBEDTLS_SHA3_384; break;
case 64: type1 = MBEDTLS_SHA3_512; break;
- default: TEST_ASSERT(!"hash1->len validity"); break;
+ default: TEST_FAIL("hash1->len validity"); break;
}
switch (hash2->len) {
case 28: type2 = MBEDTLS_SHA3_224; break;
case 32: type2 = MBEDTLS_SHA3_256; break;
case 48: type2 = MBEDTLS_SHA3_384; break;
case 64: type2 = MBEDTLS_SHA3_512; break;
- default: TEST_ASSERT(!"hash2->len validity"); break;
+ default: TEST_FAIL("hash2->len validity"); break;
}
/* Round 1 */
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 361c160..de998e3 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -365,27 +365,27 @@
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0
Handshake, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0
Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
Handshake, PSK-WITH-AES-128-CBC-SHA
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
DTLS Handshake, tls1_2
@@ -393,31 +393,31 @@
handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1
DTLS Handshake, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1
DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
DTLS Handshake with serialization, tls1_2
-depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS
+depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS
handshake_serialization
DTLS Handshake fragmentation, MFL=512
@@ -437,143 +437,143 @@
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3
Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Sending app data via TLS, MFL=512 without fragmentation
@@ -710,147 +710,147 @@
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
SSL DTLS replay: initial state, seqnum 0
@@ -962,819 +962,819 @@
ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
Record crypt, AES-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-GCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-GCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-128-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-192-GCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-192-GCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-192-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-192-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-GCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-GCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-256-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-GCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-192-GCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-GCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-128-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-192-CCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-192-CCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-192-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-192-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-192-CCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-192-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-192-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, AES-256-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-192-CCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-192-CCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, NULL cipher, 1.2, SHA-384
@@ -1810,843 +1810,843 @@
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ChachaPoly
-depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_2
ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ChachaPoly, 1.3
-depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3
+depends_on:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_3
ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, ChachaPoly
-depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_2
ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ChachaPoly, 1.3
-depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3
+depends_on:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_3
ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, ChachaPoly, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_2
ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ChachaPoly, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_2
ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-GCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-GCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-128-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-192-GCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-192-GCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-192-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-192-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-GCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-GCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-256-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-GCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-192-GCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-GCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-128-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-192-CCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-192-CCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-192-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-192-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-192-CCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CCM, 1.2
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CCM, 1.3
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0
Record crypt, little space, AES-256-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CCM, 1.2, short tag
-depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-192-CCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CCM, 1.2
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, NULL cipher, 1.2, SHA-384
@@ -2681,390 +2681,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
-Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1
-
-Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255
-
-Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1
-
-Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255
-
-Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1
-
-Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255
-
-Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1
-
-Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255
-
SSL TLS 1.3 Key schedule: Secret evolution #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Initial secret to Early Secret
@@ -3234,7 +2850,7 @@
# - App data payload: 70696e67
# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
# - Padding used: No (== granularity 1)
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
@@ -3245,7 +2861,7 @@
# - App data payload: 706f6e67
# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
# - Padding used: No (== granularity 1)
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
SSL TLS 1.3 Record Encryption RFC 8448 Example #1
@@ -3264,7 +2880,7 @@
# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
# 3a ee bb 21 69 49 15 e4
# - Padding used: No (== granularity 1)
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
SSL TLS 1.3 Record Encryption RFC 8448 Example #2
@@ -3283,12 +2899,12 @@
# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
# 0d d0 32 e1 67 c2 95 5d
# - Padding used: No (== granularity 1)
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
SSL TLS 1.3 Key schedule: Application secrets derivation helper
# Vector from RFC 8448
-depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+depends_on:PSA_WANT_ALG_SHA_256
ssl_tls13_derive_application_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
SSL TLS 1.3 Key schedule: Resumption secrets derivation helper
@@ -3300,7 +2916,7 @@
# Vector from RFC 8448
# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"'
# For all other data, see Section 4, 'construct a ClientHello handshake message:'
-depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_ECP_HAVE_CURVE25519
ssl_tls13_create_psk_binder:PSA_ALG_SHA_256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
@@ -3335,15 +2951,15 @@
ssl_serialize_session_save_load:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: small ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save-load: large ticket, cert
-depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_load:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, save-load: no ticket
@@ -3375,15 +2991,15 @@
ssl_serialize_session_load_save:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_load_save:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: small ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
ssl_serialize_session_load_save:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load-save: large ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
ssl_serialize_session_load_save:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, load-save: no ticket
@@ -3415,15 +3031,15 @@
ssl_serialize_session_save_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: no ticket, cert
-depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2
ssl_serialize_session_save_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: small ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, save buffer size: large ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, save buffer size: no ticket
@@ -3455,15 +3071,15 @@
ssl_serialize_session_load_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: no ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:0:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: small ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:42:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
Session serialization, load buffer size: large ticket, cert
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, load buffer size: no ticket
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 915d104..05571a1 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -24,6 +24,7 @@
{
enum { MSGLEN = 10 };
mbedtls_test_ssl_buffer buf;
+ mbedtls_test_ssl_buffer_init(&buf);
unsigned char input[MSGLEN];
unsigned char output[MSGLEN];
@@ -43,8 +44,6 @@
/* Make sure calling put and get on a buffer that hasn't been set up results
* in error. */
- mbedtls_test_ssl_buffer_init(&buf);
-
TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
== -1);
TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output))
@@ -1146,21 +1145,21 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-void ssl_set_hostname_twice(char *hostname0, char *hostname1)
+void ssl_set_hostname_twice(char *input_hostname0, char *input_hostname1)
{
- const char *hostname;
+ const char *output_hostname;
mbedtls_ssl_context ssl;
mbedtls_ssl_init(&ssl);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0);
- hostname = mbedtls_ssl_get_hostname(&ssl);
- TEST_ASSERT(strcmp(hostname0, hostname) == 0);
+ TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname0) == 0);
+ output_hostname = mbedtls_ssl_get_hostname(&ssl);
+ TEST_ASSERT(strcmp(input_hostname0, output_hostname) == 0);
- TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0);
- hostname = mbedtls_ssl_get_hostname(&ssl);
- TEST_ASSERT(strcmp(hostname1, hostname) == 0);
+ TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname1) == 0);
+ output_hostname = mbedtls_ssl_get_hostname(&ssl);
+ TEST_ASSERT(strcmp(input_hostname1, output_hostname) == 0);
exit:
mbedtls_ssl_free(&ssl);
@@ -1200,7 +1199,7 @@
TEST_ASSERT(ret == 0);
- TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
+ TEST_CALLOC(buf, buflen);
while (num_records-- > 0) {
mbedtls_ssl_transform *t_dec, *t_enc;
@@ -1354,7 +1353,7 @@
TEST_ASSERT(ret == 0);
- TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
+ TEST_CALLOC(buf, buflen);
for (mode = 1; mode <= 3; mode++) {
seen_success = 0;
@@ -1403,19 +1402,16 @@
ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
mbedtls_test_rnd_std_rand, NULL);
- if ((mode == 1 || mode == 2) && seen_success) {
- TEST_ASSERT(ret == 0);
- } else {
- TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- if (ret == 0) {
- seen_success = 1;
- }
- }
-
- if (ret != 0) {
+ if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+ /* It's ok if the output buffer is too small. We do insist
+ * on at least one mode succeeding; this is tracked by
+ * seen_success. */
continue;
}
+ TEST_EQUAL(ret, 0);
+ seen_success = 1;
+
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if (rec.cid_len != 0) {
/* DTLS 1.2 + CID hides the real content type and
@@ -1464,235 +1460,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
-void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
- int length_selector)
-{
- /*
- * Test record decryption for CBC without EtM, focused on the verification
- * of padding and MAC.
- *
- * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since
- * the test framework doesn't support alternation in dependency statements,
- * just depend on AES.
- *
- * The length_selector argument is interpreted as follows:
- * - if it's -1, the plaintext length is 0 and minimal padding is applied
- * - if it's -2, the plaintext length is 0 and maximal padding is applied
- * - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
- * it's the length of the rest of the padding, that is, excluding the
- * byte that encodes the length. The minimal non-zero plaintext length
- * that gives this padding_length is automatically selected.
- */
- mbedtls_ssl_context ssl; /* ONLY for debugging */
- mbedtls_ssl_transform t0, t1;
- mbedtls_record rec, rec_save;
- unsigned char *buf = NULL, *buf_save = NULL;
- size_t buflen, olen = 0;
- size_t plaintext_len, block_size, i;
- unsigned char padlen; /* excluding the padding_length byte */
- unsigned char add_data[13];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
- size_t sign_mac_length = 0;
- unsigned char mac[PSA_HASH_MAX_SIZE];
-#else
- unsigned char mac[MBEDTLS_MD_MAX_SIZE];
-#endif
- int exp_ret;
- int ret;
- const unsigned char pad_max_len = 255; /* Per the standard */
-
- mbedtls_ssl_init(&ssl);
- mbedtls_ssl_transform_init(&t0);
- mbedtls_ssl_transform_init(&t1);
- MD_OR_USE_PSA_INIT();
-
- /* Set up transforms with dummy keys */
- ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
- 0, trunc_hmac,
- MBEDTLS_SSL_VERSION_TLS1_2,
- 0, 0);
-
- TEST_ASSERT(ret == 0);
-
- /* Determine padding/plaintext length */
- TEST_ASSERT(length_selector >= -2 && length_selector <= 255);
- block_size = t0.ivlen;
- if (length_selector < 0) {
- plaintext_len = 0;
-
- /* Minimal padding
- * The +1 is for the padding_length byte, not counted in padlen. */
- padlen = block_size - (t0.maclen + 1) % block_size;
-
- /* Maximal padding? */
- if (length_selector == -2) {
- padlen += block_size * ((pad_max_len - padlen) / block_size);
- }
- } else {
- padlen = length_selector;
-
- /* Minimal non-zero plaintext_length giving desired padding.
- * The +1 is for the padding_length byte, not counted in padlen. */
- plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size;
- }
-
- /* Prepare a buffer for record data */
- buflen = block_size
- + plaintext_len
- + t0.maclen
- + padlen + 1;
- TEST_CALLOC(buf, buflen);
- TEST_CALLOC(buf_save, buflen);
-
- /* Prepare a dummy record header */
- memset(rec.ctr, 0, sizeof(rec.ctr));
- rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
- mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_VERSION_TLS1_2);
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- rec.cid_len = 0;
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
- /* Prepare dummy record content */
- rec.buf = buf;
- rec.buf_len = buflen;
- rec.data_offset = block_size;
- rec.data_len = plaintext_len;
- memset(rec.buf + rec.data_offset, 42, rec.data_len);
-
- /* Serialized version of record header for MAC purposes */
- memcpy(add_data, rec.ctr, 8);
- add_data[8] = rec.type;
- add_data[9] = rec.ver[0];
- add_data[10] = rec.ver[1];
- add_data[11] = (rec.data_len >> 8) & 0xff;
- add_data[12] = (rec.data_len >> 0) & 0xff;
-
- /* Set dummy IV */
- memset(t0.iv_enc, 0x55, t0.ivlen);
- memcpy(rec.buf, t0.iv_enc, t0.ivlen);
-
- /*
- * Prepare a pre-encryption record (with MAC and padding), and save it.
- */
-
- /* MAC with additional data */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
- t0.psa_mac_enc,
- t0.psa_mac_alg));
- TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13));
- TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation,
- rec.buf + rec.data_offset,
- rec.data_len));
- TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
- mac, sizeof(mac),
- &sign_mac_length));
-#else
- TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13));
- TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc,
- rec.buf + rec.data_offset,
- rec.data_len));
- TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac));
-#endif
-
- memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen);
- rec.data_len += t0.maclen;
-
- /* Pad */
- memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
- rec.data_len += padlen + 1;
-
- /* Save correct pre-encryption record */
- rec_save = rec;
- rec_save.buf = buf_save;
- memcpy(buf_save, buf, buflen);
-
- /*
- * Encrypt and decrypt the correct record, expecting success
- */
- TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
- &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
- rec.data_len, rec.buf + rec.data_offset, &olen));
- rec.data_offset -= t0.ivlen;
- rec.data_len += t0.ivlen;
-
- TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
-
- /*
- * Modify each byte of the pre-encryption record before encrypting and
- * decrypting it, expecting failure every time.
- */
- for (i = block_size; i < buflen; i++) {
- mbedtls_test_set_step(i);
-
- /* Restore correct pre-encryption record */
- rec = rec_save;
- rec.buf = buf;
- memcpy(buf, buf_save, buflen);
-
- /* Corrupt one byte of the data (could be plaintext, MAC or padding) */
- rec.buf[i] ^= 0x01;
-
- /* Encrypt */
- TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
- &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
- rec.data_len, rec.buf + rec.data_offset, &olen));
- rec.data_offset -= t0.ivlen;
- rec.data_len += t0.ivlen;
-
- /* Decrypt and expect failure */
- TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC,
- mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
- }
-
- /*
- * Use larger values of the padding bytes - with small buffers, this tests
- * the case where the announced padlen would be larger than the buffer
- * (and before that, than the buffer minus the size of the MAC), to make
- * sure our padding checking code does not perform any out-of-bounds reads
- * in this case. (With larger buffers, ie when the plaintext is long or
- * maximal length padding is used, this is less relevant but still doesn't
- * hurt to test.)
- *
- * (Start the loop with correct padding, just to double-check that record
- * saving did work, and that we're overwriting the correct bytes.)
- */
- for (i = padlen; i <= pad_max_len; i++) {
- mbedtls_test_set_step(i);
-
- /* Restore correct pre-encryption record */
- rec = rec_save;
- rec.buf = buf;
- memcpy(buf, buf_save, buflen);
-
- /* Set padding bytes to new value */
- memset(buf + buflen - padlen - 1, i, padlen + 1);
-
- /* Encrypt */
- TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
- &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
- rec.data_len, rec.buf + rec.data_offset, &olen));
- rec.data_offset -= t0.ivlen;
- rec.data_len += t0.ivlen;
-
- /* Decrypt and expect failure except the first time */
- exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
- TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
- }
-
-exit:
- mbedtls_ssl_free(&ssl);
- mbedtls_ssl_transform_free(&t0);
- mbedtls_ssl_transform_free(&t1);
- mbedtls_free(buf);
- mbedtls_free(buf_save);
- MD_OR_USE_PSA_DONE();
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_hkdf_expand_label(int hash_alg,
data_t *secret,
@@ -2005,7 +1772,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_MD_CAN_SHA256 */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
void ssl_tls13_record_protection(int ciphersuite,
int endpoint,
int ctr,
@@ -2019,7 +1786,9 @@
{
mbedtls_ssl_key_set keys;
mbedtls_ssl_transform transform_send;
+ mbedtls_ssl_transform_init(&transform_send);
mbedtls_ssl_transform transform_recv;
+ mbedtls_ssl_transform_init(&transform_recv);
mbedtls_record rec;
unsigned char *buf = NULL;
size_t buf_len;
@@ -2050,8 +1819,6 @@
keys.key_len = server_write_key->len;
keys.iv_len = server_write_iv->len;
- mbedtls_ssl_transform_init(&transform_recv);
- mbedtls_ssl_transform_init(&transform_send);
MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_tls13_populate_transform(
@@ -2176,21 +1943,26 @@
/* Prepare a dummy session to work on */
((void) endpoint_type);
((void) tls_version);
+ ((void) ticket_len);
+ ((void) crt_file);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
&original, 0, endpoint_type) == 0);
- } else
+ }
#endif
- {
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
&original, ticket_len, crt_file) == 0);
}
+#endif
/* Serialize it */
TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- TEST_ASSERT((buf = mbedtls_calloc(1, len)) != NULL);
+ TEST_CALLOC(buf, len);
TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len)
== 0);
@@ -2201,8 +1973,27 @@
* Make sure both session structures are identical
*/
#if defined(MBEDTLS_HAVE_TIME)
- TEST_ASSERT(original.start == restored.start);
+ switch (tls_version) {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SRV_C)
+ case MBEDTLS_SSL_VERSION_TLS1_3:
+ TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time);
+ break;
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ TEST_ASSERT(original.start == restored.start);
+ break;
+#endif
+
+ default:
+ /* should never happen */
+ TEST_ASSERT(0);
+ break;
+ }
+
+
+#endif
+
TEST_ASSERT(original.tls_version == restored.tls_version);
TEST_ASSERT(original.ciphersuite == restored.ciphersuite);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -2274,15 +2065,21 @@
restored.resumption_key,
original.resumption_key_len) == 0);
}
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ TEST_ASSERT(
+ original.max_early_data_size == restored.max_early_data_size);
+#endif
+
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if (endpoint_type == MBEDTLS_SSL_IS_SERVER) {
- TEST_ASSERT(original.start == restored.start);
+ TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time);
}
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) {
#if defined(MBEDTLS_HAVE_TIME)
- TEST_ASSERT(original.ticket_received == restored.ticket_received);
+ TEST_ASSERT(original.ticket_reception_time == restored.ticket_reception_time);
#endif
TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime);
TEST_ASSERT(original.ticket_len == restored.ticket_len);
@@ -2323,16 +2120,27 @@
/* Prepare a dummy session to work on */
((void) endpoint_type);
- ((void) tls_version);
+ ((void) ticket_len);
+ ((void) crt_file);
+
+ switch (tls_version) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &session, 0, endpoint_type) == 0);
- } else
+ case MBEDTLS_SSL_VERSION_TLS1_3:
+ TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
+ &session, 0, endpoint_type) == 0);
+ break;
#endif
- {
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &session, ticket_len, crt_file) == 0);
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
+ &session, ticket_len, crt_file) == 0);
+ break;
+#endif
+ default:
+ /* should never happen */
+ TEST_ASSERT(0);
+ break;
}
/* Get desired buffer size for serializing */
@@ -2386,17 +2194,28 @@
/* Prepare dummy session and get serialized size */
((void) endpoint_type);
- ((void) tls_version);
+ ((void) ticket_len);
+ ((void) crt_file);
+
+ switch (tls_version) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &session, 0, endpoint_type) == 0);
- } else
+ case MBEDTLS_SSL_VERSION_TLS1_3:
+ TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
+ &session, 0, endpoint_type) == 0);
+ break;
#endif
- {
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &session, ticket_len, crt_file) == 0);
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
+ &session, ticket_len, crt_file) == 0);
+ break;
+#endif
+ default:
+ /* should never happen */
+ TEST_ASSERT(0);
+ break;
}
+
TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
@@ -2404,7 +2223,8 @@
for (bad_len = 1; bad_len < good_len; bad_len++) {
/* Allocate exact size so that asan/valgrind can detect any overwrite */
mbedtls_free(buf);
- TEST_ASSERT((buf = mbedtls_calloc(1, bad_len)) != NULL);
+ buf = NULL;
+ TEST_CALLOC(buf, bad_len);
TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len,
&test_len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
@@ -2434,20 +2254,33 @@
/* Prepare serialized session data */
((void) endpoint_type);
- ((void) tls_version);
+ ((void) ticket_len);
+ ((void) crt_file);
+
+ switch (tls_version) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &session, 0, endpoint_type) == 0);
- } else
+ case MBEDTLS_SSL_VERSION_TLS1_3:
+ TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
+ &session, 0, endpoint_type) == 0);
+ break;
#endif
- {
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &session, ticket_len, crt_file) == 0);
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
+ &session, ticket_len, crt_file) == 0);
+ break;
+#endif
+
+ default:
+ /* should never happen */
+ TEST_ASSERT(0);
+ break;
}
+
TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL);
+ TEST_CALLOC(good_buf, good_len);
TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len,
&good_len) == 0);
mbedtls_ssl_session_free(&session);
@@ -2456,8 +2289,8 @@
for (bad_len = 0; bad_len < good_len; bad_len++) {
/* Allocate exact size so that asan/valgrind can detect any overread */
mbedtls_free(bad_buf);
- bad_buf = mbedtls_calloc(1, bad_len ? bad_len : 1);
- TEST_ASSERT(bad_buf != NULL);
+ bad_buf = NULL;
+ TEST_CALLOC_NONNULL(bad_buf, bad_len);
memcpy(bad_buf, good_buf, bad_len);
TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len)
@@ -2493,16 +2326,26 @@
mbedtls_ssl_session_init(&session);
USE_PSA_INIT();
((void) endpoint_type);
- ((void) tls_version);
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &session, 0, endpoint_type) == 0);
- } else
-#endif
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &session, 0, NULL) == 0);
+ switch (tls_version) {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ case MBEDTLS_SSL_VERSION_TLS1_3:
+ TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
+ &session, 0, endpoint_type) == 0);
+ break;
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ case MBEDTLS_SSL_VERSION_TLS1_2:
+ TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
+ &session, 0, NULL) == 0);
+
+ break;
+#endif
+ default:
+ /* should never happen */
+ TEST_ASSERT(0);
+ break;
+ }
/* Infer length of serialized session. */
TEST_ASSERT(mbedtls_ssl_session_save(&session,
@@ -2549,7 +2392,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256 */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256 */
void mbedtls_endpoint_sanity(int endpoint_type)
{
enum { BUFFSIZE = 1024 };
@@ -2580,7 +2423,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS */
void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass)
{
enum { BUFFSIZE = 1024 };
@@ -2653,7 +2496,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_version(int dtls, int client_min_version, int client_max_version,
int server_min_version, int server_max_version,
int expected_negotiated_version)
@@ -2745,7 +2588,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256 */
void app_data(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments, int dtls)
@@ -2774,7 +2617,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -2786,7 +2629,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -2798,7 +2641,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_serialization()
{
mbedtls_test_handshake_test_options options;
@@ -2815,7 +2658,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_AES_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SSL_HAVE_AES:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
void handshake_fragmentation(int mfl,
int expected_srv_hs_fragmentation,
int expected_cli_hs_fragmentation)
@@ -2855,7 +2698,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void renegotiation(int legacy_renegotiation)
{
mbedtls_test_handshake_test_options options;
@@ -2875,7 +2718,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256 */
void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls, char *cipher)
{
@@ -2902,7 +2745,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_serialize_mfl(int mfl)
{
test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -2912,7 +2755,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
char *cipher)
{
@@ -3062,7 +2905,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_ECP_HAVE_SECP224R1:MBEDTLS_ECP_HAVE_SECP256R1 */
void conf_curve()
{
@@ -3149,7 +2992,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256 */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256 */
void force_bad_session_id_len()
{
enum { BUFFSIZE = 1024 };
@@ -3346,7 +3189,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PK_CAN_ECDSA_SOME */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };
@@ -3354,6 +3197,7 @@
mbedtls_psa_stats_t stats;
size_t free_slots_before = -1;
mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
@@ -3361,7 +3205,6 @@
mbedtls_platform_zeroize(&client, sizeof(client));
mbedtls_platform_zeroize(&server, sizeof(server));
- mbedtls_test_init_handshake_options(&options);
options.pk_alg = MBEDTLS_PK_ECDSA;
options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
@@ -3417,7 +3260,7 @@
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_ECP_HAVE_SECP384R1 */
void tls13_server_certificate_msg_invalid_vector_len()
{
int ret = -1;
@@ -3602,67 +3445,67 @@
MD_OR_USE_PSA_INIT();
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
+#if defined(MBEDTLS_ECP_HAVE_SECP521R1) || defined(PSA_WANT_ECC_SECP_R1_521)
TEST_AVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521);
#else
TEST_UNAVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521);
#endif
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#if defined(MBEDTLS_ECP_HAVE_BP512R1) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
TEST_AVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512);
#else
TEST_UNAVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512);
#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
+#if defined(MBEDTLS_ECP_HAVE_SECP384R1) || defined(PSA_WANT_ECC_SECP_R1_384)
TEST_AVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384);
#else
TEST_UNAVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384);
#endif
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#if defined(MBEDTLS_ECP_HAVE_BP384R1) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
TEST_AVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384);
#else
TEST_UNAVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384);
#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
+#if defined(MBEDTLS_ECP_HAVE_SECP256R1) || defined(PSA_WANT_ECC_SECP_R1_256)
TEST_AVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256);
#else
TEST_UNAVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256);
#endif
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
+#if defined(MBEDTLS_ECP_HAVE_SECP256K1) || defined(PSA_WANT_ECC_SECP_K1_256)
TEST_AVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256);
#else
TEST_UNAVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256);
#endif
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#if defined(MBEDTLS_ECP_HAVE_BP256R1) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
TEST_AVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
#else
TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
+#if defined(MBEDTLS_ECP_HAVE_SECP224R1) || defined(PSA_WANT_ECC_SECP_R1_224)
TEST_AVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
#else
TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
#endif
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
+#if defined(MBEDTLS_ECP_HAVE_SECP224K1) || defined(PSA_WANT_ECC_SECP_K1_224)
TEST_AVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
#else
TEST_UNAVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
#endif
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
+#if defined(MBEDTLS_ECP_HAVE_SECP192R1) || defined(PSA_WANT_ECC_SECP_R1_192)
TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
#else
TEST_UNAVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
+#if defined(MBEDTLS_ECP_HAVE_SECP192K1) || defined(PSA_WANT_ECC_SECP_K1_192)
TEST_AVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
#else
TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
+#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(PSA_WANT_ECC_MONTGOMERY_255)
TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
#else
TEST_UNAVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
#endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
+#if defined(MBEDTLS_ECP_HAVE_CURVE448) || defined(PSA_WANT_ECC_MONTGOMERY_448)
TEST_AVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448);
#else
TEST_UNAVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448);
diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function
new file mode 100644
index 0000000..35f0adb
--- /dev/null
+++ b/tests/suites/test_suite_ssl_decrypt.function
@@ -0,0 +1,312 @@
+/* BEGIN_HEADER */
+/* Testing of mbedtls_ssl_decrypt_buf() specifically, focusing on negative
+ * testing (using malformed inputs). */
+
+#include <mbedtls/ssl.h>
+#include <ssl_misc.h>
+#include <test/ssl_helpers.h>
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_SSL_TLS_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CIPHER_NULL_CIPHER */
+void ssl_decrypt_null(int hash_id)
+{
+ mbedtls_ssl_transform transform_in, transform_out;
+ mbedtls_ssl_transform_init(&transform_in);
+ mbedtls_ssl_transform_init(&transform_out);
+ const mbedtls_ssl_protocol_version version = MBEDTLS_SSL_VERSION_TLS1_2;
+ const mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NULL;
+ mbedtls_record rec_good = {
+ .ctr = { 0 },
+ .type = MBEDTLS_SSL_MSG_APPLICATION_DATA,
+ .ver = { 0, 0 }, /* Will be set by a function call below */
+ .buf = NULL,
+ .buf_len = 0,
+ .data_offset = 0,
+ .data_len = 0,
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ .cid_len = 0,
+ .cid = { 0 },
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ };
+ mbedtls_ssl_write_version(rec_good.ver,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ version);
+ const char sample_plaintext[3] = "ABC";
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_init(&ssl);
+ uint8_t *buf = NULL;
+
+ MD_OR_USE_PSA_INIT();
+
+ TEST_EQUAL(mbedtls_test_ssl_build_transforms(&transform_in, &transform_out,
+ cipher_type, hash_id, 0, 0,
+ version,
+ 0, 0), 0);
+
+ const size_t plaintext_length = sizeof(sample_plaintext);
+ rec_good.buf_len = plaintext_length + transform_in.maclen;
+ rec_good.data_len = plaintext_length;
+ TEST_CALLOC(rec_good.buf, rec_good.buf_len);
+ memcpy(rec_good.buf, sample_plaintext, plaintext_length);
+ TEST_EQUAL(mbedtls_test_ssl_prepare_record_mac(&rec_good,
+ &transform_out), 0);
+
+ /* Good case */
+ mbedtls_record rec = rec_good;
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), 0);
+
+ /* Change any one byte of the plaintext or MAC. The MAC will be wrong. */
+ TEST_CALLOC(buf, rec.buf_len);
+ for (size_t i = 0; i < rec.buf_len; i++) {
+ mbedtls_test_set_step(i);
+ rec = rec_good;
+ rec.buf = buf;
+ memcpy(buf, rec_good.buf, rec.buf_len);
+ buf[i] ^= 1;
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
+ MBEDTLS_ERR_SSL_INVALID_MAC);
+ }
+ mbedtls_free(buf);
+ buf = NULL;
+
+ /* Shorter input buffer. Either the MAC will be wrong, or there isn't
+ * enough room for a MAC. */
+ for (size_t n = 1; n < rec.buf_len; n++) {
+ mbedtls_test_set_step(n);
+ rec = rec_good;
+ TEST_CALLOC(buf, n);
+ rec.buf = buf;
+ rec.buf_len = n;
+ rec.data_len = n;
+ memcpy(buf, rec_good.buf, n);
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
+ MBEDTLS_ERR_SSL_INVALID_MAC);
+ mbedtls_free(buf);
+ buf = NULL;
+ }
+
+ /* For robustness, check a 0-length buffer (non-null, then null).
+ * This should not reach mbedtls_ssl_decrypt_buf() as used in the library,
+ * so the exact error doesn't matter, but we don't want a crash. */
+ {
+ const uint8_t buf1[1] = { 'a' };
+ rec = rec_good;
+ /* We won't write to buf1[0] since it's out of range, so we can cast
+ * the const away. */
+ rec.buf = (uint8_t *) buf1;
+ rec.buf_len = 0;
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
+ MBEDTLS_ERR_SSL_INTERNAL_ERROR);
+ }
+ rec = rec_good;
+ rec.buf = NULL;
+ rec.buf_len = 0;
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
+ MBEDTLS_ERR_SSL_INTERNAL_ERROR);
+
+exit:
+ mbedtls_ssl_transform_free(&transform_in);
+ mbedtls_ssl_transform_free(&transform_out);
+ mbedtls_free(rec_good.buf);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_free(buf);
+ MD_OR_USE_PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2 */
+void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
+ int length_selector)
+{
+ /*
+ * Test record decryption for CBC without EtM, focused on the verification
+ * of padding and MAC.
+ *
+ * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since
+ * the test framework doesn't support alternation in dependency statements,
+ * just depend on AES.
+ *
+ * The length_selector argument is interpreted as follows:
+ * - if it's -1, the plaintext length is 0 and minimal padding is applied
+ * - if it's -2, the plaintext length is 0 and maximal padding is applied
+ * - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
+ * it's the length of the rest of the padding, that is, excluding the
+ * byte that encodes the length. The minimal non-zero plaintext length
+ * that gives this padding_length is automatically selected.
+ */
+ mbedtls_ssl_context ssl; /* ONLY for debugging */
+ mbedtls_ssl_transform t0, t1;
+ mbedtls_record rec, rec_save;
+ unsigned char *buf = NULL, *buf_save = NULL;
+ size_t buflen, olen = 0;
+ size_t plaintext_len, block_size, i;
+ unsigned char padlen; /* excluding the padding_length byte */
+ int exp_ret;
+ int ret;
+ const unsigned char pad_max_len = 255; /* Per the standard */
+
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_transform_init(&t0);
+ mbedtls_ssl_transform_init(&t1);
+ MD_OR_USE_PSA_INIT();
+
+ /* Set up transforms with dummy keys */
+ ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
+ 0, trunc_hmac,
+ MBEDTLS_SSL_VERSION_TLS1_2,
+ 0, 0);
+
+ TEST_ASSERT(ret == 0);
+
+ /* Determine padding/plaintext length */
+ TEST_ASSERT(length_selector >= -2 && length_selector <= 255);
+ block_size = t0.ivlen;
+ if (length_selector < 0) {
+ plaintext_len = 0;
+
+ /* Minimal padding
+ * The +1 is for the padding_length byte, not counted in padlen. */
+ padlen = block_size - (t0.maclen + 1) % block_size;
+
+ /* Maximal padding? */
+ if (length_selector == -2) {
+ padlen += block_size * ((pad_max_len - padlen) / block_size);
+ }
+ } else {
+ padlen = length_selector;
+
+ /* Minimal non-zero plaintext_length giving desired padding.
+ * The +1 is for the padding_length byte, not counted in padlen. */
+ plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size;
+ }
+
+ /* Prepare a buffer for record data */
+ buflen = block_size
+ + plaintext_len
+ + t0.maclen
+ + padlen + 1;
+ TEST_CALLOC(buf, buflen);
+ TEST_CALLOC(buf_save, buflen);
+
+ /* Prepare a dummy record header */
+ memset(rec.ctr, 0, sizeof(rec.ctr));
+ rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
+ mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_VERSION_TLS1_2);
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ /* Prepare dummy record content */
+ rec.buf = buf;
+ rec.buf_len = buflen;
+ rec.data_offset = block_size;
+ rec.data_len = plaintext_len;
+ memset(rec.buf + rec.data_offset, 42, rec.data_len);
+
+ /* Set dummy IV */
+ memset(t0.iv_enc, 0x55, t0.ivlen);
+ memcpy(rec.buf, t0.iv_enc, t0.ivlen);
+
+ /*
+ * Prepare a pre-encryption record (with MAC and padding), and save it.
+ */
+ TEST_EQUAL(0, mbedtls_test_ssl_prepare_record_mac(&rec, &t0));
+
+ /* Pad */
+ memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
+ rec.data_len += padlen + 1;
+
+ /* Save correct pre-encryption record */
+ rec_save = rec;
+ rec_save.buf = buf_save;
+ memcpy(buf_save, buf, buflen);
+
+ /*
+ * Encrypt and decrypt the correct record, expecting success
+ */
+ TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
+ &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
+ rec.data_len, rec.buf + rec.data_offset, &olen));
+ rec.data_offset -= t0.ivlen;
+ rec.data_len += t0.ivlen;
+
+ TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
+
+ /*
+ * Modify each byte of the pre-encryption record before encrypting and
+ * decrypting it, expecting failure every time.
+ */
+ for (i = block_size; i < buflen; i++) {
+ mbedtls_test_set_step(i);
+
+ /* Restore correct pre-encryption record */
+ rec = rec_save;
+ rec.buf = buf;
+ memcpy(buf, buf_save, buflen);
+
+ /* Corrupt one byte of the data (could be plaintext, MAC or padding) */
+ rec.buf[i] ^= 0x01;
+
+ /* Encrypt */
+ TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
+ &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
+ rec.data_len, rec.buf + rec.data_offset, &olen));
+ rec.data_offset -= t0.ivlen;
+ rec.data_len += t0.ivlen;
+
+ /* Decrypt and expect failure */
+ TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC,
+ mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
+ }
+
+ /*
+ * Use larger values of the padding bytes - with small buffers, this tests
+ * the case where the announced padlen would be larger than the buffer
+ * (and before that, than the buffer minus the size of the MAC), to make
+ * sure our padding checking code does not perform any out-of-bounds reads
+ * in this case. (With larger buffers, ie when the plaintext is long or
+ * maximal length padding is used, this is less relevant but still doesn't
+ * hurt to test.)
+ *
+ * (Start the loop with correct padding, just to double-check that record
+ * saving did work, and that we're overwriting the correct bytes.)
+ */
+ for (i = padlen; i <= pad_max_len; i++) {
+ mbedtls_test_set_step(i);
+
+ /* Restore correct pre-encryption record */
+ rec = rec_save;
+ rec.buf = buf;
+ memcpy(buf, buf_save, buflen);
+
+ /* Set padding bytes to new value */
+ memset(buf + buflen - padlen - 1, i, padlen + 1);
+
+ /* Encrypt */
+ TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper(
+ &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset,
+ rec.data_len, rec.buf + rec.data_offset, &olen));
+ rec.data_offset -= t0.ivlen;
+ rec.data_len += t0.ivlen;
+
+ /* Decrypt and expect failure except the first time */
+ exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
+ TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
+ }
+
+exit:
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_transform_free(&t0);
+ mbedtls_ssl_transform_free(&t1);
+ mbedtls_free(buf);
+ mbedtls_free(buf_save);
+ MD_OR_USE_PSA_DONE();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data
new file mode 100644
index 0000000..27ea27a
--- /dev/null
+++ b/tests/suites/test_suite_ssl_decrypt.misc.data
@@ -0,0 +1,399 @@
+Decrypt null cipher, MD5
+depends_on:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_null:MBEDTLS_MD_MD5
+
+Decrypt null cipher, SHA-1
+depends_on:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_null:MBEDTLS_MD_SHA1
+
+Decrypt null cipher, SHA-256
+depends_on:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_null:MBEDTLS_MD_SHA256
+
+Decrypt null cipher, SHA-384
+depends_on:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_null:MBEDTLS_MD_SHA384
+
+Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1
+
+Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255
+
+Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1
+
+Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255
+
+Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1
+
+Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255
+
+Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1
+
+Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index dac3f70..faa3166 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compile time library version
-check_compiletime_version:"3.4.1"
+check_compiletime_version:"3.5.1"
Check runtime library version
-check_runtime_version:"3.4.1"
+check_runtime_version:"3.5.1"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index 981f8ab..eeae512 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -20,7 +20,7 @@
mbedtls_snprintf(build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
build_int = MBEDTLS_VERSION_MAJOR << 24 |
@@ -56,7 +56,7 @@
(get_int >> 24) & 0xFF,
(get_int >> 16) & 0xFF,
(get_int >> 8) & 0xFF);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %s", version_str);
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %s", version_str);
TEST_ASSERT(strcmp(build_str, version_str) == 0);
TEST_ASSERT(strcmp(build_str_full, get_str_full) == 0);
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 7af9de9..261c220 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -67,43 +67,43 @@
x509_cert_info:"data_files/parse_input/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1
x509_cert_info:"data_files/parse_input/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA224
x509_cert_info:"data_files/parse_input/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA384
x509_cert_info:"data_files/parse_input/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA512
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA512
x509_cert_info:"data_files/parse_input/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA256 Digest, hardware module name SAN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/server5-othername.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2023-06-20 09\:04\:43\nexpires on \: 2033-06-17 09\:04\:43\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/server5-nonprintable_othername.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2023-06-20 09\:49\:20\nexpires on \: 2033-06-17 09\:49\:20\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
X509 CRT information EC, SHA256 Digest, directoryName SAN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/server5-directoryname.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-10 16\:59\:29\nexpires on \: 2033-01-07 16\:59\:29\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n"
X509 CRT information EC, SHA256 Digest, two directoryName SANs
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/server5-two-directorynames.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-12 10\:34\:11\nexpires on \: 2033-01-09 10\:34\:11\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n directoryName \: O=MALFORM_ME\n"
X509 CRT information EC, SHA256 Digest, Wisun Fan device
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/server5-fan.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2023-06-20 09\:49\:35\nexpires on \: 2033-06-17 09\:49\:35\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n"
X509 CRT information, NS Cert Type
@@ -123,7 +123,7 @@
x509_cert_info:"data_files/parse_input/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2019-07-10 11\:27\:52\nexpires on \: 2029-07-10 11\:27\:52\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Multiple different Subject Alt Name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Subject Alt Name + Key Usage
@@ -143,7 +143,7 @@
x509_cert_info:"data_files/parse_input/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, ECDSA Certificate Policy any
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, RSA Certificate Policy any with qualifier
@@ -151,7 +151,7 @@
x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, ECDSA Certificate Policy any with qualifier
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, RSA Certificate multiple Policies
@@ -159,7 +159,7 @@
x509_cert_info:"data_files/parse_input/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
X509 CRT information, ECDSA Certificate multiple Policies
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
X509 CRT information, RSA Certificate unsupported policy
@@ -167,7 +167,7 @@
x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
X509 CRT information, ECDSA Certificate unsupported policy
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
X509 CRT information, Key Usage + Extended Key Usage
@@ -179,39 +179,39 @@
x509_cert_info:"data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC signed by RSA
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_cert_info:"data_files/parse_input/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
X509 CRT information Bitstring in subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n"
+x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=#030B0037313031303132323535\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n"
X509 CRT information Non-ASCII string in issuer name and subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nsubject name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 CRT information Parsing IPv4 and IPv6 IP names
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_cert_info:"data_files/server5-tricky-ip-san.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nissued on \: 2023-06-05 11\:30\:36\nexpires on \: 2033-06-02 11\:30\:36\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n iPAddress \: 97.98.99.100\n iPAddress \: 6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D\n"
X509 SAN parsing otherName
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_parse_san:"data_files/parse_input/server5-othername.crt.der":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n":0
X509 SAN parsing binary otherName
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_parse_san:"data_files/parse_input/server5-nonprintable_othername.crt.der":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n":0
X509 SAN parsing directoryName
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_parse_san:"data_files/parse_input/server5-directoryname.crt.der":"type \: 4\ndirectoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n":0
X509 SAN parsing directoryName, seq malformed
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_parse_san:"data_files/parse_input/server5-directoryname-seq-malformed.crt.der":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 SAN parsing two directoryNames, second DN OID malformed
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_parse_san:"data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 SAN parsing dNSName
@@ -219,7 +219,7 @@
x509_parse_san:"data_files/parse_input/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0
X509 SAN parsing Multiple different types
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_parse_san:"data_files/parse_input/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0
X509 SAN parsing, no subject alt name
@@ -227,7 +227,7 @@
x509_parse_san:"data_files/parse_input/server4.crt":"":0
X509 SAN parsing, unsupported otherName name
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_parse_san:"data_files/parse_input/server5-unsupported_othername.crt.der":"":0
X509 SAN parsing rfc822Name
@@ -235,7 +235,7 @@
x509_parse_san:"data_files/parse_input/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n":0
X509 CRT information Parsing IP (invalid data)
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_parse_san:"data_files/server5-tricky-ip-san-malformed-len.crt.der":"":MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 CRL information #1
@@ -347,23 +347,23 @@
mbedtls_x509_csr_info:"data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information EC with SHA1
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA224
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA256
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA384
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA512
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA1
@@ -447,6 +447,18 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_dn_gets:"data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1"
+X509 Get Distinguished Name #6
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
+mbedtls_x509_dn_gets:"data_files/server1.hashsymbol.crt":"subject":"C=NL, O=\\#PolarSSL, CN=PolarSSL Server 1"
+
+X509 Get Distinguished Name #7
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
+mbedtls_x509_dn_gets:"data_files/server1.spaces.crt":"subject":"C=NL, O=\\ PolarSSL\\ , CN=PolarSSL Server 1"
+
+X509 Get Distinguished Name #8
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
+mbedtls_x509_dn_gets:"data_files/server1.asciichars.crt":"subject":"C=NL, O=\\E6\\9E\\81\\E5\\9C\\B0SSL, CN=PolarSSL Server 1"
+
X509 Get Modified DN #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_dn_gets_subject_replace:"data_files/server1.crt":"Modified":"C=NL, O=Modified, CN=PolarSSL Server 1":0
@@ -544,27 +556,27 @@
mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_to":0
X509 Time Future #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0
X509 Time Future #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1
X509 Time Future #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1
X509 Time Future #4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1
X509 Time Future #5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_from":0
X509 Time Future #6
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA256
mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1
X509 CRT verification #1 (Revoked Cert, Expired CRL, no CN)
@@ -572,7 +584,7 @@
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
X509 CRT verification #1a (Revoked Cert, Future CRL, no CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 CRT verification #2 (Revoked Cert, Expired CRL)
@@ -580,7 +592,7 @@
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
X509 CRT verification #2a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 CRT verification #3 (Revoked Cert, Future CRL, CN Mismatch)
@@ -588,7 +600,7 @@
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 CRT verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 CRT verification #4 (Valid Cert, Expired CRL)
@@ -596,7 +608,7 @@
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
X509 CRT verification #4a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 CRT verification #5 (Revoked Cert)
@@ -624,23 +636,23 @@
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 CRT verification #8 (Valid Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #8a (Expired Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
X509 CRT verification #8b (Future Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
X509 CRT verification #8c (Expired Cert, longer chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
X509 CRT verification #8d (Future Cert, longer chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
X509 CRT verification #9 (Not trusted Cert)
@@ -740,35 +752,35 @@
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #32 (Valid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #33 (Valid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #34 (Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #35 (Revoked, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 CRT verification #36 (Valid, EC CA, SHA1 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #37 (Valid, EC CA, SHA224 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA224
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #38 (Valid, EC CA, SHA384 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA384:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA384:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #39 (Valid, EC CA, SHA512 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA512:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA512:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #40 (Valid, depth 0, RSA, CA)
@@ -776,7 +788,7 @@
x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #41 (Valid, depth 0, EC, CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #42 (Depth 0, not CA, RSA)
@@ -784,11 +796,11 @@
x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #43 (Depth 0, not CA, EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #44 (Corrupted signature, EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #45 (Corrupted signature, RSA)
@@ -796,51 +808,51 @@
x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #45b (Corrupted signature, intermediate CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #50 (Valid, multiple CAs)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #51 (Valid, multiple CAs, reverse order)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #52 (CA keyUsage valid)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #53 (CA keyUsage missing cRLSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #55 (CA keyUsage missing keyCertSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #56 (CA keyUsage plain wrong)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1)
@@ -880,7 +892,7 @@
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #66 (RSASSA-PSS, SHA1, no RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #67 (Valid, RSASSA-PSS, all defaults)
@@ -912,11 +924,11 @@
x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #73 (selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #74 (signed by selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #75 (encoding mismatch)
@@ -924,63 +936,63 @@
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #76 (multiple CRLs, not revoked)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #77 (multiple CRLs, revoked)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 CRT verification #78 (multiple CRLs, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 CRT verification #79 (multiple CRLs, revoked by future)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 CRT verification #80 (multiple CRLs, first future, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 CRT verification #81 (multiple CRLs, none relevant)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #82 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #83 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #84 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #85 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #86 (Not yet valid CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
X509 CRT verification #87 (Expired CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
X509 CRT verification #88 (Spurious cert in the chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #89 (Spurious cert later in the chain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #90 (EE with same name as trusted root)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL"
X509 CRT verification #91 (same CA with good then bad key)
@@ -992,19 +1004,19 @@
x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #92 (bad name, allowing callback)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL"
X509 CRT verification #95 (Suite B Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL"
X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest)
@@ -1024,47 +1036,47 @@
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 CRT verification: domain identical to IPv4 in SubjectAltName
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: domain identical to IPv6 in SubjectAltName
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: matching IPv4 in SubjectAltName
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL"
X509 CRT verification: mismatching IPv4 in SubjectAltName
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: IPv4 with trailing data in SubjectAltName
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: matching IPv6 in SubjectAltName
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL"
X509 CRT verification: mismatching IPv6 in SubjectAltName
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: matching URI in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":0:0:"":"NULL"
X509 CRT verification: URI with trailing data in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609cz":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: URI with preceding data in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"zurn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: URI with bad data in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C
x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"bad\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT parse CN: IPv4 valid address
@@ -1171,15 +1183,15 @@
x509_verify_ca_cb_failure:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR
X509 CRT verification callback: bad name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n"
X509 CRT verification callback: trusted EE cert
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1
x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n"
X509 CRT verification callback: trusted EE cert, expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n"
X509 CRT verification callback: simple
@@ -1187,71 +1199,71 @@
x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
X509 CRT verification callback: simple, EE expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
X509 CRT verification callback: simple, root expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: two trusted roots
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
X509 CRT verification callback: two trusted roots, reversed order
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
X509 CRT verification callback: root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
X509 CRT verification callback: intermediate ca
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: intermediate ca, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: intermediate ca trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256
x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: intermediate ca, EE expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
X509 CRT verification callback: intermediate ca, int expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: intermediate ca, root expired
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: two intermediates
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: two intermediates, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: two intermediates, top int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256
x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: two intermediates, low int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
X509 CRT verification callback: no intermediate, bad signature
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
X509 CRT verification callback: one intermediate, bad signature
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA256
x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
X509 CRT ASN1 (Empty Certificate)
@@ -2373,7 +2385,7 @@
X509 CRT ASN1 (Name with composite RDN)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0
+x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, 1.3.6.1.4.1.311.60.2.1.3=#13025553, 1.3.6.1.4.1.311.60.2.1.2=#130844656C6177617265, O=Authorize.Net LLC, 2.5.4.15=#131450726976617465204F7267616E697A6174696F6E, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0
X509 CRT ASN1 (Name with PKCS9 email)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
@@ -2388,11 +2400,11 @@
x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0
X509 CRT ASN1 (ECDSA signature, EC key)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_MD_CAN_SHA1
x509parse_crt:"3081eb3081a3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343031395a170d3233303730383039343031395a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d030101033200042137969fabd4e370624a0e1a33e379cab950cce00ef8c3c3e2adaeb7271c8f07659d65d3d777dcf21614363ae4b6e617300906072a8648ce3d04010338003035021858cc0f957946fe6a303d92885a456aa74c743c7b708cbd37021900fe293cac21af352d16b82eb8ea54e9410b3abaadd9f05dd6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0
X509 CRT ASN1 (RSA signature, EC key)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
X509 CRT ASN1 (Unsupported critical extension)
@@ -2583,7 +2595,7 @@
mbedtls_x509_crt_parse_file:"data_files/dir3/test-ca.crt":0:1
X509 CRT parse file dir3/test-ca2.crt
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_parse_file:"data_files/dir3/test-ca2.crt":0:1
# The parse_path tests are known to fail when compiled for a 32-bit architecture
@@ -2594,23 +2606,23 @@
mbedtls_x509_crt_parse_path:"data_files/dir1":0:1
X509 CRT parse path #2 (two certs)
-depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_parse_path:"data_files/dir2":0:2
X509 CRT parse path #3 (two certs, one non-cert)
-depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_parse_path:"data_files/dir3":1:2
X509 CRT verify long chain (max intermediate CA, trusted)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0
X509 CRT verify long chain (max intermediate CA, untrusted)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA-1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED
X509 CRT verify long chain (max intermediate CA + 1)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1
X509 CRT verify chain #1 (zero pathlen intermediate)
@@ -2646,27 +2658,27 @@
mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0
X509 CRT verify chain #9 (zero pathlen first intermediate, valid)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0:0:"":0
X509 CRT verify chain #10 (zero pathlen root, valid)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0:0:"":0
X509 CRT verify chain #11 (valid chain, missing profile)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0
X509 CRT verify chain #12 (suiteb profile, RSA root)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP192R1:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
X509 CRT verify chain #13 (RSA only profile, EC root)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
X509 CRT verify chain #13 (RSA only profile, EC trusted EE)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_crt_verify_chain:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
X509 CRT verify chain #14 (RSA-3072 profile, root key too small)
@@ -2674,47 +2686,47 @@
mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
X509 CRT verify chain #15 (suiteb profile, rsa intermediate)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
X509 CRT verify chain #16 (RSA-only profile, EC intermediate)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
X509 CRT verify chain #17 (SHA-512 profile)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0
X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA512
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA512
mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-2:"":2
X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA512
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA512
mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-1:"":1
X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA512:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA512:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca.crt":-1:-1:"":1
X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-4:"":8
X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-3:"":4
X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-2:"":2
X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-1:"":1
X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted)
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca2.crt":-1:-4:"":8
X509 OID description #1
@@ -2786,31 +2798,31 @@
x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
X509 CRT extendedKeyUsage #1 (no extension, serverAuth)
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_check_extended_key_usage:"data_files/server5.crt":"2b06010505070301":0
X509 CRT extendedKeyUsage #2 (single value, present)
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2b06010505070301":0
X509 CRT extendedKeyUsage #3 (single value, absent)
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2b06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 CRT extendedKeyUsage #4 (two values, first)
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2b06010505070301":0
X509 CRT extendedKeyUsage #5 (two values, second)
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2b06010505070302":0
X509 CRT extendedKeyUsage #6 (two values, other)
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2b06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 CRT extendedKeyUsage #7 (any, random)
-depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2b060105050703ff":0
X509 RSASSA-PSS parameters ASN1 (good, all defaults)
@@ -2925,9 +2937,29 @@
x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG
X509 CSR ASN.1 (OK)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n":0
+X509 CSR ASN.1 (Unsupported critical extension, critical=true)
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
+mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CSR ASN.1 (Unsupported non-critical extension, critical=false)
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
+mbedtls_x509_csr_parse:"308201243081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004b5e718a7df6b21912733e77c42f266b8283e6cae7adf8afd56b990c1c6232ea0a2a46097c218353bc948444aea3d00423e84802e28c48099641fe9977cdfb505a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101000403010101300a06082a8648ce3d0403020348003045022100f0ba9a0846ad0a7cefd0a61d5fc92194dc06037a44158de2d0c569912c058d430220421f27a9f249c1687e2fa34db3f543c8512fd925dfe5ae00867f13963ffd4f8d":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0
+
+X509 CSR ASN.1 (Unsupported non-critical extension, critical undefined)
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
+mbedtls_x509_csr_parse:"308201223081c802010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d030107034200045f94b28d133418833bf10c442d91306459d3925e7cea06ebb9220932e7de116fb671c5d2d6c0a3784a12897217aef8432e7228fcea0ab016bdb67b67ced4c612a025302306092a864886f70d01090e311630143012060b2b0601040183890c8622020403010101300a06082a8648ce3d04030203490030460221009b1e8b25775c18525e96753e1ed55875f8d62f026c5b7f70eb5037ad27dc92de022100ba1dfe14de6af6a603f763563fd046b1cd3714b54d6daf5d8a72076497f11014":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0
+
+X509 CSR ASN.1 (Unsupported critical extension accepted by callback, critical=true)
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
+mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0:1
+
+X509 CSR ASN.1 (Unsupported critical extension rejected by callback, critical=true)
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
+mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:0
+
X509 CSR ASN.1 (bad first tag)
mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT
@@ -2971,47 +3003,47 @@
mbedtls_x509_csr_parse:"30173014020100300d310b3009060355040613024e4c300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad attributes: missing)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_csr_parse:"3081973081940201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad attributes: bad tag)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_csr_parse:"3081993081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad attributes: overlong)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_csr_parse:"30819a3081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: missing)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_csr_parse:"3081c23081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: not a sequence)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad sigAlg: overlong)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: unknown)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1
mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04ff":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
X509 CSR ASN.1 (bad sig: missing)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sig: not a bit string)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad sig: overlong)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (extra data after signature)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_csr_parse:"308201193081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CSR ASN.1 (invalid version overflow)
@@ -3096,7 +3128,7 @@
mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0
X509 File parse (no issues)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
mbedtls_x509_crt_parse_file:"data_files/parse_input/server7_int-ca.crt":0:2
X509 File parse (extra space in one certificate)
@@ -3108,7 +3140,7 @@
mbedtls_x509_crt_parse_file:"data_files/parse_input/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER:0
X509 File parse (trailing spaces, OK)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
mbedtls_x509_crt_parse_file:"data_files/parse_input/server7_trailing_space.crt":0:2
X509 File parse (Algorithm Params Tag mismatch)
@@ -3116,11 +3148,11 @@
mbedtls_x509_crt_parse_file:"data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH:0
X509 File parse (does not conform to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field is present, mbedTLS generated before bugfix, OK)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509parse_crt_file:"data_files/parse_input/server5-non-compliant.crt":0
X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field must be absent for ECDSA)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
x509parse_crt_file:"data_files/parse_input/server5.crt":0
X509 Get time (UTC no issues)
@@ -3236,91 +3268,91 @@
x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
X509 CRT verify restart: trusted EE, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1
x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0
X509 CRT verify restart: trusted EE, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1
x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:1:0:0
X509 CRT verify restart: no intermediate, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0
X509 CRT verify restart: no intermediate, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:1:100:10000
X509 CRT verify restart: no intermediate, max_ops=40000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:40000:0:0
X509 CRT verify restart: no intermediate, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:500:20:80
X509 CRT verify restart: no intermediate, badsign, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
X509 CRT verify restart: no intermediate, badsign, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
X509 CRT verify restart: no intermediate, badsign, max_ops=40000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:40000:0:0
X509 CRT verify restart: no intermediate, badsign, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80
X509 CRT verify restart: one int, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:0:0:0
X509 CRT verify restart: one int, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:1:100:10000
X509 CRT verify restart: one int, max_ops=30000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:30000:0:0
X509 CRT verify restart: one int, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:500:25:100
X509 CRT verify restart: one int, EE badsign, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
X509 CRT verify restart: one int, EE badsign, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
X509 CRT verify restart: one int, EE badsign, max_ops=30000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0
X509 CRT verify restart: one int, EE badsign, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
X509 CRT verify restart: one int, int badsign, max_ops=0 (disabled)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
X509 CRT verify restart: one int, int badsign, max_ops=1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
X509 CRT verify restart: one int, int badsign, max_ops=30000
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0
X509 CRT verify restart: one int, int badsign, max_ops=500
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
X509 ext types accessor: ext type present
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 88ca28c..c2a2f55 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -242,7 +242,7 @@
MBEDTLS_X509_SAFE_SNPRINTF;
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
- &san->san.other_name.value.hardware_module_name.oid) != 0) {
+ &san->san.other_name.type_id) == 0) {
ret = mbedtls_snprintf(p, n, " hardware module name :");
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf(p, n, " hardware type : ");
@@ -250,7 +250,8 @@
ret = mbedtls_oid_get_numeric_string(p,
n,
- &san->san.other_name.value.hardware_module_name.oid);
+ &san->san.other_name.value.hardware_module_name
+ .oid);
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf(p, n, ", hardware serial number : ");
@@ -413,12 +414,36 @@
}
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-/* END_HEADER */
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_BIGNUM_C
- * END_DEPENDENCIES
- */
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid,
+ int critical, const unsigned char *cp, const unsigned char *end)
+{
+ (void) p_ctx;
+ (void) csr;
+ (void) oid;
+ (void) critical;
+ (void) cp;
+ (void) end;
+
+ return 0;
+}
+
+int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid,
+ int critical, const unsigned char *cp, const unsigned char *end)
+{
+ (void) p_ctx;
+ (void) csr;
+ (void) oid;
+ (void) critical;
+ (void) cp;
+ (void) end;
+
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+}
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void x509_accessor_ext_types(int ext_type, int has_ext_type)
@@ -624,7 +649,7 @@
/*
* See comments on ecp_test_vect_restart() for op count precision.
*
- * For reference, with mbed TLS 2.6 and default settings:
+ * For reference, with Mbed TLS 2.6 and default settings:
* - ecdsa_verify() for P-256: ~ 6700
* - ecdsa_verify() for P-384: ~ 18800
* - x509_verify() for server5 -> test-ca2: ~ 18800
@@ -702,7 +727,7 @@
} else if (strcmp(profile_str, "all") == 0) {
profile = &profile_all;
} else {
- TEST_ASSERT("Unknown algorithm profile" == 0);
+ TEST_FAIL("Unknown algorithm profile");
}
if (strcmp(verify_callback, "NULL") == 0) {
@@ -712,7 +737,7 @@
} else if (strcmp(verify_callback, "verify_all") == 0) {
f_vrfy = verify_all;
} else {
- TEST_ASSERT("No known verify callback selected" == 0);
+ TEST_FAIL("No known verify callback selected");
}
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
@@ -734,7 +759,7 @@
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* CRLs aren't supported with CA callbacks, so skip the CA callback
* version of the test if CRLs are in use. */
- if (crl_file == NULL || strcmp(crl_file, "") == 0) {
+ if (strcmp(crl_file, "") == 0) {
flags = 0;
res = mbedtls_x509_crt_verify_with_ca_cb(&crt,
@@ -881,7 +906,7 @@
} else if (strcmp(entity, "issuer") == 0) {
res = mbedtls_x509_dn_gets(buf, 2000, &crt.issuer);
} else {
- TEST_ASSERT("Unknown entity" == 0);
+ TEST_FAIL("Unknown entity");
}
TEST_ASSERT(res != -1);
@@ -933,15 +958,17 @@
int ret = 0, i;
size_t len = 0, out_size;
mbedtls_asn1_named_data *names = NULL;
- mbedtls_x509_name parsed, *parsed_cur;
+ mbedtls_x509_name parsed;
+ memset(&parsed, 0, sizeof(parsed));
+ mbedtls_x509_name *parsed_cur;
// Size of buf is maximum required for test cases
- unsigned char buf[80], *out = NULL, *c;
+ unsigned char buf[80] = { 0 };
+ unsigned char *out = NULL;
+ unsigned char *c = buf + sizeof(buf);
const char *short_name;
USE_PSA_INIT();
- memset(&parsed, 0, sizeof(parsed));
- memset(buf, 0, sizeof(buf));
- c = buf + sizeof(buf);
+
// Additional size required for trailing space
out_size = strlen(expected_oids) + 2;
TEST_CALLOC(out, out_size);
@@ -1006,7 +1033,7 @@
} else if (strcmp(entity, "valid_to") == 0) {
TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result);
} else {
- TEST_ASSERT("Unknown entity" == 0);
+ TEST_FAIL("Unknown entity");
}
exit:
@@ -1030,7 +1057,7 @@
} else if (strcmp(entity, "valid_to") == 0) {
TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result);
} else {
- TEST_ASSERT("Unknown entity" == 0);
+ TEST_FAIL("Unknown entity");
}
exit:
@@ -1250,6 +1277,36 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
+void mbedtls_x509_csr_parse_with_ext_cb(data_t *csr_der, char *ref_out, int ref_ret, int accept)
+{
+ mbedtls_x509_csr csr;
+ char my_out[1000];
+ int my_ret;
+
+ mbedtls_x509_csr_init(&csr);
+ USE_PSA_INIT();
+
+ memset(my_out, 0, sizeof(my_out));
+
+ my_ret = mbedtls_x509_csr_parse_der_with_ext_cb(&csr, csr_der->x, csr_der->len,
+ accept ? parse_csr_ext_accept_cb :
+ parse_csr_ext_reject_cb,
+ NULL);
+ TEST_EQUAL(my_ret, ref_ret);
+
+ if (ref_ret == 0) {
+ size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
+ TEST_EQUAL(my_out_len, strlen(ref_out));
+ TEST_EQUAL(strcmp(my_out, ref_out), 0);
+ }
+
+exit:
+ mbedtls_x509_csr_free(&csr);
+ USE_PSA_DONE();
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void mbedtls_x509_csr_parse_file(char *csr_file, char *ref_out, int ref_ret)
{
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 0848550..28cef30 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -47,7 +47,7 @@
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0
Certificate Request check Server5 ECDSA, key_usage
-depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_HAVE_SECP256R1
x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0
Certificate Request check Server1, set_extension
@@ -55,137 +55,213 @@
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256.ext":MBEDTLS_MD_SHA256:0:0:0:0:1
Certificate Request check opaque Server5 ECDSA, key_usage
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
Certificate write check Server1 SHA1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, not before 1970
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, not after 2050
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, not before 1970, not after 2050
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, not before 2050, not after 2059
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, key_usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, one ext_key_usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, two ext_key_usages
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, ns_cert_type
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, version 1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, CA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT, key_usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT, version 1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT, CA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque, key_usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque, ns_cert_type
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque, version 1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque, CA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Full length serial
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Serial starting with 0x80
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, All 0xFF full length serial
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt":0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server5 ECDSA
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1
x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt":0
Certificate write check Server5 ECDSA, Opaque
-depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_USE_PSA_CRYPTO
x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0
Certificate write check Server1 SHA1, SubjectAltNames
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1
X509 String to Names #1
-mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0
+mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0:0
X509 String to Names #2
-mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_UNKNOWN_OID
+mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
X509 String to Names #3 (Name precisely 255 bytes)
-mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0
+mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0:0
X509 String to Names #4 (Name larger than 255 bytes)
-mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
X509 String to Names #5 (Escape non-allowed characters)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
X509 String to Names #6 (Escape at end)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME
+mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME:0
-X509 String to Names #6 (Invalid, no '=' or ',')
-mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME
+X509 String to Names #7 (Invalid, no '=' or ',')
+mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names #8 (Escaped valid characters)
+mbedtls_x509_string_to_names:"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":0:0
+
+X509 String to Names #9 (Escaped ascii hexpairs uppercase encoded)
+mbedtls_x509_string_to_names:"C=NL, O=\\4F\\66\\66\\73\\70\\61\\72\\6B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0
+
+X509 String to Names #10 (Escaped ascii hexpairs lowercase encoded)
+mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0
+
+X509 String to Names #11 (Invalid hexpair escape at end of string)
+mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names #12 (Reject escaped null hexpair)
+mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names #13 (Invalid hexpairs)
+mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names #14 (Accept numercoid/hexstring)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0
+
+# TODO: Should the trailing garbage be ignored?
+X509 String to Names (hexstring: trailing garbage after DER is ignored)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726Baa, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0
+
+X509 String to Names: long hexstring (payload=256 bytes)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C82010041414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141, OU=PolarSSL":"C=NL, O=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, OU=PolarSSL":0:MAY_FAIL_DN_GETS
+
+X509 String to Names: long hexstring (payload=257 bytes)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C820101aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names #15 (Odd length DER hexstring)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names (empty DER hexstring)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names (empty DER hexstring at end)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names (1-byte DER hexstring)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names (1-byte DER hexstring at end)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names #16 (hexstring: DER length exceeds available data)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C0B4F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names #17 (hexstring: Invalid OID)
+mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names #18 (short name and hexstring)
+mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0
+
+X509 String to Names (null byte in hexstring with string type)
+mbedtls_x509_string_to_names:"C=NL, O=#0C0100, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 String to Names (null byte in hexstring with non-string type)
+mbedtls_x509_string_to_names:"C=NL, O=#040100, OU=PolarSSL":"C=NL, O=\\x00, OU=PolarSSL":0:MAY_FAIL_GET_NAME
+
+X509 String to Names #19 (Accept non-ascii hexpairs)
+mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCspark, OU=PolarSSL":0:0
+
+X509 String to Names #20 (Reject empty AttributeValue)
+mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+
+X509 Round trip test (Escaped characters)
+mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0
+
+X509 Round trip test (hexstring output for non string input)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0:0
+
+X509 Round trip test (numercoid hexstring output for unknown OID)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":0:0
Check max serial length
x509_set_serial_check:
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index ab4a2d0..b59fd48 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -125,10 +125,16 @@
return ret;
}
#endif /* MBEDTLS_X509_CSR_WRITE_C */
+
+/* Due to inconsistencies in the input size limits applied by different
+ * library functions, some write-parse tests may fail. */
+#define MAY_FAIL_GET_NAME 0x0001
+#define MAY_FAIL_DN_GETS 0x0002
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C
+ * depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C
* END_DEPENDENCIES
*/
@@ -153,24 +159,44 @@
mbedtls_x509_san_list san_ip;
mbedtls_x509_san_list san_dns;
mbedtls_x509_san_list san_uri;
+ mbedtls_x509_san_list san_mail;
+ mbedtls_x509_san_list san_dn;
mbedtls_x509_san_list *san_list = NULL;
- const char san_ip_name[] = { 0x7f, 0x01, 0x01, 0x00 }; // 127.1.1.0
+ mbedtls_asn1_named_data *ext_san_dirname = NULL;
+
+ const char san_ip_name[] = { 0x7f, 0x00, 0x00, 0x01 }; // 127.0.0.1
const char *san_dns_name = "example.com";
- const char *san_uri_name = "http://pki.example.com/";
+ const char *san_dn_name = "C=UK,O=Mbed TLS,CN=Mbed TLS directoryName SAN";
+ const char *san_mail_name = "mail@example.com";
+ const char *san_uri_name = "http://pki.example.com";
+
+ san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME;
+ san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name;
+ san_mail.node.san.unstructured_name.len = strlen(san_mail_name);
+ san_mail.next = NULL;
+
+ san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME;
+ san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name;
+ san_dns.node.san.unstructured_name.len = strlen(san_dns_name);
+ san_dns.next = &san_mail;
+
+ san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
+ TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname,
+ san_dn_name) == 0);
+ san_dn.node.san.directory_name = *ext_san_dirname;
+ san_dn.next = &san_dns;
+
+ san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
+ san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name;
+ san_ip.node.san.unstructured_name.len = sizeof(san_ip_name);
+ san_ip.next = &san_dn;
san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name;
san_uri.node.san.unstructured_name.len = strlen(san_uri_name);
- san_uri.next = NULL;
- san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
- san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name;
- san_ip.node.san.unstructured_name.len = sizeof(san_ip_name);
- san_ip.next = &san_uri;
- san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME;
- san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name;
- san_dns.node.san.unstructured_name.len = strlen(san_dns_name);
- san_dns.next = &san_ip;
- san_list = &san_dns;
+ san_uri.next = &san_ip;
+
+ san_list = &san_uri;
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
@@ -244,6 +270,7 @@
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
+ mbedtls_asn1_free_named_data_list(&ext_san_dirname);
mbedtls_x509write_csr_free(&req);
mbedtls_pk_free(&key);
MD_OR_USE_PSA_DONE();
@@ -638,13 +665,15 @@
mbedtls_x509write_cert ctx;
uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1];
+#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi serial_mpi;
+ mbedtls_mpi_init(&serial_mpi);
+#endif
+
USE_PSA_INIT();
memset(invalid_serial, 0x01, sizeof(invalid_serial));
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
- mbedtls_mpi serial_mpi;
-
- mbedtls_mpi_init(&serial_mpi);
TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial,
sizeof(invalid_serial)), 0);
TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi),
@@ -666,39 +695,49 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
-void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result
- )
+void mbedtls_x509_string_to_names(char *name, char *parsed_name,
+ int result, int may_fail)
{
int ret;
size_t len = 0;
mbedtls_asn1_named_data *names = NULL;
- mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
- unsigned char buf[1024], out[1024], *c;
+ mbedtls_x509_name parsed;
+ memset(&parsed, 0, sizeof(parsed));
+ mbedtls_x509_name *parsed_cur = NULL;
+ mbedtls_x509_name *parsed_prv = NULL;
+ unsigned char buf[1024] = { 0 };
+ unsigned char out[1024] = { 0 };
+ unsigned char *c = buf + sizeof(buf);
USE_PSA_INIT();
- memset(&parsed, 0, sizeof(parsed));
- memset(out, 0, sizeof(out));
- memset(buf, 0, sizeof(buf));
- c = buf + sizeof(buf);
-
ret = mbedtls_x509_string_to_names(&names, name);
- TEST_ASSERT(ret == result);
+ TEST_EQUAL(ret, result);
if (ret != 0) {
goto exit;
}
ret = mbedtls_x509_write_names(&c, buf, names);
- TEST_ASSERT(ret > 0);
+ TEST_LE_S(1, ret);
- TEST_ASSERT(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) == 0);
- TEST_ASSERT(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed) == 0);
+ TEST_EQUAL(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE), 0);
+ ret = mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed);
+ if ((may_fail & MAY_FAIL_GET_NAME) && ret < 0) {
+ /* Validation inconsistency between mbedtls_x509_string_to_names() and
+ * mbedtls_x509_get_name(). Accept it for now. */
+ goto exit;
+ }
+ TEST_EQUAL(ret, 0);
ret = mbedtls_x509_dn_gets((char *) out, sizeof(out), &parsed);
- TEST_ASSERT(ret > 0);
-
+ if ((may_fail & MAY_FAIL_DN_GETS) && ret < 0) {
+ /* Validation inconsistency between mbedtls_x509_string_to_names() and
+ * mbedtls_x509_dn_gets(). Accept it for now. */
+ goto exit;
+ }
+ TEST_LE_S(1, ret);
TEST_ASSERT(strcmp((char *) out, parsed_name) == 0);
exit:
